Fijxu
/
etc-configs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: Fijxu:main
Branches Tags
Fijxu:main
Fijxu:selfhost
Fijxu:oracle
Fijxu:vpsus
Fijxu:veil
Fijxu:vpscl
Fijxu:selfhost-old
...
pull from: Fijxu:vpsus
Branches Tags
Fijxu:main
Fijxu:selfhost
Fijxu:oracle
Fijxu:vpsus
Fijxu:veil
Fijxu:vpscl
Fijxu:selfhost-old

No commits in common. "main" and "vpsus" have entirely different histories.
main ... vpsus

93 changed files with 3273 additions and 16 deletions
Show Stats Expand all files Collapse all files

16
README.md
View File

@ -1,16 +0,0 @@
You can find my server configs in this repo, they are split in different branches.
- [🌑 Selfhost Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost)
- [🇺🇸 VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/vpsus)
- [🌌 Veil Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/veil) (**New**)
- [🇨🇱 Oracle VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/oracle)
#### Suggestions or Issues?
If you got any suggestions to the nginx configs or something that is not to your liking within the privacy-focused services I provide; Open an issue or a pull request in any config. You can either create an account with your real E-mail or with a throw away one (But probably you will be considered as a bad actor for me if you don't provide any real identity like GitHub, GitLab, Codeberg or anything like that, so make sure to link any of those).
*Contact*: [https://nadeko.net/contact](https://nadeko.net/contact)

284
i2pd/i2pd.conf Normal file
View File

@ -0,0 +1,284 @@
## Configuration file for a typical i2pd user
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
## for more options you can use in this file.
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
## Tunnels config file
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
# tunconf = /var/lib/i2pd/tunnels.conf
## Tunnels config files path
## Use that path to store separated tunnels in different config files.
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
# tunnelsdir = /var/lib/i2pd/tunnels.d
## Path to certificates used for verifying .su3, families
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
# certsdir = /var/lib/i2pd/certificates
## Where to write pidfile (default: i2pd.pid, not used in Windows)
# pidfile = /run/i2pd.pid
## Logging configuration section
## By default logs go to stdout with level 'info' and higher
## For Windows OS by default logs go to file with level 'warn' and higher
##
## Logs destination (valid values: stdout, file, syslog)
## * stdout - print log entries to stdout
## * file - log entries to a file
## * syslog - use syslog, see man 3 syslog
# log = file
## Path to logfile (default - autodetect)
# logfile = /var/log/i2pd/i2pd.log
## Log messages above this level (debug, info, *warn, error, none)
## If you set it to none, logging will be disabled
loglevel = none
## Write full CLF-formatted date and time to log (default: write only time)
# logclftime = true
## Daemon mode. Router will go to background after start. Ignored on Windows
# daemon = true
## Specify a family, router belongs to (default - none)
# family =
## Network interface to bind to
## Updates address4/6 options if they are not set
# ifname =
## You can specify different interfaces for IPv4 and IPv6
# ifname4 =
# ifname6 =
## Local address to bind transport sockets to
## Overrides host option if:
## For ipv4: if ipv4 = true and nat = false
## For ipv6: if 'host' is not set or ipv4 = true
# address4 =
# address6 =
## External IPv4 or IPv6 address to listen for connections
## By default i2pd sets IP automatically
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
# host = 1.2.3.4
## Port to listen for connections
## By default i2pd picks random port. You MUST pick a random number too,
## don't just uncomment this
port = 12999
## Enable communication through ipv4
ipv4 = true
## Enable communication through ipv6
ipv6 = false
## Enable SSU transport
ssu = false
## Bandwidth configuration
## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
## X - unlimited
## Default is L (regular node) and X if floodfill mode enabled. If you want to
## share more bandwidth without floodfill mode, uncomment that line and adjust
## value to your possibilities
bandwidth = O
## Max % of bandwidth limit for transit. 0-100. 100 by default
share = 20
## Router will not accept transit tunnels, disabling transit traffic completely
## (default = false)
# notransit = true
## Router will be floodfill
## Note: that mode uses much more network connections and CPU!
# floodfill = true
[ntcp2]
## Enable NTCP2 transport (default = true)
# enabled = true
## Publish address in RouterInfo (default = true)
# published = true
## Port for incoming connections (default is global port option value)
# port = 4567
[ssu2]
## Enable SSU2 transport
# enabled = true
## Publish address in RouterInfo
# published = true
## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
# port = 4567
[http]
## Web Console settings
## Uncomment and set to 'false' to disable Web Console
# enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 7070
## Path to web console, default "/"
# webroot = /
## Uncomment following lines to enable Web Console authentication
## You should not use Web Console via public networks without additional encryption.
## HTTP authentication is not encryption layer!
# auth = true
# user = i2pd
# pass = changeme
## Select webconsole language
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
## and uzbek languages
# lang = english
[httpproxy]
## Uncomment and set to 'false' to disable HTTP Proxy
# enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 4444
## Optional keys file for proxy local destination
# keys = http-proxy-keys.dat
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
## You should disable this feature if your i2pd HTTP Proxy is public,
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
# addresshelper = true
## Address of a proxy server inside I2P, which is used to visit regular Internet
# outproxy = http://false.i2p
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
[socksproxy]
## Uncomment and set to 'false' to disable SOCKS Proxy
# enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 4447
## Optional keys file for proxy local destination
# keys = socks-proxy-keys.dat
## Socks outproxy. Example below is set to use Tor for all connections except i2p
## Uncomment and set to 'true' to enable using of SOCKS outproxy
# outproxy.enabled = false
## Address and port of outproxy
# outproxy = 127.0.0.1
# outproxyport = 9050
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
[sam]
## Comment or set to 'false' to disable SAM Bridge
enabled = true
## Address and ports service will listen on
# address = 127.0.0.1
# port = 7656
# portudp = 7655
[bob]
## Uncomment and set to 'true' to enable BOB command channel
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 2827
[i2cp]
## Uncomment and set to 'true' to enable I2CP protocol
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 7654
[i2pcontrol]
## Uncomment and set to 'true' to enable I2PControl protocol
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 7650
## Authentication password. "itoopie" by default
# password = itoopie
[precomputation]
## Enable or disable elgamal precomputation table
## By default, enabled on i386 hosts
# elgamal = true
[upnp]
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
# enabled = false
## Name i2pd appears in UPnP forwardings list (default = I2Pd)
# name = I2Pd
[meshnets]
## Enable connectivity over the Yggdrasil network
# yggdrasil = false
## You can bind address from your Yggdrasil subnet 300::/64
## The address must first be added to the network interface
# yggaddress =
[reseed]
## Options for bootstrapping into I2P network, aka reseeding
## Enable or disable reseed data verification.
verify = true
## URLs to request reseed data from, separated by comma
## Default: "mainline" I2P Network reseeds
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
## Reseed URLs through the Yggdrasil, separated by comma
# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
## Path to local reseed data file (.su3) for manual reseeding
# file = /path/to/i2pseeds.su3
## or HTTPS URL to reseed from
# file = https://legit-website.com/i2pseeds.su3
## Path to local ZIP file or HTTPS URL to reseed from
# zipfile = /path/to/netDb.zip
## If you run i2pd behind a proxy server, set proxy server for reseeding here
## Should be http://address:port or socks://address:port
# proxy = http://127.0.0.1:8118
## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
# threshold = 25
[addressbook]
## AddressBook subscription URL for initial setup
## Default: reg.i2p at "mainline" I2P Network
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
## Optional subscriptions URLs, separated by comma
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
[limits]
## Maximum active transit sessions (default: 5000)
## This value is doubled if floodfill mode is enabled!
# transittunnels = 5000
## Limit number of open file descriptors (0 - use system limit)
# openfiles = 0
## Maximum size of corefile in Kb (0 - use system limit)
# coresize = 0
[trust]
## Enable explicit trust options. false by default
# enabled = true
## Make direct I2P connections only to routers in specified Family.
# family = MyFamily
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
# routers =
## Should we hide our router from other routers? false by default
# hidden = true
[exploratory]
## Exploratory tunnels settings with default values
# inbound.length = 2
# inbound.quantity = 3
# outbound.length = 2
# outbound.quantity = 3
[persist]
## Save peer profiles on disk (default: true)
# profiles = true
## Save full addresses on disk (default: true)
# addressbook = true
[cpuext]
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
# aesni = true
## Use CPU AVX instructions set when work with cryptography when available (default: true)
# avx = true
## Force usage of CPU instructions set, even if they not found
## DO NOT TOUCH that option if you really don't know what are you doing!
# force = false

