Compare commits
No commits in common. "main" and "selfhost" have entirely different histories.
16
README.md
16
README.md
|
@ -1,16 +0,0 @@
|
|||
You can find my server configs in this repo, they are split in different branches.
|
||||
|
||||
- [🌑 Selfhost Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost)
|
||||
|
||||
- [🇺🇸 VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/vpsus)
|
||||
|
||||
- [🌌 Veil Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/veil) (**New**)
|
||||
|
||||
- [🇨🇱 Oracle VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/oracle)
|
||||
|
||||
|
||||
#### Suggestions or Issues?
|
||||
|
||||
If you got any suggestions to the nginx configs or something that is not to your liking within the privacy-focused services I provide; Open an issue or a pull request in any config. You can either create an account with your real E-mail or with a throw away one (But probably you will be considered as a bad actor for me if you don't provide any real identity like GitHub, GitLab, Codeberg or anything like that, so make sure to link any of those).
|
||||
|
||||
*Contact*: [https://nadeko.net/contact](https://nadeko.net/contact)
|
|
@ -0,0 +1,287 @@
|
|||
## Configuration file for a typical i2pd user
|
||||
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
||||
## for more options you can use in this file.
|
||||
|
||||
## Lines that begin with "## " try to explain what's going on. Lines
|
||||
## that begin with just "#" are disabled commands: you can enable them
|
||||
## by removing the "#" symbol.
|
||||
|
||||
## Tunnels config file
|
||||
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
|
||||
## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
|
||||
# tunconf = /var/lib/i2pd/tunnels.conf
|
||||
|
||||
## Tunnels config files path
|
||||
## Use that path to store separated tunnels in different config files.
|
||||
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
|
||||
## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
|
||||
# tunnelsdir = /var/lib/i2pd/tunnels.d
|
||||
|
||||
## Path to certificates used for verifying .su3, families
|
||||
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
|
||||
## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
|
||||
# certsdir = /var/lib/i2pd/certificates
|
||||
|
||||
## Where to write pidfile (default: i2pd.pid, not used in Windows)
|
||||
# pidfile = /run/i2pd/i2pd.pid
|
||||
|
||||
## Logging configuration section
|
||||
## By default logs go to stdout with level 'info' and higher
|
||||
## For Windows OS by default logs go to file with level 'warn' and higher
|
||||
##
|
||||
## Logs destination (valid values: stdout, file, syslog)
|
||||
## * stdout - print log entries to stdout
|
||||
## * file - log entries to a file
|
||||
## * syslog - use syslog, see man 3 syslog
|
||||
# log = file
|
||||
## Path to logfile (default - autodetect)
|
||||
logfile = /var/log/i2pd/i2pd.log
|
||||
## Log messages above this level (debug, info, *warn, error, none)
|
||||
## If you set it to none, logging will be disabled
|
||||
# loglevel = warn
|
||||
## Write full CLF-formatted date and time to log (default: write only time)
|
||||
# logclftime = true
|
||||
|
||||
## Daemon mode. Router will go to background after start. Ignored on Windows
|
||||
# daemon = true
|
||||
|
||||
## Specify a family, router belongs to (default - none)
|
||||
# family =
|
||||
|
||||
## Network interface to bind to
|
||||
## Updates address4/6 options if they are not set
|
||||
# ifname =
|
||||
## You can specify different interfaces for IPv4 and IPv6
|
||||
# ifname4 =
|
||||
# ifname6 =
|
||||
|
||||
## Local address to bind transport sockets to
|
||||
## Overrides host option if:
|
||||
## For ipv4: if ipv4 = true and nat = false
|
||||
## For ipv6: if 'host' is not set or ipv4 = true
|
||||
# address4 =
|
||||
# address6 =
|
||||
|
||||
## External IPv4 or IPv6 address to listen for connections
|
||||
## By default i2pd sets IP automatically
|
||||
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
|
||||
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
|
||||
# host = 1.2.3.4
|
||||
|
||||
## Port to listen for connections
|
||||
## By default i2pd picks random port. You MUST pick a random number too,
|
||||
## don't just uncomment this
|
||||
port = 12999
|
||||
|
||||
## Enable communication through ipv4
|
||||
ipv4 = true
|
||||
## Enable communication through ipv6
|
||||
ipv6 = false
|
||||
|
||||
## Enable SSU transport
|
||||
ssu = false
|
||||
|
||||
## Bandwidth configuration
|
||||
## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
|
||||
## X - unlimited
|
||||
## Default is L (regular node) and X if floodfill mode enabled. If you want to
|
||||
## share more bandwidth without floodfill mode, uncomment that line and adjust
|
||||
## value to your possibilities
|
||||
bandwidth = X
|
||||
## Max % of bandwidth limit for transit. 0-100. 100 by default
|
||||
share = 100
|
||||
|
||||
## Router will not accept transit tunnels, disabling transit traffic completely
|
||||
## (default = false)
|
||||
# notransit = true
|
||||
|
||||
## Router will be floodfill
|
||||
## Note: that mode uses much more network connections and CPU!
|
||||
# floodfill = true
|
||||
|
||||
[ntcp2]
|
||||
## Enable NTCP2 transport (default = true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default = true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[ssu2]
|
||||
## Enable SSU2 transport
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
|
||||
# port = 4567
|
||||
|
||||
[http]
