From 5f451c13669b1d2d9a61073af355ef457d3893b0 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 3 Mar 2022 17:13:04 +0200
Subject: [PATCH] Nginx: Set the file type in Vim.
---
nginx/conf.d/default.conf | 1 +
nginx/conf.d/global.conf | 1 +
nginx/conf.d/status.conf | 1 +
nginx/snippets/ads-txt.conf | 1 +
nginx/snippets/allow-ns1.conf | 1 +
nginx/snippets/allow-ns4.conf | 1 +
nginx/snippets/allow-private-ips.conf | 1 +
nginx/snippets/allow-shore-ips.conf | 1 +
nginx/snippets/common-headers.conf | 1 +
nginx/snippets/ldap-auth.conf | 1 +
nginx/snippets/proxy-headers.conf | 1 +
nginx/snippets/proxy-ssl.conf | 1 +
nginx/snippets/redirect-https.conf | 1 +
nginx/snippets/redirect-www.conf | 1 +
nginx/snippets/robots-allow-all.conf | 1 +
nginx/snippets/robots-disallow-all.conf | 1 +
nginx/snippets/security-txt.conf | 1 +
nginx/snippets/ssl.conf | 1 +
nginx/snippets/upgrade-secure.conf | 1 +
nginx/snippets/vouch.conf | 1 +
nginx/snippets/websockets.conf | 1 +
nginx/snippets/www-acme-challenge.conf | 1 +
22 files changed, 22 insertions(+)
diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf
index f428ba9..2f0ef98 100644
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
diff --git a/nginx/conf.d/global.conf b/nginx/conf.d/global.conf
index 608fe8d..b3623a9 100644
--- a/nginx/conf.d/global.conf
+++ b/nginx/conf.d/global.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# The resolver for the Docker network.
resolver 127.0.0.11 valid=30s;
gzip on;
diff --git a/nginx/conf.d/status.conf b/nginx/conf.d/status.conf
index 6ecb7d8..22dab12 100644
--- a/nginx/conf.d/status.conf
+++ b/nginx/conf.d/status.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
server {
listen 80;
listen [::]:80;
diff --git a/nginx/snippets/ads-txt.conf b/nginx/snippets/ads-txt.conf
index b074c08..acd9b93 100644
--- a/nginx/snippets/ads-txt.conf
+++ b/nginx/snippets/ads-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /ads.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
diff --git a/nginx/snippets/allow-ns1.conf b/nginx/snippets/allow-ns1.conf
index bdadb24..6cdf88b 100644
--- a/nginx/snippets/allow-ns1.conf
+++ b/nginx/snippets/allow-ns1.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
allow 62.219.131.121; # ns1.shore.co.il
diff --git a/nginx/snippets/allow-ns4.conf b/nginx/snippets/allow-ns4.conf
index 5e39f40..395de01 100644
--- a/nginx/snippets/allow-ns4.conf
+++ b/nginx/snippets/allow-ns4.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
allow 163.172.74.36; # ns4.shore.co.il
diff --git a/nginx/snippets/allow-private-ips.conf b/nginx/snippets/allow-private-ips.conf
index 154262a..5e798a0 100644
--- a/nginx/snippets/allow-private-ips.conf
+++ b/nginx/snippets/allow-private-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
allow 127.0.0.0/8;
allow 10.0.0.0/8;
allow 192.168.0.0/16;
diff --git a/nginx/snippets/allow-shore-ips.conf b/nginx/snippets/allow-shore-ips.conf
index 709b549..8fed410 100644
--- a/nginx/snippets/allow-shore-ips.conf
+++ b/nginx/snippets/allow-shore-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
include snippets/allow-ns1.conf;
include snippets/allow-ns4.conf;
include snippets/allow-private-ips.conf;
diff --git a/nginx/snippets/common-headers.conf b/nginx/snippets/common-headers.conf
index e97cb68..22a7e89 100644
--- a/nginx/snippets/common-headers.conf
+++ b/nginx/snippets/common-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# add_headers are inherited from previous level if and only if there are no
# add_header directives defined on the current level. So any time there's an
# add_header directive there should be an `include snippets/common-headers.conf`
diff --git a/nginx/snippets/ldap-auth.conf b/nginx/snippets/ldap-auth.conf