285
i2pd/i2pd.conf.dpkg-dist Normal file
View File

@ -0,0 +1,285 @@
## Configuration file for a typical i2pd user
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
## for more options you can use in this file.
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
## Tunnels config file
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
# tunconf = /var/lib/i2pd/tunnels.conf
## Tunnels config files path
## Use that path to store separated tunnels in different config files.
## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
# tunnelsdir = /var/lib/i2pd/tunnels.d
## Path to certificates used for verifying .su3, families
## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
# certsdir = /var/lib/i2pd/certificates
## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
# pidfile = /run/i2pd.pid
## Logging configuration section
## By default logs go to stdout with level 'info' and higher
## For Windows OS by default logs go to file with level 'warn' and higher
##
## Logs destination (valid values: stdout, file, syslog)
## * stdout - print log entries to stdout
## * file - log entries to a file
## * syslog - use syslog, see man 3 syslog
# log = file
## Path to logfile (default: autodetect)
# logfile = /var/log/i2pd/i2pd.log
## Log messages above this level (debug, info, *warn, error, critical, none)
## If you set it to none, logging will be disabled
# loglevel = warn
## Write full CLF-formatted date and time to log (default: write only time)
# logclftime = true
## Daemon mode. Router will go to background after start. Ignored on Windows
## (default: true)
# daemon = true
## Specify a family, router belongs to (default - none)
# family =
## Network interface to bind to
## Updates address4/6 options if they are not set
# ifname =
## You can specify different interfaces for IPv4 and IPv6
# ifname4 =
# ifname6 =
## Local address to bind transport sockets to
## Overrides host option if:
## For ipv4: if ipv4 = true and nat = false
## For ipv6: if 'host' is not set or ipv4 = true
# address4 =
# address6 =
## External IPv4 or IPv6 address to listen for connections
## By default i2pd sets IP automatically
## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
# host = 1.2.3.4
## Port to listen for connections
## By default i2pd picks random port. You MUST pick a random number too,
## don't just uncomment this
# port = 4567
## Enable communication through ipv4 (default: true)
ipv4 = true
## Enable communication through ipv6 (default: false)
ipv6 = false
## Bandwidth configuration
## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
## X - unlimited
## Default is L (regular node) and X if floodfill mode enabled.
## If you want to share more bandwidth without floodfill mode, uncomment
## that line and adjust value to your possibilities. Value can be set to
## integer in kilobytes, it will apply that limit and flag will be used
## from next upper limit (example: if you set 4096 flag will be X, but real
## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
## but keep in mind that low values may be negatively evaluated by Java
## router algorithms.
# bandwidth = L
## Max % of bandwidth limit for transit. 0-100 (default: 100)
# share = 100
## Router will not accept transit tunnels, disabling transit traffic completely
## (default: false)
# notransit = true
## Router will be floodfill (default: false)
## Note: that mode uses much more network connections and CPU!
# floodfill = true
[ntcp2]
## Enable NTCP2 transport (default: true)
# enabled = true
## Publish address in RouterInfo (default: true)
# published = true
## Port for incoming connections (default is global port option value)
# port = 4567
[ssu2]
## Enable SSU2 transport (default: true)
# enabled = true
## Publish address in RouterInfo (default: true)
# published = true
## Port for incoming connections (default is global port option value)
# port = 4567
[http]
## Web Console settings
## Enable the Web Console (default: true)
# enabled = true
## Address and port service will listen on (default: 127.0.0.1:7070)
# address = 127.0.0.1
# port = 7070
## Path to web console (default: /)
# webroot = /
## Enable Web Console authentication (default: false)
## You should not use Web Console via public networks without additional encryption.
## HTTP authentication is not encryption layer!
# auth = true
# user = i2pd
# pass = changeme
## Select webconsole language
## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
## and uzbek languages
# lang = english
[httpproxy]
## Enable the HTTP proxy (default: true)
# enabled = true
## Address and port service will listen on (default: 127.0.0.1:4444)
# address = 127.0.0.1
# port = 4444
## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
# keys = http-proxy-keys.dat
## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
## You should disable this feature if your i2pd HTTP Proxy is public,
## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
# addresshelper = true
## Address of a proxy server inside I2P, which is used to visit regular Internet
# outproxy = http://false.i2p
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
[socksproxy]
## Enable the SOCKS proxy (default: true)
# enabled = true
## Address and port service will listen on (default: 127.0.0.1:4447)
# address = 127.0.0.1
# port = 4447
## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
# keys = socks-proxy-keys.dat
## Socks outproxy. Example below is set to use Tor for all connections except i2p
## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
# outproxy.enabled = false
## Address and port of outproxy
# outproxy = 127.0.0.1
# outproxyport = 9050
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
[sam]
## Enable the SAM bridge (default: true)
# enabled = false
## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
# address = 127.0.0.1
# port = 7656
# portudp = 7655
[bob]
## Enable the BOB command channel (default: false)
# enabled = false
## Address and port service will listen on (default: 127.0.0.1:2827)
# address = 127.0.0.1
# port = 2827
[i2cp]
## Enable the I2CP protocol (default: false)
# enabled = false
## Address and port service will listen on (default: 127.0.0.1:7654)
# address = 127.0.0.1
# port = 7654
[i2pcontrol]
## Enable the I2PControl protocol (default: false)
# enabled = false
## Address and port service will listen on (default: 127.0.0.1:7650)
# address = 127.0.0.1
# port = 7650
## Authentication password (default: itoopie)
# password = itoopie
[precomputation]
## Enable or disable elgamal precomputation table
## By default, enabled on i386 hosts
# elgamal = true
[upnp]
## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
# enabled = false
## Name i2pd appears in UPnP forwardings list (default: I2Pd)
# name = I2Pd
[meshnets]
## Enable connectivity over the Yggdrasil network (default: false)
# yggdrasil = false
## You can bind address from your Yggdrasil subnet 300::/64
## The address must first be added to the network interface
# yggaddress =
[reseed]
## Options for bootstrapping into I2P network, aka reseeding
## Enable reseed data verification (default: true)
verify = true
## URLs to request reseed data from, separated by comma
## Default: "mainline" I2P Network reseeds
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
## Reseed URLs through the Yggdrasil, separated by comma
# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
## Path to local reseed data file (.su3) for manual reseeding
# file = /path/to/i2pseeds.su3
## or HTTPS URL to reseed from
# file = https://legit-website.com/i2pseeds.su3
## Path to local ZIP file or HTTPS URL to reseed from
# zipfile = /path/to/netDb.zip
## If you run i2pd behind a proxy server, set proxy server for reseeding here
## Should be http://address:port or socks://address:port
# proxy = http://127.0.0.1:8118
## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
# threshold = 25
[addressbook]
## AddressBook subscription URL for initial setup
## Default: reg.i2p at "mainline" I2P Network
# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
## Optional subscriptions URLs, separated by comma
# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
[limits]
## Maximum active transit sessions (default: 5000)
## This value is doubled if floodfill mode is enabled!
# transittunnels = 5000
## Limit number of open file descriptors (0 - use system limit)
# openfiles = 0
## Maximum size of corefile in Kb (0 - use system limit)
# coresize = 0
[trust]
## Enable explicit trust options. (default: false)
# enabled = true
## Make direct I2P connections only to routers in specified Family.
# family = MyFamily
## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
# routers =
## Should we hide our router from other routers? (default: false)
# hidden = true
[exploratory]
## Exploratory tunnels settings with default values
# inbound.length = 2
# inbound.quantity = 3
# outbound.length = 2
# outbound.quantity = 3
[persist]
## Save peer profiles on disk (default: true)
# profiles = true
## Save full addresses on disk (default: true)
# addressbook = true
[cpuext]
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
# aesni = true
## Force usage of CPU instructions set, even if they not found (default: false)
## DO NOT TOUCH that option if you really don't know what are you doing!
# force = false

