moved initscript, nginx config to examples

stechuhr.server.nginx.config → examples/stechuhr-server.nginx

 server {
-        server_name     stechuhr.server;
+
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+    server_name %FQDN%;
+
+        access_log /var/log/nginx/%FQDN%-access.log;
+        error_log /var/log/nginx/%FQDN%-error.log;
 
         add_header      Cache-Control   no-cache;
         add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
@@ -7,14 +13,27 @@ server {
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
 
-        listen 80;
-        listen [::]:80;
 
         client_max_body_size 10M;
         client_body_buffer_size 128k;
+	#large_client_header_buffers 4 32k;
+	charset utf-8;
+
+	#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+	#add_header Public-Key-Pins 'pin-sha256=""; pin-sha256=""; max-age=2592000; includeSubDomains';
+
+	ssl on;
+	ssl_certificate /etc/nginx/certs/%FQDN%/server.cert;
+	ssl_certificate_key /etc/nginx/certs/%FQDN%/server.key;
+	ssl_session_timeout 5m;
+	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+	ssl_session_cache shared:SSL:10m;
+	ssl_dhparam /etc/ssl/dh2048.pem;
+	#ssl_stapling on;
+	#ssl_stapling_verify on;
 
-        access_log /var/log/nginx/stechuhr.server-access.log;
-        error_log /var/log/nginx/stechuhr.server-error.log;
 
         location / {
                 proxy_set_header Host $host;
@@ -25,13 +44,22 @@ server {
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "upgrade";
                 
-                proxy_redirect http://127.0.0.1:5000/ /;
-                proxy_pass http://127.0.0.1:5000;
+                proxy_redirect http://127.0.0.1:8000/ /;
+                proxy_pass http://127.0.0.1:8000;
                 proxy_read_timeout 86400s;
                 proxy_send_timeout 86400s;
                 allow all; # Any IP can perform any other requests
 
                 add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
                 add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
+
+        }
+	location ~ /.git/ {
+      deny all;
 	}
 }
+
+

run.sh

 #! /bin/sh
 
-/home/d0/.poetry/bin/poetry run gunicorn stechuhr_server.server:app
+~/.poetry/bin/poetry run gunicorn stechuhr_server.server:app

test.sh

 #! /bin/bash
 
-curl --header "Content-Type: application/json"  --request POST --data '{"location":"lerchenfeld", "entrance":"haupteingang", "direction":"in", "id":"DEADBEEF42"}' http://localhost:8000/
+curl --header "Content-Type: application/json"  --request POST --data '{"location":"lerchenfeld", "entrance":"main", "direction":"in", "id":"DEADBEEF42"}' http://localhost:8000/