I haven't updated this in a long time, anyways, enjoy
- Use own dfparam.pem file, 4096bits instead of the letsencrypt 2048 default one - Add logrotate config, logs are rotated and deleted after 2 days - Better config? Idk xd
This commit is contained in:
parent
586456dfa5
commit
eb117445a6
|
@ -0,0 +1,12 @@
|
|||
/var/log/nginx/*log {
|
||||
daily
|
||||
missingok
|
||||
notifempty
|
||||
maxage 2
|
||||
create 640 http root
|
||||
sharedscripts
|
||||
compress
|
||||
postrotate
|
||||
test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
|
||||
endscript
|
||||
}
|
|
@ -6,13 +6,11 @@ gzip_comp_level 6;
|
|||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
# BROTLI
|
||||
#brotli on;
|
||||
#brotli_comp_level 6;
|
||||
#brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
location /robots.txt { alias /var/www/html/robots.txt; }
|
||||
brotli on;
|
||||
brotli_comp_level 6;
|
||||
brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
# FUCK SEMRUSH
|
||||
if ($http_user_agent ~ (SemrushBot)) {
|
||||
return 403;
|
||||
if ($http_user_agent ~ (SemrushBot|Bytespider)) {
|
||||
return 401;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
location /robots.txt { return 200 "User-agent: AhrefsBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: dotbot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SiteAuditBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-BA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SI
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SWA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-CT
|
||||
Disallow: /
|
||||
|
||||
User-agent: SplitSignalBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-COUB
|
||||
Disallow: /"; }
|
|
@ -0,0 +1 @@
|
|||
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}
|
|
@ -6,8 +6,3 @@ add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# . files
|
||||
#location ~ /\.(?!well-known) {
|
||||
# deny all;
|
||||
#}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
ssl_certificate /etc/ssl/certs/zzlschain.pem;
|
||||
ssl_certificate_key /etc/ssl/private/zzlskey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem;
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
# OLD LETSENCRYPT SHIT XD
|
||||
#include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# SSL
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
|
||||
# Changed to a custom one for trust purposes
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
@ -3,20 +3,25 @@ worker_rlimit_nofile 65535;
|
|||
|
||||
# Include Modules
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||
|
||||
#Include external config
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
events {
|
||||
multi_accept on;
|
||||
worker_connections 16192;
|
||||
worker_connections 65535;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format limited '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
|
||||
'"-" "Bogus/66.6"';
|
||||
access_log off;
|
||||
error_log /dev/null;
|
||||
disable_symlinks off;
|
||||
|
||||
# Basic Settings
|
||||
charset utf-8;
|
||||
|
@ -24,32 +29,18 @@ http {
|
|||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
more_clear_headers Server;
|
||||
log_not_found off;
|
||||
types_hash_max_size 1024;
|
||||
types_hash_bucket_size 128;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
#proxy_cache off;
|
||||
#proxy_max_temp_file_size 0;
|
||||
#proxy_request_buffering off;
|
||||
#proxy_buffering off;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# SSL
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
#
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
|
@ -58,7 +49,7 @@ http {
|
|||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 65s;
|
||||
keepalive_timeout 60s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
|
@ -72,9 +63,10 @@ http {
|
|||
aio_write on;
|
||||
directio 2m;
|
||||
|
||||
# Virtual Host Configs
|
||||
include /etc/nginx/sites-enabled/*.conf;
|
||||
# Maps
|
||||
# Maps
|
||||
include /etc/nginx/snippets/maps.conf;
|
||||
|
||||
# Virtual Host Configs
|
||||
include /etc/nginx/sites-enabled/*.conf;
|
||||
|
||||
}
|
||||
|
|
|
@ -1,70 +1,101 @@
|
|||
# FUCK BOTS
|
||||
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
server_name 4get.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/4get;
|
||||
#index index.php;
|
||||
access_log /var/log/nginx/4get.access.log limited;
|
||||
error_log /var/log/nginx/4get.error.log;
|
||||
server_name 4get.zzls.xyz;
|
||||
root /var/www/4get;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location @php {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
#fastcgi_param PHP_VALUE open_basedir=$document_root;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @php;
|
||||
}
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
limit_req zone=4get;
|
||||
limit_req_status 444;
|
||||
if ($server_protocol ~* "HTTP/1.1") {
|
||||
return 444;
|
||||
}
|
||||
if ($http_referer ~* farside\.link) {
|
||||
return 444;
|
||||
}
|
||||