|
||||
## Web Console settings
|
||||
## Uncomment and set to 'false' to disable Web Console
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 7070
|
||||
## Path to web console, default "/"
|
||||
# webroot = /
|
||||
## Uncomment following lines to enable Web Console authentication
|
||||
## You should not use Web Console via public networks without additional encryption.
|
||||
## HTTP authentication is not encryption layer!
|
||||
# auth = true
|
||||
# user = i2pd
|
||||
# pass = changeme
|
||||
## Select webconsole language
|
||||
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
|
||||
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
|
||||
## and uzbek languages
|
||||
# lang = english
|
||||
|
||||
[httpproxy]
|
||||
## Uncomment and set to 'false' to disable HTTP Proxy
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 4444
|
||||
## Optional keys file for proxy local destination
|
||||
# keys = http-proxy-keys.dat
|
||||
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
|
||||
## You should disable this feature if your i2pd HTTP Proxy is public,
|
||||
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
|
||||
# addresshelper = true
|
||||
## Address of a proxy server inside I2P, which is used to visit regular Internet
|
||||
# outproxy = http://false.i2p
|
||||
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[socksproxy]
|
||||
## Uncomment and set to 'false' to disable SOCKS Proxy
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 4447
|
||||
## Optional keys file for proxy local destination
|
||||
# keys = socks-proxy-keys.dat
|
||||
## Socks outproxy. Example below is set to use Tor for all connections except i2p
|
||||
## Uncomment and set to 'true' to enable using of SOCKS outproxy
|
||||
# outproxy.enabled = false
|
||||
## Address and port of outproxy
|
||||
# outproxy = 127.0.0.1
|
||||
# outproxyport = 9050
|
||||
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[sam]
|
||||
## Comment or set to 'false' to disable SAM Bridge
|
||||
enabled = true
|
||||
## Address and ports service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7656
|
||||
# portudp = 7655
|
||||
|
||||
[bob]
|
||||
## Uncomment and set to 'true' to enable BOB command channel
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 2827
|
||||
|
||||
[i2cp]
|
||||
## Uncomment and set to 'true' to enable I2CP protocol
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7654
|
||||
|
||||
[i2pcontrol]
|
||||
## Uncomment and set to 'true' to enable I2PControl protocol
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7650
|
||||
## Authentication password. "itoopie" by default
|
||||
# password = itoopie
|
||||
|
||||
[precomputation]
|
||||
## Enable or disable elgamal precomputation table
|
||||
## By default, enabled on i386 hosts
|
||||
# elgamal = true
|
||||
|
||||
[upnp]
|
||||
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
|
||||
# enabled = false
|
||||
## Name i2pd appears in UPnP forwardings list (default = I2Pd)
|
||||
# name = I2Pd
|
||||
|
||||
[meshnets]
|
||||
## Enable connectivity over the Yggdrasil network
|
||||
# yggdrasil = false
|
||||
## You can bind address from your Yggdrasil subnet 300::/64
|
||||
## The address must first be added to the network interface
|
||||
# yggaddress =
|
||||
|
||||
[reseed]
|
||||
## Options for bootstrapping into I2P network, aka reseeding
|
||||
## Enable or disable reseed data verification.
|
||||
verify = true
|
||||
## URLs to request reseed data from, separated by comma
|
||||
## Default: "mainline" I2P Network reseeds
|
||||
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
|
||||
## Reseed URLs through the Yggdrasil, separated by comma
|
||||
# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
|
||||
## Path to local reseed data file (.su3) for manual reseeding
|
||||
# file = /path/to/i2pseeds.su3
|
||||
## or HTTPS URL to reseed from
|
||||
# file = https://legit-website.com/i2pseeds.su3
|
||||
## Path to local ZIP file or HTTPS URL to reseed from
|
||||
# zipfile = /path/to/netDb.zip
|
||||
## If you run i2pd behind a proxy server, set proxy server for reseeding here
|
||||
## Should be http://address:port or socks://address:port
|
||||
# proxy = http://127.0.0.1:8118
|
||||
## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
|
||||
# threshold = 25
|
||||
|
||||
[addressbook]
|
||||
## AddressBook subscription URL for initial setup
|
||||
## Default: reg.i2p at "mainline" I2P Network
|
||||
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
||||
## Optional subscriptions URLs, separated by comma
|
||||
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
|
||||
|
||||
[limits]
|
||||
## Maximum active transit sessions (default: 5000)
|
||||
## This value is doubled if floodfill mode is enabled!
|
||||
# transittunnels = 5000
|
||||
## Limit number of open file descriptors (0 - use system limit)
|
||||
# openfiles = 0
|
||||
## Maximum size of corefile in Kb (0 - use system limit)
|
||||
# coresize = 0
|
||||
|
||||
[trust]
|
||||
## Enable explicit trust options. false by default
|
||||
# enabled = true
|
||||
## Make direct I2P connections only to routers in specified Family.
|
||||
# family = MyFamily
|
||||
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
|
||||
# routers =
|
||||
## Should we hide our router from other routers? false by default
|
||||
# hidden = true
|
||||
|
||||
[exploratory]
|
||||
## Exploratory tunnels settings with default values
|
||||
# inbound.length = 2
|
||||
# inbound.quantity = 3
|
||||
# outbound.length = 2
|
||||
# outbound.quantity = 3
|
||||
|
||||
[persist]
|
||||
## Save peer profiles on disk (default: true)
|
||||
# profiles = true
|
||||
## Save full addresses on disk (default: true)
|
||||
# addressbook = true
|
||||
|
||||
[cpuext]
