0x0 new domain, remove peertube

common/piped.conf

@@ -0,0 +1,6 @@
+add_header Onion-Location http://piped.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+
+location / {
+	proxy_pass http://localhost:8005/; # The / is important!
+	proxy_set_header Host $host;
+}

sites-available/0x0.conf

@@ -19,7 +19,7 @@ server {
 server {
 	listen 80;
 	listen [::]:80;
-	server_name 0.vern.cc;
+	server_name 0.vern.cc vern0.me;
 
 	location / {
 		return 301 https://$host$request_uri;
@@ -28,8 +28,19 @@ server {
 
 server {
 	listen 443 ssl http2;
-	server_name 0.vern.cc;
-	include /etc/nginx/snippets/lets-encrypt.conf;
+	server_name vern0.me;
+	ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem;
+	ssl_certificate /etc/letsencrypt/live/vern0.me/fullchain.pem;
 
+	include snippets/headers.conf;
 	include common/0x0.conf;
 }
+
+server {
+	listen 443 ssl http2;
+	server_name 0.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include snippets/headers.conf;
+	include common/0x0.conf;
+
+}

sites-available/aryak.ml.conf

@@ -1,30 +0,0 @@
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-	listen 8448 ssl http2;
-	listen [::]:8448 ssl http2;
-	server_name matrix.aryak.ml;
-	merge_slashes off;
-
-	location /_matrix/ {
-		proxy_pass http://10.7.0.4:6167$request_uri;
-		proxy_set_header Host $http_host;
-		proxy_buffering off;
-	}
-ssl_certificate /etc/letsencrypt/live/matrix.aryak.ml/fullchain.pem; # EDIT THIS
-ssl_certificate_key /etc/letsencrypt/live/matrix.aryak.ml/privkey.pem; # EDIT THIS
-
-
-	location /.well-known/matrix/server {
-		add_header Access-Control-Allow-Origin '*' always;
-		add_header Content-Type application/json;
-		return 200 '{"m.server": "matrix.aryak.ml:443"}';
-	}
-
-	location /.well-known/matrix/client {
-		add_header Access-Control-Allow-Origin '*' always;
-		add_header Content-Type application/json;
-		return 200 '{"m.homeserver": {"base_url": "https://matrix.aryak.ml"}}';
-	}
-}
-

sites-available/ldap.conf

@@ -1,18 +0,0 @@
-server {
-listen 443 ssl http2;
-server_name ldapadmin.vern.cc;
-include snippets/lets-encrypt.conf;
-# document root
-root /usr/share/phpldapadmin/htdocs;
-index index.php index.html index.htm;
-
-location / {
-	try_files $uri $uri/ /index.php;
-}
-location ~ \.php$ {
-	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
-	fastcgi_index index.php;
-	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-	include /etc/nginx/fastcgi_params;
-}
-}

sites-available/mail.vern.cc.conf

@@ -28,6 +28,7 @@ server {
 	server_name mail.vern.cc;
 
 	include snippets/lets-encrypt.conf;
-	include snippets/headers.conf;
+#	include snippets/headers.conf;
 	include common/mail.conf;
+	ssl_protocols TLSv1.2 TLSv1.3;
 }

sites-available/peertube.conf

@@ -1,71 +0,0 @@
-# Minimum Nginx version required:  1.13.0 (released Apr 25, 2017)
-# Please check your Nginx installation features the following modules via 'nginx -V':
-# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
-# THIRD PARTY MODULES:   None.
-
-server {
-	listen 80;
-	listen [::]:80;
-	server_name pt.vern.cc;
-
-	location /.well-known/acme-challenge/ {
-		default_type "text/plain";
-		root /var/www/certbot;
-	}
-	location / { return 301 https://$host$request_uri; }
-}
-
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
-
-	include common/peertube.conf;
-}
-
-server {
-	listen 11011;
-	listen [::]:11011;
-
-	server_name verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p;
-
-	include common/peertube.conf;
-}
-
-upstream ptbackend {
-	server 127.0.0.1:9000;
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-	server_name pt.vern.cc;
-
-	##
-	# Certificates
-	# you need a certificate to run in production. see https://letsencrypt.org/
-	##
-	include snippets/lets-encrypt.conf;
-	location ^~ '/.well-known/acme-challenge' {
-		default_type "text/plain";
-		root /var/www/certbot;
-	}
-
-	##
-	# Security hardening (as of Nov 15, 2020)
-	# based on Mozilla Guideline v5.6
-	##
-
-	ssl_protocols             TLSv1.2 TLSv1.3;
-	ssl_prefer_server_ciphers on;
-	ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
-	ssl_session_timeout       1d; # defaults to 5m
-	ssl_session_tickets       off;
-	ssl_stapling              on;
-	ssl_stapling_verify       on;
-	# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
-	#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-
-	include common/peertube.conf;
-}

sites-available/piped.conf

@@ -0,0 +1,50 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name piped.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pipedapi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pipedproxy.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/piped.conf;
+}
+
+#server {
+#	listen 11013;
+#	listen [::]:11013;
+#
+#	server_name vernnflenvsqccuanaun7yydnmturi4jkyxlyzhn6ultpje66c3q.b32.i2p;
+#
+#	include common/quetre.conf;
+#}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name piped.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include snippets/headers.conf;
+	include common/piped.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name pipedapi.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include snippets/headers.conf;
+	include common/piped.conf;
+}
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name pipedproxy.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include snippets/headers.conf;
+	include common/piped.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name piped.vern.cc pipedapi.vern.cc pipedproxy.vern.cc;
+}

sites-enabled/peertube.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/peertube.conf

sites-enabled/piped.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/piped.conf

snippets/headers.conf

@@ -3,3 +3,10 @@ add_header X-Content-Type-Options "nosniff" always;
 add_header X-XSS-Protection "1; mode=block" always;
 #add_header Content-Security-Policy "default-src 'self'; font-src 'self'; img-src 'self' https://i.creativecommons.org/ https://licensebuttons.net/; style-src 'self' 'unsafe-inline'" always;
 add_header X-Frame-Options "SAMEORIGIN" always;
+ssl_stapling on;
+ssl_stapling_verify on;
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+add_header Referrer-Policy "no-referrer" always;

snippets/lets-encrypt.conf

@@ -8,4 +8,4 @@ ssl_dhparam /etc/letsencrypt/live/vern.cc/dhparam;
 # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
 
 # replace with the IP address of your resolver
-resolver 9.9.9.9;
+resolver 213.186.33.99;

snippets/user.vern.conf

@@ -1,11 +1,15 @@
 add_header Onion-Location http://$user.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
 
-error_log /var/log/nginx/vern.cc-error.log crit;
+error_log /var/log/nginx/vern.cc-error.log info;
 root /sshfs/home/$user/public_html;
 index index.html index.php index.cgi index.py index.sh index.pl index.lua;
 
+location @extensionless-php {
+	rewrite ^(.*)$ $1.php last;
+}
+
 location ~ \.php$ {
-	fastcgi_pass 192.168.122.30:9000;
+	fastcgi_pass unix:/sshfs/run/phpfpm/mypool.sock;
 	fastcgi_index index.php;
 	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
 }

snippets/ytproxy.conf

@@ -0,0 +1,26 @@
+add_header Access-Control-Allow-Origin *;
+add_header Access-Control-Allow-Headers *;
+if ($request_method = OPTIONS ) {
+   return 200;
+}
+proxy_buffering on;
+proxy_set_header Host $arg_host;
+proxy_ssl_server_name on;
+proxy_set_header X-Forwarded-For "";
+proxy_set_header CF-Connecting-IP "";
+proxy_hide_header "alt-svc";
+sendfile on;
+sendfile_max_chunk 512k;
+tcp_nopush on;
+aio threads=default;
+aio_write on;
+directio 2m;
+proxy_hide_header Cache-Control;
+proxy_hide_header etag;
+proxy_http_version 1.1;
+proxy_set_header Connection keep-alive;
+proxy_max_temp_file_size 0;
+access_log off;
+proxy_pass http://unix:/var/run/ytproxy/http-proxy.sock;
+
+