#firewall-cmd --permanent --list-all
вывод:
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports: 5123/tcp 80/tcp
masquerade: yes
forward-ports: port=80:proto=tcp:toport=3000:toaddr=
icmp-blocks:
rich rules:
cat red.vkorotenko.ru.conf
# Upstream Ruby process cluster for load balancing
upstream thin_cluster {
server unix:/tmp/thin.0.sock;
}
server {
listen red.vkorotenko.ru:80;
listen red.vkorotenko.ru:443 ssl;
server_name red.vkorotenko.ru;
# настройки для letsencrypt можно убрать
include acme;
# Redirect HTTP to HTTPS
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
access_log /var/log/nginx/redmine_access.log;
error_log /var/log/nginx/redmine_error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/vkorotenko.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vkorotenko.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/vkorotenko.ru/chain.pem;
include proxy.include;
proxy_redirect off;
root /var/lib/redmine/default/public;
# When we're back to non-sensitive things, send back to http
# rewrite ^/$ https://red.vkorotenko.ru$request_uri permanent;
# Examples of URLs we don't want to rewrite (otherwise 404 errors occur):
# /projects/PROJECTNAME/archive?status=
# /projects/copy/PROJECTNAME
# /projects/PROJECTNAME/destroy
# This should exclude those (tested here: http://www.regextester.com/ )
if ($uri !~* "^/projects/.*(copy|destroy|archive)") {
#rewrite ^/projects(.*) https://red.vkorotenko.ru$request_uri permanent;
}
#rewrite ^/guide(.*) https://red.vkorotenko.ru$request_uri permanent;
#rewrite ^/users(.*) https://red.vkorotenko.ru$request_uri permanent;
#rewrite ^/my/page(.*) https://red.vkorotenko.ru$request_uri permanent;
#rewrite ^/logout(.*) https://red.vkorotenko.ru$request_uri permanent;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri/index.html $uri.html $uri @cluster;
}
location @cluster {
proxy_pass http://thin_cluster;
}
}
Listen *:3000
<VirtualHost 10.87.1.1:80>
ServerName redmine.local
ServerAdmin blabla@local
CustomLog /var/log/httpd/redmine/access common
ErrorLog /var/log/httpd/redmine/httpd
DocumentRoot /var/www/vhosts/redmine/public/
MaxRequestLen 20971520
RailsEnv production
<Directory "/var/www/vhosts/redmine/public/">
Options Indexes ExecCGI FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 10.87.1.0/255.255.255.0
</Directory>
</VirtualHost>
# Pathes from passenger-install-apache2-module
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.36/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-4.0.36
PassengerDefaultRuby /usr/local/bin/ruby
</IfModule>
# Remove HTTP Headers
Header always unset "X-Powered-By"
Header always unset "X-Rack-Cache"
Header always unset "X-Content-Digest"
Header always unset "X-Runtime"
# Tuning of Passenger
PassengerMaxPoolSize 20
PassengerMaxInstancesPerApp 4
PassengerPoolIdleTime 3600
PassengerHighPerformance on
PassengerStatThrottleRate 10
PassengerMaxPreloaderIdleTime 0
PassengerLogLevel 0
PassengerDebugLogFile /var/www/log/passenger
RailsSpawnMethod smart
RailsAppSpawnerIdleTime 86400
# ServerName Host:Port
ServerName redmine.local:80