From 104f8175304e3f8663480867c50b562e552234c8 Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Sat, 28 Jan 2023 19:59:28 +0900
Subject: [PATCH] Add `everun` configurations.

---
 sites-available/everun         | 80 ++++++++++++++++++++++++++++++++++
 sites-available/everun-staging | 45 +++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 sites-available/everun
 create mode 100644 sites-available/everun-staging

diff --git a/sites-available/everun b/sites-available/everun
new file mode 100644
index 0000000..4d0510f
--- /dev/null
+++ b/sites-available/everun
@@ -0,0 +1,80 @@
+server {
+  # allow access from localhost
+  listen 443 ssl http2;
+  server_name www.everun.club;
+
+  ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt;
+  ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key;
+  ssl_dhparam /etc/lego/dhparams_4096.pem;
+
+  ssl_session_timeout 1d;
+  ssl_session_cache   shared:SSL:3m;
+  ssl_buffer_size     4k;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.3 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  resolver 8.8.4.4 8.8.8.8 valid=300s;
+  resolver_timeout 10s;
+
+  # Enable HSTS (HTTP Strict Transport Security)
+  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+
+  root /var/www/everun;
+  index index.html index.htm;
+
+  access_log   /var/log/nginx/everun.access.log   ltsv;
+  error_log    /var/log/nginx/everun.error.log;
+
+  http2_max_field_size 256k;
+  http2_max_header_size 256k;
+
+  # To allow POST on static pages
+  error_page  405     =200 $uri;
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
+
+server {
+  # allow access from localhost
+  listen 443 ssl http2;
+  server_name everun.club;
+
+  ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt;
+  ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key;
+  ssl_dhparam /etc/lego/dhparams_4096.pem;
+
+  ssl_session_timeout 1d;
+  ssl_session_cache   shared:SSL:3m;
+  ssl_buffer_size     4k;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.3 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  resolver 8.8.4.4 8.8.8.8 valid=300s;
+  resolver_timeout 10s;
+
+  # Enable HSTS (HTTP Strict Transport Security)
+  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+
+  access_log   /var/log/nginx/everun.access.log   ltsv;
+  error_log    /var/log/nginx/everun.error.log;
+
+  http2_max_field_size 256k;
+  http2_max_header_size 256k;
+
+  location / {
+    rewrite ^/$ https://www.everun.club;
+  }
+}
+
diff --git a/sites-available/everun-staging b/sites-available/everun-staging
new file mode 100644
index 0000000..0503393
--- /dev/null
+++ b/sites-available/everun-staging
@@ -0,0 +1,45 @@
+server {
+  # allow access from localhost
+  listen 443 ssl http2;
+  server_name staging.everun.club;
+
+  ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt;
+  ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key;
+  ssl_dhparam /etc/lego/dhparams_4096.pem;
+
+  ssl_session_timeout 1d;
+  ssl_session_cache   shared:SSL:3m;
+  ssl_buffer_size     4k;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.3 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  resolver 8.8.4.4 8.8.8.8 valid=300s;
+  resolver_timeout 10s;
+
+  # Enable HSTS (HTTP Strict Transport Security)
+  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+
+  root /var/www/test-everun;
+  index index.html index.htm;
+
+  access_log   /var/log/nginx/stag-everun.access.log   ltsv;
+  error_log    /var/log/nginx/stag-everun.error.log;
+
+  http2_max_field_size 256k;
+  http2_max_header_size 256k;
+
+  # To allow POST on static pages
+  error_page  405     =200 $uri;
+
+  location / {
+    auth_basic "限定公開中なのでユーザー名とパスワードを入れてください";
+    auth_basic_user_file "/etc/nginx/basic-auth";
+
+    try_files $uri $uri/ /index.html;
+  }
+}