Add librex domain
This commit is contained in:
parent
c28095c1cb
commit
035849a046
|
|
@ -4,8 +4,8 @@ worker_rlimit_nofile 65535;
|
|||
# Include Modules
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
|
||||
# Include external config
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
server {
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/html/librex;
|
||||
index index.php;
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php-fpm.sock;
|
||||
}
|
||||
|
||||
if ($server_protocol ~* "HTTP/1.0") {
|
||||
return 444;
|
||||
}
|
||||
if ($http_user_agent ~* (python) ) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Onion Service Header
|
||||
#add_header Onion-Location http://searxdr3pqz4nydgnqocsia2xbywptxbkympa2emn7zlgggrir4bkfad.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/securityheaders.conf;
|
||||
#add_header Permissions-Policy "interest-cohort=()" always;
|
||||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
|
||||
|
||||
quic_retry on;
|
||||
quic_gso on;
|
||||
ssl_early_data on;
|
||||
ssl_session_ticket_key /etc/nginx/http3key.key;
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/librex.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/librex.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = librex.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# DNS logging. This log file will show the DNS requests geting forwarded to UNBOUND
|
||||
#log_format dns '$remote_addr [$time_local] $protocol "$dns_qname"';
|
||||
#access_log /var/log/nginx/dns-access.log dns;
|
||||
|
||||
# Include the NJS module. Get the file from https://github.com/TuxInvader/nginx-dns/tree/master/njs.d
|
||||
#js_include /etc/nginx/njs.d/nginx_stream.js;
|
||||
|
||||
# The $dns_qname variable can be populated by preread calls, and can be used for DNS routing
|
||||
#js_set $dns_qname dns_get_qname;
|
||||
|
||||
|
||||
upstream dns {
|
||||
zone dns 64k;
|
||||
server 127.0.0.1:53;
|
||||
}
|
||||
server {
|
||||
#listen 853 http3;
|
||||
listen 853 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/dns.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/dns.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
ssl_handshake_timeout 10s;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 4h;
|
||||
proxy_pass dns;
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# DNS logging. This log file will show the DNS requests geting forwarded to UNBOUND
|
||||
log_format dns '$remote_addr [$time_local] $protocol';
|
||||
access_log /var/log/nginx/dns-access.log dns;
|
||||
|
||||
# Include the NJS module. Get the file from https://github.com/TuxInvader/nginx-dns/tree/master/njs.d
|
||||
#js_include /etc/nginx/njs.d/nginx_stream.js;
|
||||
|
||||
# The $dns_qname variable can be populated by preread calls, and can be used for DNS routing
|
||||
#js_set $dns_qname dns_get_qname;
|
||||
|
||||
|
||||
upstream dns-servers {
|
||||
#zone dns 64k;
|
||||
server 127.0.0.1:53;
|
||||
}
|
||||
server {
|
||||
#listen 853 http3;
|
||||
listen 853; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/dns.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/dns.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
ssl_handshake_timeout 10s;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 4h;
|
||||
proxy_pass dns-servers;
|
||||
}
|
||||
Loading…
Reference in New Issue