From 4aa05cb9b20b883c14e7377f5458d359327f8560 Mon Sep 17 00:00:00 2001
From: Adrien Bourmault <neox@a-lec.org>
Date: Tue, 16 Nov 2021 19:40:20 +0000
Subject: [PATCH] Configuration nginx de www

---
 Machines virtuelles/www.md | 91 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 90 insertions(+), 1 deletion(-)

diff --git a/Machines virtuelles/www.md b/Machines virtuelles/www.md
index f8de82a..03a4fcf 100644
--- a/Machines virtuelles/www.md	
+++ b/Machines virtuelles/www.md	
@@ -57,4 +57,93 @@ Adresse ipv6 publique : 2001:910:1360::1ca
 #### /etc/postfix/virtual
 
     @localhost admin@a-lec.org
-    @www.a-lec.org admin@a-lec.org
\ No newline at end of file
+    @www.a-lec.org admin@a-lec.org
+
+### Configuration du serveur web (nginx)
+
+    server {
+            set_real_ip_from  192.169.1.1;
+            real_ip_header proxy_protocol;
+
+        # SSL configuration
+        #
+        listen 443 ssl proxy_protocol default_server;
+        listen [::]:443 ssl default_server;
+
+        root /var/www/html;
+
+            ssl_certificate /etc/letsencrypt/live/www.a-lec.org/fullchain.pem; # managed by Certbot
+            ssl_certificate_key /etc/letsencrypt/live/www.a-lec.org/privkey.pem; # managed by Certbot
+            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+        # Add index.php to the list if you are using PHP
+        index index.html index.htm index.php;
+
+        server_name www.a-lec.org;
+
+        location /.well-known/host-meta {
+            default_type 'application/xrd+xml';
+            add_header Access-Control-Allow-Origin '*' always;
+        }    
+
+        location /.well-known/host-meta.json {
+            default_type 'application/jrd+json';
+            add_header Access-Control-Allow-Origin '*' always;
+        }
+
+        location / {
+            # First attempt to serve request as file, then
+            # as directory, then fall back to displaying a 404.
+            try_files $uri $uri/ $uri.html $uri/index.php?q=$uri&$args =404;
+        }
+
+        ssi on;
+        ssi_last_modified on;
+
+        # pass PHP scripts to FastCGI server
+        
+        location ~ \.php$ {
+            include snippets/fastcgi-php.conf;
+            # With php-fpm (or other unix sockets):
+            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+            # With php-cgi (or other tcp sockets):
+            # fastcgi_pass 127.0.0.1:9000;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+    }
+
+    server {
+        listen 80;
+        listen [::]:80;
+
+        server_name www.a-lec.org; 
+
+        return 302 https://www.a-lec.org$request_uri;
+    }
+
+    server {
+            listen 80;
+            listen [::]:80;
+
+            server_name a-lec.org;
+
+            return 302 https://www.a-lec.org$request_uri;
+    }
+
+    server {
+            listen 443 ssl proxy_protocol;
+            listen [::]:443 ssl;
+
+            server_name a-lec.org;
+
+            return 302 https://www.a-lec.org$request_uri;
+
+            ssl_certificate /etc/letsencrypt/live/a-lec.org-0001/fullchain.pem; # managed by Certbot
+            ssl_certificate_key /etc/letsencrypt/live/a-lec.org-0001/privkey.pem; # managed by Certbot
+            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    }