33
i2pd/tunnels.conf Normal file
View File

@ -0,0 +1,33 @@
[IRC-ILITA]
type = client
address = 127.0.0.1
port = 6668
destination = irc.ilita.i2p
destinationport = 6667
keys = irc-keys.dat
#[IRC-IRC2P]
#type = client
#address = 127.0.0.1
#port = 6669
#destination = irc.postman.i2p
#destinationport = 6667
#keys = irc-keys.dat
#[SMTP]
#type = client
#address = 127.0.0.1
#port = 7659
#destination = smtp.postman.i2p
#destinationport = 25
#keys = smtp-keys.dat
#[POP3]
#type = client
#address = 127.0.0.1
#port = 7660
#destination = pop.postman.i2p
#destinationport = 110
#keys = pop3-keys.dat
# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

4
i2pd/tunnels.conf.d/README Normal file
View File

@ -0,0 +1,4 @@
# In that directory you can store separated config files for every tunnel.
# Please read documentation for more info.
#
# You can find examples in /usr/share/doc/i2pd/tunnels.d directory

5
i2pd/tunnels.conf.d/zzls.i2p.conf Normal file
View File

@ -0,0 +1,5 @@
[zzls]
type = http
host = 127.0.0.1
port = 30001
keys = zzls.i2p

21
nginx/conf.d/4get.zzls.xyz.fallback.conf Normal file
View File

@ -0,0 +1,21 @@
# CLEARNET
server {
server_name 4get.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
return 301 https://4getus.zzls.xyz$request_uri;
}
listen 443 ssl;
http2 on;
}
server {
if ($host = 4get.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4get.zzls.xyz;
}

92
nginx/conf.d/4getus.zzls.xyz.conf Normal file
View File

@ -0,0 +1,92 @@
# CLEARNET
server {
access_log /var/log/nginx/4getus.access.log limited;
error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz 4getus.nadeko.net;
root /var/www/4get-zzls/;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass php-fpm;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
location / {
try_files $uri @upstream;
}
location /web {
try_files $uri @upstream;
include snippets/torblacklist.conf;
error_page 403 =302 /torisblocked;
error_page 429 =302 /rl;
}
location /torisblocked {
alias errors/$request_uri.txt;
}
location /rl {
alias errors/$request_uri.txt;
}
location /data {
return 444;
}
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
# TOR
server {
listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
location / {
try_files $uri @upstream;
}
}
server {
set $x "";
if ($host = 4getus.zzls.xyz) {
set $x 1;
}
if ($host = 4getus.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4getus.zzls.xyz 4getus.nadeko.net;
}

17
nginx/conf.d/blog.zzls.xyz.conf Normal file
View File

@ -0,0 +1,17 @@
server {
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl;
}
server {
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
}