include snippets/torblacklist.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
}
|
||||
location /torisblocked {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
Tor and Proxies are not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443";ma=86400';
|
||||
Tor y Proxies no estan permitidos en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
|
||||
}
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
# Tor Header
|
||||
add_header Onion-Location http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443";ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
}
|
||||
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name 4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
listen 80;
|
||||
server_name 4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
|
||||
root /var/www/4get;
|
||||
root /var/www/4get;
|
||||
|
||||
location @php {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @php;
|
||||
}
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = 4get.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4get.zzls.xyz;
|
||||
if ($host = 4get.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4get.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
server {
|
||||
access_log /var/log/nginx/7tv.gay.log combined;
|
||||
access_log /var/log/nginx/7tv.gay.access.log combined;
|
||||
|
||||
root /var/www/7tv;
|
||||
index index.html;
|
||||
|
@ -8,6 +8,7 @@ server {
|
|||
# Security headers and general settings
|
||||
include configs/security.conf;
|
||||
include configs/general.conf;
|
||||
include configs/robots.conf;
|
||||
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
server {
|
||||
access_log /var/log/nginx/ayaya.beauty.log combined;
|
||||
|
||||
access_log /var/log/nginx/ayaya.beauty.access.log combined;
|
||||
error_log /var/log/nginx/ayaya.beauty.error.log;
|
||||
server_name ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include snippets/torblacklist.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
|
||||
root /var/www/uguu/dist/public/;
|
||||
autoindex off;
|
||||
|
@ -15,35 +19,42 @@ server {
|
|||
expires 7d;
|
||||
}
|
||||
|
||||
location ~* \.php$ {
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
location /torisblocked {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
Tor is not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
Tor no esta permitido en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem;
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
if ($host = ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name ayaya.beauty;
|
||||
return 404;
|
||||
listen 80;
|
||||
server_name ayaya.beauty;
|
||||
return 404;
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s;
|
||||
|
||||
upstream inv-debug {
|
||||
server 127.0.0.1:40050;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/debuginv.access.log;
|
||||
error_log /var/log/nginx/debuginv.error.log;
|
||||
server_name debuginv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://inv-debug;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 12000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
location ~ ^/api/ {
|
||||
proxy_pass http://inv-debug;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 12000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
limit_req zone=one;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
|
@ -1,31 +1,29 @@
|
|||
server {
|
||||
access_log /var/log/nginx/git.zzls.xyz.log combined;
|
||||
access_log /var/log/nginx/git.access.log combined;
|
||||
server_name git.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robots.conf;
|
||||
|
||||
server_name git.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
location / {
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.socket;
|
||||
include configs/proxy.conf;
|
||||
client_max_body_size 64M;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.socket;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
client_max_body_size 64M;
|
||||
}
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = git.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name git.zzls.xyz;
|
||||
if ($host = git.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name git.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,38 +1,33 @@
|
|||
server {
|
||||
server_name i.ayaya.beauty;
|
||||
root /var/www/files2;
|
||||
autoindex off;
|
||||
index index.html;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
server_name i.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
location / {
|
||||
error_page 403 =301 https://ayaya.beauty;
|
||||
error_page 404 = /404.gif;
|
||||
}
|
||||
|
||||
root /var/www/files2;
|
||||
autoindex off;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
error_page 403 =301 https://ayaya.beauty;
|
||||
error_page 404 = /404.gif;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem;
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = i.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name i.ayaya.beauty;
|
||||
return 404;
|
||||