|
||||
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
|
||||
# aesni = true
|
||||
## Use CPU AVX instructions set when work with cryptography when available (default: true)
|
||||
# avx = true
|
||||
## Force usage of CPU instructions set, even if they not found
|
||||
## DO NOT TOUCH that option if you really don't know what are you doing!
|
||||
# force = false
|
|
@ -0,0 +1,288 @@
|
|||
## Configuration file for a typical i2pd user
|
||||
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
||||
## for more options you can use in this file.
|
||||
|
||||
## Lines that begin with "## " try to explain what's going on. Lines
|
||||
## that begin with just "#" are disabled commands: you can enable them
|
||||
## by removing the "#" symbol.
|
||||
|
||||
## Tunnels config file
|
||||
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
|
||||
## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
|
||||
# tunconf = /var/lib/i2pd/tunnels.conf
|
||||
|
||||
## Tunnels config files path
|
||||
## Use that path to store separated tunnels in different config files.
|
||||
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
|
||||
## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
|
||||
# tunnelsdir = /var/lib/i2pd/tunnels.d
|
||||
|
||||
## Path to certificates used for verifying .su3, families
|
||||
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
|
||||
## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
|
||||
# certsdir = /var/lib/i2pd/certificates
|
||||
|
||||
## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
|
||||
# pidfile = /run/i2pd/i2pd.pid
|
||||
|
||||
## Logging configuration section
|
||||
## By default logs go to stdout with level 'info' and higher
|
||||
## For Windows OS by default logs go to file with level 'warn' and higher
|
||||
##
|
||||
## Logs destination (valid values: stdout, file, syslog)
|
||||
## * stdout - print log entries to stdout
|
||||
## * file - log entries to a file
|
||||
## * syslog - use syslog, see man 3 syslog
|
||||
# log = file
|
||||
## Path to logfile (default: autodetect)
|
||||
logfile = /var/log/i2pd/i2pd.log
|
||||
## Log messages above this level (debug, info, *warn, error, critical, none)
|
||||
## If you set it to none, logging will be disabled
|
||||
# loglevel = warn
|
||||
## Write full CLF-formatted date and time to log (default: write only time)
|
||||
# logclftime = true
|
||||
|
||||
## Daemon mode. Router will go to background after start. Ignored on Windows
|
||||
## (default: true)
|
||||
# daemon = true
|
||||
|
||||
## Specify a family, router belongs to (default - none)
|
||||
# family =
|
||||
|
||||
## Network interface to bind to
|
||||
## Updates address4/6 options if they are not set
|
||||
# ifname =
|
||||
## You can specify different interfaces for IPv4 and IPv6
|
||||
# ifname4 =
|
||||
# ifname6 =
|
||||
|
||||
## Local address to bind transport sockets to
|
||||
## Overrides host option if:
|
||||
## For ipv4: if ipv4 = true and nat = false
|
||||
## For ipv6: if 'host' is not set or ipv4 = true
|
||||
# address4 =
|
||||
# address6 =
|
||||
|
||||
## External IPv4 or IPv6 address to listen for connections
|
||||
## By default i2pd sets IP automatically
|
||||
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
|
||||
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
|
||||
# host = 1.2.3.4
|
||||
|
||||
## Port to listen for connections
|
||||
## By default i2pd picks random port. You MUST pick a random number too,
|
||||
## don't just uncomment this
|
||||
# port = 4567
|
||||
|
||||
## Enable communication through ipv4 (default: true)
|
||||
ipv4 = true
|
||||
## Enable communication through ipv6 (default: false)
|
||||
ipv6 = false
|
||||
|
||||
## Bandwidth configuration
|
||||
## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
|
||||
## X - unlimited
|
||||
## Default is L (regular node) and X if floodfill mode enabled.
|
||||
## If you want to share more bandwidth without floodfill mode, uncomment
|
||||
## that line and adjust value to your possibilities. Value can be set to
|
||||
## integer in kilobytes, it will apply that limit and flag will be used
|
||||
## from next upper limit (example: if you set 4096 flag will be X, but real
|
||||
## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
|
||||
## but keep in mind that low values may be negatively evaluated by Java
|
||||
## router algorithms.
|
||||
# bandwidth = L
|
||||
## Max % of bandwidth limit for transit. 0-100 (default: 100)
|
||||
# share = 100
|
||||
|
||||
## Router will not accept transit tunnels, disabling transit traffic completely
|
||||
## (default: false)
|
||||
# notransit = true
|
||||
|
||||
## Router will be floodfill (default: false)
|
||||
## Note: that mode uses much more network connections and CPU!
|
||||
# floodfill = true
|
||||
|
||||
[ntcp2]
|
||||
## Enable NTCP2 transport (default: true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default: true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[ssu2]
|
||||
## Enable SSU2 transport (default: true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default: true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[http]
|
||||
## Web Console settings
|
||||
## Enable the Web Console (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:7070)
|
||||
# address = 127.0.0.1
|
||||
# port = 7070
|
||||
## Path to web console (default: /)
|
||||
# webroot = /
|
||||
## Enable Web Console authentication (default: false)
|
||||
## You should not use Web Console via public networks without additional encryption.
|
||||
## HTTP authentication is not encryption layer!
|
||||
# auth = true
|
||||
# user = i2pd
|
||||
# pass = changeme
|
||||
## Select webconsole language
|
||||
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
|
||||
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
|
||||
## and uzbek languages
|
||||
# lang = english
|
||||
|
||||
[httpproxy]
|
||||
## Enable the HTTP proxy (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:4444)
|
||||
# address = 127.0.0.1
|
||||
# port = 4444
|
||||
## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
|
||||
# keys = http-proxy-keys.dat
|
||||
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
|
||||
## You should disable this feature if your i2pd HTTP Proxy is public,
|
||||
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
|
||||
# addresshelper = true
|
||||
## Address of a proxy server inside I2P, which is used to visit regular Internet
|
||||
# outproxy = http://false.i2p
|
||||
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[socksproxy]
|
||||
## Enable the SOCKS proxy (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:4447)
|
||||
# address = 127.0.0.1
|
||||
# port = 4447
|
||||
## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
|
||||
# keys = socks-proxy-keys.dat
|
||||
## Socks outproxy. Example below is set to use Tor for all connections except i2p
|
||||
## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
|
||||
# outproxy.enabled = false
|
||||
## Address and port of outproxy
|
||||
# outproxy = 127.0.0.1
|
||||
# outproxyport = 9050
|
||||
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[sam]
|
||||
## Enable the SAM bridge (default: true)
|
||||
# enabled = false
|
||||
## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
|
||||
# address = 127.0.0.1
|
||||
# port = 7656
|
||||
# portudp = 7655
|
||||
|
||||
[bob]
|
||||
## Enable the BOB command channel (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:2827)
|
||||
# address = 127.0.0.1
|
||||
# port = 2827
|
||||
|
||||
[i2cp]
|
||||
## Enable the I2CP protocol (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:7654)
|
||||
# address = 127.0.0.1
|
||||
# port = 7654
|
||||
|
||||
[i2pcontrol]
|
||||
## Enable the I2PControl protocol (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:7650)
|
||||
# address = 127.0.0.1
|
||||
# port = 7650
|
||||
## Authentication password (default: itoopie)
|
||||
# password = itoopie
|
||||
|
||||
[precomputation]
|
||||
## Enable or disable elgamal precomputation table
|
||||
## By default, enabled on i386 hosts
|
||||
# elgamal = true
|
||||
|
||||
[upnp]
|
||||
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
|
||||
# enabled = false
|
||||
## Name i2pd appears in UPnP forwardings list (default: I2Pd)
|
||||
# name = I2Pd
|
||||
|
||||
[meshnets]
|
||||
## Enable connectivity over the Yggdrasil network (default: false)
|
||||
# yggdrasil = false
|
||||
## You can bind address from your Yggdrasil subnet 300::/64
|
||||
## The address must first be added to the network interface
|
||||
# yggaddress =
|
||||
|
||||
[reseed]
|
||||
## Options for bootstrapping into I2P network, aka reseeding
|
||||
## Enable reseed data verification (default: true)
|
||||
verify = true
|
||||
## URLs to request reseed data from, separated by comma
|
||||
## Default: "mainline" I2P Network reseeds
|
||||
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
|
||||
## Reseed URLs through the Yggdrasil, separated by comma
|
||||
# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
|
||||
## Path to local reseed data file (.su3) for manual reseeding
|
||||
# file = /path/to/i2pseeds.su3
|
||||
## or HTTPS URL to reseed from
|
||||
# file = https://legit-website.com/i2pseeds.su3
|
||||
## Path to local ZIP file or HTTPS URL to reseed from
|
||||
# zipfile = /path/to/netDb.zip
|
||||
## If you run i2pd behind a proxy server, set proxy server for reseeding here
|
||||
## Should be http://address:port or socks://address:port
|
||||
# proxy = http://127.0.0.1:8118
|
||||
## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
|
||||
# threshold = 25
|
||||
|
||||
[addressbook]
|
||||
## AddressBook subscription URL for initial setup
|
||||
## Default: reg.i2p at "mainline" I2P Network
|
||||
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
||||
## Optional subscriptions URLs, separated by comma
|
||||
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
|
||||
|
||||
[limits]
