Compare commits
No commits in common. "main" and "vpsus" have entirely different histories.
16
README.md
16
README.md
|
@ -1,16 +0,0 @@
|
|||
You can find my server configs in this repo, they are split in different branches.
|
||||
|
||||
- [🌑 Selfhost Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost)
|
||||
|
||||
- [🇺🇸 VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/vpsus)
|
||||
|
||||
- [🌌 Veil Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/veil) (**New**)
|
||||
|
||||
- [🇨🇱 Oracle VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/oracle)
|
||||
|
||||
|
||||
#### Suggestions or Issues?
|
||||
|
||||
If you got any suggestions to the nginx configs or something that is not to your liking within the privacy-focused services I provide; Open an issue or a pull request in any config. You can either create an account with your real E-mail or with a throw away one (But probably you will be considered as a bad actor for me if you don't provide any real identity like GitHub, GitLab, Codeberg or anything like that, so make sure to link any of those).
|
||||
|
||||
*Contact*: [https://nadeko.net/contact](https://nadeko.net/contact)
|
|
@ -0,0 +1,284 @@
|
|||
## Configuration file for a typical i2pd user
|
||||
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
||||
## for more options you can use in this file.
|
||||
|
||||
## Lines that begin with "## " try to explain what's going on. Lines
|
||||
## that begin with just "#" are disabled commands: you can enable them
|
||||
## by removing the "#" symbol.
|
||||
|
||||
## Tunnels config file
|
||||
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
|
||||
# tunconf = /var/lib/i2pd/tunnels.conf
|
||||
|
||||
## Tunnels config files path
|
||||
## Use that path to store separated tunnels in different config files.
|
||||
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
|
||||
# tunnelsdir = /var/lib/i2pd/tunnels.d
|
||||
|
||||
## Path to certificates used for verifying .su3, families
|
||||
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
|
||||
# certsdir = /var/lib/i2pd/certificates
|
||||
|
||||
## Where to write pidfile (default: i2pd.pid, not used in Windows)
|
||||
# pidfile = /run/i2pd.pid
|
||||
|
||||
## Logging configuration section
|
||||
## By default logs go to stdout with level 'info' and higher
|
||||
## For Windows OS by default logs go to file with level 'warn' and higher
|
||||
##
|
||||
## Logs destination (valid values: stdout, file, syslog)
|
||||
## * stdout - print log entries to stdout
|
||||
## * file - log entries to a file
|
||||
## * syslog - use syslog, see man 3 syslog
|
||||
# log = file
|
||||
## Path to logfile (default - autodetect)
|
||||
# logfile = /var/log/i2pd/i2pd.log
|
||||
## Log messages above this level (debug, info, *warn, error, none)
|
||||
## If you set it to none, logging will be disabled
|
||||
loglevel = none
|
||||
## Write full CLF-formatted date and time to log (default: write only time)
|
||||
# logclftime = true
|
||||
|
||||
## Daemon mode. Router will go to background after start. Ignored on Windows
|
||||
# daemon = true
|
||||
|
||||
## Specify a family, router belongs to (default - none)
|
||||
# family =
|
||||
|
||||
## Network interface to bind to
|
||||
## Updates address4/6 options if they are not set
|
||||
# ifname =
|
||||
## You can specify different interfaces for IPv4 and IPv6
|
||||
# ifname4 =
|
||||
# ifname6 =
|
||||
|
||||
## Local address to bind transport sockets to
|
||||
## Overrides host option if:
|
||||
## For ipv4: if ipv4 = true and nat = false
|
||||
## For ipv6: if 'host' is not set or ipv4 = true
|
||||
# address4 =
|
||||
# address6 =
|
||||
|
||||
## External IPv4 or IPv6 address to listen for connections
|
||||
## By default i2pd sets IP automatically
|
||||
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
|
||||
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
|
||||
# host = 1.2.3.4
|
||||
|
||||
## Port to listen for connections
|
||||
## By default i2pd picks random port. You MUST pick a random number too,
|
||||
## don't just uncomment this
|
||||
port = 12999
|
||||
|
||||
## Enable communication through ipv4
|
||||
ipv4 = true
|
||||
## Enable communication through ipv6
|
||||
ipv6 = false
|
||||
|
||||
## Enable SSU transport
|
||||
ssu = false
|
||||
|
||||
## Bandwidth configuration
|
||||
## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
|
||||
## X - unlimited
|
||||
## Default is L (regular node) and X if floodfill mode enabled. If you want to
|
||||
## share more bandwidth without floodfill mode, uncomment that line and adjust
|
||||
## value to your possibilities
|
||||
bandwidth = O
|
||||
## Max % of bandwidth limit for transit. 0-100. 100 by default
|
||||
share = 20
|
||||
|
||||
## Router will not accept transit tunnels, disabling transit traffic completely
|
||||
## (default = false)
|
||||
# notransit = true
|
||||
|
||||
## Router will be floodfill
|
||||
## Note: that mode uses much more network connections and CPU!
|
||||
# floodfill = true
|
||||
|
||||
[ntcp2]
|
||||
## Enable NTCP2 transport (default = true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default = true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[ssu2]
|
||||
## Enable SSU2 transport
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
|
||||
# port = 4567
|
||||
|
||||
[http]