if ($host = i.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
listen 80;
|
||||
server_name i.ayaya.beauty;
|
||||
return 404;
|
||||
|
||||
}
|
||||
|
|
|
@ -1,40 +1,122 @@
|
|||
# Rate limit searches, just 5 per sec
|
||||
limit_req_zone $binary_remote_addr zone=invidious:10m rate=5r/s;
|
||||
# Rate limit api requests, just 60 per sec, wathcing a normal video does like
|
||||
# 3 to 4 api requests so you don't need more than 30 in a second unless is a bot spamming shit lol
|
||||
limit_req_zone $binary_remote_addr zone=invidiousapi:10m rate=30r/s;
|
||||
|
||||
upstream inv {
|
||||
least_conn;
|
||||
server 127.0.0.1:40015;
|
||||
server 127.0.0.1:40016;
|
||||
server 127.0.0.1:40015 max_fails=2 fail_timeout=2s;
|
||||
server 127.0.0.1:40016 max_fails=2 fail_timeout=2s;
|
||||
#server 127.0.0.1:40017 backup fail_timeout=3s;
|
||||
}
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/inv.access.log limited;
|
||||
error_log /var/log/nginx/inv.error.log;
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
|
||||
location @upstream {
|
||||
proxy_pass http://inv;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 8000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /search {
|
||||
try_files $uri @upstream;
|
||||
limit_req zone=invidious;
|
||||
}
|
||||
|
||||
location /api {
|
||||
try_files $uri @upstream;
|
||||
limit_req zone=invidiousapi;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# TOR
|
||||
add_header Onion-Location http://inv.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name inv.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location @upstream {
|
||||
proxy_pass http://inv;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 8000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 30003;
|
||||
server_name zzlsbhhfvwg3oh36tcvx4r7n6jrw7zibvyvfxqlodcwn3mfrvzuq.b32.i2p;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location @upstream {
|
||||
proxy_pass http://inv;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 8000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://inv;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
limit_rate 8000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = inv.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name inv.zzls.xyz;
|
||||
if ($host = inv.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name inv.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,71 +1,101 @@
|
|||
# FUCK BOTS
|
||||
limit_req_zone $binary_remote_addr zone=librex:10m rate=2r/s;
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/librex.access.log limited;
|
||||
error_log /var/log/nginx/librex.error.log;
|
||||
server_name librex.zzls.xyz;
|
||||
root /var/www/librex;
|
||||
index index.php
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
location ~ \/search\.php {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
include snippets/torblacklist.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
}
|
||||
location /torisblocked {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
Tor and Proxies are not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
Tor y Proxies no estan permitidos en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
|
||||
}
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
# Onion Service Header
|
||||
add_header Onion-Location http://librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
# Onion Service Header
|
||||
add_header Onion-Location http://librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
listen 80;
|
||||
server_name librex.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
location @upstream {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri.php @upstream;
|
||||
}
|
||||
|
||||
location /search.php {
|
||||
try_files $uri.php @upstream;
|
||||
limit_req zone=librex;
|
||||
limit_req_status 444;
|
||||
}
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 30002;
|
||||
server_name zzlsaymhcfla7vibo3a223bybeecu3bd5z6rmw2u4y76maqeu76q.b32.i2p;
|
||||
listen 30002;
|
||||
server_name zzlsaymhcfla7vibo3a223bybeecu3bd5z6rmw2u4y76maqeu76q.b32.i2p;
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
|
||||
root /var/www/librex;
|
||||
index index.php;
|
||||
location @upstream {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri.php @upstream;
|
||||
}
|
||||
|
||||
location /search.php {
|
||||
try_files $uri.php @upstream;
|
||||
limit_req zone=librex;
|
||||
limit_req_status 444;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = librex.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name librex.zzls.xyz;
|
||||
|
||||
|
||||
if ($host = librex.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name librex.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,55 +1,45 @@
|
|||
server {
|
||||
server_name matrix.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
# Common shit
|
||||
include configs/general.conf;
|
||||
server_name matrix.zzls.xyz;
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
|
||||
}