|
||||
## Maximum active transit sessions (default: 5000)
|
||||
## This value is doubled if floodfill mode is enabled!
|
||||
# transittunnels = 5000
|
||||
## Limit number of open file descriptors (0 - use system limit)
|
||||
# openfiles = 0
|
||||
## Maximum size of corefile in Kb (0 - use system limit)
|
||||
# coresize = 0
|
||||
|
||||
[trust]
|
||||
## Enable explicit trust options. (default: false)
|
||||
# enabled = true
|
||||
## Make direct I2P connections only to routers in specified Family.
|
||||
# family = MyFamily
|
||||
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
|
||||
# routers =
|
||||
## Should we hide our router from other routers? (default: false)
|
||||
# hidden = true
|
||||
|
||||
[exploratory]
|
||||
## Exploratory tunnels settings with default values
|
||||
# inbound.length = 2
|
||||
# inbound.quantity = 3
|
||||
# outbound.length = 2
|
||||
# outbound.quantity = 3
|
||||
|
||||
[persist]
|
||||
## Save peer profiles on disk (default: true)
|
||||
# profiles = true
|
||||
## Save full addresses on disk (default: true)
|
||||
# addressbook = true
|
||||
|
||||
[cpuext]
|
||||
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
|
||||
# aesni = true
|
||||
## Force usage of CPU instructions set, even if they not found (default: false)
|
||||
## DO NOT TOUCH that option if you really don't know what are you doing!
|
||||
# force = false
|
|
@ -0,0 +1,33 @@
|
|||
[IRC-ILITA]
|
||||
type = client
|
||||
address = 127.0.0.1
|
||||
port = 6668
|
||||
destination = irc.ilita.i2p
|
||||
destinationport = 6667
|
||||
keys = irc-keys.dat
|
||||
|
||||
#[IRC-IRC2P]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 6669
|
||||
#destination = irc.postman.i2p
|
||||
#destinationport = 6667
|
||||
#keys = irc-keys.dat
|
||||
|
||||
#[SMTP]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 7659
|
||||
#destination = smtp.postman.i2p
|
||||
#destinationport = 25
|
||||
#keys = smtp-keys.dat
|
||||
|
||||
#[POP3]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 7660
|
||||
#destination = pop.postman.i2p
|
||||
#destinationport = 110
|
||||
#keys = pop3-keys.dat
|
||||
|
||||
# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/
|
|
@ -0,0 +1,5 @@
|
|||
[librex]
|
||||
type=http
|
||||
host=127.0.0.1
|
||||
port=10051
|
||||
keys=inv.dat
|
|
@ -0,0 +1,5 @@
|
|||
[librex]
|
||||
type=http
|
||||
host=127.0.0.1
|
||||
port=30002
|
||||
keys=librex.dat
|
|
@ -0,0 +1,5 @@
|
|||
[rimgo]
|
||||
type=http
|
||||
host=127.0.0.1
|
||||
port=10050
|
||||
keys=rimgo-real.dat
|
|
@ -0,0 +1,12 @@
|
|||
/var/log/nginx/*log {
|
||||
daily
|
||||
missingok
|
||||
notifempty
|
||||
maxage 1
|
||||
create 640 http root
|
||||
sharedscripts
|
||||
compress
|
||||
postrotate
|
||||
test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
|
||||
endscript
|
||||
}
|
|
@ -0,0 +1,105 @@
|
|||
limit_req_zone $binary_remote_addr zone=4get:10m rate=4r/s;
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/4get.access.log limited;
|
||||
error_log /var/log/nginx/4get.error.log;
|
||||
server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
|
||||
root /var/www/4get-zzls;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
|
||||
if ($server_protocol ~* "HTTP/1.1") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
include snippets/torblacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
error_page 429 =302 /rl;
|
||||
}
|
||||
|
||||
location /torisblocked {
|
||||
alias errors/$request_uri.txt;
|
||||
}
|
||||
|
||||
location /rl {
|
||||
alias errors/$request_uri.txt;
|
||||
}
|
||||
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
# Tor Header
|
||||
add_header Onion-Location http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 10040;
|
||||
server_name 4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion 4get.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
|
||||
root /var/www/4get-zzls;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = 4get.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = 4get.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = 4getus.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = 4getus.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,99 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/4get.access.log limited;
|
||||
error_log /var/log/nginx/4get.error.log;
|
||||
server_name debug4get.zzls.xyz debug4get.nadeko.net;
|
||||
root /var/www/;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
if ($server_protocol ~* "HTTP/1.1") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
include snippets/torblacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
error_page 429 =302 /rl;
|
||||
}
|
||||
|
||||
location /torisblocked {
|
||||
alias errors/$request_uri;
|
||||
}
|
||||
|
||||
location /rl {
|
||||
alias errros/$request_uri;
|
||||
}
|
||||
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
# Tor Header
|
||||
add_header Onion-Location http://debug4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name debug4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
|
||||
|
||||
root /var/www/4get;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = debug4get.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = debug4get.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name debug4get.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,115 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /tmp/debuginv.access.log;
|
||||
error_log /tmp/debuginv.error.log;
|
||||
server_name debuginv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
# SECURITY HEADERS ADDED BY Invidious
|
||||
# include configs/security.conf;
|
||||
|
||||
location @upstream {
|
||||
proxy_pass http://inv-debug;
|
||||
include configs/proxy.conf;
