artemis/example_config/nginx_example.conf

# Allnet
server {
	listen 80;
	server_name naominet.jp;
	
	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass_request_headers on;
		proxy_pass http://127.0.0.1:8080/;
	}
}

# Non-SSL titles
server {
	listen 80;
	server_name your.hostname.here;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass_request_headers on;
		proxy_pass http://127.0.0.1:8080/;
	}
}

# SSL titles, comment out if you don't plan on accepting SSL titles
server {
	listen 443 ssl;
	server_name your.hostname.here;

	ssl_certificate /path/to/cert/title.crt;
	ssl_certificate_key /path/to/cert/title.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers "ALL:@SECLEVEL=0";
	ssl_prefer_server_ciphers off;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass_request_headers on;
		proxy_pass http://127.0.0.1:8080/;
	}
}

# Billing, comment this out if running billing standalone
server {
	listen 8443 ssl;	
	server_name ib.naominet.jp;
	
	ssl_certificate /path/to/cert/server.pem;
	ssl_certificate_key /path/to/cert/server.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers "ALL:@SECLEVEL=0";
	ssl_prefer_server_ciphers off;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass_request_headers on;
		proxy_pass http://127.0.0.1:8080/;
	}
}

# Frontend, set to redirect to HTTPS. Comment out if you don't intend to use the frontend
server {
    listen 80;
	server_name frontend.hostname.here

    location / {
        return 301 https://$host$request_uri;
		# If you don't want https redirection, or are using something like cloudflare to manage HTTPS, comment out the line above and uncomment the line below
		# proxy_pass http://127.0.0.1:8080/;
    }
}

# Frontend HTTPS. Comment out if you on't intend to use the frontend, or have cloudflare or something managing https for you.
server {
    listen 443 ssl;
	server_name frontend.hostname.here;

    ssl_certificate /path/to/cert/frontend.pem;
	ssl_certificate_key /path/to/cert/frontend.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass_request_headers on;
		proxy_pass http://127.0.0.1:8080/;
	}
}
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`# Allnet`
			`server {`
			`listen 80;`
			`server_name naominet.jp;`

			`location / {`
add X-Forwarded-For to nginx config 2023-03-12 06:47:59 +00:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_pass_request_headers on;`
update nginx example config 2024-01-14 22:42:58 +00:00			`proxy_pass http://127.0.0.1:8080/;`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`}`
			`}`

			`# Non-SSL titles`
			`server {`
			`listen 80;`
			`server_name your.hostname.here;`

			`location / {`
add X-Forwarded-For to nginx config 2023-03-12 06:47:59 +00:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_pass_request_headers on;`
update nginx example config 2024-01-14 22:42:58 +00:00			`proxy_pass http://127.0.0.1:8080/;`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`}`
			`}`

add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00			`# SSL titles, comment out if you don't plan on accepting SSL titles`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`server {`
Per-version URI/Host (#66) Allows setting allnet uri/host response based on things like version, config files, and other factors to accommodate a wider range of potential setups under the same roof. This DOES require all titles to adopt a new structure but it's documented and should hopefully be somewhat intuitive. Co-authored-by: Hay1tsme <kevin@hay1ts.me> Reviewed-on: https://gitea.tendokyu.moe/Hay1tsme/artemis/pulls/66 Co-authored-by: Kevin Trocolli <pitok236@gmail.com> Co-committed-by: Kevin Trocolli <pitok236@gmail.com> 2023-11-09 02:17:48 +00:00			`listen 443 ssl;`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`server_name your.hostname.here;`

			`ssl_certificate /path/to/cert/title.crt;`
			`ssl_certificate_key /path/to/cert/title.key;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m;`
			`ssl_session_tickets off;`

			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;`
			`ssl_ciphers "ALL:@SECLEVEL=0";`
			`ssl_prefer_server_ciphers off;`

