From 4b0a0e583d10e369caa4dc7547f6260984876837 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Oct 2022 05:07:56 -0400 Subject: [PATCH] Migrate to 0x0 upstream, SearXNG, BreezeWiki subdomains, several parity fixes, /blog, stupid --- common/0x0.conf | 15 +++++++-------- common/guac.conf | 2 ++ common/searxng.conf | 23 +++++++++++++++-------- common/website.conf | 3 ++- sites-available/0x0.conf | 4 ++++ sites-available/breezewiki.conf | 8 +++++++- sites-available/searxng.conf | 16 ---------------- sites-available/user.vern.cc.conf | 18 ++++++++++++++++++ sites-available/website.conf | 14 +++++++++++++- snippets/user.vern.conf | 16 ++++++++-------- 10 files changed, 76 insertions(+), 43 deletions(-) diff --git a/common/0x0.conf b/common/0x0.conf index 3db6716..95c43e9 100644 --- a/common/0x0.conf +++ b/common/0x0.conf @@ -1,16 +1,15 @@ add_header Onion-Location http://0.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; client_max_body_size 1024M; root /home/0x0/0x0; - location / { - include uwsgi_params; - uwsgi_param UWSGI_SCHEME $scheme; - - # make sure this matches the port you're running uwsgi on - uwsgi_pass 127.0.0.1:3031; - autoindex on; + proxy_pass http://localhost:3031/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto http; + proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; + ssi on; } - location /up { internal; } diff --git a/common/guac.conf b/common/guac.conf index 13b49fa..b644413 100644 --- a/common/guac.conf +++ b/common/guac.conf @@ -1,3 +1,5 @@ +add_header Onion-Location http://gc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; + location / { proxy_pass http://127.0.0.1:8085/guacamole/; proxy_buffering off; diff --git a/common/searxng.conf b/common/searxng.conf index c7caf26..3747606 100644 --- a/common/searxng.conf +++ b/common/searxng.conf @@ -1,11 +1,18 @@ add_header Onion-Location http://searx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; - location / { - proxy_pass http://localhost:8090/; - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; + + uwsgi_pass 192.168.122.53:5003; + + include uwsgi_params; + + uwsgi_param HTTP_HOST $host; + uwsgi_param HTTP_CONNECTION $http_connection; + + # see flaskfix.py + uwsgi_param HTTP_X_SCHEME $scheme; + uwsgi_param HTTP_X_SCRIPT_NAME /searxng; + + # see limiter.py + uwsgi_param HTTP_X_REAL_IP $remote_addr; + uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for; } diff --git a/common/website.conf b/common/website.conf index 684c563..5ce6b83 100644 --- a/common/website.conf +++ b/common/website.conf @@ -24,6 +24,7 @@ location / { location ~* \.(jpg|jpeg|png|gif|ico)$ { expires 30d; } + location /dom-tor { return 200 "vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion"; } @@ -89,7 +90,7 @@ location ~ ^/(~|u/)(?[\w-]+)(?/.*)?$ { if (!-d /sshfs/home/$user/public_html) { - return 307 https://vern.cc/; + return 307 /; } } diff --git a/sites-available/0x0.conf b/sites-available/0x0.conf index a9d1056..b021763 100644 --- a/sites-available/0x0.conf +++ b/sites-available/0x0.conf @@ -19,6 +19,8 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; + listen 80; + listen [::]:80; server_name 0.vern.cc; include snippets/lets-encrypt.conf; @@ -30,6 +32,8 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; + listen 80; + listen [::]:80; server_name vern0.me; ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem; diff --git a/sites-available/breezewiki.conf b/sites-available/breezewiki.conf index c718ef7..1e98169 100644 --- a/sites-available/breezewiki.conf +++ b/sites-available/breezewiki.conf @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name bw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion breezewiki.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion fandom.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; + server_name bw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion breezewiki.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion fandom.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion *.bw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion *.breezewiki.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion *.fandom.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; include common/breezewiki.conf; } @@ -25,6 +25,12 @@ server { include common/breezewiki.conf; } +server { + listen 80; + listen [::]:80; + server_name *.bw.vern.cc *.fandom.vern.cc *.breezewiki.vern.cc; + include common/breezewiki.conf; +} server { listen 80; listen [::]:80; diff --git a/sites-available/searxng.conf b/sites-available/searxng.conf index cb9bdbf..d9ababc 100644 --- a/sites-available/searxng.conf +++ b/sites-available/searxng.conf @@ -6,19 +6,3 @@ server { include common/searxng.conf; } - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - include snippets/lets-encrypt.conf; - include snippets/headers.conf; - server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc; - include common/searxng.conf; -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; - server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc; -} diff --git a/sites-available/user.vern.cc.conf b/sites-available/user.vern.cc.conf index 9d6aadc..728d4b9 100644 --- a/sites-available/user.vern.cc.conf +++ b/sites-available/user.vern.cc.conf @@ -5,6 +5,15 @@ server { server_name ~^(?[^.]+)\.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad\.onion; include snippets/user.vern.conf; + + location / { + #try_files @socket =404; + try_files @socket $uri $uri/index.html $uri.html $uri/ @extensionless-php; + if (!-d /vm/$user/public_html) { + return 307 http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/; + } + autoindex on; + } } server { @@ -14,6 +23,15 @@ server { include snippets/lets-encrypt.conf; include snippets/user.vern.conf; + + location / { + #try_files @socket =404; + try_files @socket $uri $uri/index.html $uri.html $uri/ @extensionless-php; + if (!-d /vm/$user/public_html) { + return 307 https://vern.cc/; + } + autoindex on; + } } server { diff --git a/sites-available/website.conf b/sites-available/website.conf index 55fd788..65d33f1 100644 --- a/sites-available/website.conf +++ b/sites-available/website.conf @@ -130,8 +130,20 @@ server { server { listen 80; listen [::]:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + include snippets/lets-encrypt.conf; + server_name stupid.vern.cc; + return 301 https://aryak.vern.cc$request_uri; +} +server { + listen 80; + listen [::]:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + include snippets/lets-encrypt.conf; + server_name blog.vern.cc; return 301 https://vern.cc/blog$request_uri; - server_name blog.vern.cc; } server { server_name blog.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; diff --git a/snippets/user.vern.conf b/snippets/user.vern.conf index 6a5c674..6455384 100644 --- a/snippets/user.vern.conf +++ b/snippets/user.vern.conf @@ -34,14 +34,14 @@ location ~ (\.cgi|\.py|\.sh|\.pl|\.lua|\/cgi-bin)$ { autoindex on; autoindex_exact_size off; -location / { - #try_files @socket =404; - try_files @socket $uri $uri/index.html $uri.html $uri/ @extensionless-php; - if (!-d /vm/$user/public_html) { - return 307 https://vern.cc/; - } - autoindex on; -} +#location / { +# #try_files @socket =404; +# try_files @socket $uri $uri/index.html $uri.html $uri/ @extensionless-php; +# if (!-d /vm/$user/public_html) { +# return 307 https://vern.cc/; +# } +# autoindex on; +#} location /media { autoindex on;