index 822c440..0c09669 100644
--- a/nginx/snippets/ldap-auth.conf
+++ b/nginx/snippets/ldap-auth.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
auth_request /validate;
location = /validate {
diff --git a/nginx/snippets/proxy-headers.conf b/nginx/snippets/proxy-headers.conf
index e142036..19fe814 100644
--- a/nginx/snippets/proxy-headers.conf
+++ b/nginx/snippets/proxy-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/nginx/snippets/proxy-ssl.conf b/nginx/snippets/proxy-ssl.conf
index b83886a..b09e3bf 100644
--- a/nginx/snippets/proxy-ssl.conf
+++ b/nginx/snippets/proxy-ssl.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_ssl_verify on;
proxy_ssl_verify_depth 3;
proxy_ssl_name auth.shore.co.il;
diff --git a/nginx/snippets/redirect-https.conf b/nginx/snippets/redirect-https.conf
index 991d593..28f510e 100644
--- a/nginx/snippets/redirect-https.conf
+++ b/nginx/snippets/redirect-https.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location / { return 301 https://$host$request_uri; }
diff --git a/nginx/snippets/redirect-www.conf b/nginx/snippets/redirect-www.conf
index 2d89d75..5394062 100644
--- a/nginx/snippets/redirect-www.conf
+++ b/nginx/snippets/redirect-www.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location / { return 301 https://www.$host$request_uri; }
diff --git a/nginx/snippets/robots-allow-all.conf b/nginx/snippets/robots-allow-all.conf
index 627aee5..81fdd7c 100644
--- a/nginx/snippets/robots-allow-all.conf
+++ b/nginx/snippets/robots-allow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow:\n";
diff --git a/nginx/snippets/robots-disallow-all.conf b/nginx/snippets/robots-disallow-all.conf
index 03d5031..c5001aa 100644
--- a/nginx/snippets/robots-disallow-all.conf
+++ b/nginx/snippets/robots-disallow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow: *\n";
diff --git a/nginx/snippets/security-txt.conf b/nginx/snippets/security-txt.conf
index c1f0d21..5ce6a55 100644
--- a/nginx/snippets/security-txt.conf
+++ b/nginx/snippets/security-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /.well-known/security.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
diff --git a/nginx/snippets/ssl.conf b/nginx/snippets/ssl.conf
index cb1f77f..14805f9 100644
--- a/nginx/snippets/ssl.conf
+++ b/nginx/snippets/ssl.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
include snippets/common-headers.conf;
diff --git a/nginx/snippets/upgrade-secure.conf b/nginx/snippets/upgrade-secure.conf
index 2abc805..3d1b4e6 100644
--- a/nginx/snippets/upgrade-secure.conf
+++ b/nginx/snippets/upgrade-secure.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
if ($http_Upgrade-Insecure-Requests = 1) { return 301 https://$host$request_uri; }
diff --git a/nginx/snippets/vouch.conf b/nginx/snippets/vouch.conf
index 9571b80..c731657 100644
--- a/nginx/snippets/vouch.conf
+++ b/nginx/snippets/vouch.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
diff --git a/nginx/snippets/websockets.conf b/nginx/snippets/websockets.conf
index 64b7e37..0f494e9 100644
--- a/nginx/snippets/websockets.conf
+++ b/nginx/snippets/websockets.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 36000s;
diff --git a/nginx/snippets/www-acme-challenge.conf b/nginx/snippets/www-acme-challenge.conf
index ba3c0b7..db17b30 100644
--- a/nginx/snippets/www-acme-challenge.conf
+++ b/nginx/snippets/www-acme-challenge.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location /.well-known/acme-challenge/ { root /var/www/www.shore.co.il; }
--
GitLab