Unify, format and update configs
This commit is contained in:
parent
be8b465a3e
commit
08f45bf7f0
|
@ -3,8 +3,8 @@ worker_rlimit_nofile 65535;
|
|||
|
||||
# Include Modules
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
|
||||
#Include external config
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
@ -14,10 +14,6 @@ events {
|
|||
worker_connections 65535;
|
||||
}
|
||||
|
||||
stream {
|
||||
include /etc/nginx/streams/*;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
# Basic Settings
|
||||
|
@ -47,16 +43,9 @@ http {
|
|||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites
|
||||
# Diffie-Hellman parameter for DHE ciphersuites
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
|
||||
# DDOS Protection
|
||||
limit_conn_zone $binary_remote_addr zone=perip:10m;
|
||||
limit_conn perip 100;
|
||||
|
||||
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
|
||||
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
|
@ -68,7 +57,15 @@ http {
|
|||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
# OCSP stapling
|
||||
#ssl_stapling on;
|
||||
#ssl_stapling_verify on;
|
||||
|
||||
# QUIC AND HTTP3 SHIT
|
||||
http3 on;
|
||||
quic_retry on;
|
||||
quic_gso on;
|
||||
|
||||
include /etc/nginx/snippets/maps.conf;
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -2,22 +2,17 @@ server {
|
|||
access_log /var/log/nginx/7tv.gay.access.log combined;
|
||||
error_log /var/log/nginx/7tv.gay.error.log;
|
||||
root /var/www/7tv;
|
||||
index index.html index index.htm;
|
||||
index index.html;
|
||||
server_name 7tv.gay;
|
||||
|
||||
# Security headers and general settings
|
||||
include configs/security.conf;
|
||||
include configs/general.conf;
|
||||
|
||||
#alocation = / {
|
||||
# alias /var/www/7tv/gayge.png;
|
||||
# index
|
||||
# }
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/7tv.gay/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/7tv.gay/privkey.pem; # managed by Certbot
|
||||
|
@ -28,13 +23,14 @@ server {
|
|||
server {
|
||||
if ($host = 7tv.gay) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name 7tv.gay;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name 7tv.gay;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -4,31 +4,32 @@ server {
|
|||
|
||||
server_name api.spacebar.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_request_headers on;
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $remote_addr;
|
||||
proxy_no_cache 1;
|
||||
proxy_cache_bypass 1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_request_headers on;
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $remote_addr;
|
||||
proxy_no_cache 1;
|
||||
proxy_cache_bypass 1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
}
|
||||
|
||||
include configs/security.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 http3; # managed by Certbot
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/api.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/api.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -38,13 +39,14 @@ server {
|
|||
server {
|
||||
if ($host = api.spacebar.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name api.spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name api.spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ server {
|
|||
}
|
||||
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/archive.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/archive.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -23,12 +23,13 @@ server {
|
|||
server {
|
||||
if ($host = archive.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name archive.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name archive.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,32 +1,31 @@
|
|||
server {
|
||||
access_log /var/log/nginx/ayaya.beauty.log combined;
|
||||
error_log /var/log/nginx/ayaya.beauty.error.log;
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
server_name ayaya.beauty;
|
||||
server_name ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
root /var/www/uguu/dist/public/;
|
||||
autoindex off;
|
||||
# access_log off;
|
||||
index index.html index.php;
|
||||
root /var/www/uguu/dist/public/;
|
||||
autoindex off;
|
||||
index index.html index.php;
|
||||
|
||||
client_max_body_size 192M;
|
||||
client_max_body_size 512M;
|
||||
|
||||
location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
|
||||
expires 30d;
|
||||
expires 7d;
|
||||
}
|
||||
|
||||
location ~* \.php$ {
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
|
@ -38,12 +37,13 @@ server {
|
|||
server {
|
||||
if ($host = ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
server {
|
||||
access_log /var/log/nginx/cdn.spacebar.access.log combined;
|
||||
|
||||
server_name cdn.spacebar.zzls.xyz;
|
||||
#include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3003;
|
||||
#include configs/proxyheaders.conf;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_request_headers on;
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $remote_addr;
|
||||
proxy_no_cache 1;
|
||||
proxy_cache_bypass 1;
|
||||
}
|
||||
|
||||
#include configs/securityheaders.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/cdn.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/cdn.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = cdn.spacebar.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name cdn.spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -15,7 +15,7 @@ server {
|
|||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/cryptochat.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/cryptochat.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
server {
|
||||
access_log /var/log/nginx/cytube.zzls.xyz combined;
|
||||
|
||||
server_name cytube.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40023;
|
||||
include configs/proxyheaders.conf;
|
||||
}
|
||||
|
||||
location ^~ /socket {
|
||||
proxy_pass http://localhost:40024;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