|
||||
## Web Console settings
|
||||
## Uncomment and set to 'false' to disable Web Console
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 7070
|
||||
## Path to web console, default "/"
|
||||
# webroot = /
|
||||
## Uncomment following lines to enable Web Console authentication
|
||||
## You should not use Web Console via public networks without additional encryption.
|
||||
## HTTP authentication is not encryption layer!
|
||||
# auth = true
|
||||
# user = i2pd
|
||||
# pass = changeme
|
||||
## Select webconsole language
|
||||
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
|
||||
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
|
||||
## and uzbek languages
|
||||
# lang = english
|
||||
|
||||
[httpproxy]
|
||||
## Uncomment and set to 'false' to disable HTTP Proxy
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 4444
|
||||
## Optional keys file for proxy local destination
|
||||
# keys = http-proxy-keys.dat
|
||||
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
|
||||
## You should disable this feature if your i2pd HTTP Proxy is public,
|
||||
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
|
||||
# addresshelper = true
|
||||
## Address of a proxy server inside I2P, which is used to visit regular Internet
|
||||
# outproxy = http://false.i2p
|
||||
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[socksproxy]
|
||||
## Uncomment and set to 'false' to disable SOCKS Proxy
|
||||
# enabled = true
|
||||
## Address and port service will listen on
|
||||
address = 127.0.0.1
|
||||
port = 4447
|
||||
## Optional keys file for proxy local destination
|
||||
# keys = socks-proxy-keys.dat
|
||||
## Socks outproxy. Example below is set to use Tor for all connections except i2p
|
||||
## Uncomment and set to 'true' to enable using of SOCKS outproxy
|
||||
# outproxy.enabled = false
|
||||
## Address and port of outproxy
|
||||
# outproxy = 127.0.0.1
|
||||
# outproxyport = 9050
|
||||
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[sam]
|
||||
## Comment or set to 'false' to disable SAM Bridge
|
||||
enabled = true
|
||||
## Address and ports service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7656
|
||||
# portudp = 7655
|
||||
|
||||
[bob]
|
||||
## Uncomment and set to 'true' to enable BOB command channel
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 2827
|
||||
|
||||
[i2cp]
|
||||
## Uncomment and set to 'true' to enable I2CP protocol
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7654
|
||||
|
||||
[i2pcontrol]
|
||||
## Uncomment and set to 'true' to enable I2PControl protocol
|
||||
# enabled = false
|
||||
## Address and port service will listen on
|
||||
# address = 127.0.0.1
|
||||
# port = 7650
|
||||
## Authentication password. "itoopie" by default
|
||||
# password = itoopie
|
||||
|
||||
[precomputation]
|
||||
## Enable or disable elgamal precomputation table
|
||||
## By default, enabled on i386 hosts
|
||||
# elgamal = true
|
||||
|
||||
[upnp]
|
||||
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
|
||||
# enabled = false
|
||||
## Name i2pd appears in UPnP forwardings list (default = I2Pd)
|
||||
# name = I2Pd
|
||||
|
||||
[meshnets]
|
||||
## Enable connectivity over the Yggdrasil network
|
||||
# yggdrasil = false
|
||||
## You can bind address from your Yggdrasil subnet 300::/64
|
||||
## The address must first be added to the network interface
|
||||
# yggaddress =
|
||||
|
||||
[reseed]
|
||||
## Options for bootstrapping into I2P network, aka reseeding
|
||||
## Enable or disable reseed data verification.
|
||||
verify = true
|
||||
## URLs to request reseed data from, separated by comma
|
||||
## Default: "mainline" I2P Network reseeds
|
||||
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
|
||||
## Reseed URLs through the Yggdrasil, separated by comma
|
||||
# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
|
||||
## Path to local reseed data file (.su3) for manual reseeding
|
||||
# file = /path/to/i2pseeds.su3
|
||||
## or HTTPS URL to reseed from
|
||||
# file = https://legit-website.com/i2pseeds.su3
|
||||
## Path to local ZIP file or HTTPS URL to reseed from
|
||||
# zipfile = /path/to/netDb.zip
|
||||
## If you run i2pd behind a proxy server, set proxy server for reseeding here
|
||||
## Should be http://address:port or socks://address:port
|
||||
# proxy = http://127.0.0.1:8118
|
||||
## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
|
||||
# threshold = 25
|
||||
|
||||
[addressbook]
|
||||
## AddressBook subscription URL for initial setup
|
||||
## Default: reg.i2p at "mainline" I2P Network
|
||||
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
||||
## Optional subscriptions URLs, separated by comma
|
||||
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
|
||||
|
||||
[limits]
|
||||
## Maximum active transit sessions (default: 5000)
|
||||
## This value is doubled if floodfill mode is enabled!
|
||||
# transittunnels = 5000
|
||||
## Limit number of open file descriptors (0 - use system limit)
|
||||
# openfiles = 0
|
||||
## Maximum size of corefile in Kb (0 - use system limit)
|
||||
# coresize = 0
|
||||
|
||||
[trust]
|
||||
## Enable explicit trust options. false by default
|
||||
# enabled = true
|
||||
## Make direct I2P connections only to routers in specified Family.
|
||||
# family = MyFamily
|
||||
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
|
||||
# routers =
|
||||
## Should we hide our router from other routers? false by default
|
||||
# hidden = true
|
||||
|
||||
[exploratory]
|
||||
## Exploratory tunnels settings with default values
|
||||
# inbound.length = 2
|
||||
# inbound.quantity = 3
|
||||
# outbound.length = 2
|
||||
# outbound.quantity = 3
|
||||
|
||||
[persist]
|
||||
## Save peer profiles on disk (default: true)
|
||||
# profiles = true
|
||||
## Save full addresses on disk (default: true)
|
||||
# addressbook = true
|
||||
|
||||
[cpuext]
