ssl

.gitignore

@@ -1 +1,2 @@
-nginx-1.20.1
+conf/includes/localhost.crt
+conf/includes/localhost.key

.vscode/settings.json

@@ -6,6 +6,5 @@
     "files.exclude": {
         "**/.git": false
     },
-    "coverage-gutters.coverageBaseDir": "./.vscode/ReportGenerator/Cobertura/*",
-    "thunder-client.saveToWorkspace": false
+    "coverage-gutters.coverageBaseDir": "./.vscode/ReportGenerator/Cobertura/*"
 }

conf/includes/Gogs.conf

@@ -0,0 +1,8 @@
+location / {
+    proxy_hide_header Authorization;
+    if ($http_Authorization != "Basic asdf") {
+        return 401;
+    }
+    proxy_set_header Authorization "Basic asdf";
+    proxy_pass http://localhost:3000;
+}

conf/includes/code-server.conf

@@ -0,0 +1,25 @@
+server {
+    server_name phares3757.ddns.net;
+    location / {
+        proxy_pass http://localhost:8007/;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+    }
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = phares3757.ddns.net) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+    listen 80;
+    listen [::]:80;
+    server_name phares3757.ddns.net;
+    return 404; # managed by Certbot
+}

conf/includes/ec-server.pass

@@ -0,0 +1 @@
+nocert

conf/includes/github.conf

@@ -0,0 +1,4 @@
+location / {
+    root "D://www//github";
+    index index.html index.htm;
+}

conf/includes/iscn5cg3256cps.infineon.com.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMTCCAxmgAwIBAgIUUi/nacInzoq78JsuzLhWssBY2iQwDQYJKoZIhvcNAQEL
-BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMQ0wCwYDVQQHDARN
-ZXNhMS0wKwYDVQQKDCRJbmZpbmVvbiBUZWNobm9sb2dpZXMgQW1lcmljYXMgQ29y
-cC4xFDASBgNVBAsMC0RldmVsb3BtZW50MSQwIgYDVQQDDBtpc2NuNWNnMzI1NmNw
-cy5pbmZpbmVvbi5jb20wHhcNMjQwMjI3MTYyNzI0WhcNMjUwMjI2MTYyNzI0WjCB
-mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0FyaXpvbmExDTALBgNVBAcMBE1lc2Ex
-LTArBgNVBAoMJEluZmluZW9uIFRlY2hub2xvZ2llcyBBbWVyaWNhcyBDb3JwLjEU
-MBIGA1UECwwLRGV2ZWxvcG1lbnQxJDAiBgNVBAMMG2lzY241Y2czMjU2Y3BzLmlu
-ZmluZW9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKYnR9hK
-CCBCvENd4nr0RcKsxiSvWJnF+tt6dtxdvRQFc01JTFuslyA8fv33HvIi8hlNF0H9
-r3tMQ8G0cR3Fhl4OiryORg7kDSKvHD3dm6w915a08TwumC1+A7u9kB43WwrxsqoC
-Afmm+t0F0nKqHjeu8kvMr2szcu08xpwvJGu3Yo1VraHlX/36BVLLg12LUle4A4gw
-D3gIJijXOCOkxkPkHx7y7mJUIBrtrQ9O1M3u7H3f2NF7yvwgdK61tHHQQ6CIT6Up
-1TIwrPwb23/PXSU+Hv9brYGOSermjaUys6dNssCU6yU/9L7Z3C7QpFomv+NINQ0o
-pra1CAHTd5qb5YECAwEAAaNvMG0wTAYDVR0RBEUwQ4IbaXNjbjVjZzMyNTZjcHMu
-aW5maW5lb24uY29tgg5pc2NuNWNnMzI1NmNwc4IJbG9jYWxob3N0ggkxMjcuMC4w
-LjEwHQYDVR0OBBYEFAuC8Lfjj1kUP5JYgjX8qJBVQNN+MA0GCSqGSIb3DQEBCwUA
-A4IBAQCEUC+V5X5Yn5FuuRCA0ZRvUHXS5VDC5MV0XJ06ZyL3JuEFsvl/eSb6e2/d
-zMQXKVRhkwOuuk/9YFrA+AkVlfdjLsJhDUjluQLAl3XfEFkQ2VcD8aMn8YSmX4Uu
-jMvOOK+82QNjseYk5T9hi86RwYBVLHORSsop4zzk4kPBIzqHB2jNQKVyMU1O0DMD
-Sanaupg9+SJRmkhxJ7UuAZ5V7SPI1E90FH2zZG4XAxVNb1R0j8XSK8kXTZAOWzJe
-2JVAjpEvhBkDXigF3tc9EOSlgEzIVUak1FGane5aj7fWoasV5Jp2JI58MDZhi2gw
-6anI6RJpw7XkqPGODNlMJwjdfqHD
------END CERTIFICATE-----

