Fijxu
/
etc-configs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unify, format and update configs

This commit is contained in:
Selfhost Root 2023-04-16 14:30:39 -04:00
parent be8b465a3e
commit 08f45bf7f0
37 changed files with 773 additions and 419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
nginx/nginx.conf Executable file → Normal file
View File

@ -3,8 +3,8 @@ worker_rlimit_nofile 65535;
# Include Modules
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
#Include external config
include /etc/nginx/conf.d/*.conf;
@ -14,10 +14,6 @@ events {
worker_connections 65535;
}
stream {
include /etc/nginx/streams/*;
}
http {
# Basic Settings
@ -47,16 +43,9 @@ http {
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;
# DDOS Protection
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
@ -68,7 +57,15 @@ http {
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;
# QUIC AND HTTP3 SHIT
http3 on;
quic_retry on;
quic_gso on;
include /etc/nginx/snippets/maps.conf;
}

32
nginx/sites-available/7tv.gay.conf
View File

@ -2,22 +2,17 @@ server {
access_log /var/log/nginx/7tv.gay.access.log combined;
error_log /var/log/nginx/7tv.gay.error.log;
root /var/www/7tv;
index index.html index index.htm;
index index.html;
server_name 7tv.gay;
# Security headers and general settings
include configs/security.conf;
include configs/general.conf;
#alocation = / {
# alias /var/www/7tv/gayge.png;
# index
# }
add_header Alt-Svc 'h3=":443";
ma=86400';
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/7tv.gay/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/7tv.gay/privkey.pem; # managed by Certbot
@ -28,13 +23,14 @@ server {
server {
if ($host = 7tv.gay) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name 7tv.gay;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name 7tv.gay;
return 404; # managed by Certbot
}

50
nginx/sites-available/api.spacebar.zzls.xyz.conf
View File

@ -4,31 +4,32 @@ server {
server_name api.spacebar.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_pass_request_headers on;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass_request_headers on;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
include configs/security.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 ssl http2;
listen 443 http3; # managed by Certbot
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -38,13 +39,14 @@ server {
server {
if ($host = api.spacebar.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name api.spacebar.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name api.spacebar.zzls.xyz;
return 404; # managed by Certbot
}

19
nginx/sites-available/archive.zzls.xyz.conf
View File

@ -12,7 +12,7 @@ server {
}
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/archive.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/archive.zzls.xyz/privkey.pem; # managed by Certbot
@ -23,12 +23,13 @@ server {
server {
if ($host = archive.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name archive.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name archive.zzls.xyz;
return 404; # managed by Certbot
}

48
nginx/sites-available/ayaya.beauty.conf
View File

@ -1,32 +1,31 @@
server {
access_log /var/log/nginx/ayaya.beauty.log combined;
error_log /var/log/nginx/ayaya.beauty.error.log;
access_log /dev/null;
error_log /dev/null;
server_name ayaya.beauty;
server_name ayaya.beauty;
include configs/general.conf;
include configs/security.conf;
root /var/www/uguu/dist/public/;
autoindex off;
# access_log off;
index index.html index.php;
root /var/www/uguu/dist/public/;
autoindex off;
index index.html index.php;
client_max_body_size 192M;
client_max_body_size 512M;
location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
expires 30d;
expires 7d;
}
location ~* \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem; # managed by Certbot
@ -38,12 +37,13 @@ server {
server {
if ($host = ayaya.beauty) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name ayaya.beauty;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name ayaya.beauty;
return 404; # managed by Certbot
}

47
nginx/sites-available/cdn.spacebar.zzls.xyz.conf Executable file
View File

@ -0,0 +1,47 @@
server {
access_log /var/log/nginx/cdn.spacebar.access.log combined;
server_name cdn.spacebar.zzls.xyz;
#include configs/general.conf;
location / {
proxy_pass http://localhost:3003;
#include configs/proxyheaders.conf;
proxy_set_header Host $host;
proxy_pass_request_headers on;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_no_cache 1;
proxy_cache_bypass 1;
}
#include configs/securityheaders.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl http2;
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cdn.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cdn.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cdn.spacebar.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name cdn.spacebar.zzls.xyz;
return 404; # managed by Certbot
}

