From 6756763afacc9e9dbe6cb4f8f44f6a93ad1ff3f7 Mon Sep 17 00:00:00 2001
From: haskal <haskal@bepis.xyz>
Date: Mon, 19 Aug 2019 22:56:57 -0400
Subject: [PATCH] Add captive portal stuff to nginx conf

---
 piratebox_nginx.conf | 100 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 76 insertions(+), 24 deletions(-)

diff --git a/piratebox_nginx.conf b/piratebox_nginx.conf
index 76d6937..63d2874 100644
--- a/piratebox_nginx.conf
+++ b/piratebox_nginx.conf
@@ -1,29 +1,81 @@
-server {
-    listen 80;
-    listen 443 ssl http2;
-    server_name piratebox.lan;
+worker_processes  1;
 
-    charset utf-8;
+load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
 
-    location / {
-        root /opt/piratebox;
-        index index.html;
-    }
-
-    location /piratebox/ {
-        proxy_pass http://aiohttp;
-        proxy_redirect off;
-        proxy_buffering off;
-        proxy_request_buffering off;
-        client_max_body_size 16G;
-    }
-    location /Shared/ {
-        proxy_pass http://aiohttp;
-        proxy_redirect off;
-        proxy_buffering off;
-    }
+events {
+    worker_connections  1024;
 }
 
-upstream aiohttp {
-    server unix:/run/piratebox/piratebox.sock fail_timeout=0;
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx_access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    server {
+        listen 80 default_server;
+        listen 443 ssl http2 default_server;
+        ssl_certificate /etc/piratebox-certs/piratebox.cer;
+        ssl_certificate_key /etc/piratebox-certs/piratebox.key;
+
+        # Android
+        location /generate_204 {
+            return 302 http://piratebox.lan/;
+        }
+
+        # Apple
+        location /hotspot-detect.html {
+            return 302 http://piratebox.lan/;
+        }
+
+        # Microsoft
+        location /ncsi.txt {
+                add_header Content-Type "text/plain";
+                return 200 "Microsoft NCSI";
+        }
+
+        server_name piratebox.lan;
+        server_tokens off;
+        more_clear_headers Server;
+        charset utf-8;
+
+        location / {
+            root /opt/piratebox;
+            index index.html;
+            if ($host != piratebox.lan) {
+                return 302 http://piratebox.lan$request_uri;
+            }
+        }
+
+        location /piratebox/ {
+            proxy_pass http://aiohttp;
+            proxy_redirect off;
+            proxy_buffering off;
+            proxy_request_buffering off;
+            client_max_body_size 16G;
+            if ($host != piratebox.lan) {
+                return 302 http://piratebox.lan$request_uri;
+            }
+        }
+        location /Shared/ {
+            proxy_pass http://aiohttp;
+            proxy_redirect off;
+            proxy_buffering off;
+            if ($host != piratebox.lan) {
+                return 302 http://piratebox.lan$request_uri;
+            }
+        }
+    }
+
+    upstream aiohttp {
+        server unix:/run/piratebox/piratebox.sock fail_timeout=0;
+    }
 }