diff --git a/i2pd/i2pd.conf b/i2pd/i2pd.conf new file mode 100644 index 0000000..aee4abf --- /dev/null +++ b/i2pd/i2pd.conf @@ -0,0 +1,287 @@ +## Configuration file for a typical i2pd user +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ +## for more options you can use in this file. + +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. + +## Tunnels config file +## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter) +# tunconf = /var/lib/i2pd/tunnels.conf + +## Tunnels config files path +## Use that path to store separated tunnels in different config files. +## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter) +# tunnelsdir = /var/lib/i2pd/tunnels.d + +## Path to certificates used for verifying .su3, families +## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter) +# certsdir = /var/lib/i2pd/certificates + +## Where to write pidfile (default: i2pd.pid, not used in Windows) +# pidfile = /run/i2pd/i2pd.pid + +## Logging configuration section +## By default logs go to stdout with level 'info' and higher +## For Windows OS by default logs go to file with level 'warn' and higher +## +## Logs destination (valid values: stdout, file, syslog) +## * stdout - print log entries to stdout +## * file - log entries to a file +## * syslog - use syslog, see man 3 syslog +# log = file +## Path to logfile (default - autodetect) +logfile = /var/log/i2pd/i2pd.log +## Log messages above this level (debug, info, *warn, error, none) +## If you set it to none, logging will be disabled +# loglevel = warn +## Write full CLF-formatted date and time to log (default: write only time) +# logclftime = true + +## Daemon mode. Router will go to background after start. Ignored on Windows +# daemon = true + +## Specify a family, router belongs to (default - none) +# family = + +## Network interface to bind to +## Updates address4/6 options if they are not set +# ifname = +## You can specify different interfaces for IPv4 and IPv6 +# ifname4 = +# ifname6 = + +## Local address to bind transport sockets to +## Overrides host option if: +## For ipv4: if ipv4 = true and nat = false +## For ipv6: if 'host' is not set or ipv4 = true +# address4 = +# address6 = + +## External IPv4 or IPv6 address to listen for connections +## By default i2pd sets IP automatically +## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true +## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false +# host = 1.2.3.4 + +## Port to listen for connections +## By default i2pd picks random port. You MUST pick a random number too, +## don't just uncomment this +port = 12999 + +## Enable communication through ipv4 +ipv4 = true +## Enable communication through ipv6 +ipv6 = false + +## Enable SSU transport +ssu = false + +## Bandwidth configuration +## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec, +## X - unlimited +## Default is L (regular node) and X if floodfill mode enabled. If you want to +## share more bandwidth without floodfill mode, uncomment that line and adjust +## value to your possibilities +bandwidth = X +## Max % of bandwidth limit for transit. 0-100. 100 by default +share = 100 + +## Router will not accept transit tunnels, disabling transit traffic completely +## (default = false) +# notransit = true + +## Router will be floodfill +## Note: that mode uses much more network connections and CPU! +# floodfill = true + +[ntcp2] +## Enable NTCP2 transport (default = true) +# enabled = true +## Publish address in RouterInfo (default = true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[ssu2] +## Enable SSU2 transport +# enabled = true +## Publish address in RouterInfo +# published = true +## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled) +# port = 4567 + +[http] +## Web Console settings +## Uncomment and set to 'false' to disable Web Console +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 7070 +## Path to web console, default "/" +# webroot = / +## Uncomment following lines to enable Web Console authentication +## You should not use Web Console via public networks without additional encryption. +## HTTP authentication is not encryption layer! +# auth = true +# user = i2pd +# pass = changeme +## Select webconsole language +## Currently supported english (default), afrikaans, armenian, chinese, czech, french, +## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian +## and uzbek languages +# lang = english + +[httpproxy] +## Uncomment and set to 'false' to disable HTTP Proxy +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 4444 +## Optional keys file for proxy local destination +# keys = http-proxy-keys.dat +## Enable address helper for adding .i2p domains with "jump URLs" (default: true) +## You should disable this feature if your i2pd HTTP Proxy is public, +## because anyone could spoof the short domain via addresshelper and forward other users to phishing links +# addresshelper = true +## Address of a proxy server inside I2P, which is used to visit regular Internet +# outproxy = http://false.i2p +## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[socksproxy] +## Uncomment and set to 