|
||||
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
|
||||
# aesni = true
|
||||
## Use CPU AVX instructions set when work with cryptography when available (default: true)
|
||||
# avx = true
|
||||
## Force usage of CPU instructions set, even if they not found
|
||||
## DO NOT TOUCH that option if you really don't know what are you doing!
|
||||
# force = false
|
|
@ -0,0 +1,285 @@
|
|||
## Configuration file for a typical i2pd user
|
||||
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
||||
## for more options you can use in this file.
|
||||
|
||||
## Lines that begin with "## " try to explain what's going on. Lines
|
||||
## that begin with just "#" are disabled commands: you can enable them
|
||||
## by removing the "#" symbol.
|
||||
|
||||
## Tunnels config file
|
||||
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
|
||||
# tunconf = /var/lib/i2pd/tunnels.conf
|
||||
|
||||
## Tunnels config files path
|
||||
## Use that path to store separated tunnels in different config files.
|
||||
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
|
||||
# tunnelsdir = /var/lib/i2pd/tunnels.d
|
||||
|
||||
## Path to certificates used for verifying .su3, families
|
||||
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
|
||||
# certsdir = /var/lib/i2pd/certificates
|
||||
|
||||
## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
|
||||
# pidfile = /run/i2pd.pid
|
||||
|
||||
## Logging configuration section
|
||||
## By default logs go to stdout with level 'info' and higher
|
||||
## For Windows OS by default logs go to file with level 'warn' and higher
|
||||
##
|
||||
## Logs destination (valid values: stdout, file, syslog)
|
||||
## * stdout - print log entries to stdout
|
||||
## * file - log entries to a file
|
||||
## * syslog - use syslog, see man 3 syslog
|
||||
# log = file
|
||||
## Path to logfile (default: autodetect)
|
||||
# logfile = /var/log/i2pd/i2pd.log
|
||||
## Log messages above this level (debug, info, *warn, error, critical, none)
|
||||
## If you set it to none, logging will be disabled
|
||||
# loglevel = warn
|
||||
## Write full CLF-formatted date and time to log (default: write only time)
|
||||
# logclftime = true
|
||||
|
||||
## Daemon mode. Router will go to background after start. Ignored on Windows
|
||||
## (default: true)
|
||||
# daemon = true
|
||||
|
||||
## Specify a family, router belongs to (default - none)
|
||||
# family =
|
||||
|
||||
## Network interface to bind to
|
||||
## Updates address4/6 options if they are not set
|
||||
# ifname =
|
||||
## You can specify different interfaces for IPv4 and IPv6
|
||||
# ifname4 =
|
||||
# ifname6 =
|
||||
|
||||
## Local address to bind transport sockets to
|
||||
## Overrides host option if:
|
||||
## For ipv4: if ipv4 = true and nat = false
|
||||
## For ipv6: if 'host' is not set or ipv4 = true
|
||||
# address4 =
|
||||
# address6 =
|
||||
|
||||
## External IPv4 or IPv6 address to listen for connections
|
||||
## By default i2pd sets IP automatically
|
||||
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
|
||||
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
|
||||
# host = 1.2.3.4
|
||||
|
||||
## Port to listen for connections
|
||||
## By default i2pd picks random port. You MUST pick a random number too,
|
||||
## don't just uncomment this
|
||||
# port = 4567
|
||||
|
||||
## Enable communication through ipv4 (default: true)
|
||||
ipv4 = true
|
||||
## Enable communication through ipv6 (default: false)
|
||||
ipv6 = false
|
||||
|
||||
## Bandwidth configuration
|
||||
## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
|
||||
## X - unlimited
|
||||
## Default is L (regular node) and X if floodfill mode enabled.
|
||||
## If you want to share more bandwidth without floodfill mode, uncomment
|
||||
## that line and adjust value to your possibilities. Value can be set to
|
||||
## integer in kilobytes, it will apply that limit and flag will be used
|
||||
## from next upper limit (example: if you set 4096 flag will be X, but real
|
||||
## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
|
||||
## but keep in mind that low values may be negatively evaluated by Java
|
||||
## router algorithms.
|
||||
# bandwidth = L
|
||||
## Max % of bandwidth limit for transit. 0-100 (default: 100)
|
||||
# share = 100
|
||||
|
||||
## Router will not accept transit tunnels, disabling transit traffic completely
|
||||
## (default: false)
|
||||
# notransit = true
|
||||
|
||||
## Router will be floodfill (default: false)
|
||||
## Note: that mode uses much more network connections and CPU!
|
||||
# floodfill = true
|
||||
|
||||
[ntcp2]
|
||||
## Enable NTCP2 transport (default: true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default: true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[ssu2]
|
||||
## Enable SSU2 transport (default: true)
|
||||
# enabled = true
|
||||
## Publish address in RouterInfo (default: true)
|
||||
# published = true
|
||||
## Port for incoming connections (default is global port option value)
|
||||
# port = 4567
|
||||
|
||||
[http]
|
||||
## Web Console settings
|
||||
## Enable the Web Console (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:7070)
|
||||
# address = 127.0.0.1
|
||||
# port = 7070
|
||||
## Path to web console (default: /)
|
||||
# webroot = /
|
||||
## Enable Web Console authentication (default: false)
|
||||
## You should not use Web Console via public networks without additional encryption.
|
||||
## HTTP authentication is not encryption layer!
|
||||
# auth = true
|
||||
# user = i2pd
|
||||
# pass = changeme
|
||||
## Select webconsole language
|
||||
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
|
||||
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
|
||||
## and uzbek languages
|
||||
# lang = english
|
||||
|
||||
[httpproxy]
|
||||
## Enable the HTTP proxy (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:4444)
|
||||
# address = 127.0.0.1
|
||||
# port = 4444
|
||||
## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
|
||||
# keys = http-proxy-keys.dat
|
||||
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
|
||||
## You should disable this feature if your i2pd HTTP Proxy is public,
|
||||
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
|
||||
# addresshelper = true
|
||||
## Address of a proxy server inside I2P, which is used to visit regular Internet
|
||||
# outproxy = http://false.i2p
|
||||
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[socksproxy]
|
||||
## Enable the SOCKS proxy (default: true)
|
||||
# enabled = true
|
||||
## Address and port service will listen on (default: 127.0.0.1:4447)
|
||||
# address = 127.0.0.1
|
||||
# port = 4447
|
||||
## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
|
||||
# keys = socks-proxy-keys.dat
|
||||
## Socks outproxy. Example below is set to use Tor for all connections except i2p
|
||||
## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
|
||||
# outproxy.enabled = false
|
||||
## Address and port of outproxy
|
||||
# outproxy = 127.0.0.1
|
||||
# outproxyport = 9050
|
||||
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
|
||||
|
||||
[sam]
|
||||
## Enable the SAM bridge (default: true)
|
||||
# enabled = false
|
||||
## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
|
||||
# address = 127.0.0.1
|
||||
# port = 7656
|
||||
# portudp = 7655
|
||||
|
||||
[bob]
|
||||
## Enable the BOB command channel (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:2827)
|
||||
# address = 127.0.0.1
|
||||
# port = 2827
|
||||
|
||||
[i2cp]
|
||||
## Enable the I2CP protocol (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:7654)
|
||||
# address = 127.0.0.1
|
||||
# port = 7654
|
||||
|
||||
[i2pcontrol]
|
||||
## Enable the I2PControl protocol (default: false)
|
||||
# enabled = false
|
||||
## Address and port service will listen on (default: 127.0.0.1:7650)
|
||||
# address = 127.0.0.1
|
||||
# port = 7650
|
||||
## Authentication password (default: itoopie)
|
||||
# password = itoopie
|
||||
|
||||
[precomputation]
|
||||
## Enable or disable elgamal precomputation table
|
||||
## By default, enabled on i386 hosts
|
||||
# elgamal = true
|
||||
|
||||
[upnp]
|
||||
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
|
||||
# enabled = false
|
||||
## Name i2pd appears in UPnP forwardings list (default: I2Pd)
|
||||
# name = I2Pd
|
||||
|
||||
[meshnets]
|
||||
## Enable connectivity over the Yggdrasil network (default: false)
|
||||
# yggdrasil = false
|
||||
## You can bind address from your Yggdrasil subnet 300::/64
|
||||
## The address must first be added to the network interface
|
||||
# yggaddress =
|
||||
|
||||
[reseed]
|
||||
## Options for bootstrapping into I2P network, aka reseeding
|
||||
## Enable reseed data verification (default: true)
|
||||
verify = true
|
||||
## URLs to request reseed data from, separated by comma
|
||||
## Default: "mainline" I2P Network reseeds
|
||||
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
|
||||
## Reseed URLs through the Yggdrasil, separated by comma
|
||||
# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
|
||||
## Path to local reseed data file (.su3) for manual reseeding
|
||||
# file = /path/to/i2pseeds.su3
|
||||
## or HTTPS URL to reseed from
|
||||
# file = https://legit-website.com/i2pseeds.su3
|
||||
## Path to local ZIP file or HTTPS URL to reseed from
|
||||
# zipfile = /path/to/netDb.zip
|
||||
## If you run i2pd behind a proxy server, set proxy server for reseeding here
|
||||
## Should be http://address:port or socks://address:port
|
||||
# proxy = http://127.0.0.1:8118
|
||||
## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
|
||||
# threshold = 25
|
||||
|
||||
[addressbook]
|
||||
## AddressBook subscription URL for initial setup
|
||||
## Default: reg.i2p at "mainline" I2P Network
|
||||
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
||||
## Optional subscriptions URLs, separated by comma
|
||||
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
|
||||
|
||||
[limits]