40
nginx/conf.d/cgit.zzls.xyz.conf Normal file
View File

@ -0,0 +1,40 @@
# CLEARNET
server {
access_log /var/log/nginx/cgit.access.log;
server_name cgit.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /usr/share/cgit;
try_files $uri @cgit;
# Configure HTTP transport
#location ~ /.+/(info/refs|git-upload-pack) {
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
# fastcgi_param PATH_INFO $uri;
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
# fastcgi_param HOME /srv/git;
# fastcgi_pass unix:/run/fcgiwrap.socket;
# }
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
listen 443 ssl;
http2 on;
}
server {
if ($host = cgit.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name cgit.zzls.xyz;
}

46
nginx/conf.d/dav.zzls.xyz.conf Normal file
View File

@ -0,0 +1,46 @@
server {
access_log /var/log/nginx/dav.access.log;
error_log /var/log/nginx/dav.error.log;
server_name dav.zzls.xyz dav.nadeko.net;
root /opt/baikal/html;
index index.php;
include configs/general.conf;
include configs/security.conf;
rewrite ^/.well-known/caldav /dav redirect;
rewrite ^/.well-known/carddav /dav redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
location ~ ^(.+\.php)(.*)$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass php-fpm;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = dav.zzls.xyz) {
set $x 1;
}
if ($host = dav.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name dav.zzls.xyz dav.nadeko.net;
}

44
nginx/conf.d/default.conf.bal Normal file
View File

@ -0,0 +1,44 @@
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

53
nginx/conf.d/files.zzls.xyz.conf Normal file
View File

@ -0,0 +1,53 @@
server {
access_log /var/log/nginx/files.zzls.xyz.log combined;
server_name files.zzls.xyz files.nadeko.net;
include configs/general.conf;
include configs/security.conf;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/files.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php-fpm;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = files.zzls.xyz) {
set $x 1;
}
if ($host = files.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name files.zzls.xyz files.nadeko.net;
return 404;
}

34
nginx/conf.d/instances.nadeko.net Normal file
View File

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/instances.zzls.xyz.access.log;
error_log /var/log/nginx/instances.zzls.xyz.error.log;
server_name instances.zzls.xyz instances.nadeko.net;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
location / {
proxy_pass https://fijxu.github.io/justlog-instances-uptime;
include configs/proxy.conf;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = instances.zzls.xyz) {
set $x 1;
}
if ($host = instances.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name instances.zzls.xyz instances.nadeko.net;
}

9
nginx/conf.d/inv.zzls.xyz.fallback.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 80;
root /var/www/website/invidious;
server_name inv.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
listen 443 ssl;
}

46
nginx/conf.d/librex.nadeko.net.conf Normal file
View File

@ -0,0 +1,46 @@
server {
server_name librex.zzls.xyz librex.nadeko.net;
include configs/general.conf;
include configs/security.conf;
location / {
access_log /var/log/nginx/librex.nadeko.net.access.log;
add_header Content-Type text/plain;
return 200 "LibreX is now deprecated, if you come from the hnhx/LibreX repository and want to try LibreX, you should use LibreY, a fork of LibreY maintained by a few individuals. hnhx just vanished without a trace.
\t https://github.com/Ahwxorg/librey
You can also try using 4get if you want something fast and simple like LibreY
\t Main instance:\t https://4get.ca
\t My Instance:\t https://4get.nadeko.net
\t Instances:\t https://4get.ca/instances
Good luck! (´ ∀ ` *)";
}
location /api.php {
# Holy shit fucking bots still pinging my server with shit requests
return 444;
}
listen 443 ssl;
}
server {
if ($host = librex.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = librex.nadeko.net) {
return 301 https://$host$request_uri;
}
if ($host = nadeko.net) {
return 301 https://$host$request_uri;
}
server_name librex.zzls.xyz librex.nadeko.net;
listen 80;
return 404;
}

25
nginx/conf.d/logs.spanix.team.conf Normal file
View File

@ -0,0 +1,25 @@
server {
access_log /var/log/nginx/logs.spanix.team.log combined;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://justlogspanix;
include configs/proxy.conf;
}
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include configs/sslConfig.conf;
}
server {
if ($host = logs.spanix.team) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.spanix.team;
}

63
nginx/conf.d/logs.zzls.xyz.conf Normal file
View File

@ -0,0 +1,63 @@
server {
server_name logs.zzls.xyz;
rewrite ^ https://logs.nadeko.net$request_uri? permanent;
listen 443 ssl;
}
server {
access_log /var/log/nginx/logs.zzls.xyz.log combined;
server_name logs.nadeko.net;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://justlog;
include configs/proxy.conf;
# location ~ ^/(channel/rubius|channelid/39276140)/ {
# return 401 "Los logs de Rubius han sido deshabilitados";
# }
# location ~ ^/(channel/ibai|channelid/83232866)/ {
# return 401 "Los logs de Ibai han sido deshabilitados";
# }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~* ^/(channel/.*/user/8nunni|channelid/.*/user/8nunni|channel/.*/userid/1011023847|channelid/.*/userid/1011023847){
return 401 "lol";
}
error_page 501 502 503 /50x.html;
proxy_intercept_errors on;
}
location = /50x.html {
root /var/www/logs;
index 50x.html;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = logs.zzls.xyz) {
set $x 1;
}
if ($host = logs.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.zzls.xyz logs.nadeko.net;
return 404;
}

33
nginx/conf.d/lol.zzls.xyz.conf Normal file
View File

@ -0,0 +1,33 @@
server {
access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://127.0.0.1:40010;
include configs/proxy.conf;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
if ($host = lol.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lol.zzls.xyz;
}

25
nginx/conf.d/lsf.spanix.team.conf Normal file
View File

@ -0,0 +1,25 @@
server {
access_log /var/log/nginx/lsf.spanix.team.log combined;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40050;
include configs/proxy.conf;
}
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include configs/sslConfig.conf;
}
server {
if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lsf.spanix.team;
}

73
nginx/conf.d/mail.zzls.xyz.conf Normal file
View File

@ -0,0 +1,73 @@
# mail.nadeko.net
server {
access_log /var/log/nginx/mail.nadeko.net.log combined;
error_log /var/log/nginx/mail.nadeko.net.error;
server_name mail.nadeko.net;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://email;
}
location /favicon.ico {
alias /var/www/mail/favicon.png;
}
# location ^~ /.well-known/mta-sts.txt {
# return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
# }
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = mail.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
server_name mail.nadeko.net;
listen 80;
return 404;
}
# mta-sts.nadeko.net
server {
access_log /var/log/nginx/mta-sts.nadeko.net.log combined;
error_log /var/log/nginx/mta-sts.nadeko.net.error;
server_name mta-sts.nadeko.net;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location ^~ /.well-known/mta-sts.txt {
return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
}
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = mta-sts.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
server_name mta-sts.nadeko.net;
listen 80;
return 404;
}