'false' to disable SOCKS Proxy +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 4447 +## Optional keys file for proxy local destination +# keys = socks-proxy-keys.dat +## Socks outproxy. Example below is set to use Tor for all connections except i2p +## Uncomment and set to 'true' to enable using of SOCKS outproxy +# outproxy.enabled = false +## Address and port of outproxy +# outproxy = 127.0.0.1 +# outproxyport = 9050 +## socksproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[sam] +## Comment or set to 'false' to disable SAM Bridge +enabled = true +## Address and ports service will listen on +# address = 127.0.0.1 +# port = 7656 +# portudp = 7655 + +[bob] +## Uncomment and set to 'true' to enable BOB command channel +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 2827 + +[i2cp] +## Uncomment and set to 'true' to enable I2CP protocol +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 7654 + +[i2pcontrol] +## Uncomment and set to 'true' to enable I2PControl protocol +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 7650 +## Authentication password. "itoopie" by default +# password = itoopie + +[precomputation] +## Enable or disable elgamal precomputation table +## By default, enabled on i386 hosts +# elgamal = true + +[upnp] +## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID) +# enabled = false +## Name i2pd appears in UPnP forwardings list (default = I2Pd) +# name = I2Pd + +[meshnets] +## Enable connectivity over the Yggdrasil network +# yggdrasil = false +## You can bind address from your Yggdrasil subnet 300::/64 +## The address must first be added to the network interface +# yggaddress = + +[reseed] +## Options for bootstrapping into I2P network, aka reseeding +## Enable or disable reseed data verification. +verify = true +## URLs to request reseed data from, separated by comma +## Default: "mainline" I2P Network reseeds +# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/ +## Reseed URLs through the Yggdrasil, separated by comma +# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/ +## Path to local reseed data file (.su3) for manual reseeding +# file = /path/to/i2pseeds.su3 +## or HTTPS URL to reseed from +# file = https://legit-website.com/i2pseeds.su3 +## Path to local ZIP file or HTTPS URL to reseed from +# zipfile = /path/to/netDb.zip +## If you run i2pd behind a proxy server, set proxy server for reseeding here +## Should be http://address:port or socks://address:port +# proxy = http://127.0.0.1:8118 +## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default +# threshold = 25 + +[addressbook] +## AddressBook subscription URL for initial setup +## Default: reg.i2p at "mainline" I2P Network +# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt +## Optional subscriptions URLs, separated by comma +# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt + +[limits] +## Maximum active transit sessions (default: 5000) +## This value is doubled if floodfill mode is enabled! +# transittunnels = 5000 +## Limit number of open file descriptors (0 - use system limit) +# openfiles = 0 +## Maximum size of corefile in Kb (0 - use system limit) +# coresize = 0 + +[trust] +## Enable explicit trust options. false by default +# enabled = true +## Make direct I2P connections only to routers in specified Family. +# family = MyFamily +## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. +# routers = +## Should we hide our router from other routers? false by default +# hidden = true + +[exploratory] +## Exploratory tunnels settings with default values +# inbound.length = 2 +# inbound.quantity = 3 +# outbound.length = 2 +# outbound.quantity = 3 + +[persist] +## Save peer profiles on disk (default: true) +# profiles = true +## Save full addresses on disk (default: true) +# addressbook = true + +[cpuext] +## Use CPU AES-NI instructions set when work with cryptography when available (default: true) +# aesni = true +## Use CPU AVX instructions set when work with cryptography when available (default: true) +# avx = true +## Force usage of CPU instructions set, even if they not found +## DO NOT TOUCH that option if you really don't know what are you doing! +# force = false diff --git a/i2pd/i2pd.conf.pacnew b/i2pd/i2pd.conf.pacnew new file mode 100644 index 0000000..416914a --- /dev/null +++ b/i2pd/i2pd.conf.pacnew @@ -0,0 +1,288 @@ +## Configuration file for a typical i2pd user +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ +## for more options you can use in this file. + +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. + +## Tunnels config file +## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter) +# tunconf = /var/lib/i2pd/tunnels.conf + +## Tunnels config files path +## Use that path to store separated tunnels in different config files. +## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter) +# tunnelsdir = /var/lib/i2pd/tunnels.d + +## Path to certificates used for verifying .su3, families +## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter) +# certsdir = /var/lib/i2pd/certificates + +## Where to write pidfile (default: /run/i2pd.pid, not