rg.vern.cc and lemmy
This commit is contained in:
parent
b53efa73e1
commit
4497614dcf
|
@ -0,0 +1,50 @@
|
|||
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
||||
# It might be nice to compress JSON, but leaving that out to protect against potential
|
||||
# compression+encryption information leak attacks like BREACH.
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript image/svg+xml;
|
||||
gzip_vary on;
|
||||
# Various content security headers
|
||||
add_header Referrer-Policy "same-origin";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
client_max_body_size 20M;
|
||||
# frontend
|
||||
location / {
|
||||
# The default ports:
|
||||
# lemmy_ui_port: 1235
|
||||
# lemmy_port: 8536
|
||||
|
||||
set $proxpass "http://0.0.0.0:1235";
|
||||
if ($http_accept ~ "^application/.*$") {
|
||||
set $proxpass "http://0.0.0.0:8536";
|
||||
}
|
||||
if ($request_method = POST) {
|
||||
set $proxpass "http://0.0.0.0:8536";
|
||||
}
|
||||
proxy_pass $proxpass;
|
||||
|
||||
rewrite ^(.+)/+$ $1 permanent;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# backend
|
||||
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
||||
proxy_pass http://0.0.0.0:8536;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
|
||||
# Redirect pictshare images to pictrs
|
||||
location ~ /pictshare/(.*)$ {
|
||||
return 301 /pictrs/image/$1;
|
||||
}
|
||||
|
|
@ -19,22 +19,13 @@ server {
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name 0.vern.cc vern0.me;
|
||||
server_name 0.vern.cc;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name vern0.me;
|
||||
ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/vern0.me/fullchain.pem;
|
||||
|
||||
include snippets/headers.conf;
|
||||
include common/0x0.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lm.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion lemmy.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/lemmy.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 11028;
|
||||
listen [::]:11028;
|
||||
|
||||
server_name vernyxzw3aktrg3v5qpkj4eyiwc4iucdw3czwesop6f466joq6wa.b32.i2p;
|
||||
|
||||
include common/lemmy.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name lm.vern.cc lemmy.vern.cc;
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name lm.vern.cc lemmy.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
# Various TLS hardening settings
|
||||
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_tickets on;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
add_header Strict-Transport-Security "max-age=63072000";
|
||||
include common/lemmy.conf;
|
||||
}
|
|
@ -2,7 +2,7 @@ server {
|
|||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion imgur.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name rg.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion imgur.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/rimgo.conf;
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ server {
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name rimgo.vern.cc imgur.vern.cc;
|
||||
server_name rg.vern.cc rimgo.vern.cc imgur.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/rimgo.conf;
|
||||
|
@ -27,7 +27,7 @@ server {
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
server_name rimgo.vern.cc imgur.vern.cc;
|
||||
server_name rg.vern.cc rimgo.vern.cc imgur.vern.cc;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/lemmy.conf
|
|
@ -9,4 +9,4 @@ ssl_stapling_verify on;
|
|||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
|
|
Loading…
Reference in New Issue