Nginx and Apache for Drupal

Here is a config for Nginx serving all static content and Apache serving dynamic.

server {
        listen 80;
    server_name bla.com;
    root /var/www/htlm;

    index index.html index.htm index.php;

    access_log /var/log/nginx/example.org.access.log;
    error_log /var/log/nginx/example.org.error.log;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    # For drush
    location = /backup {
            deny all;
    }

    # Prevent user from accessing settings.php directly
    location ~ ^/sites/[^/]+/settings.php$ {
            deny all;
    }

    ## Replicate the Apache <FilesMatch> directive of Drupal standard
    ## .htaccess. Disable access to any code files. Return a 404 to curtail
    ## information disclosure. Hide also the text files.
    location ~* ^(?:.+.(?:htaccess|make|txt|log|engine|inc|info|install|module|profile|po|sh|.sql|theme|tpl(?:.php)?|xtmpl)|code-style.pl|/Entries.|/Repository|/Root|/Ta$
            return 404;
    }

    location ~ ../..php$ {
            return 403;
    }

    location / {

        try_files $uri $uri/ @apache;

        expires max;

        access_log off;

    }

    location @apache {

                proxy_pass  http://127.0.0.1:8888;

     }

    # Use an SSH tunnel to access those pages. They shouldn't be visible to

    # external peeping eyes.

    location = /install.php {

            allow 127.0.0.1;

            deny all;

    }

    location = /update.php {

            allow 127.0.0.1;

            deny all;

    }

}

How to put Debian preseed file on a iso/cd image

In Debian you need package genisoimage instead of mkisofs! In other distros use mkisofs

#!/bin/sh

if [ $# -ne 3 ]
then
 echo "Usage: $0 input.iso output.iso your-preseed-file"
 exit 1
fi
iso=$1
output=$2
preseed=$3
lpdir=__loopdir__
cddir=__cd__
irdir=__irmod__

# Copy image
mkdir $lpdir
mount -o loop $iso $lpdir
rm -rf $cddir
mkdir $cddir
rsync -a -H --exclude=TRANS.TBL $lpdir/ $cddir
umount $lpdir

# Hack initrd
mkdir $irdir
cd $irdir
gzip -d < ../$cddir/install.amd/initrd.gz | \
 cpio --extract --verbose --make-directories --no-absolute-filenames
cp ../$preseed preseed.cfg
find . | cpio -H newc --create --verbose | \
 gzip -9 > ../$cddir/install.amd/initrd.gz
cd ../
rm -rf $irdir

# Modify default option
cd $cddir/isolinux
sed 's/timeout 0/timeout 5/' isolinux.cfg > tmp
mv tmp isolinux.cfg

#uncomment next 2 lines if wished
#sed 's/vga=788/console=ttyS0,9600n8/' txt.cfg > tmp
#mv tmp txt.cfg

cd ../../
# Fix checksum
cd $cddir
md5sum `find -follow -type f` > md5sum.txt
cd ..

# Create bootable CD
genisoimage -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat ./$cddir

# Cleaning up
rm -rf $lpdir
rm -rf $cddir

echo "Created $output!"

Debian 8 Jessie Preseed Example

Here you find the full example preseed file for Jessie:
https://www.debian.org/releases/jessie/example-preseed.txt

I personally wanted an attended installation that just had some options preconfigured and runs a late_command in the end:

#### Contents of the preconfiguration file (for jessie)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US
d-i keyboard-configuration/xkb-keymap select us

### Network configuration
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
d-i netcfg/choose_interface select eth1
popularity-contest popularity-contest/participate boolean false
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

#copy another script to the target
d-i preseed/late_command string wget -O /target/etc/init.d/latecommand.sh http://10.0.8.1/latecommand.sh; \
in-target chmod +x /etc/init.d/latecommand.sh; \
in-target update-rc.d latecommand.sh defaults

Proxmox V4 Nginx Reverse Proxy with VNC

After many many fails now a working one. This is for https://domain.tld/proxmox:

 location ~ ^/(?:proxmox|pve2|api2|novnc)$ {

    rewrite /(proxmox|pve2|api2|novnc) /$1/ permanent;

  }

  location ~ ^/(?:proxmox|pve2|api2|novnc)/ {

    rewrite /proxmox/(.*) /$1 break;

    rewrite /((?:pve2|api2|novnc)/.*) /$1 break;

    proxy_pass https://xxx.xxx.xxx.xxx:8006;

    proxy_read_timeout 90;

    proxy_redirect off;

    proxy_http_version 1.1;

    proxy_set_header Connection "upgrade";

    proxy_set_header Origin http://$host;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;

  }