|
||||
## Maximum active transit sessions (default: 5000)
|
||||
## This value is doubled if floodfill mode is enabled!
|
||||
# transittunnels = 5000
|
||||
## Limit number of open file descriptors (0 - use system limit)
|
||||
# openfiles = 0
|
||||
## Maximum size of corefile in Kb (0 - use system limit)
|
||||
# coresize = 0
|
||||
|
||||
[trust]
|
||||
## Enable explicit trust options. (default: false)
|
||||
# enabled = true
|
||||
## Make direct I2P connections only to routers in specified Family.
|
||||
# family = MyFamily
|
||||
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
|
||||
# routers =
|
||||
## Should we hide our router from other routers? (default: false)
|
||||
# hidden = true
|
||||
|
||||
[exploratory]
|
||||
## Exploratory tunnels settings with default values
|
||||
# inbound.length = 2
|
||||
# inbound.quantity = 3
|
||||
# outbound.length = 2
|
||||
# outbound.quantity = 3
|
||||
|
||||
[persist]
|
||||
## Save peer profiles on disk (default: true)
|
||||
# profiles = true
|
||||
## Save full addresses on disk (default: true)
|
||||
# addressbook = true
|
||||
|
||||
[cpuext]
|
||||
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
|
||||
# aesni = true
|
||||
## Force usage of CPU instructions set, even if they not found (default: false)
|
||||
## DO NOT TOUCH that option if you really don't know what are you doing!
|
||||
# force = false
|
|
@ -0,0 +1,33 @@
|
|||
[IRC-ILITA]
|
||||
type = client
|
||||
address = 127.0.0.1
|
||||
port = 6668
|
||||
destination = irc.ilita.i2p
|
||||
destinationport = 6667
|
||||
keys = irc-keys.dat
|
||||
|
||||
#[IRC-IRC2P]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 6669
|
||||
#destination = irc.postman.i2p
|
||||
#destinationport = 6667
|
||||
#keys = irc-keys.dat
|
||||
|
||||
#[SMTP]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 7659
|
||||
#destination = smtp.postman.i2p
|
||||
#destinationport = 25
|
||||
#keys = smtp-keys.dat
|
||||
|
||||
#[POP3]
|
||||
#type = client
|
||||
#address = 127.0.0.1
|
||||
#port = 7660
|
||||
#destination = pop.postman.i2p
|
||||
#destinationport = 110
|
||||
#keys = pop3-keys.dat
|
||||
|
||||
# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/
|
|
@ -0,0 +1,4 @@
|
|||
# In that directory you can store separated config files for every tunnel.
|
||||
# Please read documentation for more info.
|
||||
#
|
||||
# You can find examples in /usr/share/doc/i2pd/tunnels.d directory
|
|
@ -0,0 +1,5 @@
|
|||
[zzls]
|
||||
type = http
|
||||
host = 127.0.0.1
|
||||
port = 30001
|
||||
keys = zzls.i2p
|
|
@ -0,0 +1,21 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
server_name 4get.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://4getus.zzls.xyz$request_uri;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = 4get.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4get.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,92 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/4getus.access.log limited;
|
||||
error_log /var/log/nginx/4getus.error.log;
|
||||
server_name 4getus.zzls.xyz 4getus.nadeko.net;
|
||||
root /var/www/4get-zzls/;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
include snippets/torblacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
error_page 429 =302 /rl;
|
||||
}
|
||||
|
||||
location /torisblocked {
|
||||
alias errors/$request_uri.txt;
|
||||
}
|
||||
|
||||
location /rl {
|
||||
alias errors/$request_uri.txt;
|
||||
}
|
||||
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
# Tor Header
|
||||
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 80;
|
||||
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
|
||||
root /var/www/4get-zzls/;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/run/php/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = 4getus.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = 4getus.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4getus.zzls.xyz 4getus.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
server {
|
||||
access_log /var/log/nginx/blog.zzls.xyz.log combined;
|
||||
root /var/www/blog;
|
||||
index index.html;
|
||||
server_name blog.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
||||
server {
|
||||
if ($host = blog.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name blog.zzls.xyz;
|
||||
listen 80;
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/cgit.access.log;
|
||||
server_name cgit.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
root /usr/share/cgit;
|
||||
try_files $uri @cgit;
|
||||
|
||||
# Configure HTTP transport
|
||||
#location ~ /.+/(info/refs|git-upload-pack) {
|
||||
# include fastcgi_params;
|
||||
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
|
||||
# fastcgi_param PATH_INFO $uri;
|
||||
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
|
||||
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
|
||||
# fastcgi_param HOME /srv/git;
|
||||
# fastcgi_pass unix:/run/fcgiwrap.socket;
|
||||
# }
|
||||
|
||||
location @cgit {
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
|
||||
fastcgi_param PATH_INFO $uri;
|
||||
fastcgi_param QUERY_STRING $args;
|
||||
fastcgi_param HTTP_HOST $server_name;
|
||||
fastcgi_pass unix:/run/fcgiwrap.socket;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = cgit.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name cgit.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
server {
|
||||
access_log /var/log/nginx/dav.access.log;
|
||||
error_log /var/log/nginx/dav.error.log;
|
||||
server_name dav.zzls.xyz dav.nadeko.net;
|
||||
root /opt/baikal/html;
|
||||
index index.php;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
rewrite ^/.well-known/caldav /dav redirect;
|
||||
rewrite ^/.well-known/carddav /dav redirect;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location ~ /(\.ht|Core|Specific|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = dav.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = dav.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name dav.zzls.xyz dav.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
server {
|
||||
access_log /var/log/nginx/files.zzls.xyz.log combined;
|
||||
server_name files.zzls.xyz files.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
root /mnt/blockstorage/files.zzls.xyz;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = files.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = files.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name files.zzls.xyz files.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
server {
|
||||
access_log /var/log/nginx/instances.zzls.xyz.access.log;
|
||||
error_log /var/log/nginx/instances.zzls.xyz.error.log;
|
||||
server_name instances.zzls.xyz instances.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass https://fijxu.github.io/justlog-instances-uptime;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = instances.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = instances.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name instances.zzls.xyz instances.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen 80;
|
||||
root /var/www/website/invidious;
|
||||
server_name inv.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
server {
|
||||
server_name librex.zzls.xyz librex.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
access_log /var/log/nginx/librex.nadeko.net.access.log;
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "LibreX is now deprecated, if you come from the hnhx/LibreX repository and want to try LibreX, you should use LibreY, a fork of LibreY maintained by a few individuals. hnhx just vanished without a trace.
