Added nginx config example

cookiecutter.json

@@ -2,5 +2,6 @@
     "new_wiki": "",
     "wiki_name": "{{ cookiecutter.new_wiki|title|replace(' ', '') }}",
     "directory_name": "{{ cookiecutter.wiki_name|lower }}",
-    "url": "https://{{cookiecutter.directory_name}}.cpi.imtek.uni-freiburg.de/"
+    "domain": "{{cookiecutter.directory_name}}.cpi.imtek.uni-freiburg.de",
+    "access": ["university only", "public"]
 }

{{cookiecutter.directory_name}}/nginx_example_moin_{{cookiecutter.directory_name}}

@@ -0,0 +1,51 @@
+server {
+  listen 443 ssl;
+  server_name {{cookiecutter.domain}};
+  add_header X-Clacks-Overhead "GNU Terry Pratchett";
+
+  access_log /var/log/nginx/moin_{{cookiecutter.directory_name}}.access.log;
+
+  {% if cookiecutter.access == "university only" %}
+  # Access is only allowed from the internal university network
+  allow 132.230.0.0/16;
+  allow 192.52.0.0/16;
+  allow 10.0.0.0/8;
+  deny all;
+  {% endif %}
+
+  # ssl configuration
+  # ssl key and certificate
+  ssl_certificate /etc/ssl/uni-fr/live/{{cookiecutter.directory_name}}/fullchain.pem;
+  ssl_certificate_key /etc/ssl/uni-fr/keys/{{cookiecutter.directory_name}}.key;
+  # ssl protocols and ciphers
+  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+  ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
+  ssl_prefer_server_ciphers on;
+  # use a strong diffy helman elliptic curve
+  ssl_dhparam /etc/ssl/nginx/dhparam2048.pem;
+  ssl_ecdh_curve secp384r1;
+  # add HSTS header
+  add_header Strict-Transport-Security "max-age=31536000";
+
+  location /HonigTopf {
+    add_header Content-Type image/gif;
+    alias /var/www/moin/static/honeypot.gif;
+  }
+
+  location ^~ /moin_static/ {
+    alias /var/www/moin_static/;
+  }
+
+  location ^~ /static/ {
+    alias /var/www/moin/static/;
+  }
+
+  location / {
+    try_files $uri @moin;
+  }
+
+  location @moin {
+    include uwsgi_params;
+    uwsgi_pass unix:/tmp/moin.sock;
+  }
+}