Update a lot of things
This commit is contained in:
parent
ae8978d771
commit
7b7a70b586
|
@ -11,3 +11,8 @@ gzip_types text/plain text/css text/xml application/json application/java
|
|||
#brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
location /robots.txt { alias /var/www/html/robots.txt; }
|
||||
|
||||
# FUCK SEMRUSH
|
||||
if ($http_user_agent ~ (SemrushBot)) {
|
||||
return 403;
|
||||
}
|
||||
|
|
|
@ -11,11 +11,12 @@ include /etc/nginx/conf.d/*.conf;
|
|||
|
||||
events {
|
||||
multi_accept on;
|
||||
worker_connections 65535;
|
||||
worker_connections 16192;
|
||||
}
|
||||
|
||||
http {
|
||||
access_log off;
|
||||
error_log /dev/null;
|
||||
|
||||
# Basic Settings
|
||||
charset utf-8;
|
||||
|
@ -24,9 +25,14 @@ http {
|
|||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 4096;
|
||||
types_hash_bucket_size 64;
|
||||
server_names_hash_bucket_size 256;
|
||||
types_hash_max_size 1024;
|
||||
types_hash_bucket_size 128;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
#proxy_cache off;
|
||||
#proxy_max_temp_file_size 0;
|
||||
#proxy_request_buffering off;
|
||||
#proxy_buffering off;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
|
@ -40,6 +46,7 @@ http {
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
|
@ -60,6 +67,11 @@ http {
|
|||
quic_retry on;
|
||||
quic_gso on;
|
||||
|
||||
# PERFORMANCE / ASYNC I/O
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 2m;
|
||||
|
||||
# Virtual Host Configs
|
||||
include /etc/nginx/sites-enabled/*.conf;
|
||||
# Maps
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
server {
|
||||
access_log /var/log/nginx/gatoculiao.ayaya.beauty.log combined;
|
||||
|
||||
server_name gatoculiao.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
|
@ -16,6 +17,7 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/vids.gatoculiao.ayaya.beauty.log combined;
|
||||
server_name vids.gatoculiao.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
|
|
@ -10,6 +10,7 @@ server {
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
client_max_body_size 64M;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
|
|
|
@ -1,11 +1,19 @@
|
|||
server {
|
||||
upstream inv {
|
||||
least_conn;
|
||||
server 127.0.0.1:40015;
|
||||
server 127.0.0.1:40016;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40015/;
|
||||
include configs/proxy.conf;
|
||||
proxy_pass http://inv;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
}
|
||||
|
||||
# QUIC
|
||||
|
@ -20,11 +28,6 @@ server {
|
|||
if ($host = inv.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name inv.zzls.xyz;
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
|
@ -24,6 +25,8 @@ server {
|
|||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
|
@ -37,9 +40,11 @@ server {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 40021;
|
||||
server_name 7huurwog32tny663wkglrhozfoyqyqmsuxjbd7dtudccx44awjda.b32.i2p;
|
||||
listen 30002;
|
||||
server_name zzlsaymhcfla7vibo3a223bybeecu3bd5z6rmw2u4y76maqeu76q.b32.i2p;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
|
|
@ -19,7 +19,7 @@ server {
|
|||
index index.html;
|
||||
}
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
location ~ ^(/_matrix|/_synapse/client|/health) {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
|
||||
server_name ri.zzls.xyz;
|
||||
|
@ -20,6 +21,8 @@ server {
|
|||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
|
@ -30,6 +33,18 @@ server {
|
|||
}
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 30001;
|
||||
server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = ri.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
|
||||
# Common shit
|
||||
include configs/general.conf;
|
||||
server_name turn.matrix.zzls.xyz;
|
||||
|
||||
# SecHeaders
|
||||
include configs/security.conf;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443", h3=":8448"; ma=86400';
|
||||
|
||||
listen 443 http2 ssl;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/turn.matrix.zzls.xyz.crt;
|
||||
ssl_certificate_key /etc/ssl/private/turn.matrix.zzls.xyz.key;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = matrix.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name matrix.zzls.xyz;
|
||||
|
||||
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
../sites-available/api.spacebar.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/ii.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/paste.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/ri.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/spacebar.zzls.xyz.conf
|
|
@ -1,62 +0,0 @@
|
|||
#TCP Tweaks
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_fastopn = 3
|
||||
net.ipv4.tcp_fin_timeout = 10
|
||||
|
||||
net.core.netdev_max_backlog = 16384
|
||||
net.core.somaxconn = 8192
|
||||
net.ipv4.tcp_mtu_probing = 1
|
||||
|
||||
net.ipv4.tcp_rfc1337 = 1
|
||||
|
||||
net.ipv4.conf.default.rp_filter = 1
|
||||
net.ipv4.conf.all.rp_filter = 1
|
||||
|
||||
# disable tcp timestamps to avoid leaking some system information
|
||||
# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
|
||||
net.ipv4.tcp_timestamps=0
|
||||
|
||||
#TCP BBR Congestion Control Algoritm
|
||||
net.core.default_qdisc = cake
|
||||
net.ipv4.tcp_congestion_control = bbr
|
||||
net.ipv4.tcp_notsent_lowat = 16384
|
||||
|
||||
#Ignore ICMP Ping requests
|
||||
net.ipv4.icmp_echo_ignore_all = 1
|
||||
net.ipv6.icmp.echo_ignore_all = 1
|
||||
|
||||
#Increase the memory dedicated to the network interfaces
|
||||
net.core.rmem_default = 1048576
|
||||
net.core.rmem_max = 16777216
|
||||
net.core.wmem_default = 1048576
|
||||
net.core.wmem_max = 16777216
|
||||
net.core.optmem_max = 65536
|
||||
net.ipv4.tcp_rmem = 4096 1048576 2097152
|
||||
net.ipv4.tcp_wmem = 4096 65536 16777216
|
||||
|
||||
net.ipv4.udp_rmem_min = 8192
|
||||
net.ipv4.udp_wmem_min = 8192
|
||||
|
||||
# increase aslr effectiveness for mmap
|
||||
# https://lwn.net/Articles/667790
|
||||
vm.mmap_rnd_bits=32
|
||||
vm.mmap_rnd_compat_bits=16
|
||||
|
||||
#SYN Flood Protection
|
||||
|
||||
net.ipv4.tcp_max_syn_backlog = 8192
|
||||
net.ipv4.tcp_syn_retries = 6
|
||||
net.ipv4.tcp_synack_retries = 3
|
||||
net.ipv4.tcp_syncookies = 1a
|
||||
|
||||
#DDOS Protection and shit
|
||||
net.ipv4.tcp_max_tw_buckets = 2000000
|
||||
|
||||
#Dead Conections
|
||||
net.ipv4.tcp_keepalive_time = 60
|
||||
net.ipv4.tcp_keepalive_intvl = 10
|
||||
net.ipv4.tcp_keepalive_probes = 6
|
||||
|
||||
# This will enusre that immediatly subsequent connections use the new values
|
||||
net.ipv4.route.flush = 1
|
||||
net.ipv6.route.flush = 1
|
Loading…
Reference in New Issue