2
nginx/sites-available/cryptochat.zzls.xyz.conf
View File

@ -15,7 +15,7 @@ server {
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cryptochat.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cryptochat.zzls.xyz/privkey.pem; # managed by Certbot

46
nginx/sites-available/cytube.zzls.xyz.conf Executable file
View File

@ -0,0 +1,46 @@
server {
access_log /var/log/nginx/cytube.zzls.xyz combined;
server_name cytube.zzls.xyz;
include configs/general.conf;
location / {
proxy_pass http://127.0.0.1:40023;
include configs/proxyheaders.conf;
}
location ^~ /socket {
proxy_pass http://localhost:40024;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
#include configs/securityheaders.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl http2;
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cytube.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cytube.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cytube.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name cytube.zzls.xyz;
return 404; # managed by Certbot
}

31
nginx/sites-available/files2.zzls.xyz.conf
View File

@ -1,24 +1,15 @@
server {
listen 80;
access_log /var/log/nginx/files.access.log combined;
error_log /var/log/nginx/files.error.log;
access_log /var/log/nginx/files2.access.log combined;
error_log /var/log/nginx/files2.error.log;
server_name files2.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
#root /var/www/files;
#index index.php /_h5ai/public/index.php;
if ($http_user_agent ~* (google) ) {
return 404;
}
deny 131.108.229.119;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
limit_rate 5000k;
limit_rate 5000k;
}
root /mnt/storage/files2.zzls.xyz;
@ -48,9 +39,23 @@ server {
}
listen 443 ssl http2; # managed by Certbot
listen 443 http3;
listen 443 quic;
ssl_certificate /etc/letsencrypt/live/files2.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/files2.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = files2.zzls.xyz) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name files2.zzls.xyz;
return 404; # managed by Certbot
}

50
nginx/sites-available/gateway.spacebar.zzls.xyz.conf Executable file
View File

@ -0,0 +1,50 @@
server {
access_log /var/log/nginx/gateway.spacebar.access.log combined;
server_name gateway.spacebar.zzls.xyz;
#include configs/general.conf;
location / {
proxy_pass http://localhost:3002;
#include configs/proxyheaders.conf;
proxy_set_header Host $host;
proxy_pass_request_headers on;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_no_cache 1;
proxy_cache_bypass 1;
# This is important. It allows Websocket connections through NGINX.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#include configs/securityheaders.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl http2;
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gateway.spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gateway.spacebar.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gateway.spacebar.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name gateway.spacebar.zzls.xyz;
return 404; # managed by Certbot
}

87
nginx/sites-available/gatoculiao.ayaya.beauty.conf Normal file
View File

@ -0,0 +1,87 @@
server {
access_log /var/log/nginx/gatoculiao.ayaya.beauty.log combined;
error_log /var/log/nginx/gatoculiao.ayaya.beauty.error.log;
server_name gatoculiao.ayaya.beauty;
include configs/general.conf;
include configs/security.conf;
root /var/www/gatoculiao.ayaya.beauty;
index index.html;
listen 443 ssl http2; # managed by Certbot
listen 443 quic;
ssl_certificate /etc/letsencrypt/live/gatoculiao.ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gatoculiao.ayaya.beauty/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
access_log /var/log/nginx/vids.gatoculiao.ayaya.beauty.access.log;
server_name vids.gatoculiao.ayaya.beauty;
include configs/general.conf;
include configs/security.conf;
location / {
root /mnt/storage/gatoculiaovideos;
index index.html index.php /_h5ai/public/index.php;
limit_rate 6400k;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
listen 443 ssl http2; # managed by Certbot
listen 443 quic;
ssl_certificate /etc/letsencrypt/live/vids.gatoculiao.ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vids.gatoculiao.ayaya.beauty/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gatoculiao.ayaya.beauty) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name gatoculiao.ayaya.beauty;
return 404; # managed by Certbot
}
server {
if ($host = vids.gatoculiao.ayaya.beauty) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name vids.gatoculiao.ayaya.beauty;
return 404; # managed by Certbot
}

