Fijxu
/
etc-configs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update some shits

This commit is contained in:
Selfhost Root 2023-03-05 13:14:43 -03:00
parent f17dbb5411
commit b7e6599c99
6 changed files with 62 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nginx/configs/securityheaders.conf
View File

@ -4,6 +4,7 @@ add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header X-Frame-Options "sameorigin" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# . files

55
nginx/sites-available/files2.zzls.xyz.conf Normal file
View File

@ -0,0 +1,55 @@
server {
access_log /var/log/nginx/files.access.log combined;
error_log /var/log/nginx/files.error.log;
server_name files2.zzls.xyz;
include configs/general.conf;
include configs/securityheaders.conf;
#root /var/www/files;
#index index.php /_h5ai/public/index.php;
if ($http_user_agent ~* (google) ) {
return 404;
}
deny 131.108.229.119;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
limit_rate 5000k;
}
root /mnt/storage/files2.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
listen 443 ssl http2; # managed by Certbot
listen 443 http3;
ssl_certificate /etc/letsencrypt/live/files2.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/files2.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

2
nginx/sites-available/gitea.zzls.xyz.conf
View File

@ -7,7 +7,7 @@ server {
include configs/general.conf;
location / {
proxy_pass http://unix:/run/gitea/gitea.socket;
proxy_pass http://unix:/run/forgejo/forgejo.socket;
include configs/proxyheaders.conf;
}

6
nginx/sites-available/inv.zzls.xyz.conf
View File

@ -10,9 +10,9 @@ server {
include configs/proxyheaders.conf;
}
# security headers
include configs/securityheaders.conf;
#add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
# Security headers
# Invidious uses their own security headers
# include configs/securityheaders.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';

2
nginx/sites-available/rustlog.zzls.xyz.conf
View File

@ -9,7 +9,7 @@ server {
include configs/proxyheaders.conf;
}
#include configs/securityheaders.conf;
include configs/securityheaders.conf;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';

1
nginx/sites-enabled/files2.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/files2.zzls.xyz.conf