19
nginx/conf.d/posts.zzls.xyz.conf Normal file
View File

@ -0,0 +1,19 @@
server {
access_log /var/log/nginx/posts.zzls.xyz.log combined;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl;
http2 on;
}
server {
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name posts.zzls.xyz;
listen 80;
}

41
nginx/conf.d/search.nadeko.net.conf Normal file
View File

@ -0,0 +1,41 @@
server {
server_name search.zzls.xyz search.nadeko.net;
include configs/general.conf;
include configs/security.conf;
location / {
add_header Content-Type text/plain;
return 200 "
SearxNG is now down because Oracle deleted my account without even notifying me. Sorry. For now, please use other instance or you can use 4get, a more simple search engine.
\t https://4get.nadeko.net";
}
location /search {
add_header Content-Type text/plain;
return 200 "
SearxNG is now down because Oracle deleted my account without even notifying me. Sorry. For now, please use other instance or you can use 4get, a more simple search engine.
\t https://4get.nadeko.net";
}
listen 443 ssl;
}
server {
if ($host = search.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = search.nadeko.net) {
return 301 https://$host$request_uri;
}
if ($host = nadeko.net) {
return 301 https://$host$request_uri;
}
server_name search.zzls.xyz search.nadeko.net;
listen 80;
return 404;
}

32
nginx/conf.d/status.zzls.xyz.conf Normal file
View File

@ -0,0 +1,32 @@
server {
access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://status;
include configs/proxy.conf;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = status.zzls.xyz) {
set $x 1;
}
if ($host = status.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz status.nadeko.net;
}

59
nginx/conf.d/stream.zzls.xyz.conf Normal file
View File

@ -0,0 +1,59 @@
# CLEARNET
server {
access_log /var/log/nginx/stream.access.log;
error_log /var/log/nginx/stream.error.log;
server_name stream.zzls.xyz;
include configs/general.conf;
location /hls/ {
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
root /tmp/;
}
location /dash/ {
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
root /tmp/;
}
location = /streams {
# rtmp_stat all;
# rtmp_stat_stylesheet /stat.xsl;
}
location /stat.xsl {
root /var/www/stream/public/;
}
location /viewers/ {
default_type text/plain;
add_header Content-Type "text/plain";
add_header Refresh "30; $request_uri";
root /var/www/stream/public/;
try_files $uri /viewers.txt =404;
}
location /posters/ {
root /var/www/stream/public/;
try_files $uri /offline.png =404;
}
location / {
root /var/www/stream/public/;
try_files $uri $uri/hls.html =404;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
if ($host = stream.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name stream.zzls.xyz;
return 404;
}

39
nginx/conf.d/twitch.zzls.xyz.conf Normal file
View File

@ -0,0 +1,39 @@
server {
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
error_log /var/log/nginx/twitch.zzls.xyz.error.log;
server_name twitch.zzls.xyz twitch.nadeko.net;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
location / {
add_header Content-Type text/plain;
return 200 "Twitch Russia Proxy for TTVLOL V1";
}
location ~ ^/(?!$) {
proxy_pass http://twitchproxy;
include configs/proxy.conf;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
}
server {
set $x "";
if ($host = twitch.zzls.xyz) {
set $x 1;
}
if ($host = twitch.nadeko.net) {
set $x 1;
}
if ($x = 1) {
return 301 https://$host$request_uri;
}
listen 80;
server_name twitch.zzls.xyz twitch.nadeko.net;
}

55
nginx/conf.d/zzls.xyz.conf Normal file
View File

@ -0,0 +1,55 @@
server {
access_log /var/log/nginx/zzls.xyz.log;
root /var/www/website;
index index.html;
server_name zzls.xyz www.zzls.xyz www.nadeko.net nadeko.net;
include configs/general.conf;
include configs/security.conf;
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
try_files $uri $uri/ =404;
expires 1h;
}
location /transparency {
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
# QUIC
include configs/http3.conf;
listen 443 ssl default_server;
http2 on;
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = www.nadeko.net) {
return 301 https://$host$request_uri;
}
if ($host = nadeko.net) {
return 301 https://$host$request_uri;
}
server_name _ zzls.xyz www.zzls.xyz nadeko.net www.nadeko.net;
listen 80;
}

10
nginx/configs/general.conf Normal file
View File

@ -0,0 +1,10 @@
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
if ($poop) {
return 444;
}

4
nginx/configs/http3.conf Normal file
View File

@ -0,0 +1,4 @@
# Disable HTTP/3 for now.
#add_header Alt-Svc: h2=":443"; ma=2592000;
#listen 443 quic;

20
nginx/configs/proxy.conf Normal file
View File

@ -0,0 +1,20 @@
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy SSL
proxy_ssl_server_name on;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

26
nginx/configs/robots.conf Normal file
View File

@ -0,0 +1,26 @@
location /robots.txt { return 200 "User-agent: AhrefsBot
Disallow: /
User-agent: dotbot
Disallow: /
User-agent: SiteAuditBot
Disallow: /
User-agent: SemrushBot-BA
Disallow: /
User-agent: SemrushBot-SI
Disallow: /
User-agent: SemrushBot-SWA
Disallow: /
User-agent: SemrushBot-CT
Disallow: /
User-agent: SplitSignalBot
Disallow: /
User-agent: SemrushBot-COUB
Disallow: /"; }

1
nginx/configs/robotsNone.conf Normal file
View File

@ -0,0 +1 @@
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}

6
nginx/configs/security.conf Normal file
View File

@ -0,0 +1,6 @@
# security headers
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "same-origin" always;
add_header X-Frame-Options "sameorigin" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

5
nginx/configs/ssl.conf Normal file
View File

@ -0,0 +1,5 @@
# ECDSA
ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
include configs/sslConfig.conf;

12
nginx/configs/sslConfig.conf Normal file
View File

@ -0,0 +1,12 @@
# SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_early_data on;
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
# Changed to a custom one for trust purposes
ssl_dhparam /etc/nginx/dhparam.pem;

23
nginx/configs/upstreams.conf Normal file
View File

@ -0,0 +1,23 @@
upstream php-fpm {
server unix:/run/php/php8.2-fpm.sock;
}
upstream justlog {
server 127.0.0.1:10001;
}
upstream justlogspanix {
server 127.0.0.1:10002;
}
upstream email {
server 127.0.0.1:30443;
}
upstream status {
server 127.0.0.1:8080;
}
upstream twitchproxy {
server 127.0.0.1:10003;
}

13
nginx/dhparam.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
+lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
-----END DH PARAMETERS-----

27
nginx/fastcgi.conf Executable file
View File

@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
nginx/fastcgi_params Executable file
View File

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

99
nginx/mime.types Normal file
View File

@ -0,0 +1,99 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

59
nginx/nginx.conf Normal file
View File

@ -0,0 +1,59 @@
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2048;
multi_accept off;
}
http {
log_format limited '$remote_addr - $remote_user [$time_local] '
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
'"-" "Bogus/66.6"';
access_log off;
error_log /dev/null;
# Basic Settings
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 1024;
types_hash_bucket_size 64;
server_names_hash_bucket_size 128;
# MIME
include mime.types;
# SSL
include configs/ssl.conf;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 60s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# PERFORMANCE / ASYNC I/O
aio threads=default;
aio_write on;
directio 2m;
# Maps
include /etc/nginx/snippets/maps.conf;
include /etc/nginx/snippets/poop.conf;
include /etc/nginx/configs/upstreams.conf;
include /etc/nginx/conf.d/*.conf;
}

33
nginx/sites-available-archive/bapi.conf Executable file
View File

@ -0,0 +1,33 @@
server {
access_log /var/log/nginx/bapi.access.log combined;
server_name bapi.zzls.xyz;
location / {
proxy_pass http://localhost:40030;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bapi.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bapi.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = bapi.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name bapi.zzls.xyz;
return 404; # managed by Certbot
}

43
nginx/sites-available-archive/boards.conf Executable file
View File

@ -0,0 +1,43 @@
server {
client_max_body_size 64M;
access_log /var/log/nginx/boards.access.log combined;
root /var/www/boards/;
index index.html index.htm index.nginx-debian.html;
server_name boards.zzls.xyz;
location /api/socket {
proxy_pass http://localhost:8000/api/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://localhost:8000/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/boards.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/boards.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = boards.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name boards.zzls.xyz;
return 404; # managed by Certbot
}

18
nginx/sites-available-archive/booyahtv.conf Executable file
View File

@ -0,0 +1,18 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/booyahtv.access.log combined;
root /var/www/booyahtv/;
index index.html index.htm index.nginx-debian.html;
server_name booyahtv.zzls.xyz;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

91
nginx/sites-available-archive/default Executable file
View File

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

86
nginx/sites-available-archive/default.bak Executable file
View File

@ -0,0 +1,86 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
access_log /var/log/nginx/zzls.access.log combined;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
return 301 https://$host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
allow all;
}
}
server {
access_log /var/log/nginx/zzls.access.log combined;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name zzls.xyz www.zzls.xyz; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
allow all;
}
location /files {
alias /mnt/blockstorage/wwwfiles;
autoindex on;
autoindex_format xml;
autoindex_exact_size off;
autoindex_localtime on;
xslt_stylesheet /var/www/html/assets/superbindex.xslt;
xslt_string_param color-base00 '#18191A';
}
location /filess {
alias /mnt/blockstorage/wwwfiles;
autoindex on;
autoindex_format xml;
autoindex_exact_size off;
autoindex_localtime on;
}
# listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/www.zzls.xyz/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/www.zzls.xyz/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name zzls.xyz www.zzls.xyz;
return 404; # managed by Certbot
}

38
nginx/sites-available-archive/i.zzls.xyz.conf Normal file
View File

@ -0,0 +1,38 @@
server {
access_log /var/log/nginx/i.access.log combined;
#root /mnt/blockstorage/i/files/;
index index.html index.htm index.nginx-debian.html;
server_name i.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
client_max_body_size 51M;
proxy_pass http://127.0.0.1:40007/;
include configs/proxy.conf;
proxy_intercept_errors on;
error_page 404 = /error;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/i.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/i.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = i.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name i.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

22
nginx/sites-available-archive/i2.conf Executable file
View File

@ -0,0 +1,22 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/i.access.log combined;
# root /mnt/blockstorage/i/files/;
index index.html index.htm index.nginx-debian.html;
server_name i.zzls.xyz;
location / {
proxy_pass http://localhost:7494;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/i2.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/i2.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

38
nginx/sites-available-archive/ii.conf Executable file
View File

@ -0,0 +1,38 @@
server {
access_log /var/log/nginx/ii.access.log combined;
root /mnt/blockstorage/ifiles/;
index index.html index.htm index.nginx-debian.html;
server_name ii.zzls.xyz;
location /upload {
client_max_body_size 4096M;
auth_basic "Restricted Content";
auth_basic_user_file /etc/fileupload.htpasswd;
proxy_pass http://localhost:40002;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ii.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ii.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

66
nginx/sites-available-archive/logstemp.conf Executable file
View File

@ -0,0 +1,66 @@
server {
access_log /var/log/nginx/logs.access.log combined;
server_name logs.zzls.xyz;
root /var/www/logs;
index index.html;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
access_log /var/log/nginx/notlogs.access.log combined;
server_name notlogs.zzls.xyz;
location / {
rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/notlogs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/notlogs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name logs.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = notlogs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name notlogs.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

31
nginx/sites-available-archive/paste.zzls.xyz.conf Executable file
View File

@ -0,0 +1,31 @@
server {
access_log /var/log/nginx/paste.access.log combined;
server_name paste.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40005/;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = paste.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name paste.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

22
nginx/sites-available-archive/shorturl.conf Executable file
View File

@ -0,0 +1,22 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/s.access.log combined;
root /var/www/s/;
index index.html index.htm index.nginx-debian.html;
server_name s.zzls.xyz;
location / {
proxy_pass http://localhost:40006/;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/s.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/s.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

84
nginx/sites-available-archive/vanced.conf Executable file
View File

@ -0,0 +1,84 @@
server {
access_log /var/log/nginx/vanced.access.log combined;
server_name vanced.zzls.xyz;
#root /var/www/vanced;
#index index.php /_h5ai/public/index.php;
if ($http_user_agent ~* (google) ) {
return 404;
}
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/Vanced;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vanced.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vanced.zzls.xyz/privkey.pem; # managed by Certbot
}
server {
if ($host = vanced.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name vanced.zzls.xyz;
return 404; # managed by Certbot
}

21
nginx/sites-available/4get.zzls.xyz.fallback.conf Normal file
View File

@ -0,0 +1,21 @@
# CLEARNET
server {
server_name 4get.zzls.xyz;
include configs/general.conf;
include configs/ssl.conf;
include configs/security.conf;
location / {
return 301 https://4getus.zzls.xyz$request_uri;
}
}
server {
if ($host = 4get.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4get.zzls.xyz;
}

22
nginx/sites-available/blog.zzls.xyz.conf Executable file
View File

@ -0,0 +1,22 @@
server {
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

41
nginx/sites-available/cgit.zzls.xyz.conf Normal file
View File

@ -0,0 +1,41 @@
# CLEARNET
server {
access_log /var/log/nginx/cgit.access.log;
server_name cgit.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /usr/share/cgit;
try_files $uri @cgit;
# Configure HTTP transport
#location ~ /.+/(info/refs|git-upload-pack) {
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
# fastcgi_param PATH_INFO $uri;
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
# fastcgi_param HOME /srv/git;
# fastcgi_pass unix:/run/fcgiwrap.socket;
# }
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = cgit.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name cgit.zzls.xyz;
}

15
nginx/sites-available/contador.zzls.xyz.conf Executable file
View File

@ -0,0 +1,15 @@
server {
listen 80;
access_log /var/log/nginx/contador.xyz.log;
root /var/www/website;
index contador.html;
server_name contador.ayaya.beauty;
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
}
}

26
nginx/sites-available/donate.zzls.xyz.conf Executable file
View File

@ -0,0 +1,26 @@
server {
access_log /var/log/nginx/donate.zzls.xyz.log combined;
root /var/www/donate;
index index.html;
server_name donate.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
try_files $uri $uri/ =404;
}
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = donate.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name donate.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

51
nginx/sites-available/files.zzls.xyz.conf Executable file
View File

@ -0,0 +1,51 @@
server {
access_log /var/log/nginx/files.zzls.xyz.log combined;
server_name files.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/files.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = files.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name files.zzls.xyz;
return 404; # managed by Certbot
}

24
nginx/sites-available/i.zzls.xyz.conf Executable file
View File

@ -0,0 +1,24 @@
server {
access_log /var/log/nginx/i.zzls.xyz.log combined;
server_name i.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
rewrite ^/(.*)$ https://i.ayaya.beauty/$1 redirect;
}
listen 443 ssl;
http2 on
include configs/ssl.conf;
}
server {
if ($host = i.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name i.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

17
nginx/sites-available/inv.zzls.xyz.fallback.conf Normal file
View File

@ -0,0 +1,17 @@
server {
listen 80;
include configs/general.conf;
include configs/robotsNone.conf;
server_name inv.zzls.xyz;
root /var/www/website/invidious;
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}

33
nginx/sites-available/logs.spanix.team.conf Executable file
View File

@ -0,0 +1,33 @@
server {
access_log /var/log/nginx/logs.spanix.team.log combined;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40004;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = logs.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name logs.spanix.team;
return 404; # managed by Certbot
}

49
nginx/sites-available/logs.zzls.xyz.conf Executable file
View File

@ -0,0 +1,49 @@
server {
access_log /var/log/nginx/logs.zzls.xyz.log combined;
server_name logs.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40003;
include configs/proxy.conf;
location ~ ^/(channel/rubius|channelid/39276140)/ {
return 401 "Los logs de Rubius han sido deshabilitados";
}
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ {
# return 401 "XD";
# }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
error_page 501 502 503 /50x.html;
proxy_intercept_errors on;
}
location = /50x.html {
root /var/www/logs;
index 50x.html;
}
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.zzls.xyz;
return 404; # managed by Certbot
}

34
nginx/sites-available/lsf.spanix.team.conf Normal file
View File

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/lsf.spanix.team.log combined;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40050;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
listen [::]:80;
server_name lsf.spanix.team;
return 404; # managed by Certbot
}

63
nginx/sites-available/mail.zzls.xyz.conf Executable file
View File

@ -0,0 +1,63 @@
server {
access_log /var/log/nginx/mail.zzls.xyz.log combined;
error_log /var/log/nginx/mail.zzls.xyz.error;
root /var/www/mail;
index index.html index.php;
server_name mail.zzls.xyz;
include configs/general.conf;
location ^~ /baikal {
root /opt/baikal/html;
index index.php;
if (!-e $request_filename) { rewrite ^ /baikal/index.php last; }
rewrite ^/.well-known/caldav /dav.php redirect;
rewrite ^/.well-known/carddav /dav.php redirect;
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# location @baikal {
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last;
# }
location /radicale/ {
proxy_pass http://127.0.0.1:40001/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
}
listen 443 ssl http2;
include configs/ssl.conf;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "sameorigin" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}
server {
if ($host = mail.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

11
nginx/sites-available/nossl.zzls.xyz.conf Executable file
View File

@ -0,0 +1,11 @@
server {
access_log /var/log/nginx/nossl.access.log combined;
root /var/www/nossl;
index index.html index.htm index.nginx-debian.html;
server_name nossl.zzls.xyz;
}

22
nginx/sites-available/posts.zzls.xyz.conf Executable file
View File

@ -0,0 +1,22 @@
server {
access_log /var/log/nginx/posts.zzls.xyz.log combined;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name posts.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

24
nginx/sites-available/status.zzls.xyz.conf Executable file
View File

@ -0,0 +1,24 @@
server {
access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:8080;
include configs/proxy.conf;
}
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz;
return 404; # managed by Certbot
}

64
nginx/sites-available/zzls.xyz.conf Executable file
View File

@ -0,0 +1,64 @@
server {
access_log /var/log/nginx/zzls.xyz.log;
root /var/www/website;
index index.html;
server_name zzls.xyz www.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
expires 24h;
}
location /transparency {
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
access_log /var/log/nginx/zzls.i2p.log;
listen 30001;
server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p;
root /var/www/website;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

1
nginx/sites-enabled/4get.zzls.xyz.fallback.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/4get.zzls.xyz.fallback.conf

94
nginx/sites-enabled/4getus.zzls.xyz.conf Normal file
View File

@ -0,0 +1,94 @@
# FUCK BOTS
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
# CLEARNET
server {
access_log /var/log/nginx/4getus.access.log;
error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz;
include configs/general.conf;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location /web {
try_files $uri @upstream;
limit_req zone=4get;
limit_req_status 444;
include snippets/torblacklist.conf;
include snippets/spys.me.proxies.blacklist.conf;
error_page 403 =302 /torisblocked;
}
location /torisblocked {
access_log /var/log/nginx/4getus.torblocked.access.log;
add_header Content-Type text/plain;
return 200 "
Tor and Proxies are not allowed in this service, sorry.
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
Tor y Proxies no estan permitidos en este servicio, lo siento.
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
}
location /data {
return 444;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
# TOR
server {
access_log /var/log/nginx/4getus.tor.access.log;
listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
}
server {
if ($host = 4getus.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4getus.zzls.xyz;
}

1
nginx/sites-enabled/blog.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/blog.zzls.xyz.conf

1
nginx/sites-enabled/cgit.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/cgit.zzls.xyz.conf

43
nginx/sites-enabled/dav.zzls.xyz.conf Normal file
View File

@ -0,0 +1,43 @@
server {
access_log /var/log/nginx/dav.access.log;
error_log /var/log/nginx/dav.error.log;
server_name dav.zzls.xyz;
include configs/general.conf;
root /opt/baikal/html;
index index.php
rewrite ^/.well-known/caldav /dav redirect;
rewrite ^/.well-known/carddav /dav redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
location ~ ^(.+\.php)(.*)$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
server {
if ($host = dav.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name dav.zzls.xyz;
}

1
nginx/sites-enabled/files.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/files.zzls.xyz.conf

1
nginx/sites-enabled/inv.zzls.xyz.fallback.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/inv.zzls.xyz.fallback.conf

1
nginx/sites-enabled/logs.spanix.team.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/logs.spanix.team.conf

1
nginx/sites-enabled/logs.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/logs.zzls.xyz.conf

34
nginx/sites-enabled/lol.zzls.xyz.conf Normal file
View File

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://127.0.0.1:40010;
include configs/proxy.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = lol.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lol.zzls.xyz;
}

1
nginx/sites-enabled/lsf.spanix.team.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/lsf.spanix.team.conf

1
nginx/sites-enabled/mail.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mail.zzls.xyz.conf

1
nginx/sites-enabled/posts.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/posts.zzls.xyz.conf

1
nginx/sites-enabled/status.zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
../sites-available/status.zzls.xyz.conf

61
nginx/sites-enabled/stream.zzls.xyz.conf Normal file
View File

@ -0,0 +1,61 @@
# CLEARNET
server {
access_log /var/log/nginx/stream.access.log;
error_log /var/log/nginx/stream.error.log;
server_name stream.zzls.xyz;
include configs/general.conf;
location /hls/ {
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
root /tmp/;
}
location /dash/ {
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
root /tmp/;
}
location = /streams {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /stat.xsl {
root /var/www/stream/public/;
}
location /viewers/ {
default_type text/plain;
add_header Content-Type "text/plain";
add_header Refresh "30; $request_uri";
root /var/www/stream/public/;
try_files $uri /viewers.txt =404;
}
location /posters/ {
root /var/www/stream/public/;
try_files $uri /offline.png =404;
}
location / {
root /var/www/stream/public/;
try_files $uri $uri/hls.html =404;
}
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
server {
if ($host = stream.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name stream.zzls.xyz;
}

41
nginx/sites-enabled/twitch.zzls.xyz.conf Normal file
View File

@ -0,0 +1,41 @@
server {
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
server_name twitch.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
location / {
add_header Content-Type text/plain;
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
Enjoy :3";
}
location ~ ^/(?!$) {
proxy_pass http://127.0.0.1:9595;
include configs/proxy.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = twitch.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name twitch.zzls.xyz;
}

1
nginx/sites-enabled/zzls.xyz.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/zzls.xyz.conf

27
nginx/snippets/maps.conf Normal file
View File

@ -0,0 +1,27 @@
# Connection header for WebSocket reverse proxy
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
map $remote_addr $proxy_forwarded_elem {
# IPv4 addresses can be sent as-is
~^[0-9.]+$ "for=$remote_addr";
# IPv6 addresses need to be bracketed and quoted
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
# Unix domain socket names cannot be represented in RFC 7239 syntax
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
# If the incoming Forwarded header is syntactically valid, append to it
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
# Otherwise, replace it
default "$proxy_forwarded_elem";
}

9
nginx/snippets/poop.conf Normal file
View File

@ -0,0 +1,9 @@
map $http_user_agent $poop {
default 0;
~*my-tiny-bot 1;
~*thesis-research-bot 1;
~*SemrushBot 1;
~*Bytespider 1;
~*PetalBot 1;
~*Amazonbot 1;
}

1
sysctl.d/30-wireguard-forward.conf Normal file
View File

@ -0,0 +1 @@
net.ipv4.ip_forward=1

1
sysctl.d/99-swappiness.conf Normal file
View File

@ -0,0 +1 @@
vm.swappiness=4

1
sysctl.d/99-sysctl.conf Symbolic link
View File

@ -0,0 +1 @@
../sysctl.conf

13
sysctl.d/README.sysctl Normal file
View File

@ -0,0 +1,13 @@
Kernel system variables configuration files
Files found under the /etc/sysctl.d directory that end with .conf are
parsed within sysctl(8) at boot time. If you want to set kernel variables
you can either edit /etc/sysctl.conf or make a new file.
The filename isn't important, but don't make it a package name as it may clash
with something the package builder needs later. It must end with .conf though.
My personal preference would be for local system settings to go into
/etc/sysctl.d/local.conf but as long as you follow the rules for the names
of the file, anything will work. See sysctl.conf(8) man page for details
of the format.

40
sysctl.d/internettweaks.conf Normal file
View File

@ -0,0 +1,40 @@
#TCP Tweaks
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fastopn = 3
net.ipv4.tcp_fin_timeout = 10
# disable tcp timestamps to avoid leaking some system information
# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
net.ipv4.tcp_timestamps=0
#TCP BBR Congestion Control Algoritm
net.core.default_qdisc = cake
net.ipv4.tcp_congestion_control = bbr
#Ignore ICMP Ping requests
net.ipv4.icmp_echo_ignore_all = 1
net.ipv6.icmp.echo_ignore_all = 1
#Increase the memory dedicated to the network interfaces
net.core.rmem_default = 1048576
net.core.rmem_max = 16777216
net.core.wmem_default = 1048576
net.core.wmem_max = 16777216
net.core.optmem_max = 65536
net.ipv4.tcp_rmem = 4096 1048576 2097152
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
# increase aslr effectiveness for mmap
# https://lwn.net/Articles/667790
vm.mmap_rnd_bits=32
vm.mmap_rnd_compat_bits=16
#SYN Flood Protection
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_syn_retries = 6
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syncookies = 1