|
||||
limit_rate 1000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
}
|
||||
|
||||
# location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) {
|
||||
# access_log /var/log/nginx/debuginv-proxy.access.log;
|
||||
# error_log /var/log/nginx/debuginv-proxy.error.log;
|
||||
# # Woops! Sorry. I don't want to kill my SSD lol!
|
||||
# proxy_buffering off;
|
||||
# #proxy_buffers 1024 16k;
|
||||
# proxy_set_header X-Forwarded-For "";
|
||||
# proxy_hide_header "alt-svc";
|
||||
# sendfile_max_chunk 512k;
|
||||
# proxy_hide_header Cache-Control;
|
||||
# proxy_hide_header etag;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_intercept_errors on;
|
||||
# proxy_set_header Connection keep-alive;
|
||||
# proxy_max_temp_file_size 32m;
|
||||
# proxy_pass http://http3-ytproxy-debug;
|
||||
# add_header Cache-Control private always;
|
||||
# limit_rate 6000k;
|
||||
# }
|
||||
location ~ (^/videoplayback) {
|
||||
access_log /var/log/nginx/debuginv-proxy.access.log;
|
||||
error_log /var/log/nginx/debuginv-proxy.error.log;
|
||||
# Woops! Sorry. I don't want to kill my SSD lol!
|
||||
proxy_buffering off;
|
||||
#proxy_buffers 1024 16k;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_hide_header "alt-svc";
|
||||
sendfile_max_chunk 512k;
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_hide_header etag;
|
||||
proxy_http_version 1.1;
|
||||
proxy_intercept_errors on;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_max_temp_file_size 32m;
|
||||
proxy_pass http://http3-ytproxy-debug;
|
||||
add_header Cache-Control private always;
|
||||
limit_rate 6000k;
|
||||
}
|
||||
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /search {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/ {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/storyboards {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/captions {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/comments {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/channels/(.+)/shorts {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
# TOR
|
||||
add_header Onion-Location http://debuginvzzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = debuginv.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = debuginv.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name debuginv.zzls.xyz;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
access_log /var/log/nginx/ayaya.beauty.access.log combined;
|
||||
error_log /var/log/nginx/ayaya.beauty.error.log;
|
||||
server_name ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include snippets/torblacklist.conf;
|
||||
|
||||
root /var/www/uguu/dist/public/;
|
||||
autoindex off;
|
||||
index index.html index.php;
|
||||
|
||||
client_max_body_size 512M;
|
||||
|
||||
location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
|
||||
expires 7d;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
location /torisblocked {
|
||||
alias errors/torisblocked.txt;
|
||||
}
|
||||
|
||||
error_page 403 =302 /torisblocked;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ayaya.beauty;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
server {
|
||||
access_log /var/log/nginx/i.ayaya.beauty.access.log;
|
||||
server_name i.ayaya.beauty;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
root /mnt/ssd/i.ayaya.beauty/;
|
||||
autoindex off;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
rewrite ^/(.*)/$ /\$1 break;
|
||||
try_files $uri $uri.jpg $uri.png $uri.gif $uri.css $uri.js $uri/ =404;
|
||||
error_page 401 402 403 404 =301 https://ayaya.beauty;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = i.ayaya.beauty) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name i.ayaya.beauty;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
server {
|
||||
server_name git.zzls.xyz;
|
||||
rewrite ^ https://git.nadeko.net$request_uri? permanent;
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/git.access.log;
|
||||
server_name git.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robots.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://forgejo;
|
||||
include configs/proxy.conf;
|
||||
client_max_body_size 128M;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
# include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = git.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name git.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
limit_req_zone $binary_remote_addr zone=invidious-apirl:1m rate=40r/s;
|
||||
|
||||
server {
|
||||
server_name inv.zzls.xyz;
|
||||
rewrite ^ https://inv.nadeko.net$request_uri? permanent;
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/inv.access.log limited;
|
||||
error_log /var/log/nginx/inv.error.log;
|
||||
server_name inv.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
# SECURITY HEADERS ADDED BY Invidious
|
||||
# include configs/security.conf;
|
||||
|
||||
# The messed up invidious configuration
|
||||
include conf.d/inv.conf.locations;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
# TOR
|
||||
add_header Onion-Location http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 10040;
|
||||
server_name inv.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
include conf.d/inv.conf.locations;
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 10051;
|
||||
server_name zzlsbhhfvwg3oh36tcvx4r7n6jrw7zibvyvfxqlodcwn3mfrvzuq.b32.i2p;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
include conf.d/inv.conf.locations;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = inv.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = inv.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name inv.zzls.xyz inv.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
location @upstream {
|
||||
proxy_pass http://inv;
|
||||
include configs/proxy.conf;
|
||||
limit_rate 1000k;
|
||||
# Disable buffering and cache so i don't kill my
|
||||
# SSD and bandwidth usage
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_cache off;
|
||||
proxy_intercept_errors on;
|
||||
error_page 502 = @fallback;
