add a bunch of hostclasses

1 files changed, 55 insertions, 0 deletions

diff --git a/files/usr/local/etc/nginx/vhosts.conf.dav_server b/files/usr/local/etc/nginx/vhosts.conf.dav_server
new file mode 100644
index 0000000..71bbc71
--- /dev/null
+++ b/files/usr/local/etc/nginx/vhosts.conf.dav_server
@@ -0,0 +1,55 @@
+server {
+  listen 443      ssl default_server;
+  listen [::]:443 ssl default_server;
+  http2 on;
+
+  root ${davical_webroot};
+  index index.html index.php;
+
+  ssl_certificate      ${davical_https_cert};
+  ssl_certificate_key  ${davical_https_key};
+
+  add_header Strict-Transport-Security "max-age=63072000" always;
+
+  auth_gss_keytab ${davical_keytab};
+  auth_gss_allow_basic_fallback off;
+
+  location / {
+    auth_gss on;
+    satisfy any;
+$(printf '    deny %s;\n' $kerberized_cidrs)
+    allow all;
+    try_files \$uri \$uri/ /caldav.php\$uri?\$query_string;
+  }
+
+  location /.well-known/ {
+    try_files \$uri \$uri/ /caldav.php\$uri?\$query_string;
+  }
+
+  location ~ ^/caldav\.php/\.well-known/ {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f \$document_root\$fastcgi_script_name) {
+      return 404;
+    }
+    fastcgi_index index.php;
+    fastcgi_intercept_errors on;
+    include fastcgi_params;
+    fastcgi_pass unix:${davical_fpm_socket};
+  }
+
+  location ~ [^/]\.php(/|$) {
+    auth_gss on;
+    satisfy any;
+$(printf '    deny %s;\n' $kerberized_cidrs)
+    allow all;
+
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f \$document_root\$fastcgi_script_name) {
+      return 404;
+    }
+    fastcgi_index index.php;
+    fastcgi_intercept_errors on;
+    include fastcgi_params;
+    fastcgi_pass unix:${davical_fpm_socket};
+  }
+}