32
nginx/sites-available/gitea.zzls.xyz.conf
View File

@ -2,22 +2,21 @@ server {
access_log /var/log/nginx/git.access.log combined;
server_name git.zzls.xyz;
# Security headers and general settings
#include configs/security.conf;
include configs/general.conf;
location / {
proxy_pass http://unix:/run/forgejo/forgejo.socket;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
# listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.zzls.xyz/privkey.pem; # managed by Certbot
@ -28,13 +27,14 @@ server {
server {
if ($host = git.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name git.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name git.zzls.xyz;
return 404; # managed by Certbot
}

34
nginx/sites-available/i.ayaya.beauty.conf
View File

@ -1,22 +1,21 @@
server {
access_log /var/log/nginx/i.ayaya.beauty.log combined;
error_log /var/log/nginx/i.ayaya.beauty.error.log;
access_log /dev/null;
error_log /dev/null;
server_name i.ayaya.beauty;
include configs/general.conf;
include configs/security.conf;
root /mnt/storage/uguufiles;
autoindex off;
# access_log off;
index index.html;
root /mnt/storage/uguufiles;
autoindex off;
index index.html;
location / {
error_page 403 =301 https://ayaya.beauty;
error_page 404 = /404.gif;
error_page 403 =301 https://ayaya.beauty;
error_page 404 = /404.gif;
}
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem; # managed by Certbot
@ -28,12 +27,13 @@ server {
server {
if ($host = i.ayaya.beauty) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name i.ayaya.beauty;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name i.ayaya.beauty;
return 404; # managed by Certbot
}

21
nginx/sites-available/ii.zzls.xyz.conf
View File

@ -17,7 +17,7 @@ server {
include configs/proxy.conf;
}
listen 443 http3;
listen 443 quic;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
@ -28,13 +28,14 @@ server {
server {
if ($host = ii.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name ii.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name ii.zzls.xyz;
return 404; # managed by Certbot
}

52
nginx/sites-available/inv.zzls.xyz.conf
View File

@ -1,40 +1,38 @@
server {
access_log /var/log/nginx/inv.zzls.xyz.access.log;
error_log /var/log/nginx/inv.zzls.xyz.error.log;
access_log /dev/null;
error_log /dev/null;
server_name inv.zzls.xyz;
include configs/general.conf;
server_name inv.zzls.xyz;
include configs/general.conf;
location / {
proxy_pass http://127.0.0.1:40015/;
include configs/proxy.conf;
}
location / {
proxy_pass http://127.0.0.1:40015/;
include configs/proxy.conf;
}
# Security headers
# Invidious uses their own security headers
# include configs/security.conf;
# QUIC
add_header Alt-Svc 'h3=":443";
ma=86400';
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 http3;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/inv.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/inv.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/inv.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/inv.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = inv.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = inv.zzls.xyz) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
listen 80;
server_name inv.zzls.xyz;
return 404; # managed by Certbot
server_name inv.zzls.xyz;
return 404; # managed by Certbot
}
}

84
nginx/sites-available/librex.zzls.xyz.conf
View File

@ -4,77 +4,71 @@ server {
server_name librex.zzls.xyz;
include configs/general.conf;
root /var/www/librex;
index index.php;
root /var/www/librex;
index index.php;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
# Onion Service Header
add_header Onion-Location http://librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
# CSP + Security Headers
include configs/security.conf;
#add_header Permissions-Policy "interest-cohort=()" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
quic_retry on;
quic_gso on;
ssl_early_data on;
listen 443 http3;
listen 443 quic;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/librex.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/librex.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
root /var/www/librex;
index index.php;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
}
server {
listen 80;
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
listen 40021;
server_name 7huurwog32tny663wkglrhozfoyqyqmsuxjbd7dtudccx44awjda.b32.i2p;
root /var/www/librex;
index index.php;
root /var/www/librex;
index index.php;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
}
server {
listen 40021;
server_name 7huurwog32tny663wkglrhozfoyqyqmsuxjbd7dtudccx44awjda.b32.i2p;
root /var/www/librex;
index index.php;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
}
server {
if ($host = librex.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name librex.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name librex.zzls.xyz;
return 404; # managed by Certbot
}

49
nginx/sites-available/matrix.zzls.xyz.conf
View File

@ -1,21 +1,14 @@
upstream monolith{
server 127.0.0.1:8008;
}
server {
access_log /dev/null;
error_log /dev/null;
access_log /dev/null;
error_log /var/log/nginx/matrix.error.log;
# Common shit
include configs/general.conf;
# Common shit
include configs/general.conf;
server_name matrix.zzls.xyz;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
location /.well-known/matrix/server {
return 200 '{ "m.server": "matrix.zzls.xyz:443" }';
return 200 '{ "m.server": "matrix.zzls.xyz:8443" }';
}
location /.well-known/matrix/client {
@ -25,20 +18,31 @@ include configs/general.conf;
return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" } }';
}
location /_matrix {
proxy_pass http://monolith;
location / {
alias /var/www/cinnyclient/;
index index.html;
}
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 64M;
proxy_http_version 1.1;
}
# SecHeaders
include configs/security.conf;
# CSP (From tchncs.de because i am illiterate at CSP)
add_header Content-Security-Policy "default-src 'self' zzls.xyz matrix.zzls.xyz" always;
# QUIC
add_header Alt-Svc 'h3=":443", h3=":8448";
ma=86400';
client_max_body_size 65M;
listen 443 http3;
listen 443 http2 ssl;
listen 443 quic reuseport;
listen 443 http2 ssl reuseport;
listen 8448 ssl http2 default_server reuseport;
listen 8448 quic default_server reuseport;
ssl_certificate /etc/letsencrypt/live/matrix.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/matrix.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -50,10 +54,11 @@ include configs/general.conf;
server {
if ($host = matrix.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
# managed by Certbot
listen 80;
listen 80;
server_name matrix.zzls.xyz;
return 404; # managed by Certbot

24
nginx/sites-available/mpd.ayaya.beauty.conf
View File

@ -8,21 +8,18 @@ server {
location / {
proxy_pass http://192.168.1.2:40420;
#include configs/proxy.conf;
proxy_connect_timeout 1;
proxy_send_timeout 1;
proxy_read_timeout 1;
}
location /status {
# Turn on stats
stub_status on;
access_log off;
# only allow access from 192.168.1.5 #
allow 192.168.1.2;
deny all;
}
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mpd.ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mpd.ayaya.beauty/privkey.pem; # managed by Certbot
@ -33,13 +30,14 @@ server {
server {
if ($host = mpd.ayaya.beauty) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name mpd.ayaya.beauty;
listen 80;
return 404; # managed by Certbot
}
# managed by Certbot
server_name mpd.ayaya.beauty;
listen 80;
return 404; # managed by Certbot
}

15
nginx/sites-available/paste.zzls.xyz.conf
View File

@ -1,5 +1,5 @@
server {
access_log /var/log/nginx/paste.access.log combined;
access_log /dev/null;
server_name paste.zzls.xyz;
include configs/general.conf;
@ -10,7 +10,7 @@ server {
include configs/proxy.conf;
}
listen 443 http3;
listen 443 quic;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
@ -21,12 +21,13 @@ server {
server {
if ($host = paste.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
# managed by Certbot
server_name paste.zzls.xyz;
listen 80;
return 404; # managed by Certbot
server_name paste.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}
}

24
nginx/sites-available/pbin.zzls.xyz.conf
View File

@ -11,11 +11,12 @@ server {
#include configs/security.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 ssl http2;
listen 443 http3; # managed by Certbot
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pbin.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pbin.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -25,13 +26,14 @@ server {
server {
if ($host = pbin.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name pbin.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name pbin.zzls.xyz;
return 404; # managed by Certbot
}

2
nginx/sites-available/pt.zzls.xyz.conf
View File

@ -17,7 +17,7 @@ server {
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pt.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pt.zzls.xyz/privkey.pem; # managed by Certbot

2
nginx/sites-available/ri.zzls.xyz.conf
View File

@ -17,7 +17,7 @@ server {
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ri.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ri.zzls.xyz/privkey.pem; # managed by Certbot

28
nginx/sites-available/rustlog.zzls.xyz.conf
View File

@ -3,19 +3,20 @@ server {
server_name rustlog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://localhost:40003;
include configs/proxy.conf;
}
include configs/security.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
# QUIC
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 ssl http2;
listen 443 http3; # managed by Certbot
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/rustlog.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/rustlog.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -25,13 +26,14 @@ server {
server {
if ($host = rustlog.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name rustlog.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name rustlog.zzls.xyz;
return 404; # managed by Certbot
}

34
nginx/sites-available/selfhost.zzls.xyz.conf
View File

@ -1,7 +1,10 @@
server {
access_log /var/log/nginx/selfhost.log combined;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
include configs/general.conf;
include configs/security.conf;
server_name selfhost.zzls.xyz;
@ -9,18 +12,12 @@ server {
try_files $uri $uri/ =404;
}
# security headers
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 ssl http2;
listen 443 http3; # managed by Certbot
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/selfhost.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/selfhost.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -30,13 +27,14 @@ server {
server {
if ($host = selfhost.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name selfhost.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name selfhost.zzls.xyz;
return 404; # managed by Certbot
}

32
nginx/sites-available/spacebar.zzls.xyz.conf
View File

@ -2,21 +2,20 @@ server {
access_log /var/log/nginx/spacebar.access.log combined;
server_name spacebar.zzls.xyz;
include configs/general.conf;
root /var/www/spacebar-client;
include configs/general.conf;
include configs/security.conf;
location / {
try_files $uri $uri/ /index.html;
#include configs/proxy.conf;
try_files $uri $uri/ /index.html;
}
include configs/security.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 ssl http2;
listen 443 http3; # managed by Certbot
listen 443 quic; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/spacebar.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/spacebar.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@ -26,13 +25,14 @@ server {
server {
if ($host = spacebar.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name spacebar.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name spacebar.zzls.xyz;
return 404; # managed by Certbot
}

27
nginx/sites-available/stream.ayaya.beauty.conf
View File

@ -3,18 +3,18 @@ server {
error_log /var/log/nginx/stream.ayaya.beauty.error.log;
root /var/www/stream/;
index index.html index.htm index.nginx-debian.html;
index index.html;
server_name stream.ayaya.beauty;
include configs/general.conf;
include configs/security.conf;
location /stream {
proxy_pass http://localhost:8080/live/livestream/stream.flv;
include configs/proxy.conf;
proxy_pass http://localhost:8080/live/livestream/stream.flv;
include configs/proxy.conf;
}
listen 443 http3;
listen 443 quic;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/stream.ayaya.beauty/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/stream.ayaya.beauty/privkey.pem; # managed by Certbot
@ -25,13 +25,14 @@ server {
server {
if ($host = stream.ayaya.beauty) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name stream.ayaya.beauty;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name stream.ayaya.beauty;
return 404; # managed by Certbot
}

67
nginx/sites-available/synapse.zzls.xyz.conf Normal file
View File

@ -0,0 +1,67 @@
upstream monolithh {
server 127.0.0.1:8088;
}
server {
access_log /var/log/nginx/synapse.access.log;
error_log /var/log/nginx/synapse.error.log;
# Common shit
include configs/general.conf;
server_name synapse.zzls.xyz;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
location /.well-known/synapse/server {
return 200 '{ "m.server": "synapse.zzls.xyz:443" }';
}
location /.well-known/synapse/client {
# If your sever_name here doesn't match your synapse homeserver URL
# (e.g. hostname.com as server_name and synapse.hostname.com as homeserver URL)
# add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.homeserver": { "base_url": "https://synapse.zzls.xyz" } }';
}
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://monolithh;
}
location / {
alias /var/www/cinnyclient/;
index index.html;
}
# SecHeaders
include configs/security.conf;
# CSP (From tchncs.de because i am illiterate at CSP)
#add_header Content-Security-Policy "default-src 'self' zzls.xyz synapse.zzls.xyz; connect-src 'self'; font-src 'self' data:; img-src 'self' data: https://cdn.jsdelivr.net; media-src 'self' " always;
client_max_body_size 65M;
listen 443 quic;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/synapse.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/synapse.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = synapse.zzls.xyz) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name synapse.zzls.xyz;
return 404; # managed by Certbot
}

42
nginx/sites-available/test.zzls.xyz.conf Normal file
View File

@ -0,0 +1,42 @@
server {
access_log /var/log/nginx/test.log;
error_log /var/log/nginx/test.error.log;
## Your website name goes here.
server_name test.gaysdemierda.cl;
## Your only path reference.
root /srv/http/wordpress;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

68
nginx/sites-available/wiki.zzls.xyz.conf
View File

@ -7,33 +7,42 @@ server {
include configs/security.conf;
include configs/general.conf;
root /opt/dokuwiki;
index doku.php;
root /opt/dokuwiki;
index doku.php;
#Remember to comment the below out when you are installing DokuWiki, and uncomment it when you are done.
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
#Remember to comment the below out when you are installing DokuWiki, and uncomment it when you are done.
location ~ /(data/|conf/|bin/|inc/|install.php) {
deny all;
}
# secure Dokuwiki
location ~^/\.ht { deny all; } # also secure the Apache .htaccess files
location @dokuwiki {
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location ~^/\.ht {
deny all;
}
# also secure the Apache .htaccess files
location @dokuwiki {
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location / { try_files $uri $uri/ @dokuwiki; }
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location / {
try_files $uri $uri/ @dokuwiki;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
# listen 443 http3;
# listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.zzls.xyz/privkey.pem; # managed by Certbot
@ -44,12 +53,13 @@ server {
server {
if ($host = wiki.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name wiki.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name wiki.zzls.xyz;
return 404; # managed by Certbot
}

4
nginx/sites-available/wiki.zzls.xyz.conf.orig
View File

@ -34,9 +34,9 @@ server {
add_header Alt-Svc 'h3=":443"; ma=86400';
<<<<<<< HEAD
#listen 443 http3;
#listen 443 quic;
=======
listen 443 http3;
listen 443 quic;
>>>>>>> 8b6f976fe8e457df02c4ba50a64bafdf969df8dd
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki.zzls.xyz/fullchain.pem; # managed by Certbot

106
nginx/sites-available/wiki2.zzls.xyz.conf
View File

@ -7,55 +7,56 @@ server {
include configs/security.conf;
include configs/general.conf;
root /opt/mediawiki-1.39.1;
index index.php;
charset utf-8;
client_max_body_size 100m;
client_body_timeout 60;
root /opt/mediawiki-1.39.1;
index index.php;
charset utf-8;
client_max_body_size 100m;
client_body_timeout 60;
location / {
index index.php;
try_files $uri $uri/ @mediawiki;
}
location @mediawiki {
rewrite ^/(.*)$ /index.php;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri @mediawiki;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri /index.php;
expires max;
log_not_found off;
}
# Restrictions based on the .htaccess files
location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
deny all;
}
#location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
# internal;
#}
location ^~ /images/ {
try_files $uri /index.php;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location /rest.php {
try_files $uri $uri/ /rest.php?$args;
}
location / {
index index.php;
try_files $uri $uri/ @mediawiki;
}
location @mediawiki {
rewrite ^/(.*)$ /index.php;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri @mediawiki;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri /index.php;
expires max;
log_not_found off;
}
# Restrictions based on the .htaccess files
location ~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
deny all;
}
#location ~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
# internal;
#}
location ^~ /images/ {
try_files $uri /index.php;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location /rest.php {
try_files $uri $uri/ /rest.php?$args;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
add_header Alt-Svc 'h3=":443";
ma=86400';
listen 443 http3;
listen 443 quic;
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki2.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki2.zzls.xyz/privkey.pem; # managed by Certbot
@ -66,12 +67,13 @@ location /rest.php {
server {
if ($host = wiki2.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name wiki2.zzls.xyz;
return 404; # managed by Certbot
}
# managed by Certbot
listen 80;
server_name wiki2.zzls.xyz;
return 404; # managed by Certbot
}

1
nginx/sites-enabled/api.spacebar.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/api.spacebar.zzls.xyz.conf

1
nginx/sites-enabled/gatoculiao.ayaya.beauty.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/gatoculiao.ayaya.beauty.conf

1
nginx/sites-enabled/matrix.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/matrix.zzls.xyz.conf

1
nginx/sites-enabled/ri.zzls.xyz.conf
View File

@ -1 +0,0 @@
../sites-available/ri.zzls.xyz.conf

1
nginx/sites-enabled/spacebar.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/spacebar.zzls.xyz.conf

1
nginx/sites-enabled/wiki2.zzls.xyz.conf
View File

@ -1 +0,0 @@
../sites-available/wiki2.zzls.xyz.conf