0x0 new domain, remove peertube
This commit is contained in:
parent
336fd21e7e
commit
49594e86a2
|
@ -0,0 +1,6 @@
|
|||
add_header Onion-Location http://piped.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8005/; # The / is important!
|
||||
proxy_set_header Host $host;
|
||||
}
|
|
@ -19,7 +19,7 @@ server {
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name 0.vern.cc;
|
||||
server_name 0.vern.cc vern0.me;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
|
@ -28,8 +28,19 @@ server {
|
|||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name 0.vern.cc;
|
||||
include /etc/nginx/snippets/lets-encrypt.conf;
|
||||
server_name vern0.me;
|
||||
ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/vern0.me/fullchain.pem;
|
||||
|
||||
include snippets/headers.conf;
|
||||
include common/0x0.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name 0.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/0x0.conf;
|
||||
|
||||
}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 8448 ssl http2;
|
||||
listen [::]:8448 ssl http2;
|
||||
server_name matrix.aryak.ml;
|
||||
merge_slashes off;
|
||||
|
||||
location /_matrix/ {
|
||||
proxy_pass http://10.7.0.4:6167$request_uri;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_buffering off;
|
||||
}
|
||||
ssl_certificate /etc/letsencrypt/live/matrix.aryak.ml/fullchain.pem; # EDIT THIS
|
||||
ssl_certificate_key /etc/letsencrypt/live/matrix.aryak.ml/privkey.pem; # EDIT THIS
|
||||
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.server": "matrix.aryak.ml:443"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.aryak.ml"}}';
|
||||
}
|
||||
}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name ldapadmin.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
# document root
|
||||
root /usr/share/phpldapadmin/htdocs;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
}
|
||||
}
|
|
@ -28,6 +28,7 @@ server {
|
|||
server_name mail.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
# include snippets/headers.conf;
|
||||
include common/mail.conf;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
}
|
||||
|
|
|
@ -1,71 +0,0 @@
|
|||
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
|
||||
# Please check your Nginx installation features the following modules via 'nginx -V':
|
||||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name pt.vern.cc;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
default_type "text/plain";
|
||||
root /var/www/certbot;
|
||||
}
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/peertube.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 11011;
|
||||
listen [::]:11011;
|
||||
|
||||
server_name verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p;
|
||||
|
||||
include common/peertube.conf;
|
||||
}
|
||||
|
||||
upstream ptbackend {
|
||||
server 127.0.0.1:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name pt.vern.cc;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
include snippets/lets-encrypt.conf;
|
||||
location ^~ '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
# based on Mozilla Guideline v5.6
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||
ssl_session_timeout 1d; # defaults to 5m
|
||||
ssl_session_tickets off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
include common/peertube.conf;
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name piped.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pipedapi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pipedproxy.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/piped.conf;
|
||||
}
|
||||
|
||||
#server {
|
||||
# listen 11013;
|
||||
# listen [::]:11013;
|
||||
#
|
||||
# server_name vernnflenvsqccuanaun7yydnmturi4jkyxlyzhn6ultpje66c3q.b32.i2p;
|
||||
#
|
||||
# include common/quetre.conf;
|
||||
#}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name piped.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/piped.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name pipedapi.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/piped.conf;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name pipedproxy.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/piped.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name piped.vern.cc pipedapi.vern.cc pipedproxy.vern.cc;
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/peertube.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/piped.conf
|
|
@ -3,3 +3,10 @@ add_header X-Content-Type-Options "nosniff" always;
|
|||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
#add_header Content-Security-Policy "default-src 'self'; font-src 'self'; img-src 'self' https://i.creativecommons.org/ https://licensebuttons.net/; style-src 'self' 'unsafe-inline'" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
# intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
|
|
|
@ -8,4 +8,4 @@ ssl_dhparam /etc/letsencrypt/live/vern.cc/dhparam;
|
|||
# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 9.9.9.9;
|
||||
resolver 213.186.33.99;
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
add_header Onion-Location http://$user.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
error_log /var/log/nginx/vern.cc-error.log crit;
|
||||
error_log /var/log/nginx/vern.cc-error.log info;
|
||||
root /sshfs/home/$user/public_html;
|
||||
index index.html index.php index.cgi index.py index.sh index.pl index.lua;
|
||||
|
||||
location @extensionless-php {
|
||||
rewrite ^(.*)$ $1.php last;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass 192.168.122.30:9000;
|
||||
fastcgi_pass unix:/sshfs/run/phpfpm/mypool.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Headers *;
|
||||
if ($request_method = OPTIONS ) {
|
||||
return 200;
|
||||
}
|
||||
proxy_buffering on;
|
||||
proxy_set_header Host $arg_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_set_header CF-Connecting-IP "";
|
||||
proxy_hide_header "alt-svc";
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
tcp_nopush on;
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 2m;
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_hide_header etag;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_max_temp_file_size 0;
|
||||
access_log off;
|
||||
proxy_pass http://unix:/var/run/ytproxy/http-proxy.sock;
|
||||
|
||||
|
Loading…
Reference in New Issue