|
||||
|
||||
\t https://github.com/Ahwxorg/librey
|
||||
|
||||
You can also try using 4get if you want something fast and simple like LibreY
|
||||
|
||||
\t Main instance:\t https://4get.ca
|
||||
\t My Instance:\t https://4get.nadeko.net
|
||||
\t Instances:\t https://4get.ca/instances
|
||||
|
||||
Good luck! (´ ∀ ` *)";
|
||||
}
|
||||
|
||||
location /api.php {
|
||||
# Holy shit fucking bots still pinging my server with shit requests
|
||||
return 444;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = librex.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = librex.nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name librex.zzls.xyz librex.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
access_log /var/log/nginx/logs.spanix.team.log combined;
|
||||
server_name logs.spanix.team;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://justlogspanix;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = logs.spanix.team) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name logs.spanix.team;
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
server {
|
||||
server_name logs.zzls.xyz;
|
||||
rewrite ^ https://logs.nadeko.net$request_uri? permanent;
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/logs.zzls.xyz.log combined;
|
||||
server_name logs.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://justlog;
|
||||
include configs/proxy.conf;
|
||||
|
||||
# location ~ ^/(channel/rubius|channelid/39276140)/ {
|
||||
# return 401 "Los logs de Rubius han sido deshabilitados";
|
||||
# }
|
||||
# location ~ ^/(channel/ibai|channelid/83232866)/ {
|
||||
# return 401 "Los logs de Ibai han sido deshabilitados";
|
||||
# }
|
||||
|
||||
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
|
||||
return 401 "lol";
|
||||
}
|
||||
|
||||
location ~* ^/(channel/.*/user/8nunni|channelid/.*/user/8nunni|channel/.*/userid/1011023847|channelid/.*/userid/1011023847){
|
||||
return 401 "lol";
|
||||
}
|
||||
|
||||
error_page 501 502 503 /50x.html;
|
||||
proxy_intercept_errors on;
|
||||
}
|
||||
|
||||
location = /50x.html {
|
||||
root /var/www/logs;
|
||||
index 50x.html;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = logs.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = logs.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name logs.zzls.xyz logs.nadeko.net;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lol.zzls.xyz.access.log;
|
||||
server_name lol.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
# security headers
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lol.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name lol.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lsf.spanix.team.log combined;
|
||||
server_name lsf.spanix.team;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40050;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
|
||||
include configs/sslConfig.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lsf.spanix.team) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name lsf.spanix.team;
|
||||
}
|
|
@ -0,0 +1,73 @@
|
|||
# mail.nadeko.net
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/mail.nadeko.net.log combined;
|
||||
error_log /var/log/nginx/mail.nadeko.net.error;
|
||||
server_name mail.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://email;
|
||||
}
|
||||
|
||||
location /favicon.ico {
|
||||
alias /var/www/mail/favicon.png;
|
||||
}
|
||||
|
||||
# location ^~ /.well-known/mta-sts.txt {
|
||||
# return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
|
||||
# }
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = mail.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name mail.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# mta-sts.nadeko.net
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/mta-sts.nadeko.net.log combined;
|
||||
error_log /var/log/nginx/mta-sts.nadeko.net.error;
|
||||
server_name mta-sts.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location ^~ /.well-known/mta-sts.txt {
|
||||
return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = mta-sts.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name mta-sts.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
server {
|
||||
access_log /var/log/nginx/posts.zzls.xyz.log combined;
|
||||
root /var/www/posts;
|
||||
index index.html;
|
||||
server_name posts.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = posts.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name posts.zzls.xyz;
|
||||
listen 80;
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
server {
|
||||
server_name search.zzls.xyz search.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
SearxNG is now down because Oracle deleted my account without even notifying me. Sorry. For now, please use other instance or you can use 4get, a more simple search engine.
|
||||
|
||||
\t https://4get.nadeko.net";
|
||||
}
|
||||
|
||||
location /search {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
SearxNG is now down because Oracle deleted my account without even notifying me. Sorry. For now, please use other instance or you can use 4get, a more simple search engine.
|
||||
|
||||
\t https://4get.nadeko.net";
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = search.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = search.nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name search.zzls.xyz search.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
server {
|
||||
access_log /var/log/nginx/status.zzls.xyz.log combined;
|
||||
server_name status.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://status;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = status.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = status.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name status.zzls.xyz status.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/stream.access.log;
|
||||
error_log /var/log/nginx/stream.error.log;
|
||||
server_name stream.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location /hls/ {
|
||||
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location /dash/ {
|
||||
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location = /streams {
|
||||
# rtmp_stat all;
|
||||
# rtmp_stat_stylesheet /stat.xsl;
|
||||
}
|
||||
|
||||
location /stat.xsl {
|
||||
root /var/www/stream/public/;
|
||||
}
|
||||
|
||||
location /viewers/ {
|
||||
default_type text/plain;
|
||||
add_header Content-Type "text/plain";
|
||||
add_header Refresh "30; $request_uri";
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /viewers.txt =404;
|
||||
}
|
||||
|
||||
location /posters/ {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /offline.png =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri $uri/hls.html =404;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = stream.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name stream.zzls.xyz;
|
||||
return 404;
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
server {
|
||||
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
|
||||
error_log /var/log/nginx/twitch.zzls.xyz.error.log;
|
||||
server_name twitch.zzls.xyz twitch.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "Twitch Russia Proxy for TTVLOL V1";
|
||||
}
|
||||
|
||||
location ~ ^/(?!$) {
|
||||
proxy_pass http://twitchproxy;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = twitch.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = twitch.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name twitch.zzls.xyz twitch.nadeko.net;
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
server {
|
||||
access_log /var/log/nginx/zzls.xyz.log;
|
||||
root /var/www/website;
|
||||
index index.html;
|
||||
server_name zzls.xyz www.zzls.xyz www.nadeko.net nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
expires 1h;
|
||||
}
|
||||
|
||||
location /transparency {
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
autoindex_format html;
|
||||
autoindex_localtime on;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl default_server;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = www.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = www.nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name _ zzls.xyz www.zzls.xyz nadeko.net www.nadeko.net;
|
||||
listen 80;
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
# gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
if ($poop) {
|
||||
return 444;