|
||||
}
|
||||
|
||||
location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) {
|
||||
# Woops! Sorry. I don't want to kill my SSD lol!
|
||||
proxy_buffering off;
|
||||
#proxy_buffers 1024 16k;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_hide_header "alt-svc";
|
||||
sendfile_max_chunk 512k;
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_hide_header etag;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_max_temp_file_size 32m;
|
||||
proxy_pass http://http3-ytproxy;
|
||||
add_header Cache-Control private always;
|
||||
limit_rate 8000k;
|
||||
limit_conn addr 100;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /search {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1 {
|
||||
limit_req zone=invidious-apirl nodelay burst=10;
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/storyboards {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/captions {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location /api/v1/comments {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/channels/(.+)/shorts {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location @fallback {
|
||||
root /etc/nginx/errors;
|
||||
try_files $uri /502.html = 502;
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
server {
|
||||
access_log /var/log/nginx/keygenmusic.zzls.xyz.access.log;
|
||||
root /var/www/keygenmusic.tk-mirror;
|
||||
index index.html;
|
||||
server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /kgm {
|
||||
alias /mnt/ssd/luna.zzls.xyz/keygenmusic.tk/kgm;
|
||||
}
|
||||
|
||||
location /kgm/ver.txt {
|
||||
alias /var/www/keygenmusic.tk-mirror/kgm/ver.txt;
|
||||
}
|
||||
|
||||
location /kgm/lib.txt {
|
||||
alias /var/www/keygenmusic.tk-mirror/kgm/lib.txt;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = keygenmusic.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = keygenmusic.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
server_name luna.zzls.xyz;
|
||||
rewrite ^ https://luna.nadeko.net$request_uri? permanent;
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/luna.zzls.xyz.access.log combined;
|
||||
error_log /var/log/nginx/luna.zzls.xyz.error.log;
|
||||
server_name luna.nadeko.net;
|
||||
index index.php /_h5ai/public/index.php;
|
||||
root /mnt/ssd/luna.zzls.xyz/;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = luna.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name luna.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,53 @@
|
|||
server {
|
||||
server_name matrix.zzls.xyz matrix.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
|
||||
}
|
||||
|
||||
#location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
|
||||
# proxy_pass http://127.0.0.1:40022;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Host $host;
|
||||
#}
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client|/health) {
|
||||
proxy_pass http://matrix;
|
||||
include configs/proxy.conf;
|
||||
client_max_body_size 64M;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl reuseport;
|
||||
listen 8448 ssl default_server reuseport;
|
||||
listen 8448 quic default_server reuseport;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = matrix.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = matrix.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name matrix.zzls.xyz;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
server {
|
||||
server_name pbin.zzls.xyz pbin.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://privatebin;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = pbin.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = pbin.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name pbin.zzls.xyz;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,61 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log off;
|
||||
server_name ri.zzls.xyz ri.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://rimgo;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 10040;
|
||||
server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://rimgo;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
# I2P
|
||||
server {
|
||||
listen 30001;
|
||||
server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://rimgo;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = ri.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = ri.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ri.zzls.xyz ri.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
# GZIP
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
# BROTLI
|
||||
brotli on;
|
||||
brotli_comp_level 6;
|
||||
brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
# fuck bots .kill
|
||||
if ($poop) {
|
||||
return 444;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
listen 443 quic;
|
|
@ -0,0 +1,20 @@
|
|||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
|
||||
# Proxy SSL
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
# Proxy headers
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
#proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Forwarded $proxy_add_forwarded;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
# Proxy timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
|
@ -0,0 +1,26 @@
|
|||
location /robots.txt { return 200 "User-agent: AhrefsBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: dotbot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SiteAuditBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-BA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SI
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SWA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-CT
|
||||
Disallow: /
|
||||
|
||||
User-agent: SplitSignalBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-COUB
|
||||
Disallow: /"; }
|
|
@ -0,0 +1 @@
|
|||
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}
|
|
@ -0,0 +1,6 @@
|
|||
# security headers
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
|
@ -0,0 +1,5 @@
|
|||
# ECDSA
|
||||
ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
|
||||
ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
|
||||
|
||||
include configs/sslConfig.conf;
|
|
@ -0,0 +1,12 @@
|
|||
# SSL
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
|
||||
# Changed to a custom one for trust purposes
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
|
||||