used in Windows) +# pidfile = /run/i2pd/i2pd.pid + +## Logging configuration section +## By default logs go to stdout with level 'info' and higher +## For Windows OS by default logs go to file with level 'warn' and higher +## +## Logs destination (valid values: stdout, file, syslog) +## * stdout - print log entries to stdout +## * file - log entries to a file +## * syslog - use syslog, see man 3 syslog +# log = file +## Path to logfile (default: autodetect) +logfile = /var/log/i2pd/i2pd.log +## Log messages above this level (debug, info, *warn, error, critical, none) +## If you set it to none, logging will be disabled +# loglevel = warn +## Write full CLF-formatted date and time to log (default: write only time) +# logclftime = true + +## Daemon mode. Router will go to background after start. Ignored on Windows +## (default: true) +# daemon = true + +## Specify a family, router belongs to (default - none) +# family = + +## Network interface to bind to +## Updates address4/6 options if they are not set +# ifname = +## You can specify different interfaces for IPv4 and IPv6 +# ifname4 = +# ifname6 = + +## Local address to bind transport sockets to +## Overrides host option if: +## For ipv4: if ipv4 = true and nat = false +## For ipv6: if 'host' is not set or ipv4 = true +# address4 = +# address6 = + +## External IPv4 or IPv6 address to listen for connections +## By default i2pd sets IP automatically +## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true +## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false +# host = 1.2.3.4 + +## Port to listen for connections +## By default i2pd picks random port. You MUST pick a random number too, +## don't just uncomment this +# port = 4567 + +## Enable communication through ipv4 (default: true) +ipv4 = true +## Enable communication through ipv6 (default: false) +ipv6 = false + +## Bandwidth configuration +## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec, +## X - unlimited +## Default is L (regular node) and X if floodfill mode enabled. +## If you want to share more bandwidth without floodfill mode, uncomment +## that line and adjust value to your possibilities. Value can be set to +## integer in kilobytes, it will apply that limit and flag will be used +## from next upper limit (example: if you set 4096 flag will be X, but real +## limit will be 4096 KB/s). Same can be done when floodfill mode is used, +## but keep in mind that low values may be negatively evaluated by Java +## router algorithms. +# bandwidth = L +## Max % of bandwidth limit for transit. 0-100 (default: 100) +# share = 100 + +## Router will not accept transit tunnels, disabling transit traffic completely +## (default: false) +# notransit = true + +## Router will be floodfill (default: false) +## Note: that mode uses much more network connections and CPU! +# floodfill = true + +[ntcp2] +## Enable NTCP2 transport (default: true) +# enabled = true +## Publish address in RouterInfo (default: true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[ssu2] +## Enable SSU2 transport (default: true) +# enabled = true +## Publish address in RouterInfo (default: true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[http] +## Web Console settings +## Enable the Web Console (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:7070) +# address = 127.0.0.1 +# port = 7070 +## Path to web console (default: /) +# webroot = / +## Enable Web Console authentication (default: false) +## You should not use Web Console via public networks without additional encryption. +## HTTP authentication is not encryption layer! +# auth = true +# user = i2pd +# pass = changeme +## Select webconsole language +## Currently supported english (default), afrikaans, armenian, chinese, czech, french, +## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian +## and uzbek languages +# lang = english + +[httpproxy] +## Enable the HTTP proxy (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:4444) +# address = 127.0.0.1 +# port = 4444 +## Optional keys file for proxy local destination (default: http-proxy-keys.dat) +# keys = http-proxy-keys.dat +## Enable address helper for adding .i2p domains with "jump URLs" (default: true) +## You should disable this feature if your i2pd HTTP Proxy is public, +## because anyone could spoof the short domain via addresshelper and forward other users to phishing links +# addresshelper = true +## Address of a proxy server inside I2P, which is used to visit regular Internet +# outproxy = http://false.i2p +## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[socksproxy] +## Enable the SOCKS proxy (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:4447) +# address = 127.0.0.1 +# port = 4447 +## Optional keys file for proxy local destination (default: socks-proxy-keys.dat) +# keys = socks-proxy-keys.dat +## Socks outproxy. Example below is set to use Tor for all connections except i2p +## Enable using of SOCKS outproxy (works only with SOCKS4, default: false) +# outproxy.enabled = false +## Address and port of outproxy +# outproxy = 127.0.0.1 +# outproxyport = 9050 +## socksproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[sam] +## Enable the SAM bridge (default: true) +# enabled = false +## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655) +# address = 127.0.0.1 +# port = 7656 +# portudp = 7655 + +[bob] +## Enable the BOB command channel (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:2827) +# address = 127.0.0.1 +# port = 2827 + +[i2cp] +## Enable the I2CP protocol (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:7654) +# address = 127.0.0.1 +# port = 7654 + +[i2pcontrol] +## Enable the I2PControl protocol (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:7650) +# address = 127.0.0.1 +# port = 7650 +## Authentication password (default: itoopie) +# password = itoopie + +[precomputation] +## Enable or disable elgamal precomputation table +## By default, enabled on i386 hosts +# elgamal = true + +[upnp] +## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID) +# enabled = false +## Name i2pd appears in UPnP forwardings list (default: I2Pd) +# name = I2Pd + +[meshnets] +## Enable connectivity over the Yggdrasil network (default: false) +# yggdrasil = false +## You can bind address from your Yggdrasil subnet 300::/64 +## The address must first be added to the network interface +# yggaddress = + +[reseed] +## Options for bootstrapping into I2P network, aka reseeding +## Enable reseed data verification (default: true) +verify = true +## URLs to request reseed data from, separated by comma +## Default: "mainline" I2P Network reseeds +# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/ +## Reseed URLs through the Yggdrasil, separated by comma +# yggurls = http://[324:71e:281a:9ed3::ace]:7070/ +## Path to local reseed data file (.su3) for manual reseeding +# file = /path/to/i2pseeds.su3 +## or HTTPS URL to reseed from +# file = https://legit-website.com/i2pseeds.su3 +## Path to local ZIP file or HTTPS URL to reseed from +# zipfile = /path/to/netDb.zip +## If you run i2pd behind a proxy server, set proxy server for reseeding here +## Should be http://address:port or socks://address:port +# proxy = http://127.0.0.1:8118 +## Minimum number of known routers, below which i2pd triggers reseeding (default: 25) +# threshold = 25 + +[addressbook] +## AddressBook subscription URL for initial setup +## Default: reg.i2p at "mainline" I2P Network +# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt +## Optional subscriptions URLs, separated by comma +# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt + +[limits] +## Maximum active transit sessions (default: 5000) +## This value is doubled if floodfill mode is enabled! +# transittunnels = 5000 +## Limit number of open file descriptors (0 - use system limit) +# openfiles = 0 +## Maximum size of corefile in Kb (0 - use system limit) +# coresize = 0 + +[trust] +## Enable explicit trust options. (default: false) +# enabled = true +## Make direct I2P connections only to routers in specified Family. +# family = MyFamily +## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. +# routers = +## Should we hide our router from other routers? (default: false) +# hidden = true + +[exploratory] +## Exploratory tunnels settings with default values +# inbound.length = 2 +# inbound.quantity = 3 +# outbound.length = 2 +# outbound.quantity = 3 + +[persist] +## Save peer profiles on disk (default: true) +# profiles = true +## Save full addresses on disk (default: true) +# addressbook = true + +[cpuext] +## Use CPU AES-NI instructions set when work with cryptography when available (default: true) +# aesni = true +## Force usage of CPU instructions set, even if they not found (default: false) +## DO NOT TOUCH that option if you really don't know what are you doing! +# force = false diff --git a/i2pd/tunnels.conf b/i2pd/tunnels.conf new file mode 100644 index 0000000..55723c4 --- /dev/null +++ b/i2pd/tunnels.conf @@ -0,0 +1,33 @@ +[IRC-ILITA] +type = client +address = 127.0.0.1 +port = 6668 +destination = irc.ilita.i2p +destinationport = 6667 +keys = irc-keys.dat + +#[IRC-IRC2P] +#type = client +#address = 127.0.0.1 +#port = 6669 +#destination = irc.postman.i2p +#destinationport = 6667 +#keys = irc-keys.dat + +#[SMTP] +#type = client +#address = 127.0.0.1 +#port = 7659 +#destination = smtp.postman.i2p +#destinationport = 25 +#keys = smtp-keys.dat + +#[POP3] +#type = client +#address = 127.0.0.1 +#port = 7660 +#destination = pop.postman.i2p +#destinationport = 110 +#keys = pop3-keys.dat + +# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/ diff --git a/i2pd/tunnels.d/inv.zzls.i2p.conf b/i2pd/tunnels.d/inv.zzls.i2p.conf new file mode 100644 index 0000000..88529e6 --- /dev/null +++ b/i2pd/tunnels.d/inv.zzls.i2p.conf @@ -0,0 +1,5 @@ +[librex] +type=http +host=127.0.0.1 +port=10051 +keys=inv.dat diff --git a/i2pd/tunnels.d/librex.zzls.i2p.conf b/i2pd/tunnels.d/librex.zzls.i2p.conf new file mode 100644 index 0000000..b4b76a1 --- /dev/null +++ b/i2pd/tunnels.d/librex.zzls.i2p.conf @@ -0,0 +1,5 @@ +[librex] +type=http +host=127.0.0.1 +port=30002 +keys=librex.dat diff --git a/i2pd/tunnels.d/rimgo.zzls.i2p.conf b/i2pd/tunnels.d/rimgo.zzls.i2p.conf new file mode 100644 index 0000000..4b7e745 --- /dev/null +++ b/i2pd/tunnels.d/rimgo.zzls.i2p.conf @@ -0,0 +1,5 @@ +[rimgo] +type=http +host=127.0.0.1 +port=10050 +keys=rimgo-real.dat diff --git a/nginx/conf.d/4get.zzls.xyz.conf b/nginx/conf.d/4get.zzls.xyz.conf index a9fa09c..e866b3f 100644 --- a/nginx/conf.d/4get.zzls.xyz.conf +++ b/nginx/conf.d/4get.zzls.xyz.conf @@ -4,7 +4,7 @@ limit_req_zone $binary_remote_addr zone=4get:10m rate=4r/s; server { access_log /var/log/nginx/4get.access.log limited; error_log /var/log/nginx/4get.error.log; - server_name 4get.zzls.xyz; + server_name 4get.zzls.xyz 4get.nadeko.net; root /var/www/4get-zzls; include configs/general.conf; include configs/robotsNone.conf; @@ -82,14 +82,19 @@ server { location ~* ^(.*)\.php$ { return 301 $1; } - - } server { + set $x ""; if ($host = 4get.zzls.xyz) { + set $x 1; + } + if ($host = 4get.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; - server_name 4get.zzls.xyz; + server_name 4get.zzls.xyz 4get.nadeko.net; } diff --git a/nginx/conf.d/debug4get.zzls.xyz.conf b/nginx/conf.d/debug4get.zzls.xyz.conf index 4bf8bbd..2721ca8 100644 --- a/nginx/conf.d/debug4get.zzls.xyz.conf +++ b/nginx/conf.d/debug4get.zzls.xyz.conf @@ -2,7 +2,7 @@ server { access_log /var/log/nginx/4get.access.log limited; error_log /var/log/nginx/4get.error.log; - server_name debug4get.zzls.xyz; + server_name debug4get.zzls.xyz debug4get.nadeko.net; root /var/www/; include configs/general.conf; include configs/robotsNone.conf; @@ -85,7 +85,14 @@ server { } server { + set $x ""; if ($host = debug4get.zzls.xyz) { + set $x 1; + } + if ($host = debug4get.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; diff --git a/nginx/conf.d/debuginv.zzls.xyz.conf b/nginx/conf.d/debuginv.zzls.xyz.conf index 28a3194..744aef2 100644 --- a/nginx/conf.d/debuginv.zzls.xyz.conf +++ b/nginx/conf.d/debuginv.zzls.xyz.conf @@ -1,66 +1,130 @@ -limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; - -upstream inv-debug { - server 127.0.0.1:40050; +upstream debuginv{ + server 127.0.0.1:40050 max_fails=2 fail_timeout=2s; } +upstream http3-ytproxy-debug { + server 127.0.0.1:8080 max_fails=2 fail_timeout=1s; +} + +# CLEARNET server { access_log /var/log/nginx/debuginv.access.log; error_log /var/log/nginx/debuginv.error.log; server_name debuginv.zzls.xyz; include configs/general.conf; include configs/robotsNone.conf; + # SECURITY HEADERS ADDED BY Invidious + # include configs/security.conf; - location / { - proxy_pass http://inv-debug; + location @upstream { + proxy_pass http://debuginv; include configs/proxy.conf; - limit_rate 12000k; + limit_rate 1000k; # Disable buffering and cache so i don't kill my # SSD and bandwidth usage proxy_buffering off; proxy_request_buffering off; proxy_cache off; - proxy_intercept_errors on; - error_page 502 = @fallback; } - location ~ ^/api/ { - proxy_pass http://inv-debug; - include configs/proxy.conf; - limit_rate 12000k; - # Disable buffering and cache so i don't kill my - # SSD and bandwidth usage + error_page 502 /502.html; + + # location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { + # access_log /var/log/nginx/debuginv-proxy.access.log; + # error_log /var/log/nginx/debuginv-proxy.error.log; + # # Woops! Sorry. I don't want to kill my SSD lol! + # proxy_buffering off; + # #proxy_buffers 1024 16k; + # proxy_set_header X-Forwarded-For ""; + # proxy_hide_header "alt-svc"; + # sendfile_max_chunk 512k; + # proxy_hide_header Cache-Control; + # proxy_hide_header etag; + # proxy_http_version 1.1; + # proxy_intercept_errors on; + # proxy_set_header Connection keep-alive; + # proxy_max_temp_file_size 32m; + # proxy_pass http://http3-ytproxy-debug; + # add_header Cache-Control private always; + # limit_rate 6000k; + # } + location ~ (^/videoplayback) { + access_log /var/log/nginx/debuginv-proxy.access.log; + error_log /var/log/nginx/debuginv-proxy.error.log; + # Woops! Sorry. I don't want to kill my SSD lol! proxy_buffering off; - proxy_request_buffering off; - proxy_cache off; - limit_req zone=one; - } - - location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { - proxy_buffers 1024 16k; + #proxy_buffers 1024 16k; proxy_set_header X-Forwarded-For ""; proxy_hide_header "alt-svc"; sendfile_max_chunk 512k; proxy_hide_header Cache-Control; proxy_hide_header etag; proxy_http_version 1.1; + proxy_intercept_errors on; proxy_set_header Connection keep-alive; proxy_max_temp_file_size 32m; - access_log /var/log/nginx/http3-ytproxy.log; - proxy_pass http://unix:/opt/http3-ytproxy/socket/http-proxy-1.sock; + proxy_pass http://http3-ytproxy-debug; add_header Cache-Control private always; + limit_rate 6000k; } - location @fallback { - root /etc/nginx/errors; - try_files $uri /502.html =502; + + location / { + try_files $uri @upstream; + } + + location /search { + try_files $uri @upstream; + } + + location /api/v1/ { + try_files $uri @upstream; + } + + location /api/v1/storyboards { + try_files $uri @upstream; + } + + location /api/v1/captions { + try_files $uri @upstream; + } + + location /api/v1/comments { + try_files $uri @upstream; + } + + location ~ ^/api/v1/channels/(.+)/shorts { + try_files $uri @upstream; + } + + location = /502.html { + alias /etc/nginx/errors/502; + index index.html; } # QUIC include configs/http3.conf; + # TOR + add_header Onion-Location http://debuginvzzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri; + listen 443 ssl; http2 on; include configs/ssl.conf; } + +server { + set $x ""; + if ($host = debuginv.zzls.xyz) { + set $x 1; + } + if ($host = debuginv.nadeko.net) { + set $x 1; + } + if ($x = 1) { + return 301 https://$host$request_uri; + } + listen 80; + server_name debuginv.zzls.xyz; +} diff --git a/nginx/conf.d/git.zzls.xyz.conf b/nginx/conf.d/git.zzls.xyz.conf index e70120e..8567a76 100644 --- a/nginx/conf.d/git.zzls.xyz.conf +++ b/nginx/conf.d/git.zzls.xyz.conf @@ -3,8 +3,8 @@ upstream forgejo { } server { - access_log /var/log/nginx/git.access.log combined; - server_name git.zzls.xyz; + access_log /var/log/nginx/git.access.log combined2; + server_name git.zzls.xyz git.nadeko.net; include configs/general.conf; include configs/security.conf; include configs/robots.conf; @@ -25,7 +25,14 @@ server { } server { + set $x ""; if ($host = git.zzls.xyz) { + set $x 1; + } + if ($host = git.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; diff --git a/nginx/conf.d/inv.zzls.xyz.conf b/nginx/conf.d/inv.zzls.xyz.conf index bae58b8..0d313dd 100644 --- a/nginx/conf.d/inv.zzls.xyz.conf +++ b/nginx/conf.d/inv.zzls.xyz.conf @@ -1,93 +1,39 @@ -# Rate limit searches, just 5 per sec -limit_req_zone $binary_remote_addr zone=invidious:10m rate=5r/s; -# Rate limit api requests, just 60 per sec, wathcing a normal video does like -# 10 to 30 api requests so you don't need more than 30 in a second unless is a bot spamming shit lol -limit_req_zone $binary_remote_addr zone=invidiousapi:10m rate=40r/s; +limit_req_zone $binary_remote_addr zone=invidious-apirl:1m rate=40r/s; upstream inv { - server 127.0.0.1:40015 max_fails=2 fail_timeout=2s; - server 127.0.0.1:40016 max_fails=2 fail_timeout=2s; - server 127.0.0.1:40017 max_fails=2 fail_timeout=2s; + server 127.0.0.1:10011 max_fails=2 fail_timeout=2s; + server 127.0.0.1:10012 max_fails=2 fail_timeout=2s; + server 127.0.0.1:10013 max_fails=2 fail_timeout=2s; } - +# Just add more lol upstream http3-ytproxy { server unix:/opt/http3-ytproxy/socket/http-proxy-1.sock max_fails=2 fail_timeout=1s; server unix:/opt/http3-ytproxy/socket/http-proxy-2.sock max_fails=2 fail_timeout=1s; server unix:/opt/http3-ytproxy/socket/http-proxy-3.sock max_fails=2 fail_timeout=1s; + server unix:/opt/http3-ytproxy/socket/http-proxy-4.sock max_fails=2 fail_timeout=1s; + server unix:/opt/http3-ytproxy/socket/http-proxy-5.sock max_fails=2 fail_timeout=1s; +} + +server { + server_name inv.zzls.xyz; + rewrite ^ https://inv.nadeko.net$request_uri? permanent; + + include configs/ssl.conf; + listen 443 ssl; } # CLEARNET server { access_log /var/log/nginx/inv.access.log limited; error_log /var/log/nginx/inv.error.log; - server_name inv.zzls.xyz; + server_name inv.nadeko.net; include configs/general.conf; include configs/robotsNone.conf; # SECURITY HEADERS ADDED BY Invidious # include configs/security.conf; - location @upstream { - proxy_pass http://inv; - include configs/proxy.conf; - limit_rate 8000k; - # Disable buffering and cache so i don't kill my - # SSD and bandwidth usage - proxy_buffering off; - proxy_request_buffering off; - proxy_cache off; - proxy_intercept_errors on; - error_page 502 = @fallback; - } - - location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { - # Woops! Sorry. I don't want to kill my SSD lol! - proxy_buffering off; - #proxy_buffers 1024 16k; - proxy_set_header X-Forwarded-For ""; - proxy_hide_header "alt-svc"; - sendfile_max_chunk 512k; - proxy_hide_header Cache-Control; - proxy_hide_header etag; - proxy_http_version 1.1; - proxy_set_header Connection keep-alive; - proxy_max_temp_file_size 32m; - proxy_pass http://http3-ytproxy; - add_header Cache-Control private always; - - } - - location / { - try_files $uri @upstream; - } - - location /search { - try_files $uri @upstream; - } - - location /api { - try_files $uri @upstream; - } - - location /api/v1/storyboards { - try_files $uri @upstream; - } - - location /api/v1/captions { - try_files $uri @upstream; - } - - location /api/v1/comments { - try_files $uri @upstream; - } - - location ~ ^/api/v1/channels/(.+)/shorts { - try_files $uri @upstream; - } - - location @fallback { - root /etc/nginx/errors; - try_files $uri /502.html = 502; - } + # The messed up invidious configuration + include conf.d/inv.zzls.xyz.locations; # QUIC include configs/http3.conf; @@ -98,7 +44,6 @@ server { listen 443 ssl; http2 on; include configs/ssl.conf; - } # TOR @@ -108,86 +53,31 @@ server { include configs/general.conf; include configs/robotsNone.conf; - location @upstream { - proxy_pass http://inv; - include configs/proxy.conf; - limit_rate 8000k; - # Disable buffering and cache so i don't kill my - # SSD and bandwidth usage - proxy_buffering off; - proxy_request_buffering off; - proxy_cache off; - proxy_intercept_errors on; - } - - location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { - # Woops! Sorry. I don't want to kill my SSD lol! - proxy_buffering off; - #proxy_buffers 1024 16k; - proxy_set_header X-Forwarded-For ""; - proxy_hide_header "alt-svc"; - sendfile_max_chunk 512k; - proxy_hide_header Cache-Control; - proxy_hide_header etag; - proxy_http_version 1.1; - proxy_set_header Connection keep-alive; - proxy_max_temp_file_size 32m; - proxy_pass http://http3-ytproxy; - add_header Cache-Control private always; - } - - - location / { - try_files $uri @upstream; - } + include conf.d/inv.zzls.xyz.locations; } # I2P server { - listen 30003; + listen 10051; server_name zzlsbhhfvwg3oh36tcvx4r7n6jrw7zibvyvfxqlodcwn3mfrvzuq.b32.i2p; include configs/general.conf; include configs/robotsNone.conf; - location @upstream { - proxy_pass http://inv; - include configs/proxy.conf; - limit_rate 8000k; - # Disable buffering and cache so i don't kill my - # SSD and bandwidth usage - proxy_buffering off; - proxy_request_buffering off; - proxy_cache off; - proxy_intercept_errors on; - error_page 502 = @fallback; - } - - location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { - # Woops! Sorry. I don't want to kill my SSD lol! - proxy_buffering off; - #proxy_buffers 1024 16k; - proxy_set_header X-Forwarded-For ""; - proxy_hide_header "alt-svc"; - sendfile_max_chunk 512k; - proxy_hide_header Cache-Control; - proxy_hide_header etag; - proxy_http_version 1.1; - proxy_set_header Connection keep-alive; - proxy_max_temp_file_size 32m; - proxy_pass http://http3-ytproxy; - add_header Cache-Control private always; - - } - - location / { - try_files $uri @upstream; - } + include conf.d/inv.zzls.xyz.locations; } server { + set $x ""; if ($host = inv.zzls.xyz) { + set $x 1; + } + if ($host = inv.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; - server_name inv.zzls.xyz; + server_name inv.zzls.xyz inv.nadeko.net; + return 404; } diff --git a/nginx/conf.d/inv.zzls.xyz.locations b/nginx/conf.d/inv.zzls.xyz.locations new file mode 100644 index 0000000..7c11ce8 --- /dev/null +++ b/nginx/conf.d/inv.zzls.xyz.locations @@ -0,0 +1,64 @@ +location @upstream { + proxy_pass http://inv; + include configs/proxy.conf; + limit_rate 1000k; + # Disable buffering and cache so i don't kill my + # SSD and bandwidth usage + proxy_buffering off; + proxy_request_buffering off; + proxy_cache off; + proxy_intercept_errors on; + error_page 502 = @fallback; +} + +location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { + # Woops! Sorry. I don't want to kill my SSD lol! + proxy_buffering off; + #proxy_buffers 1024 16k; + proxy_set_header X-Forwarded-For ""; + proxy_hide_header "alt-svc"; + sendfile_max_chunk 512k; + proxy_hide_header Cache-Control; + proxy_hide_header etag; + proxy_http_version 1.1; + proxy_set_header Connection keep-alive; + proxy_max_temp_file_size 32m; + proxy_pass http://http3-ytproxy; + add_header Cache-Control private always; + limit_rate 6000k; + +} + +location / { + try_files $uri @upstream; +} + +location /search { + try_files $uri @upstream; +} + +location /api/v1 { + limit_req zone=invidious-apirl nodelay burst=10; + try_files $uri @upstream; +} + +location /api/v1/storyboards { + try_files $uri @upstream; +} + +location /api/v1/captions { + try_files $uri @upstream; +} + +location /api/v1/comments { + try_files $uri @upstream; +} + +location ~ ^/api/v1/channels/(.+)/shorts { + try_files $uri @upstream; +} + +location @fallback { + root /etc/nginx/errors; + try_files $uri /502.html = 502; +} diff --git a/nginx/conf.d/keygenmusic.zzls.xyz.conf b/nginx/conf.d/keygenmusic.zzls.xyz.conf new file mode 100644 index 0000000..d101ef8 --- /dev/null +++ b/nginx/conf.d/keygenmusic.zzls.xyz.conf @@ -0,0 +1,47 @@ +server { + access_log /var/log/nginx/keygenmusic.zzls.xyz.access.log; + root /var/www/keygenmusic.tk-mirror; + index index.html; + server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net; + include configs/general.conf; + include configs/security.conf; + + location / { + try_files $uri $uri/ =404; + } + + location /kgm { + alias /mnt/ssd/luna.zzls.xyz/keygenmusic.tk/kgm; + } + + location /kgm/ver.txt { + alias /var/www/keygenmusic.tk-mirror/kgm/ver.txt; + } + + location /kgm/lib.txt { + alias /var/www/keygenmusic.tk-mirror/kgm/lib.txt; + } + + # QUIC + include configs/http3.conf; + + listen 443 ssl; + http2 on; + include configs/ssl.conf; +} + +server { + set $x ""; + if ($host = keygenmusic.zzls.xyz) { + set $x 1; + } + if ($host = keygenmusic.nadeko.net) { + set $x 1; + } + if ($x = 1) { + return 301 https://$host$request_uri; + } + listen 80; + server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net; + return 404; +} diff --git a/nginx/conf.d/luna.zzls.xyz.conf b/nginx/conf.d/luna.zzls.xyz.conf new file mode 100644 index 0000000..732ffdf --- /dev/null +++ b/nginx/conf.d/luna.zzls.xyz.conf @@ -0,0 +1,48 @@ +server { + access_log /var/log/nginx/luna.zzls.xyz.access.log combined; + error_log /var/log/nginx/luna.zzls.xyz.error.log; + server_name luna.zzls.xyz luna.nadeko.net; + index index.php /_h5ai/public/index.php; + root /mnt/ssd/luna.zzls.xyz/; + include configs/general.conf; + include configs/security.conf; + add_header Access-Control-Allow-Origin *; + + location /_h5ai/private { + return 403; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_param HTTP_PROXY ""; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + add_header Access-Control-Allow-Origin *; + } + + listen 443 ssl; + http2 on; + include configs/ssl.conf; + +} +server { + set $x ""; + if ($host = luna.zzls.xyz) { + set $x 1; + } + if ($host = luna.nadeko.net) { + set $x 1; + } + if ($x = 1) { + return 301 https://$host$request_uri; + } + listen 80; + server_name luna.zzls.xyz luna.nadeko.net; + return 404; +} diff --git a/nginx/conf.d/matrix.zzls.xyz.conf b/nginx/conf.d/matrix.zzls.xyz.conf index f588c31..c3d23c5 100644 --- a/nginx/conf.d/matrix.zzls.xyz.conf +++ b/nginx/conf.d/matrix.zzls.xyz.conf @@ -1,5 +1,5 @@ server { - server_name matrix.zzls.xyz; + server_name matrix.zzls.xyz matrix.nadeko.net; include configs/general.conf; include configs/robotsNone.conf; include configs/security.conf; @@ -22,7 +22,7 @@ server { #} location ~ ^(/_matrix|/_synapse/client|/health) { - proxy_pass http://127.0.0.1:40020; + proxy_pass http://127.0.0.1:10020; include configs/proxy.conf; client_max_body_size 64M; } @@ -38,9 +38,17 @@ server { } server { + set $x ""; if ($host = matrix.zzls.xyz) { + set $x 1; + } + if ($host = matrix.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; server_name matrix.zzls.xyz; + return 404; } diff --git a/nginx/conf.d/pbin.zzls.xyz.conf b/nginx/conf.d/pbin.zzls.xyz.conf index 41c812e..4ad5356 100644 --- a/nginx/conf.d/pbin.zzls.xyz.conf +++ b/nginx/conf.d/pbin.zzls.xyz.conf @@ -1,5 +1,5 @@ server { - server_name pbin.zzls.xyz; + server_name pbin.zzls.xyz pbin.nadeko.net; include configs/general.conf; include configs/security.conf; include configs/robotsNone.conf; @@ -18,9 +18,17 @@ server { } server { + set $x ""; if ($host = pbin.zzls.xyz) { + set $x 1; + } + if ($host = pbin.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; server_name pbin.zzls.xyz; + return 404; } diff --git a/nginx/conf.d/ri.zzls.xyz.conf b/nginx/conf.d/ri.zzls.xyz.conf index 4f8f0af..b02fe96 100644 --- a/nginx/conf.d/ri.zzls.xyz.conf +++ b/nginx/conf.d/ri.zzls.xyz.conf @@ -1,7 +1,7 @@ # CLEARNET server { access_log off; - server_name ri.zzls.xyz; + server_name ri.zzls.xyz ri.nadeko.net; include configs/general.conf; include configs/robotsNone.conf; @@ -46,9 +46,17 @@ server { } server { + set $x ""; if ($host = ri.zzls.xyz) { + set $x 1; + } + if ($host = ri.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; - server_name ri.zzls.xyz; + server_name ri.zzls.xyz ri.nadeko.net; + return 404; } diff --git a/nginx/conf.d/selfhost.zzls.xyz.conf b/nginx/conf.d/selfhost.zzls.xyz.conf deleted file mode 100644 index 84a2a9f..0000000 --- a/nginx/conf.d/selfhost.zzls.xyz.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - root /var/www/html; - index index.html; - include configs/general.conf; - include configs/robotsNone.conf; - include configs/security.conf; - - server_name selfhost.zzls.xyz; - - location / { - try_files $uri $uri/ =404; - } - - # QUIC - include configs/http3.conf; - - listen 443 ssl default_server; - http2 on; - include configs/ssl.conf; -} - -server { - if ($host = selfhost.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name selfhost.zzls.xyz; -} diff --git a/nginx/conf.d/spanixdev.zzls.xyz.conf b/nginx/conf.d/spanixdev.zzls.xyz.conf index 7cc9d74..4d5e459 100644 --- a/nginx/conf.d/spanixdev.zzls.xyz.conf +++ b/nginx/conf.d/spanixdev.zzls.xyz.conf @@ -1,5 +1,5 @@ server { - server_name spanixdev.zzls.xyz; + server_name spanixdev.zzls.xyz spanixdev.nadeko.net; include configs/general.conf; include configs/security.conf; include configs/robotsNone.conf; @@ -19,9 +19,17 @@ server { } server { + set $x ""; if ($host = spanixdev.zzls.xyz) { + set $x 1; + } + if ($host = spanixdev.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } listen 80; - server_name spanixdev.zzls.xyz; + server_name spanixdev.zzls.xyz spanixdev.nadeko.net; + return 404; } diff --git a/nginx/configs/http3.conf b/nginx/configs/http3.conf index 7f0b485..8af401e 100644 --- a/nginx/configs/http3.conf +++ b/nginx/configs/http3.conf @@ -1,4 +1,2 @@ -# Disable HTTP/3 for now. - -#add_header Alt-Svc: h2=":443"; ma=2592000; -#listen 443 quic; +add_header Alt-Svc: h2=":443"; ma=2592000; +listen 443 quic; diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 572cee6..7a269e3 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -14,7 +14,10 @@ events { http { log_format limited '$remote_addr - $remote_user [$time_local] ' '"$request_method /bogus $server_protocol" $status $body_bytes_sent ' - '"-" "Bogus/66.6"'; + '"-" "Bogus/66.6" - "$http_host"'; + log_format combined2 '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$http_host"'; access_log off; error_log /dev/null; disable_symlinks off; @@ -65,5 +68,6 @@ http { include /etc/nginx/snippets/maps.conf; include /etc/nginx/snippets/poop.conf; + limit_conn_zone $binary_remote_addr zone=addr:10m; include /etc/nginx/conf.d/*.conf; }