cookiecutter-moinmoin/{{cookiecutter.directory_na.../nginx_example_moin_{{cookie...

server {
  listen 443 ssl;
  server_name {{cookiecutter.domain}};
  add_header X-Clacks-Overhead "GNU Terry Pratchett";

  access_log /var/log/nginx/moin_{{cookiecutter.directory_name}}.access.log;

  {% if cookiecutter.access == "university only" %}
  # Access is only allowed from the internal university network
  allow 132.230.0.0/16;
  allow 192.52.0.0/16;
  allow 10.0.0.0/8;
  deny all;
  {% endif %}

  # ssl configuration
  # ssl key and certificate
  ssl_certificate /etc/ssl/uni-fr/live/{{cookiecutter.directory_name}}/fullchain.pem;
  ssl_certificate_key /etc/ssl/uni-fr/keys/{{cookiecutter.directory_name}}.key;
  # ssl protocols and ciphers
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
  ssl_prefer_server_ciphers on;
  # use a strong diffy helman elliptic curve
  ssl_dhparam /etc/ssl/nginx/dhparam2048.pem;
  ssl_ecdh_curve secp384r1;
  # add HSTS header
  add_header Strict-Transport-Security "max-age=31536000";

  location /HonigTopf {
    add_header Content-Type image/gif;
    alias /var/www/moin/static/honeypot.gif;
  }

  location ^~ /moin_static/ {
    alias /var/www/moin_static/;
  }

  location ^~ /static/ {
    alias /var/www/moin/static/;
  }

  location / {
    try_files $uri @moin;
  }

  location @moin {
    include uwsgi_params;
    uwsgi_pass unix:/tmp/moin.sock;
  }
}
Added nginx config example 7 years ago			`server {`
			`listen 443 ssl;`
			`server_name {{cookiecutter.domain}};`
			`add_header X-Clacks-Overhead "GNU Terry Pratchett";`

			`access_log /var/log/nginx/moin_{{cookiecutter.directory_name}}.access.log;`

			`{% if cookiecutter.access == "university only" %}`
			`# Access is only allowed from the internal university network`
			`allow 132.230.0.0/16;`
			`allow 192.52.0.0/16;`
			`allow 10.0.0.0/8;`
			`deny all;`
			`{% endif %}`

			`# ssl configuration`
			`# ssl key and certificate`
			`ssl_certificate /etc/ssl/uni-fr/live/{{cookiecutter.directory_name}}/fullchain.pem;`
			`ssl_certificate_key /etc/ssl/uni-fr/keys/{{cookiecutter.directory_name}}.key;`
			`# ssl protocols and ciphers`
			`ssl_protocols TLSv1.2 TLSv1.1 TLSv1;`
			`ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;`
			`ssl_prefer_server_ciphers on;`
			`# use a strong diffy helman elliptic curve`
			`ssl_dhparam /etc/ssl/nginx/dhparam2048.pem;`
			`ssl_ecdh_curve secp384r1;`
			`# add HSTS header`
			`add_header Strict-Transport-Security "max-age=31536000";`

			`location /HonigTopf {`
			`add_header Content-Type image/gif;`
			`alias /var/www/moin/static/honeypot.gif;`
			`}`

			`location ^~ /moin_static/ {`
			`alias /var/www/moin_static/;`
			`}`

			`location ^~ /static/ {`
			`alias /var/www/moin/static/;`
			`}`

			`location / {`
			`try_files $uri @moin;`
			`}`

			`location @moin {`
			`include uwsgi_params;`
			`uwsgi_pass unix:/tmp/moin.sock;`
			`}`
			`}`