			`location / {`
update nginx example config 2024-01-14 22:42:58 +00:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_pass_request_headers on;`
			`proxy_pass http://127.0.0.1:8080/;`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`}`
			`}`

readd get_title_port_ssl 2024-01-09 22:49:18 +00:00			`# Billing, comment this out if running billing standalone`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`server {`
			`listen 8443 ssl;`
			`server_name ib.naominet.jp;`

			`ssl_certificate /path/to/cert/server.pem;`
			`ssl_certificate_key /path/to/cert/server.key;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m;`
			`ssl_session_tickets off;`

			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;`
Per-version URI/Host (#66) Allows setting allnet uri/host response based on things like version, config files, and other factors to accommodate a wider range of potential setups under the same roof. This DOES require all titles to adopt a new structure but it's documented and should hopefully be somewhat intuitive. Co-authored-by: Hay1tsme <kevin@hay1ts.me> Reviewed-on: https://gitea.tendokyu.moe/Hay1tsme/artemis/pulls/66 Co-authored-by: Kevin Trocolli <pitok236@gmail.com> Co-committed-by: Kevin Trocolli <pitok236@gmail.com> 2023-11-09 02:17:48 +00:00			`ssl_ciphers "ALL:@SECLEVEL=0";`
add back games, conform them to new title dispatch 2023-02-17 06:02:21 +00:00			`ssl_prefer_server_ciphers off;`

			`location / {`
update nginx example config 2024-01-14 22:42:58 +00:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_pass_request_headers on;`
			`proxy_pass http://127.0.0.1:8080/;`
add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00			`}`
			`}`

			`# Frontend, set to redirect to HTTPS. Comment out if you don't intend to use the frontend`
			`server {`
			`listen 80;`
			`server_name frontend.hostname.here`

			`location / {`
			`return 301 https://$host$request_uri;`
configuration changes, update docs 2024-01-11 17:08:22 +00:00			`# If you don't want https redirection, or are using something like cloudflare to manage HTTPS, comment out the line above and uncomment the line below`
update nginx example config 2024-01-14 22:42:58 +00:00			`# proxy_pass http://127.0.0.1:8080/;`
add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00			`}`
			`}`

configuration changes, update docs 2024-01-11 17:08:22 +00:00			`# Frontend HTTPS. Comment out if you on't intend to use the frontend, or have cloudflare or something managing https for you.`
add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00			`server {`
			`listen 443 ssl;`
add production config 2023-03-02 16:47:40 +00:00			`server_name frontend.hostname.here;`
add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00
			`ssl_certificate /path/to/cert/frontend.pem;`
			`ssl_certificate_key /path/to/cert/frontend.key;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m; # about 40000 sessions`
			`ssl_session_tickets off;`

			`# intermediate configuration`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;`
			`ssl_prefer_server_ciphers off;`

			`# HSTS (ngx_http_headers_module is required) (63072000 seconds)`
			`add_header Strict-Transport-Security "max-age=63072000" always;`

			`location / {`
add X-Forwarded-For to nginx config 2023-03-12 06:47:59 +00:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_pass_request_headers on;`
update nginx example config 2024-01-14 22:42:58 +00:00			`proxy_pass http://127.0.0.1:8080/;`
add pokken, cxb and frontend to nginx config 2023-02-28 05:41:43 +00:00			`}`
Per-version URI/Host (#66) Allows setting allnet uri/host response based on things like version, config files, and other factors to accommodate a wider range of potential setups under the same roof. This DOES require all titles to adopt a new structure but it's documented and should hopefully be somewhat intuitive. Co-authored-by: Hay1tsme <kevin@hay1ts.me> Reviewed-on: https://gitea.tendokyu.moe/Hay1tsme/artemis/pulls/66 Co-authored-by: Kevin Trocolli <pitok236@gmail.com> Co-committed-by: Kevin Trocolli <pitok236@gmail.com> 2023-11-09 02:17:48 +00:00			`}`