Tor update

nginx/conf.d/count.ayaya.beauty.conf

@@ -1,11 +1,11 @@
 server {
-	server_name count.ayaya.beauty;
+	server_name count.ayaya.beauty count.nadeko.net;
 	include configs/general.conf;
 	include configs/security.conf;
 	include configs/robotsNone.conf;
 
 	location / {
-		proxy_pass http://127.0.0.1:41000/;
+		proxy_pass http://counter;
 		include configs/proxy.conf;
 	}
 
@@ -14,16 +14,21 @@ server {
 
 	listen 443 ssl;
 	http2 on;
-	ssl_certificate /etc/letsencrypt/live/count.ayaya.beauty/fullchain.pem; # managed by Certbot
-	ssl_certificate_key /etc/letsencrypt/live/count.ayaya.beauty/privkey.pem; # managed by Certbot
-	include configs/sslConfig.conf;
 
 }
 
 server {
+	set $x "";
 	if ($host = count.ayaya.beauty) {
+		set $x 1;
+	}       
+	if ($host = count.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
 		return 301 https://$host$request_uri;
 	}
-	server_name count.ayaya.beauty;
+	server_name count.ayaya.beauty count.nadeko.net;
 	listen 80;
+	return 404;
 }

nginx/conf.d/ri.zzls.xyz.conf

@@ -1,9 +1,10 @@
 server {
-	server_name ri.zzls.xyz;
+	server_name ri.zzls.xyz ri.nadeko.net;
 	include configs/general.conf;
+	include configs/robotsNone.conf;
 
 	location / {
-		proxy_pass http://127.0.0.1:40001/;
+		proxy_pass http://rimgo;
 		include configs/proxy.conf;
 	}
 
@@ -12,27 +13,32 @@ server {
 
 	listen 443 ssl;
 	http2 on;
-	ssl_certificate /etc/letsencrypt/live/ri.zzls.xyz/fullchain.pem; # managed by Certbot
-	ssl_certificate_key /etc/letsencrypt/live/ri.zzls.xyz/privkey.pem; # managed by Certbot
-	include configs/sslConfig.conf;
 
 }
 
+# TOR
 server {
-	listen 80;
-	server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
+	listen 10040;
+	server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion;
 
 	location / {
-		proxy_pass http://127.0.0.1:40001/;
+		proxy_pass http://rimgo;
 		include configs/proxy.conf;
 	}
 }
 
 server {
+	set $x "";
 	if ($host = ri.zzls.xyz) {
+		set $x 1;
+	}       
+	if ($host = ri.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
 		return 301 https://$host$request_uri;
 	}
 	listen 80;
-	server_name ri.zzls.xyz;
+	server_name ri.zzls.xyz ri.nadeko.net;
 }
 

nginx/conf.d/search.zzls.xyz.conf

@@ -1,10 +1,9 @@
 server {
-	error_log /var/log/nginx/search.zzls.xyz.error.log;
-	server_name search.zzls.xyz;
-	#include configs/general.conf;
+	server_name search.zzls.xyz search.nadeko.net;
+	include configs/general.conf;
 
 	location @socket {
-		uwsgi_pass unix:///usr/local/searxng/run/socket;
+		uwsgi_pass searxng;
 		include uwsgi_params;
 		uwsgi_param    HTTP_HOST             $host;
 		uwsgi_param    HTTP_CONNECTION       $http_connection;
@@ -28,7 +27,7 @@ server {
 	}
 
 	# Onion Service Header
-	# add_header Onion-Location http://searxdr3pqz4nydgnqocsia2xbywptxbkympa2emn7zlgggrir4bkfad.onion$request_uri;
+	add_header Onion-Location http://search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion$request_uri;
 
 	# QUIC
 	include configs/http3.conf;
@@ -40,14 +39,49 @@ server {
 
 	listen 443 ssl;
 	http2 on;
-	include configs/ssl.conf;
+
+}
+
+server {
+	listen 10040;
+	server_name search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion;
+	include configs/general.conf;
+
+	location @socket {
+		uwsgi_pass searxng;
+		include uwsgi_params;
+		uwsgi_param    HTTP_HOST             $host;
+		uwsgi_param    HTTP_CONNECTION       $http_connection;
+		# see flaskfix.py
+		uwsgi_param    HTTP_X_SCHEME         $scheme;
+		#uwsgi_param    HTTP_X_SCRIPT_NAME    /searxng;
+		# see limiter.py
+		uwsgi_param    HTTP_X_REAL_IP        $remote_addr;
+		uwsgi_param    HTTP_X_FORWARDED_FOR  $proxy_add_x_forwarded_for;
+	}
+
+	location / {
+		try_files $uri @socket;
+	}
+
+	# CSP + Security Headers
+	add_header Permissions-Policy        "interest-cohort=()" always;
+	add_header Strict-Transport-Security "max-age=63072000; preload" always;
+	add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
 
 }
 server {
+	set $x "";
 	if ($host = search.zzls.xyz) {
+		set $x 1;
+	}       
+	if ($host = search.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
 		return 301 https://$host$request_uri;
 	}
 	listen 80;
-	server_name search.zzls.xyz;
+	server_name search.zzls.xyz search.nadeko.net;
 	return 404;
 }

nginx/configs/http3.conf

@@ -1,4 +1,2 @@
-# Disable HTTP/3 for now.
-
-#add_header Alt-Svc: h2=":443"; ma=2592000;
-#listen 443 quic;
+add_header Alt-Svc 'h3=":443"; ma=86400';
+listen 443 quic;

nginx/configs/ssl.conf

@@ -1,4 +1,4 @@
-ssl_certificate /etc/ssl/certs/zzlschain.pem;
-ssl_certificate_key /etc/ssl/private/zzlskey.pem;
+ssl_certificate /etc/ssl/certs/fullchain.pem;
+ssl_certificate_key /etc/ssl/private/privkey.pem;
 
 include configs/sslConfig.conf;

nginx/configs/upstreams.conf

@@ -0,0 +1,11 @@
+upstream rimgo {
+	server 127.0.0.1:10001;
+}
+
+upstream counter {
+	server 127.0.0.1:10002;
+}
+
+upstream searxng {
+	server unix:/usr/local/searxng/run/socket;
+}

nginx/nginx.conf

@@ -53,6 +53,7 @@ http {
 	# Maps
 	include /etc/nginx/snippets/maps.conf;
 	include /etc/nginx/snippets/poop.conf;
-
+	
+	include /etc/nginx/configs/upstreams.conf;
 	include /etc/nginx/conf.d/*.conf;
 }