/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
|
||||
56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
|
||||
kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
|
||||
EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
|
||||
dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
|
||||
buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
|
||||
hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
|
||||
+lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
|
||||
OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
|
||||
guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
|
||||
-----END DH PARAMETERS-----
|
|
@ -0,0 +1,187 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<link rel="stylesheet" href="https://zzls.xyz/style.css" type="text/css">
|
||||
<link rel="icon" type="image/gif" href="./favicon.gif">
|
||||
<style>
|
||||
@font-face {
|
||||
font-family: "Gaiatype";
|
||||
src: url("./Gaiatype.woff2") format('woff');
|
||||
}
|
||||
|
||||
html {
|
||||
background-image: linear-gradient(to bottom,
|
||||
rgba(11, 11, 11, 0.85),
|
||||
rgba(11, 11, 11, 0.85)),
|
||||
url(./bg.gif);
|
||||
background-attachment: fixed;
|
||||
height: 100%;
|
||||
/* filter: invert(0); */
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: rgb(220, 100, 170);
|
||||
font-family: 'Gaiatype';
|
||||
font-size: 2em;
|
||||
}
|
||||
|
||||
h2 {
|
||||
color: #bde0e4;
|
||||
text-align: center;
|
||||
font-family: 'Gaiatype';
|
||||
}
|
||||
|
||||
@keyframes xd {
|
||||
0% {
|
||||
letter-spacing: normal;
|
||||
/* transform: rotate(2deg); */
|
||||
}
|
||||
|
||||
50% {
|
||||
letter-spacing: 3px;
|
||||
/* transform: rotate(0deg); */
|
||||
}
|
||||
|
||||
100% {
|
||||
letter-spacing: normal;
|
||||
/* transform: rotate(2deg); */
|
||||
}
|
||||
}
|
||||
|
||||
@keyframes erm {
|
||||
0% {
|
||||
transform: rotate(2deg);
|
||||
}
|
||||
|
||||
50% {
|
||||
transform: rotate(-2deg);
|
||||
}
|
||||
|
||||
100% {
|
||||
transform: rotate(2deg);
|
||||
}
|
||||
}
|
||||
|
||||
p {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.lol {
|
||||
animation: erm 10s infinite;
|
||||
}
|
||||
/* .lol2 {
|
||||
animation: erm 8s infinite;
|
||||
} */
|
||||
|
||||
body {
|
||||
opacity: 0;
|
||||
transition: opacity 1s;
|
||||
}
|
||||
|
||||
/* .content {
|
||||
min-height: 100%;
|
||||
display: grid;
|
||||
grid-template-rows: auto 1fr auto;
|
||||
} */
|
||||
|
||||
.lain {
|
||||
position: absolute;
|
||||
right: 0;
|
||||
bottom: 0;
|
||||
width: 50%;
|
||||
pointer-events: none;
|
||||
z-index: -1;
|
||||
}
|
||||
|
||||
ul {
|
||||
list-style-type: none;
|
||||
}
|
||||
|
||||
audio {
|
||||
position: fixed;
|
||||
top: 0;
|
||||
left: -100;
|
||||
right: 0;
|
||||
opacity: 0.2;
|
||||
transition: opacity 0.5s ease;
|
||||
/* font-family: 'Gaiatype'; */
|
||||
--box-shadow1: rgba(249, 249, 250, 0);
|
||||
--box-shadow2: rgba(91, 91, 102, 0.0);
|
||||
--box-shadow3: rgba(82, 82, 94, 0.0);
|
||||
}
|
||||
|
||||
audio:hover {
|
||||
opacity: 8;
|
||||
}
|
||||
|
||||
audio::-webkit-media-controls-panel{
|
||||
background-color: rgba(200,200,200,1);
|
||||
width:350px;
|
||||
}
|
||||
|
||||
footer {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
align-items: center;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
footer img {
|
||||
/* width: 100%; */
|
||||
max-width: 100%;
|
||||
}
|
||||
|
||||
footer p {
|
||||
margin-top: 10px;
|
||||
max-width: 315px;
|
||||
/* margin: 0 auto; */
|
||||
}
|
||||
</style>
|
||||
|
||||
|
||||
<title>502 Bad Gateway</title>
|
||||
</head>
|
||||
|
||||
<body onload="document.body.style.opacity='1'">
|
||||
<audio controls autoplay loop>
|
||||
<source src="./kahgy.ogg" type="audio/ogg">
|
||||
</audio>
|
||||
</div>
|
||||
<div class="overlay fade-out"></div>
|
||||
<div style="font-size: 1.2ch;margin: 0 auto;">
|
||||
<a>Go to zzls.xyz?: </a><a href="https://zzls.xyz">Yes</a>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
|
||||
<h1 class="lol lol2">502 Bad Gateway</h1>
|
||||
<p style="text-align: center; font-size: large;"><b>You just reached an <span style="color: rgb(255, 100, 100);">error page</span>... Great, enjoy the music.</b></p>
|
||||
|
||||
<p>This does not mean that the server is down, or else you would not have been able access this error page.</p>
|
||||
<h2>Contact</h2>
|
||||
<p>Notify me about this shitty error in case I haven't noticed about it yet xD</p>
|
||||
<ul>
|
||||
<li>E-mail: <a style="font-size: large;"
|
||||
href="mailto:admin [at] zzls.xyz"><code>admin [at] zzls.xyz</code></a> <a>PGP Key: <a
|
||||
href="./admin@zzls.xyz.asc">76C578BB918EB8F556C0ABDEA9CB7D007A846255</a></a></li>
|
||||
<li>Mastodon: <a href="https://noc.social/@fijxu">https://noc.social/@fijxu</a></li>
|
||||
<li>Twitter: <a href="https://twitter.com/fijxu__">https://twitter.com/fijxu__</a> <a>Just @ me. No DMs</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
<footer>
|
||||
<img src="https://count.ayaya.beauty/get/@502zzlsreal2?theme=rule34" alt="The counter is dead or your browser doesn't support the <img> element , xDDDd.">
|
||||
<p>This counter resets every 5 minutes, so if this number is higher than 10, you are clearly not the only one with this error. CONTACT THE ADMIN TO FIX HIS SHIT xD</p>
|
||||
</footer>
|
||||
|
||||
<script>
|
||||
document.getElementById("domain").innerText = "(" + window.location.hostname + ")";
|
||||
</script>
|
||||
|
||||
</html>
|
Binary file not shown.
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xjMEZUDy0BYJKwYBBAHaRw8BAQdAL9RfyeA84n+J0GyVfJpPHPqtw9e4ZGQVt/l+
|
||||
qUs0qrDNH3p6bHMueHl6IEFkbWluIDxhZG1pbkB6emxzLnh5ej7CjwQTFggANxYh
|
||||
BHbFeLuRjrj1VsCr3qnLfQB6hGJVBQJlQPLQBQkDwmcAAhsDBAsJCAcFFQgJCgsF
|
||||
FgIDAQAACgkQqct9AHqEYlUugAD8CLpr1tqosErf0KDqG5nWkHBj/lcixwQ/Ii4Y
|
||||
soa+q+kBAN9bKzUkma9yVGwlDg/pDW6sKztgB8MU+FKPRgxSPwEJzjgEZUDy0RIK
|
||||
KwYBBAGXVQEFAQEHQCa0sUBxzKEikQvxiPjgpEVpprMWELgs3eB+T1YrkYkrAwEI
|
||||
B8J+BBgWCAAmFiEEdsV4u5GOuPVWwKveqct9AHqEYlUFAmVA8tEFCQPCZwACGwwA
|
||||
CgkQqct9AHqEYlVlbAD/U2gC6NG4ueUxeEVTpbNfhs8zDnIrq9YrecGpKtpAbCcA
|
||||
/0Z/z7XtD73hJtfEqqzzjtLccugoTzx88dVEEAutDEIJ
|
||||
=eQVs
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
Binary file not shown.
After Width: | Height: | Size: 20 KiB |
Binary file not shown.
Binary file not shown.