}
|
||||
|
||||
#include configs/securityheaders.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/cytube.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/cytube.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = cytube.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name cytube.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -1,24 +1,15 @@
|
|||
server {
|
||||
listen 80;
|
||||
|
||||
access_log /var/log/nginx/files.access.log combined;
|
||||
error_log /var/log/nginx/files.error.log;
|
||||
access_log /var/log/nginx/files2.access.log combined;
|
||||
error_log /var/log/nginx/files2.error.log;
|
||||
|
||||
server_name files2.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
#root /var/www/files;
|
||||
#index index.php /_h5ai/public/index.php;
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
deny 131.108.229.119;
|
||||
|
||||
location / {
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
limit_rate 5000k;
|
||||
limit_rate 5000k;
|
||||
}
|
||||
|
||||
root /mnt/storage/files2.zzls.xyz;
|
||||
|
@ -48,9 +39,23 @@ server {
|
|||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
ssl_certificate /etc/letsencrypt/live/files2.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/files2.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = files2.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name files2.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
access_log /var/log/nginx/gateway.spacebar.access.log combined;
|
||||
|
||||
server_name gateway.spacebar.zzls.xyz;
|
||||
#include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3002;
|
||||
#include configs/proxyheaders.conf;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_request_headers on;
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $remote_addr;
|
||||
proxy_no_cache 1;
|
||||
proxy_cache_bypass 1;
|
||||
# This is important. It allows Websocket connections through NGINX.
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
#include configs/securityheaders.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/gateway.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/gateway.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = gateway.spacebar.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name gateway.spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,87 @@
|
|||
server {
|
||||
access_log /var/log/nginx/gatoculiao.ayaya.beauty.log combined;
|
||||
error_log /var/log/nginx/gatoculiao.ayaya.beauty.error.log;
|
||||
|
||||
server_name gatoculiao.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
root /var/www/gatoculiao.ayaya.beauty;
|
||||
index index.html;
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
listen 443 quic;
|
||||
ssl_certificate /etc/letsencrypt/live/gatoculiao.ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/gatoculiao.ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/vids.gatoculiao.ayaya.beauty.access.log;
|
||||
server_name vids.gatoculiao.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
root /mnt/storage/gatoculiaovideos;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
limit_rate 6400k;
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
listen 443 quic;
|
||||
ssl_certificate /etc/letsencrypt/live/vids.gatoculiao.ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/vids.gatoculiao.ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = gatoculiao.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name gatoculiao.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = vids.gatoculiao.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name vids.gatoculiao.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -2,22 +2,21 @@ server {
|
|||
access_log /var/log/nginx/git.access.log combined;
|
||||
|
||||
server_name git.zzls.xyz;
|
||||
# Security headers and general settings
|
||||
#include configs/security.conf;
|
||||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.socket;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
# listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/git.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -28,13 +27,14 @@ server {
|
|||
server {
|
||||
if ($host = git.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name git.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name git.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,22 +1,21 @@
|
|||
server {
|
||||
access_log /var/log/nginx/i.ayaya.beauty.log combined;
|
||||
error_log /var/log/nginx/i.ayaya.beauty.error.log;
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
server_name i.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
root /mnt/storage/uguufiles;
|
||||
autoindex off;
|
||||
# access_log off;
|
||||
index index.html;
|
||||
root /mnt/storage/uguufiles;
|
||||
autoindex off;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
error_page 403 =301 https://ayaya.beauty;
|
||||
error_page 404 = /404.gif;
|
||||
error_page 403 =301 https://ayaya.beauty;
|
||||
error_page 404 = /404.gif;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
|
@ -28,12 +27,13 @@ server {
|
|||
server {
|
||||
if ($host = i.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name i.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name i.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@ server {
|
|||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -28,13 +28,14 @@ server {
|
|||
server {
|
||||
if ($host = ii.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name ii.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name ii.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,40 +1,38 @@
|
|||
server {
|
||||
access_log /var/log/nginx/inv.zzls.xyz.access.log;
|
||||
error_log /var/log/nginx/inv.zzls.xyz.error.log;
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40015/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40015/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# Security headers
|
||||
# Invidious uses their own security headers
|