conf/includes/iscn5cg3256cps.infineon.com.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCmJ0fYSgggQrxD
-XeJ69EXCrMYkr1iZxfrbenbcXb0UBXNNSUxbrJcgPH799x7yIvIZTRdB/a97TEPB
-tHEdxYZeDoq8jkYO5A0irxw93ZusPdeWtPE8LpgtfgO7vZAeN1sK8bKqAgH5pvrd
-BdJyqh43rvJLzK9rM3LtPMacLyRrt2KNVa2h5V/9+gVSy4Ndi1JXuAOIMA94CCYo
-1zgjpMZD5B8e8u5iVCAa7a0PTtTN7ux939jRe8r8IHSutbRx0EOgiE+lKdUyMKz8
-G9t/z10lPh7/W62Bjknq5o2lMrOnTbLAlOslP/S+2dwu0KRaJr/jSDUNKKa2tQgB
-03eam+WBAgMBAAECggEABOjCdUwrrQtXvWxR16TtxjydXqJdLW71dGRsDGMLJgMq
-ttkAc/F3piTPckDJ1ejtKwz1b9ZXZ97XHisvD+yBBbirhfp0rLY1gqW2oYfRlI9f
-tjTar1bnmWmAofyN/GyRiLNfPmlwhkA2J49nWkq3OZk2UMHHmZTjs4mBC0aTzoho
-cy41HSRCqBsv9QwYk1vfI8V877K3t7Gs+Zbn+k+PzKL/FMveGdhK7hyfItOhfLoE
-k9lf2F6aPia7Z2u8ao2p1y15LqwlFxWf0exMyKTDcptoOAtrVG0QZibKCKDw6Eun
-8pmkkNowgg1a4fDut5rTGLX95nUtf/jbg2kDtxhboQKBgQDl8h0vun2tEQUv87bq
-mprpMkZS06jx6gEV8Jh8eYfawUQNlQSeYF05ZzCkTH8TXim+qCJGIOcoPbfBQx10
-1HRL7374y8O9Top2d43Q2yKrUVsVhH70GgLefz3yGe8Kj3YyHUxU0YswHDvVdkHb
-IOdTln3SPe8DWm06TU9HJab80QKBgQC4+sjfB26ZrOgiIqwBdTnAiCsdTd286FJd
-gi4qV3Zs3SnltPh9SwnrQmGyY0pmrf0pOa2M6BS2NejqqX+DtkT+iaWw7Z23nPT4
-fZCsxKEMZ+CdPilWa1fQ/gCIc3yz2mhEzB+IKkJHosBGs9Ki4QckktkURPXr2wTC
-tpQSCPfJsQKBgQCA2CNGhSa6fNj9P4B1AGBg3ozNCFCYDNjC5GdtB+P5zWVGfwNx
-gul5qrp0tXBW9+JINInP5cvgnoSCRAsTVaA8lFv/KJ3rS0EGlILgTomkmReCfRVt
-zc1hwsaBC8sHjc9a0VPeCvQE5y0XtQW9tTgpfB/QWGe+50Jg8sTDRvPEoQKBgQCk
-Vql++6tW/DZ/nS4TXYIhethTAIqu+fey+6ToGSwtK4+9dDoPlksJp8AELBI9hvYT
-WhrFxKoh92Mml8+hxJ0nRkLeHTyxk9BPs76Ev2wVCXSUPlWbYWJzWjY/A9sWLkPU
-W0ToRCL+YalRJxFLg4BFDfGuAFY7ZCmmk26ZVz5NAQKBgQDak1xkSAgbV/eklbed
-/BBwn3VOTE1dF5VHdByw6hjWj5XYQdOyV+4Z730kq4/6IB++D4fjpHoshn9KQglU
-k9HyQCMgK19D3E6myR4QrihTP2KSFd+9iZvjdsnkIe8w1G2M3pa0HEdhvgNuEtBE
-GuJz6eYUx58snpX/mO4yNPinlA==
------END PRIVATE KEY-----

conf/includes/json.conf

@@ -1,12 +1,12 @@
-location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|ttf|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
+location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
     expires 1d;
     index index.html index.htm;
-    root "L://DevOps";
+    root "C://SAM_2.1.10//Result";
 }
 location / {
     index index.html index.htm;
     # root /var/www/html/637998119172547651;
-    root "L://DevOps";
+    root "C://SAM_2.1.10//Result";
     # First attempt to serve request as file, then
     autoindex on;
     # Send the data in JSON

conf/includes/localhost.conf

@@ -17,7 +17,7 @@ organizationName_default    = Infineon Technologies Americas Corp.
 organizationalUnitName      = organizationalunit
 organizationalUnitName_default = Development
 commonName                  = Common Name (e.g. server FQDN or YOUR name)
-commonName_default          = iscn5cg3256cps.infineon.com
+commonName_default          = example.com
 commonName_max              = 64
 