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" } }';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" } }';
|
||||
}
|
||||
location / {
|
||||
alias /var/www/cinnyclient/;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location / {
|
||||
alias /var/www/cinnyclient/;
|
||||
index index.html;
|
||||
}
|
||||
location ~ ^(/_matrix|/_synapse/client|/health) {
|
||||
proxy_pass http://localhost:40020;
|
||||
include configs/proxy.conf;
|
||||
client_max_body_size 64M;
|
||||
}
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client|/health) {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
client_max_body_size 64M;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
# SecHeaders
|
||||
include configs/security.conf;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443", h3=":8448"; ma=86400';
|
||||
|
||||
listen 443 quic reuseport;
|
||||
listen 443 ssl reuseport;
|
||||
listen 8448 ssl default_server reuseport;
|
||||
listen 8448 quic default_server reuseport;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443", h3=":8448"; ma=86400';
|
||||
|
||||
listen 443 quic reuseport;
|
||||
listen 443 ssl reuseport;
|
||||
listen 8448 ssl default_server reuseport;
|
||||
listen 8448 quic default_server reuseport;
|
||||
include configs/ssl.conf;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = matrix.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name matrix.zzls.xyz;
|
||||
|
||||
|
||||
if ($host = matrix.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name matrix.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,26 +1,27 @@
|
|||
server {
|
||||
server_name pbin.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/ssl.conf;
|
||||
|
||||
server_name pbin.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
location / {
|
||||
proxy_pass http://localhost:40001;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:40001;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = pbin.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name pbin.zzls.xyz;
|
||||
if ($host = pbin.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name pbin.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,55 +1,55 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log off;
|
||||
server_name ri.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
server_name ri.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
# security headers
|
||||
include configs/security.conf;
|
||||
#add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
listen 80;
|
||||
server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 30001;
|
||||
server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
listen 30001;
|
||||
server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40002/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = ri.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ri.zzls.xyz;
|
||||
if ($host = ri.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ri.zzls.xyz;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
server {
|
||||
|
||||
root /var/www/html;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
include configs/general.conf;
|
||||
|
@ -18,7 +17,6 @@ server {
|
|||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = selfhost.zzls.xyz) {
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../sites-available/archive.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/files2.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/gatoculiao.ayaya.beauty.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/mpd.ayaya.beauty.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/rustlog.zzls.xyz.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/stream.ayaya.beauty.conf
|
|
@ -1 +0,0 @@
|
|||
../sites-available/wiki.zzls.xyz.conf
|
|
@ -1,27 +1,27 @@
|
|||
# Connection header for WebSocket reverse proxy
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $remote_addr $proxy_forwarded_elem {
|
||||
map $remote_addr $proxy_forwarded_elem {
|
||||
|
||||
# IPv4 addresses can be sent as-is
|
||||
~^[0-9.]+$ "for=$remote_addr";
|
||||
# IPv4 addresses can be sent as-is
|
||||
~^[0-9.]+$ "for=$remote_addr";
|
||||
|
||||
# IPv6 addresses need to be bracketed and quoted
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
||||
# IPv6 addresses need to be bracketed and quoted
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
||||
|
||||
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
||||
default "for=unknown";
|
||||
}
|
||||
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
||||
default "for=unknown";
|
||||
}
|
||||
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
|
||||
# If the incoming Forwarded header is syntactically valid, append to it
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
# If the incoming Forwarded header is syntactically valid, append to it
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
|
||||
# Otherwise, replace it
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
||||
# Otherwise, replace it
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue