File: //etc/openresty/nginx.conf
user www-data www-data;
worker_processes auto;
pid /usr/local/openresty/nginx/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /usr/local/openresty/nginx/conf/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:5m; # 5MB about 20000 sessions
ssl_session_timeout 5m;
ssl_session_tickets on;
access_log /usr/local/openresty/nginx/logs/access.log;
error_log /usr/local/openresty/nginx/logs/error.log;
# $original_scheme is a custom var that provides the original scheme of the
# request regardless nginx is behind a proxy or not.
map $http_x_forwarded_proto $original_scheme {
default $scheme;
http http;
https https;
}
# The "auto_ssl" shared dict should be defined with enough storage space to
# hold your certificate data. 1MB of storage holds certificates for
# approximately 100 separate domains.
lua_shared_dict auto_ssl 1m;
# The "auto_ssl" shared dict is used to temporarily store various settings
# like the secret used by the hook server on port 8999. Do not change or
# omit it.
lua_shared_dict auto_ssl_settings 64k;
# A DNS resolver must be defined for OCSP stapling to function.
resolver 8.8.8.8 ipv6=off;
# Initial setup tasks.
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
if domain:lower() == string.lower("bursacraiova.ro") then return true end
if domain:lower() == string.lower("www.bursacraiova.ro") then return true end
if domain:lower() == string.lower("servergames.ro") then return true end
if domain:lower() == string.lower("www.servergames.ro") then return true end
if domain:lower() == string.lower("simsoft.ro") then return true end
if domain:lower() == string.lower("www.simsoft.ro") then return true end
if domain:lower() == string.lower("fasthor.be") then return true end
if domain:lower() == string.lower("www.fasthor.be") then return true end
if domain:lower() == string.lower("plasticcarbonfiber3d.com") then return true end
if domain:lower() == string.lower("www.plasticcarbonfiber3d.com") then return true end
if domain:lower() == string.lower("vind.ro") then return true end
if domain:lower() == string.lower("www.vind.ro") then return true end
if domain:lower() == string.lower("isdesign.ro") then return true end
if domain:lower() == string.lower("www.isdesign.ro") then return true end
if domain:lower() == string.lower("produselemnmasiv.ro") then return true end
if domain:lower() == string.lower("www.produselemnmasiv.ro") then return true end
if domain:lower() == string.lower("iphoneservice.ro") then return true end
if domain:lower() == string.lower("www.iphoneservice.ro") then return true end
if domain:lower() == string.lower("dantopala.co.uk") then return true end
if domain:lower() == string.lower("www.dantopala.co.uk") then return true end
if domain:lower() == string.lower("dentoutline.co.uk") then return true end
if domain:lower() == string.lower("www.dentoutline.co.uk") then return true end
if domain:lower() == string.lower("arji-robi.be") then return true end
if domain:lower() == string.lower("www.arji-robi.be") then return true end
if domain:lower() == string.lower("fotovoltaicgreen.ro") then return true end
if domain:lower() == string.lower("www.fotovoltaicgreen.ro") then return true end
if domain:lower() == string.lower("pungutacu2bani.servergames.ro") then return true end
if domain:lower() == string.lower("www.pungutacu2bani.servergames.ro") then return true end
return false
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
include /usr/local/openresty/nginx/sites/*;
}