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
# Disable HTTP/3 for now.
|
||||
|
||||
#add_header Alt-Svc: h2=":443"; ma=2592000;
|
||||
#listen 443 quic;
|
|
@ -0,0 +1,20 @@
|
|||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
|
||||
# Proxy SSL
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
# Proxy headers
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Forwarded $proxy_add_forwarded;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
# Proxy timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
|
@ -0,0 +1,26 @@
|
|||
location /robots.txt { return 200 "User-agent: AhrefsBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: dotbot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SiteAuditBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-BA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SI
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-SWA
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-CT
|
||||
Disallow: /
|
||||
|
||||
User-agent: SplitSignalBot
|
||||
Disallow: /
|
||||
|
||||
User-agent: SemrushBot-COUB
|
||||
Disallow: /"; }
|
|
@ -0,0 +1 @@
|
|||
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}
|
|
@ -0,0 +1,6 @@
|
|||
# security headers
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
|
@ -0,0 +1,5 @@
|
|||
# ECDSA
|
||||
ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
|
||||
ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
|
||||
|
||||
include configs/sslConfig.conf;
|
|
@ -0,0 +1,12 @@
|
|||
# SSL
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
|
||||
# Changed to a custom one for trust purposes
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
@ -0,0 +1,23 @@
|
|||
upstream php-fpm {
|
||||
server unix:/run/php/php8.2-fpm.sock;
|
||||
}
|
||||
|
||||
upstream justlog {
|
||||
server 127.0.0.1:10001;
|
||||
}
|
||||
|
||||
upstream justlogspanix {
|
||||
server 127.0.0.1:10002;
|
||||
}
|
||||
|
||||
upstream email {
|
||||
server 127.0.0.1:30443;
|
||||
}
|
||||
|
||||
upstream status {
|
||||
server 127.0.0.1:8080;
|
||||
}
|
||||
|
||||
upstream twitchproxy {
|
||||
server 127.0.0.1:10003;
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
|
||||
/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
|
||||
56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
|
||||
kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
|
||||
EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
|
||||
dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
|
||||
buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
|
||||
hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
|
||||
+lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
|
||||
OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
|
||||
guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
|
||||
-----END DH PARAMETERS-----
|
|
@ -0,0 +1,27 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param REMOTE_USER $remote_user;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,25 @@
|
|||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,99 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/avif avif;
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/webp webp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
pptx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
xlsx;
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/wasm wasm;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 65535;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 2048;
|
||||
multi_accept off;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format limited '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
|
||||
'"-" "Bogus/66.6"';
|
||||
access_log off;
|
||||
error_log /dev/null;
|
||||
|
||||
# Basic Settings
|
||||
charset utf-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 1024;
|
||||
types_hash_bucket_size 64;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
|
||||
# SSL
|
||||
include configs/ssl.conf;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
client_body_timeout 10s;
|
||||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 60s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
# PERFORMANCE / ASYNC I/O
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 2m;
|
||||
|
||||
# Maps
|
||||
include /etc/nginx/snippets/maps.conf;
|
||||
include /etc/nginx/snippets/poop.conf;
|
||||
|
||||
include /etc/nginx/configs/upstreams.conf;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/bapi.access.log combined;
|
||||
|
||||
server_name bapi.zzls.xyz;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:40030;
|
||||
}
|
||||
|
||||
|
||||
listen [::]:443 ssl http2; # managed by Certbot
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/bapi.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/bapi.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = bapi.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name bapi.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
server {
|
||||
client_max_body_size 64M;
|
||||
access_log /var/log/nginx/boards.access.log combined;
|
||||
|
||||
root /var/www/boards/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name boards.zzls.xyz;
|
||||
|
||||
location /api/socket {
|
||||
proxy_pass http://localhost:8000/api/socket;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8000/;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/boards.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/boards.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = boards.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name boards.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
access_log /var/log/nginx/booyahtv.access.log combined;
|
||||
|
||||
root /var/www/booyahtv/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name booyahtv.zzls.xyz;
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
##
|
||||
# You should look at the following URL's in order to grasp a solid understanding
|
||||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||
# https://www.nginx.com/resources/wiki/start/
|
||||
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
||||
# https://wiki.debian.org/Nginx/DirectoryStructure
|
||||
#
|
||||
# In most cases, administrators will remove this file from sites-enabled/ and
|
||||
# leave it as reference inside of sites-available where it will continue to be
|
||||
# updated by the nginx packaging team.
|
||||
#
|
||||
# This file will automatically load configuration files provided by other
|
||||
# applications, such as Drupal or Wordpress. These applications will be made
|
||||
# available underneath a path with that package name, such as /drupal8.
|
||||
#
|
||||
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||||
##
|
||||
|
||||
# Default server configuration
|
||||
#
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
# SSL configuration
|
||||
#
|
||||
# listen 443 ssl default_server;
|
||||
# listen [::]:443 ssl default_server;
|
||||
#
|
||||
# Note: You should disable gzip for SSL traffic.
|
||||
# See: https://bugs.debian.org/773332
|
||||
#
|
||||
# Read up on ssl_ciphers to ensure a secure configuration.
|
||||
# See: https://bugs.debian.org/765782
|
||||
#
|
||||
# Self signed certs generated by the ssl-cert package
|
||||
# Don't use them in a production server!
|
||||
#
|
||||
# include snippets/snakeoil.conf;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# pass PHP scripts to FastCGI server
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# include snippets/fastcgi-php.conf;
|
||||
#
|
||||
# # With php-fpm (or other unix sockets):
|
||||
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
# # With php-cgi (or other tcp sockets):
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
|
||||
# Virtual Host configuration for example.com
|
||||
#
|
||||
# You can move that to a different file under sites-available/ and symlink that
|
||||
# to sites-enabled/ to enable it.
|
||||
#
|
||||
#server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# server_name example.com;
|
||||
#
|
||||
# root /var/www/example.com;
|
||||
# index index.html;
|
||||
#
|
||||
# location / {
|
||||
# try_files $uri $uri/ =404;
|
||||
# }
|
||||
#}
|
|
@ -0,0 +1,86 @@
|
|||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
access_log /var/log/nginx/zzls.access.log combined;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
allow all;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
|
||||
access_log /var/log/nginx/zzls.access.log combined;
|
||||
root /var/www/html;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
server_name zzls.xyz www.zzls.xyz; # managed by Certbot
|
||||
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
allow all;
|
||||
}
|
||||
|
||||
location /files {
|
||||
alias /mnt/blockstorage/wwwfiles;
|
||||
autoindex on;
|
||||
autoindex_format xml;
|
||||
autoindex_exact_size off;
|
||||
autoindex_localtime on;
|
||||
xslt_stylesheet /var/www/html/assets/superbindex.xslt;
|
||||
xslt_string_param color-base00 '#18191A';
|
||||
}
|
||||
|
||||
location /filess {
|
||||
alias /mnt/blockstorage/wwwfiles;
|
||||
autoindex on;
|
||||
autoindex_format xml;
|
||||
autoindex_exact_size off;
|
||||
autoindex_localtime on;
|
||||
}
|
||||
|
||||
# listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/www.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/www.zzls.xyz/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80 ;
|
||||
listen [::]:80 ;
|
||||
server_name zzls.xyz www.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/i.access.log combined;
|
||||
|
||||
#root /mnt/blockstorage/i/files/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name i.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
client_max_body_size 51M;
|
||||
proxy_pass http://127.0.0.1:40007/;
|
||||
include configs/proxy.conf;
|
||||
proxy_intercept_errors on;
|
||||
error_page 404 = /error;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/i.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/i.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = i.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
server_name i.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
access_log /var/log/nginx/i.access.log combined;
|
||||
|
||||
# root /mnt/blockstorage/i/files/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name i.zzls.xyz;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7494;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/i2.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/i2.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/ii.access.log combined;
|
||||
|
||||
root /mnt/blockstorage/ifiles/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name ii.zzls.xyz;
|
||||
|
||||
location /upload {
|
||||
client_max_body_size 4096M;
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file /etc/fileupload.htpasswd;
|
||||
proxy_pass http://localhost:40002;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}server {
|
||||
if ($host = ii.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
|
||||
server_name ii.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/logs.access.log combined;
|
||||
|
||||
server_name logs.zzls.xyz;
|
||||
|
||||
root /var/www/logs;
|
||||
index index.html;
|
||||
|
||||
|
||||
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
access_log /var/log/nginx/notlogs.access.log combined;
|
||||
|
||||
server_name notlogs.zzls.xyz;
|
||||
|
||||
location / {
|
||||
rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/notlogs.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/notlogs.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}server {
|
||||
if ($host = logs.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
|
||||
server_name logs.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = notlogs.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
|
||||
server_name notlogs.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
access_log /var/log/nginx/paste.access.log combined;
|
||||
|
||||
server_name paste.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40005/;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = paste.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
server_name paste.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
access_log /var/log/nginx/s.access.log combined;
|
||||
|
||||
root /var/www/s/;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name s.zzls.xyz;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:40006/;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/s.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/s.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
|
@ -0,0 +1,84 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/vanced.access.log combined;
|
||||
|
||||
server_name vanced.zzls.xyz;
|
||||
#root /var/www/vanced;
|
||||
#index index.php /_h5ai/public/index.php;
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
|
||||
location / {
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
root /mnt/blockstorage/Vanced;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
listen [::]:443 ssl http2; # managed by Certbot
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/vanced.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/vanced.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = vanced.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name vanced.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
server_name 4get.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/ssl.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://4getus.zzls.xyz$request_uri;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = 4get.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4get.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
server {
|
||||
access_log /var/log/nginx/blog.zzls.xyz.log combined;
|
||||
|
||||
root /var/www/blog;
|
||||
index index.html;
|
||||
|
||||
server_name blog.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
listen 443 ssl http2;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = blog.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name blog.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/cgit.access.log;
|
||||
server_name cgit.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
root /usr/share/cgit;
|
||||
try_files $uri @cgit;
|
||||
|
||||
# Configure HTTP transport
|
||||
#location ~ /.+/(info/refs|git-upload-pack) {
|
||||
# include fastcgi_params;
|
||||
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
|
||||
# fastcgi_param PATH_INFO $uri;
|
||||
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
|
||||
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
|
||||
# fastcgi_param HOME /srv/git;
|
||||
# fastcgi_pass unix:/run/fcgiwrap.socket;
|
||||
# }
|
||||
|
||||
location @cgit {
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
|
||||
fastcgi_param PATH_INFO $uri;
|
||||
fastcgi_param QUERY_STRING $args;
|
||||
fastcgi_param HTTP_HOST $server_name;
|
||||
fastcgi_pass unix:/run/fcgiwrap.socket;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = cgit.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name cgit.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
listen 80;
|
||||
access_log /var/log/nginx/contador.xyz.log;
|
||||
|
||||
root /var/www/website;
|
||||
index contador.html;
|
||||
|
||||
server_name contador.ayaya.beauty;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
server {
|
||||
access_log /var/log/nginx/donate.zzls.xyz.log combined;
|
||||
|
||||
root /var/www/donate;
|
||||
index index.html;
|
||||
|
||||
server_name donate.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
listen 443 ssl http2;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = donate.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name donate.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
server {
|
||||
access_log /var/log/nginx/files.zzls.xyz.log combined;
|
||||
|
||||
server_name files.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
root /mnt/blockstorage/files.zzls.xyz;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = files.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name files.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
access_log /var/log/nginx/i.zzls.xyz.log combined;
|
||||
|
||||
server_name i.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
rewrite ^/(.*)$ https://i.ayaya.beauty/$1 redirect;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = i.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name i.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
server {
|
||||
listen 80;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
server_name inv.zzls.xyz;
|
||||
root /var/www/website/invidious;
|
||||
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
server {
|
||||
access_log /var/log/nginx/logs.spanix.team.log combined;
|
||||
|
||||
server_name logs.spanix.team;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40004;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = logs.spanix.team) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
|
||||
server_name logs.spanix.team;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
server {
|
||||
access_log /var/log/nginx/logs.zzls.xyz.log combined;
|
||||
|
||||
server_name logs.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40003;
|
||||
include configs/proxy.conf;
|
||||
|
||||
location ~ ^/(channel/rubius|channelid/39276140)/ {
|
||||
return 401 "Los logs de Rubius han sido deshabilitados";
|
||||
}
|
||||
location ~ ^/(channel/ibai|channelid/83232866)/ {
|
||||
return 401 "Los logs de Ibai han sido deshabilitados";
|
||||
}
|
||||
|
||||
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ {
|
||||
# return 401 "XD";
|
||||
# }
|
||||
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
|
||||
return 401 "lol";
|
||||
}
|
||||
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
|
||||
return 401 "lol";
|
||||
}
|
||||
|
||||
error_page 501 502 503 /50x.html;
|
||||
proxy_intercept_errors on;
|
||||
}
|
||||
|
||||
location = /50x.html {
|
||||
root /var/www/logs;
|
||||
index 50x.html;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = logs.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name logs.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lsf.spanix.team.log combined;
|
||||
|
||||
server_name lsf.spanix.team;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40050;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lsf.spanix.team) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
# managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lsf.spanix.team;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
server {
|
||||
access_log /var/log/nginx/mail.zzls.xyz.log combined;
|
||||
error_log /var/log/nginx/mail.zzls.xyz.error;
|
||||
|
||||
root /var/www/mail;
|
||||
index index.html index.php;
|
||||
|
||||
server_name mail.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location ^~ /baikal {
|
||||
root /opt/baikal/html;
|
||||
index index.php;
|
||||
if (!-e $request_filename) { rewrite ^ /baikal/index.php last; }
|
||||
rewrite ^/.well-known/caldav /dav.php redirect;
|
||||
rewrite ^/.well-known/carddav /dav.php redirect;
|
||||
|
||||
location ~ /(\.ht|Core|Specific|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
if (!-f $request_filename) { return 404; }
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
||||
|
||||
# location @baikal {
|
||||
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last;
|
||||
# }
|
||||
location /radicale/ {
|
||||
proxy_pass http://127.0.0.1:40001/;
|
||||
proxy_set_header X-Script-Name /radicale;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Remote-User $remote_user;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