||||
# include configs/security.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/inv.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/inv.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/inv.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/inv.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = inv.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
if ($host = inv.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen 80;
|
||||
|
||||
server_name inv.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
server_name inv.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,77 +4,71 @@ server {
|
|||
|
||||
server_name librex.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
|
||||
# Onion Service Header
|
||||
add_header Onion-Location http://librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
#add_header Permissions-Policy "interest-cohort=()" always;
|
||||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
|
||||
|
||||
quic_retry on;
|
||||
quic_gso on;
|
||||
ssl_early_data on;
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/librex.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/librex.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
listen 40021;
|
||||
server_name 7huurwog32tny663wkglrhozfoyqyqmsuxjbd7dtudccx44awjda.b32.i2p;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
}
|
||||
server {
|
||||
listen 40021;
|
||||
server_name 7huurwog32tny663wkglrhozfoyqyqmsuxjbd7dtudccx44awjda.b32.i2p;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = librex.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,21 +1,14 @@
|
|||
upstream monolith{
|
||||
server 127.0.0.1:8008;
|
||||
}
|
||||
server {
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
access_log /dev/null;
|
||||
error_log /var/log/nginx/matrix.error.log;
|
||||
|
||||
# Common shit
|
||||
include configs/general.conf;
|
||||
# Common shit
|
||||
include configs/general.conf;
|
||||
|
||||
server_name matrix.zzls.xyz;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{ "m.server": "matrix.zzls.xyz:443" }';
|
||||
return 200 '{ "m.server": "matrix.zzls.xyz:8443" }';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
|
@ -25,20 +18,31 @@ include configs/general.conf;
|
|||
return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" } }';
|
||||
}
|
||||
|
||||
location /_matrix {
|
||||
proxy_pass http://monolith;
|
||||
location / {
|
||||
alias /var/www/cinnyclient/;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 64M;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
# SecHeaders
|
||||
include configs/security.conf;
|
||||
|
||||
# CSP (From tchncs.de because i am illiterate at CSP)
|
||||
add_header Content-Security-Policy "default-src 'self' zzls.xyz matrix.zzls.xyz" always;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443", h3=":8448";
|
||||
ma=86400';
|
||||
|
||||
client_max_body_size 65M;
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 http2 ssl;
|
||||
listen 443 quic reuseport;
|
||||
listen 443 http2 ssl reuseport;
|
||||
listen 8448 ssl http2 default_server reuseport;
|
||||
listen 8448 quic default_server reuseport;
|
||||
ssl_certificate /etc/letsencrypt/live/matrix.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/matrix.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -50,10 +54,11 @@ include configs/general.conf;
|
|||
server {
|
||||
if ($host = matrix.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen 80;
|
||||
server_name matrix.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
|
|
@ -8,21 +8,18 @@ server {
|
|||
|
||||
location / {
|
||||
proxy_pass http://192.168.1.2:40420;
|
||||
#include configs/proxy.conf;
|
||||
proxy_connect_timeout 1;
|
||||
proxy_send_timeout 1;
|
||||
proxy_read_timeout 1;
|
||||
}
|
||||
location /status {
|
||||
# Turn on stats
|
||||
stub_status on;
|
||||
access_log off;
|
||||
# only allow access from 192.168.1.5 #
|
||||
allow 192.168.1.2;
|
||||
deny all;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/mpd.ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/mpd.ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
|
@ -33,13 +30,14 @@ server {
|
|||
server {
|
||||
if ($host = mpd.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
server_name mpd.ayaya.beauty;
|
||||
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
server_name mpd.ayaya.beauty;
|
||||
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
server {
|
||||
access_log /var/log/nginx/paste.access.log combined;
|
||||
access_log /dev/null;
|
||||
|
||||
server_name paste.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
@ -10,7 +10,7 @@ server {
|
|||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -21,12 +21,13 @@ server {
|
|||
server {
|
||||
if ($host = paste.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
server_name paste.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
server_name paste.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,11 +11,12 @@ server {
|
|||
|
||||
#include configs/security.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 http3; # managed by Certbot
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/pbin.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/pbin.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -25,13 +26,14 @@ server {
|
|||
server {
|
||||
if ($host = pbin.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name pbin.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name pbin.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@ server {
|
|||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/pt.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/pt.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
|
|
@ -17,7 +17,7 @@ server {
|
|||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/ri.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/ri.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
|
|
@ -3,19 +3,20 @@ server {
|
|||
|
||||
server_name rustlog.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:40003;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
include configs/security.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 http3; # managed by Certbot
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/rustlog.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/rustlog.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -25,13 +26,14 @@ server {
|
|||
server {
|
||||
if ($host = rustlog.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name rustlog.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name rustlog.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
server {
|
||||
access_log /var/log/nginx/selfhost.log combined;
|
||||
|
||||
root /var/www/html;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
server_name selfhost.zzls.xyz;
|
||||
|
||||
|
@ -9,18 +12,12 @@ server {
|
|||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# security headers
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 http3; # managed by Certbot
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/selfhost.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/selfhost.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -30,13 +27,14 @@ server {
|
|||
server {
|
||||
if ($host = selfhost.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name selfhost.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name selfhost.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -2,21 +2,20 @@ server {
|
|||
access_log /var/log/nginx/spacebar.access.log combined;
|
||||
|
||||
server_name spacebar.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/spacebar-client;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
#include configs/proxy.conf;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
||||
include configs/security.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 http3; # managed by Certbot
|
||||
listen 443 quic; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/spacebar.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
|
@ -26,13 +25,14 @@ server {
|
|||
server {
|
||||
if ($host = spacebar.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name spacebar.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -3,18 +3,18 @@ server {
|
|||
error_log /var/log/nginx/stream.ayaya.beauty.error.log;
|
||||
|
||||
root /var/www/stream/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
index index.html;
|
||||
|
||||
server_name stream.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location /stream {
|
||||
proxy_pass http://localhost:8080/live/livestream/stream.flv;
|
||||
include configs/proxy.conf;
|
||||
proxy_pass http://localhost:8080/live/livestream/stream.flv;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/stream.ayaya.beauty/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/stream.ayaya.beauty/privkey.pem; # managed by Certbot
|
||||
|
@ -25,13 +25,14 @@ server {
|
|||
server {
|
||||
if ($host = stream.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name stream.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name stream.ayaya.beauty;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
upstream monolithh {
|
||||
server 127.0.0.1:8088;
|
||||
}
|
||||
server {
|
||||
access_log /var/log/nginx/synapse.access.log;
|
||||
error_log /var/log/nginx/synapse.error.log;
|
||||
|
||||
# Common shit
|
||||
include configs/general.conf;
|
||||
|
||||
server_name synapse.zzls.xyz;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
|
||||
location /.well-known/synapse/server {
|
||||
return 200 '{ "m.server": "synapse.zzls.xyz:443" }';
|
||||
}
|
||||
|
||||
location /.well-known/synapse/client {
|
||||
# If your sever_name here doesn't match your synapse homeserver URL
|
||||
# (e.g. hostname.com as server_name and synapse.hostname.com as homeserver URL)
|
||||
# add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ "m.homeserver": { "base_url": "https://synapse.zzls.xyz" } }';
|
||||
}
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
proxy_pass http://monolithh;
|
||||
}
|
||||
|
||||
location / {
|
||||
alias /var/www/cinnyclient/;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
# SecHeaders
|
||||
include configs/security.conf;
|
||||
|
||||
# CSP (From tchncs.de because i am illiterate at CSP)
|
||||
#add_header Content-Security-Policy "default-src 'self' zzls.xyz synapse.zzls.xyz; connect-src 'self'; font-src 'self' data:; img-src 'self' data: https://cdn.jsdelivr.net; media-src 'self' " always;
|
||||
|
||||
client_max_body_size 65M;
|
||||
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/synapse.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/synapse.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
if ($host = synapse.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name synapse.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/test.log;
|
||||
error_log /var/log/nginx/test.error.log;
|
||||
## Your website name goes here.
|
||||
server_name test.gaysdemierda.cl;
|
||||
## Your only path reference.
|
||||
root /srv/http/wordpress;
|
||||
## This should be in your http block and if it is, it's not needed here.
|
||||
index index.php;
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location / {
|
||||
# This is cool because no php is touched for static content.
|
||||
# include the "?$args" part so non-default permalinks doesn't break when using query string
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
include fastcgi_params;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
#The following parameter can be also included in fastcgi_params file
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
|
@ -7,33 +7,42 @@ server {
|
|||
include configs/security.conf;
|
||||
include configs/general.conf;
|
||||
|
||||
root /opt/dokuwiki;
|
||||
index doku.php;
|
||||
root /opt/dokuwiki;
|
||||
index doku.php;
|
||||
|
||||
#Remember to comment the below out when you are installing DokuWiki, and uncomment it when you are done.
|
||||
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
|
||||
#Remember to comment the below out when you are installing DokuWiki, and uncomment it when you are done.
|
||||
location ~ /(data/|conf/|bin/|inc/|install.php) {
|
||||
deny all;
|
||||
}
|
||||
# secure Dokuwiki
|
||||
|
||||
location ~^/\.ht { deny all; } # also secure the Apache .htaccess files
|
||||
location @dokuwiki {
|
||||
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
|
||||
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
||||
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
||||
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
||||
rewrite ^/(.*) /doku.php?id=$1&$args last;
|
||||
}
|
||||
location ~^/\.ht {
|
||||
deny all;
|
||||
}
|
||||
# also secure the Apache .htaccess files
|
||||
location @dokuwiki {
|
||||
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
|
||||
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
||||
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
||||
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
||||
rewrite ^/(.*) /doku.php?id=$1&$args last;
|
||||
}
|
||||
|
||||
location / { try_files $uri $uri/ @dokuwiki; }
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
location / {
|
||||
try_files $uri $uri/ @dokuwiki;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
# listen 443 http3;
|
||||
# listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/wiki.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -44,12 +53,13 @@ server {
|
|||
server {
|
||||
if ($host = wiki.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name wiki.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name wiki.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -34,9 +34,9 @@ server {
|
|||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
<<<<<<< HEAD
|
||||
#listen 443 http3;
|
||||
#listen 443 quic;
|
||||
=======
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
>>>>>>> 8b6f976fe8e457df02c4ba50a64bafdf969df8dd
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/wiki.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
|
|
|
@ -7,55 +7,56 @@ server {
|
|||
include configs/security.conf;
|
||||
include configs/general.conf;
|
||||
|
||||
root /opt/mediawiki-1.39.1;
|
||||
index index.php;
|
||||
charset utf-8;
|
||||
client_max_body_size 100m;
|
||||
client_body_timeout 60;
|
||||
root /opt/mediawiki-1.39.1;
|
||||
index index.php;
|
||||
charset utf-8;
|
||||
client_max_body_size 100m;
|
||||
client_body_timeout 60;
|
||||
|
||||
location / {
|
||||
index index.php;
|
||||
try_files $uri $uri/ @mediawiki;
|
||||
}
|
||||
location @mediawiki {
|
||||
rewrite ^/(.*)$ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
try_files $uri @mediawiki;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
||||
try_files $uri /index.php;
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
# Restrictions based on the .htaccess files
|
||||
location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
|
||||
deny all;
|
||||
}
|
||||
#location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
|
||||
# internal;
|
||||
#}
|
||||
location ^~ /images/ {
|
||||
try_files $uri /index.php;
|
||||
}
|
||||
location ~ /\. {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
location /rest.php {
|
||||
try_files $uri $uri/ /rest.php?$args;
|
||||
}
|
||||
location / {
|
||||
index index.php;
|
||||
try_files $uri $uri/ @mediawiki;
|
||||
}
|
||||
location @mediawiki {
|
||||
rewrite ^/(.*)$ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
try_files $uri @mediawiki;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
||||
try_files $uri /index.php;
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
# Restrictions based on the .htaccess files
|
||||
location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
|
||||
deny all;
|
||||
}
|
||||
#location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
|
||||
# internal;
|
||||
#}
|
||||
location ^~ /images/ {
|
||||
try_files $uri /index.php;
|
||||
}
|
||||
location ~ /\. {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
location /rest.php {
|
||||
try_files $uri $uri/ /rest.php?$args;
|
||||
}
|
||||
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
add_header Alt-Svc 'h3=":443";
|
||||
ma=86400';
|
||||
|
||||
listen 443 http3;
|
||||
listen 443 quic;
|
||||
listen 443 http2 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/wiki2.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki2.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
@ -66,12 +67,13 @@ location /rest.php {
|
|||
server {
|
||||
if ($host = wiki2.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name wiki2.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name wiki2.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../sites-available/api.spacebar.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/gatoculiao.ayaya.beauty.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/matrix.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/ri.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/spacebar.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/wiki2.zzls.xyz.conf
|
Loading…
Reference in New Issue