 [req_ext]
@@ -27,7 +27,15 @@ subjectAltName = @alt_names
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1   = iscn5cg3256cps.infineon.com
-DNS.2   = iscn5cg3256cps
-DNS.3   = localhost
-DNS.4   = 127.0.0.1
+DNS.1   = example.com
+DNS.2   = localhost
+DNS.3   = 127.0.0.1
+
+# https://webscoot.io/blog/create-self-signed-certificate-ubuntu-windows-nginx/
+# cd "C:\Program Files\Git\usr\bin"
+# openssl
+# req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
+# openssl
+# pkcs12 -in L:\git\NGINX-Conf\conf\includes\ec-server.pfx -nocerts -out L:\Git\NGINX-Conf\conf\includes\ec-server.key
+# openssl
+# pkcs12 -in L:\git\NGINX-Conf\conf\includes\ec-server.pfx -clcerts -nokeys -out L:\Git\NGINX-Conf\conf\includes\ec-server.crt

conf/includes/www.conf

@@ -1,9 +1,4 @@
 location / {
-    # root "D://www";
-    # root "L://Git//jackyzha0-quartz-phares//public";
-    root "L://DevOps//Mesa_FI//jackyzha0-quartz-infineon//public";
+    root "C://SAM_2.1.10//Result";
     index index.html index.htm;
-    location / {
-        try_files $uri $uri.html $uri/ =404;
-    }
 }

conf/includes/wwwroot.conf

@@ -1,4 +1,4 @@
 location / {
-    root "D://wwwroot";
+    root "C://SAM_2.1.10//Result";
     try_files $uri $uri/ /index.html =404;
 }

conf/nginx.conf

@@ -8,21 +8,28 @@ http {
     sendfile on;
     keepalive_timeout 65;
     server {
-        # listen 80;
-        listen 4435 ssl http2;
-        listen [::]:4435 ssl http2;
+        listen 80;
+        # listen 443 ssl http2;
+        # listen [::]:443 ssl http2;
         server_name localhost;
-        # https://localhost
-        ssl_certificate "includes/iscn5cg3256cps.infineon.com.crt";
-        ssl_certificate_key "includes/iscn5cg3256cps.infineon.com.key";
-        # ssl_password_file "includes/iscn5cg3256cps.infineon.com.pass";
-        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+        # ssl_certificate "includes/localhost.crt";
+        # ssl_certificate_key "includes/localhost.key";
+        # ssl_certificate "includes/ec-server.cer";
+        # ssl_certificate "includes/ec-server.crt";
+        # ssl_certificate_key "includes/ec-server.key";
+        # ssl_password_file "includes/ec-server.pass";
+        # ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
         # include "includes/html.conf";
         include "includes/BaGet.conf";
         error_page 500 502 503 504 /50x.html;
         include "includes/html-error.conf";
         # include "includes/github.conf";
     }
+    server {
+        listen 4430;
+        server_name iscn5cg1325c0x.infineon.com;
+        include "includes/BaGet.conf";
+    }
     server {
         listen 5051;
         server_name localhost;
@@ -39,15 +46,8 @@ http {
         include "includes/ProgramData.conf";
     }
     server {
-        # listen 5054;
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
+        listen 5054;
         server_name localhost;
-        # https://localhost
-        ssl_certificate "includes/iscn5cg3256cps.infineon.com.crt";
-        ssl_certificate_key "includes/iscn5cg3256cps.infineon.com.key";
-        # ssl_password_file "includes/iscn5cg3256cps.infineon.com.pass";
-        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
         include "includes/json.conf";
     }
     server {
@@ -56,3 +56,35 @@ http {
         include "includes/wwwroot.conf";
     }
 }
+# mkdir "L:\DevOps\Mesa_FI"
+# cd "L:\DevOps\Mesa_FI"
+# git clone https://tfs.intra.infineon.com/tfs/ManufacturingIT/Mesa_FI/_git/NGINX-Conf
+# -
+# rmdir /s "C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1\conf"
+# mklink /J "C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf"
+# -
+# As administrator
+# -
+# cd "C:\Users\Administrator\AppData\Local\IFXApps\nssm-2.24\win64"
+# nssm install "nginx"
+# -
+# C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1\nginx.exe
+# C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1
+# -
+# start nginx
+# C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1\logs\service.out.log
+# C:\Users\Administrator\AppData\Local\IFXApps\nginx-1.20.1\logs\service.error.log
+# -
+# mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
+# mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\Git\NGINdeX.io"
+# mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
+# mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\DevOps\Mesa_FI\NGINdeX.io"
+# -
+# ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/
+# ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651
+# ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io
+# ln -s /srv/git /var/www/html/637998119172547651/git
+# -
+# cd "C:\Users\phares\AppData\Local\IFXApps\nginx-1.20.1"
+# .\nginx -t
+# .\nginx -s reload