listen 443 ssl http2;
|
||||
include configs/ssl.conf;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = mail.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name mail.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/nossl.access.log combined;
|
||||
|
||||
root /var/www/nossl;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name nossl.zzls.xyz;
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
server {
|
||||
access_log /var/log/nginx/posts.zzls.xyz.log combined;
|
||||
|
||||
root /var/www/posts;
|
||||
index index.html;
|
||||
|
||||
server_name posts.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
listen 443 ssl http2;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = posts.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name posts.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
access_log /var/log/nginx/status.zzls.xyz.log combined;
|
||||
|
||||
server_name status.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = status.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name status.zzls.xyz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
server {
|
||||
access_log /var/log/nginx/zzls.xyz.log;
|
||||
root /var/www/website;
|
||||
index index.html;
|
||||
server_name zzls.xyz www.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
expires 24h;
|
||||
}
|
||||
|
||||
location /transparency {
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
autoindex_format html;
|
||||
autoindex_localtime on;
|
||||
}
|
||||
|
||||
listen 443 ssl http2;
|
||||
include configs/ssl.conf;
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/zzls.i2p.log;
|
||||
listen 30001;
|
||||
server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p;
|
||||
|
||||
root /var/www/website;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = www.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name zzls.xyz www.zzls.xyz;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
../sites-available/4get.zzls.xyz.fallback.conf
|
|
@ -0,0 +1,94 @@
|
|||
# FUCK BOTS
|
||||
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/4getus.access.log;
|
||||
error_log /var/log/nginx/4getus.error.log;
|
||||
server_name 4getus.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/4get-zzls/;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
limit_req zone=4get;
|
||||
limit_req_status 444;
|
||||
include snippets/torblacklist.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
}
|
||||
location /torisblocked {
|
||||
access_log /var/log/nginx/4getus.torblocked.access.log;
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
Tor and Proxies are not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
Tor y Proxies no estan permitidos en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
|
||||
}
|
||||
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
# Tor Header
|
||||
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
access_log /var/log/nginx/4getus.tor.access.log;
|
||||
listen 80;
|
||||
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
|
||||
root /var/www/4get-zzls/;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = 4getus.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4getus.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
../sites-available/blog.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/cgit.zzls.xyz.conf
|
|
@ -0,0 +1,43 @@
|
|||
server {
|
||||
access_log /var/log/nginx/dav.access.log;
|
||||
error_log /var/log/nginx/dav.error.log;
|
||||
server_name dav.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /opt/baikal/html;
|
||||
index index.php
|
||||
|
||||
rewrite ^/.well-known/caldav /dav redirect;
|
||||
rewrite ^/.well-known/carddav /dav redirect;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location ~ /(\.ht|Core|Specific|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = dav.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name dav.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/files.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/inv.zzls.xyz.fallback.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/logs.spanix.team.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/logs.zzls.xyz.conf
|
|
@ -0,0 +1,34 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lol.zzls.xyz.access.log;
|
||||
server_name lol.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
# security headers
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lol.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name lol.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
../sites-available/lsf.spanix.team.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/mail.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/posts.zzls.xyz.conf
|
|
@ -0,0 +1 @@
|
|||
../sites-available/status.zzls.xyz.conf
|
|
@ -0,0 +1,61 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/stream.access.log;
|
||||
error_log /var/log/nginx/stream.error.log;
|
||||
server_name stream.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location /hls/ {
|
||||
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location /dash/ {
|
||||
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location = /streams {
|
||||
rtmp_stat all;
|
||||
rtmp_stat_stylesheet /stat.xsl;
|
||||
}
|
||||
|
||||
location /stat.xsl {
|
||||
root /var/www/stream/public/;
|
||||
}
|
||||
|
||||
location /viewers/ {
|
||||
default_type text/plain;
|
||||
add_header Content-Type "text/plain";
|
||||
add_header Refresh "30; $request_uri";
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /viewers.txt =404;
|
||||
}
|
||||
|
||||
location /posters/ {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /offline.png =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri $uri/hls.html =404;
|
||||
}
|
||||
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = stream.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name stream.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
server {
|
||||
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
|
||||
server_name twitch.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
|
||||
|
||||
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
|
||||
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
|
||||
|
||||
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
|
||||
|
||||
Enjoy :3";
|
||||
|
||||
}
|
||||
|
||||
location ~ ^/(?!$) {
|
||||
proxy_pass http://127.0.0.1:9595;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = twitch.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name twitch.zzls.xyz;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/zzls.xyz.conf
|
|
@ -0,0 +1,27 @@
|
|||
# Connection header for WebSocket reverse proxy
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $remote_addr $proxy_forwarded_elem {
|
||||
|
||||
# IPv4 addresses can be sent as-is
|
||||
~^[0-9.]+$ "for=$remote_addr";
|
||||
|
||||
# IPv6 addresses need to be bracketed and quoted
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
||||
|
||||
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
||||
default "for=unknown";
|
||||
}
|
||||
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
|
||||
# If the incoming Forwarded header is syntactically valid, append to it
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
|
||||
# Otherwise, replace it
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
map $http_user_agent $poop {
|
||||
default 0;
|
||||
~*my-tiny-bot 1;
|
||||
~*thesis-research-bot 1;
|
||||
~*SemrushBot 1;
|
||||
~*Bytespider 1;
|
||||
~*PetalBot 1;
|
||||
~*Amazonbot 1;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
net.ipv4.ip_forward=1
|
|
@ -0,0 +1 @@
|
|||
vm.swappiness=4
|
|
@ -0,0 +1 @@
|
|||
../sysctl.conf
|
|
@ -0,0 +1,13 @@
|
|||
Kernel system variables configuration files
|
||||
|
||||
Files found under the /etc/sysctl.d directory that end with .conf are
|
||||
parsed within sysctl(8) at boot time. If you want to set kernel variables
|
||||
you can either edit /etc/sysctl.conf or make a new file.
|
||||
|
||||
The filename isn't important, but don't make it a package name as it may clash
|
||||
with something the package builder needs later. It must end with .conf though.
|
||||
|
||||
My personal preference would be for local system settings to go into
|
||||
/etc/sysctl.d/local.conf but as long as you follow the rules for the names
|
||||
of the file, anything will work. See sysctl.conf(8) man page for details
|
||||
of the format.
|
|
@ -0,0 +1,40 @@
|
|||
#TCP Tweaks
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_fastopn = 3
|
||||
net.ipv4.tcp_fin_timeout = 10
|
||||
|
||||
# disable tcp timestamps to avoid leaking some system information
|
||||
# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
|
||||
net.ipv4.tcp_timestamps=0
|
||||
|
||||
#TCP BBR Congestion Control Algoritm
|
||||
net.core.default_qdisc = cake
|
||||
net.ipv4.tcp_congestion_control = bbr
|
||||
|
||||
#Ignore ICMP Ping requests
|
||||
net.ipv4.icmp_echo_ignore_all = 1
|
||||
net.ipv6.icmp.echo_ignore_all = 1
|
||||
|
||||
#Increase the memory dedicated to the network interfaces
|
||||
net.core.rmem_default = 1048576
|
||||
net.core.rmem_max = 16777216
|
||||
net.core.wmem_default = 1048576
|
||||
net.core.wmem_max = 16777216
|
||||
net.core.optmem_max = 65536
|
||||
net.ipv4.tcp_rmem = 4096 1048576 2097152
|
||||
net.ipv4.tcp_wmem = 4096 65536 16777216
|
||||
|
||||
net.ipv4.udp_rmem_min = 8192
|
||||
net.ipv4.udp_wmem_min = 8192
|
||||
|
||||
# increase aslr effectiveness for mmap
|
||||
# https://lwn.net/Articles/667790
|
||||
vm.mmap_rnd_bits=32
|
||||
vm.mmap_rnd_compat_bits=16
|
||||
|
||||
#SYN Flood Protection
|
||||
|
||||
net.ipv4.tcp_max_syn_backlog = 1024
|
||||
net.ipv4.tcp_syn_retries = 6
|
||||
net.ipv4.tcp_synack_retries = 3
|
||||
net.ipv4.tcp_syncookies = 1
|
Loading…
Reference in New Issue