After Width: | Height: | Size: 123 KiB |
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
Tor and Proxies are not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
Tor y Proxies no estan permitidos en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.
|
|
@ -0,0 +1,26 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,69 @@
|
|||
worker_processes auto;
|
||||
worker_rlimit_nofile 65535;
|
||||
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
|
||||
|
||||
events {
|
||||
worker_connections 4096;
|
||||
multi_accept off;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format limited '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
|
||||
'"-" "Bogus/66.6" - "$http_host"';
|
||||
|
||||
access_log off;
|
||||
error_log /dev/null;
|
||||
|
||||
# Basic Settings
|
||||
charset utf-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 1024;
|
||||
types_hash_bucket_size 128;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
|
||||
# SSL
|
||||
include configs/ssl.conf;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
client_body_timeout 10s;
|
||||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 60s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
client_body_buffer_size 32k;
|
||||
client_max_body_size 2m;
|
||||
|
||||
open_file_cache max=1024 inactive=10s;
|
||||
open_file_cache_valid 60s;
|
||||
open_file_cache_min_uses 2;
|
||||
open_file_cache_errors on;
|
||||
|
||||
# PERFORMANCE / ASYNC I/O
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 2m;
|
||||
|
||||
# Maps
|
||||
include /etc/nginx/snippets/maps.conf;
|
||||
include /etc/nginx/snippets/poop.conf;
|
||||
|
||||
limit_conn_zone $binary_remote_addr zone=addr:10m;
|
||||
include /etc/nginx/configs/upstreams.conf;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
# Connection header for WebSocket reverse proxy
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $remote_addr $proxy_forwarded_elem {
|
||||
|
||||
# IPv4 addresses can be sent as-is
|
||||
~^[0-9.]+$ "for=$remote_addr";
|
||||
|
||||
# IPv6 addresses need to be bracketed and quoted
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
||||
|
||||
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
||||
default "for=unknown";
|
||||
}
|
||||
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
|
||||
# If the incoming Forwarded header is syntactically valid, append to it
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
|
||||
# Otherwise, replace it
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
map $http_user_agent $poop {
|
||||
default 0;
|
||||
~*my-tiny-bot 1;
|
||||
~*thesis-research-bot 1;
|
||||
~*SemrushBot 1;
|
||||
~*Bytespider 1;
|
||||
~*PetalBot 1;
|
||||
~*Amazonbot 1;
|
||||
~*FriendlyCrawler 1;
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
[Unit]
|
||||
Description=Http3 YTProxy for Invidious
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=http
|
||||
Group=http
|
||||
Environment="DISABLE_WEBP=1"
|
||||
Environment="DISABLE_IPV6=1"
|
||||
WorkingDirectory=/opt/http3-ytproxy
|
||||
ExecStart=/opt/http3-ytproxy/http3-ytproxy
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
ReadWritePaths=/opt/http3-ytproxy/socket
|
||||
NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=true
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=true
|
||||
RestrictSUIDSGID=true
|
||||
RestrictRealtime=true
|
||||
LockPersonality=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelModules=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Invidious (An alternative YouTube front-end) DEBUG
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=invidious
|
||||
Group=invidious
|
||||
WorkingDirectory=/opt/invidious/invidious-debug
|
||||
ExecStart=/opt/invidious/invidious-debug/invidious
|
||||
Restart=always
|
||||
RuntimeMaxSec=1h
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,35 @@
|
|||
[Unit]
|
||||
Description=Invidious (An alternative YouTube front-end)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
RestartSec=10s
|
||||
Type=simple
|
||||
User=invidious
|
||||
Group=invidious
|
||||
WorkingDirectory=/opt/invidious/invidious
|
||||
ExecStart=/opt/invidious/invidious/invidious -o invidious%i.log -p %i
|
||||
StandardOutput=null
|
||||
#StandardError=null
|
||||
Restart=always
|
||||
#RuntimeMaxSec=1h
|
||||
LimitNOFILE=16384
|
||||
|
||||
# Security
|
||||
#PrivateTmp=yes
|
||||
#NoNewPrivileges=true
|
||||
#ProtectSystem=yes
|
||||
#ProtectDevices=yes
|
||||
#DevicePolicy=closed
|
||||
#ProtectKernelTunables=yes
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectHostname=yes
|
||||
#ProtectKernelLogs=true
|
||||
#PrivateUsers=yes
|
||||
#ReadWriteDirectories=/home/invidious/invidious
|
||||
#ProtectControlGroups=yes
|
||||
#RestrictNamespaces=net uts ipc pid user cgroup
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,19 @@
|
|||
[Unit]
|
||||
Description=Matrix sliding sync proxy (MSC3575)
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
Group=root
|
||||
Environment=LANG=en_US.UTF-8
|
||||
WorkingDirectory=/opt/sliding-sync
|
||||
ExecStart=/opt/sliding-sync/syncv3
|
||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||
EnvironmentFile=/opt/sliding-sync/.env
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,28 @@
|
|||
[Unit]
|
||||
Description=Minecraft Serber
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=mc
|
||||
Group=mc
|
||||
Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk
|
||||
WorkingDirectory=/opt/mc/server/
|
||||
ExecStart=/usr/bin/tmux new-session -s minecraft -d '/usr/lib/jvm/java-8-openjdk/bin/java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
|
||||
ExecStop=/usr/bin/tmux send -t minecraft.0 stop ENTER
|
||||
#ExecRestart=/usr/bin/tmux send -t minecraft.0 stop ENTER; sleep 10; /usr/bin/tmux new-session -s minecraft -d 'java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
|
||||
TimeoutStopSec=10
|
||||
TimeoutStartSec=10
|
||||
StandardOutput=null
|
||||
StandardError=null
|
||||
RemainAfterExit=yes
|
||||
KillMode=none
|
||||
RestartMode=direct
|
||||
#KillSignal=SIGINT
|
||||
#RestartKillSignal=SIGINT
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,37 @@
|
|||
[Unit]
|
||||
Description=Rimgo - An Imgur Proxy
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=rimgo
|
||||
Group=rimgo
|
||||
WorkingDirectory=/opt/rimgo
|
||||
ExecStart=/opt/rimgo/rimgo
|
||||
Restart=on-failure
|
||||
RestartSec=3s
|
||||
|
||||
ReadWritePaths=/opt/rimgo
|
||||
NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=true
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=true
|
||||
RestrictSUIDSGID=true
|
||||
RestrictRealtime=true
|
||||
LockPersonality=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelModules=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue