From 72ad3ea81fb91794602f59b73fe8a0d150b22f46 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 20 Nov 2023 07:03:34 +0000 Subject: [PATCH] we're barack --- common/0x0.conf | 3 + common/agreper.conf | 10 -- common/akkoma.conf | 3 + common/anonymousoverflow.conf | 3 + common/bbs.conf | 6 +- common/beatbump.conf | 3 + common/biblioreads.conf | 3 + common/binternet.conf | 3 + common/bloat.conf | 3 + common/breezewiki.conf | 3 + common/cinny.conf | 3 + common/conversejs.conf | 3 + common/cryptpad-darknet.conf | 3 + common/destructables.conf | 3 + common/dokuwiki.conf | 3 + common/dumb.conf | 3 + common/etherpad.conf | 11 -- common/federationtester.conf | 3 + common/fluffychat.conf | 3 + common/freshrss.conf | 4 +- common/ftelnet.conf | 3 + common/gitea.conf | 3 + common/gnunet.conf | 3 + common/gopherproxy.conf | 5 +- common/gothub.conf | 3 + common/gts.conf | 3 + common/guac.conf | 3 + common/hat.conf | 3 + common/hckrnws.conf | 3 + common/hedgedoc.conf | 3 + common/hydrogen.conf | 3 + common/hyperpipe-api.conf | 3 + common/hyperpipe.conf | 3 + common/icecast.conf | 3 + common/invidious.conf | 3 + common/jellyfin.conf | 3 + common/lab.conf | 3 + common/libmedium.conf | 5 +- common/librarian.conf | 5 +- common/libreddit.conf | 3 + common/libremdb.conf | 3 + common/libretranslate.conf | 3 + common/librex.conf | 3 + common/lists.conf | 3 + common/littlelink.conf | 3 + common/mail.conf | 5 +- common/mastodon.conf | 53 --------- common/matrix-static.conf | 3 + common/matrix-sydent.conf | 3 + common/matrixto.conf | 3 + common/miniflux.conf | 3 + common/mirror.conf | 3 + common/morss.conf | 3 + common/mumble.conf | 3 + common/neuters.conf | 5 +- common/nextcloud.conf | 3 + common/nitter.conf | 5 +- common/ntfy.conf | 3 + common/owncast.conf | 3 + common/peertube.conf | 3 + common/penpot.conf | 3 + common/pgp.conf | 3 + common/piped.conf | 3 + common/privatebin.conf | 3 + common/proxigram.conf | 15 +++ common/proxitok.conf | 3 + common/quetre.conf | 5 +- common/rimgo.conf | 6 +- common/riot.conf | 3 + common/roundcube.conf | 3 + common/rssbridge.conf | 3 + common/ruraldict.conf | 3 + common/safetwitch-backend.conf | 3 + common/safetwitch.conf | 5 +- common/scribe.conf | 3 + common/searxng.conf | 3 + common/simpleamazon.conf | 5 +- common/simpleertube.conf | 3 + common/simplelogin.conf | 4 +- common/simplytranslate.conf | 3 + common/speedtest.conf | 3 + common/spyda.conf | 3 + common/srht.conf | 3 + common/suds.conf | 3 + common/teddit.conf | 3 + common/tent.conf | 3 + common/tmate.conf | 3 + common/torproject.conf | 3 + common/usersites-socket.conf | 3 + common/usersites.conf | 4 + common/vaultwarden.conf | 3 + common/vikunja.conf | 26 ----- common/vnu.conf | 3 + common/website.conf | 16 +-- common/whoogle.conf | 5 +- common/wikiless.conf | 5 +- common/woodpeckerci.conf | 3 + common/yacy.conf | 3 + common/yarn.conf | 14 --- common/znc.conf | 3 + conf.d/agreper.conf | 32 ------ conf.d/checkstatus.conf | 20 +++- conf.d/etherpad.conf | 31 ----- conf.d/mastodon.conf | 52 --------- conf.d/matrix.conf.cobrafuckedupsomestuff | 131 ---------------------- conf.d/proxigram.conf | 32 ++++++ conf.d/safetwitch-backend.conf | 4 + conf.d/safetwitch.conf | 2 + conf.d/vikunja.conf | 31 ----- conf.d/{00website.conf => website.conf} | 10 +- conf.d/yarn.conf | 32 ------ mime.types.dpkg-dist | 96 ++++++++++++++++ nginx.conf | 7 +- nginx.conf.dpkg-dist | 83 ++++++++++++++ useragent.rules | 12 ++ 115 files changed, 565 insertions(+), 465 deletions(-) delete mode 100644 common/agreper.conf delete mode 100644 common/etherpad.conf delete mode 100644 common/mastodon.conf create mode 100644 common/proxigram.conf delete mode 100644 common/vikunja.conf delete mode 100644 common/yarn.conf delete mode 100644 conf.d/agreper.conf delete mode 100644 conf.d/etherpad.conf delete mode 100644 conf.d/mastodon.conf delete mode 100644 conf.d/matrix.conf.cobrafuckedupsomestuff create mode 100644 conf.d/proxigram.conf delete mode 100644 conf.d/vikunja.conf rename conf.d/{00website.conf => website.conf} (96%) delete mode 100644 conf.d/yarn.conf create mode 100644 mime.types.dpkg-dist create mode 100644 nginx.conf.dpkg-dist create mode 100644 useragent.rules diff --git a/common/0x0.conf b/common/0x0.conf index a642104..8376bac 100644 --- a/common/0x0.conf +++ b/common/0x0.conf @@ -14,3 +14,6 @@ location / { location /up { internal; } +if ($badagent) { + return 403; +} diff --git a/common/agreper.conf b/common/agreper.conf deleted file mode 100644 index 0251f6b..0000000 --- a/common/agreper.conf +++ /dev/null @@ -1,10 +0,0 @@ -add_header Onion-Location http://ag.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; -add_header X-I2P-Location http://vern6xwzdgt2l7jhgl5dyv6cqjfhd2fnbgbm7i7cd6ssfboqra5a.b32.i2p$request_uri; - -location / { - proxy_pass http://127.0.0.1:8007/; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; -} diff --git a/common/akkoma.conf b/common/akkoma.conf index ab5bf7c..ffadbf2 100644 --- a/common/akkoma.conf +++ b/common/akkoma.conf @@ -25,3 +25,6 @@ location ~ ^/(media|proxy) { chunked_transfer_encoding on; proxy_pass http://phoenix; } +if ($badagent) { + return 403; +} diff --git a/common/anonymousoverflow.conf b/common/anonymousoverflow.conf index b4240b8..4e775e1 100644 --- a/common/anonymousoverflow.conf +++ b/common/anonymousoverflow.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/bbs.conf b/common/bbs.conf index 6ea3494..0fe8c3a 100644 --- a/common/bbs.conf +++ b/common/bbs.conf @@ -1,8 +1,5 @@ add_header Onion-Location http://vern5pgpfjdplnz7yhqazesx62hrx6r6i4xvv4kjshwefwikkjjuvwad.onion$request_uri; add_header X-I2P-Location http://vern6wnypbds4y6zdht5j4ruufbtb4zlcm3baez5w72wjtgiw6ea.b32.i2p$request_uri; -#access_log off; -access_log /var/log/nginx/access.log; -error_log /var/log/nginx/error.log crit; location / { proxy_pass http://10.0.3.223:80/; @@ -11,3 +8,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/beatbump.conf b/common/beatbump.conf index f51948d..e438de1 100644 --- a/common/beatbump.conf +++ b/common/beatbump.conf @@ -10,3 +10,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/biblioreads.conf b/common/biblioreads.conf index 380e447..39052ba 100644 --- a/common/biblioreads.conf +++ b/common/biblioreads.conf @@ -8,3 +8,6 @@ location / { # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/binternet.conf b/common/binternet.conf index 6f9772d..25143d9 100644 --- a/common/binternet.conf +++ b/common/binternet.conf @@ -9,3 +9,6 @@ location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/snippets/fastcgi.conf; } +if ($badagent) { + return 403; +} diff --git a/common/bloat.conf b/common/bloat.conf index d9c4f9e..f873282 100644 --- a/common/bloat.conf +++ b/common/bloat.conf @@ -7,3 +7,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/breezewiki.conf b/common/breezewiki.conf index 5a7ba22..e5cace6 100644 --- a/common/breezewiki.conf +++ b/common/breezewiki.conf @@ -10,3 +10,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/cinny.conf b/common/cinny.conf index dbf6d53..abe1ab0 100644 --- a/common/cinny.conf +++ b/common/cinny.conf @@ -21,3 +21,6 @@ location /config { # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; +if ($badagent) { + return 403; +} diff --git a/common/conversejs.conf b/common/conversejs.conf index 1a65367..ebb268d 100644 --- a/common/conversejs.conf +++ b/common/conversejs.conf @@ -7,3 +7,6 @@ index index.html index.htm; location / { try_files $uri $uri/ /index.html; } +if ($badagent) { + return 403; +} diff --git a/common/cryptpad-darknet.conf b/common/cryptpad-darknet.conf index 8a1fe6e..2ceb91d 100644 --- a/common/cryptpad-darknet.conf +++ b/common/cryptpad-darknet.conf @@ -7,3 +7,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/destructables.conf b/common/destructables.conf index 7724ec6..87bbf21 100644 --- a/common/destructables.conf +++ b/common/destructables.conf @@ -26,3 +26,6 @@ location /contest/archive/ { proxy_set_header X-Forwarded-Proto $scheme; proxy_cache ds-archive; } +if ($badagent) { + return 403; +} diff --git a/common/dokuwiki.conf b/common/dokuwiki.conf index f0510d2..230bf5e 100644 --- a/common/dokuwiki.conf +++ b/common/dokuwiki.conf @@ -3,3 +3,6 @@ add_header X-I2P-Location http://vernknid6kpyzaghegtnypzxe2nx643zrfc4jivh2tlna5m root /sshfs/websiteupdate/wiki/output; index index.html; +if ($badagent) { + return 403; +} diff --git a/common/dumb.conf b/common/dumb.conf index f896478..bfb2b28 100644 --- a/common/dumb.conf +++ b/common/dumb.conf @@ -8,3 +8,6 @@ location / { # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/etherpad.conf b/common/etherpad.conf deleted file mode 100644 index 26e67da..0000000 --- a/common/etherpad.conf +++ /dev/null @@ -1,11 +0,0 @@ -location / { - proxy_pass http://127.0.0.1:8057; - proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf - proxy_set_header Host $host; - proxy_pass_header Server; - proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used - proxy_http_version 1.1; # recommended with keepalive connections - # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; -} diff --git a/common/federationtester.conf b/common/federationtester.conf index af2bf00..3e90453 100644 --- a/common/federationtester.conf +++ b/common/federationtester.conf @@ -10,3 +10,6 @@ location / { } root /home/fed-tester/fed-tester-ui/build; +if ($badagent) { + return 403; +} diff --git a/common/fluffychat.conf b/common/fluffychat.conf index 090f2ce..ce4c6f6 100644 --- a/common/fluffychat.conf +++ b/common/fluffychat.conf @@ -21,3 +21,6 @@ location /config { # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; +if ($badagent) { + return 403; +} diff --git a/common/freshrss.conf b/common/freshrss.conf index ce48fba..3f9e3b4 100644 --- a/common/freshrss.conf +++ b/common/freshrss.conf @@ -4,7 +4,6 @@ add_header X-I2P-Location http://vern5vicrpk2n4knr3c2qfyu5g4cjiwiulqa4txrriske7v root /var/www/freshrss/p/; index index.php index.html index.htm; # nginx log files -access_log /var/log/nginx/rss.access.log; error_log /var/log/nginx/rss.error.log; # php files handling # this regex is mandatory because of the API @@ -26,3 +25,6 @@ location / { } +if ($badagent) { + return 403; +} diff --git a/common/ftelnet.conf b/common/ftelnet.conf index 5baae24..9b08298 100644 --- a/common/ftelnet.conf +++ b/common/ftelnet.conf @@ -6,3 +6,6 @@ root /var/www/ftelnet/release; location / { index index.html; } +if ($badagent) { + return 403; +} diff --git a/common/gitea.conf b/common/gitea.conf index bd9fd1d..072a6f0 100644 --- a/common/gitea.conf +++ b/common/gitea.conf @@ -12,3 +12,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/gnunet.conf b/common/gnunet.conf index d2d39ef..1b5994d 100644 --- a/common/gnunet.conf +++ b/common/gnunet.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/gopherproxy.conf b/common/gopherproxy.conf index e4a4835..d3fcd03 100644 --- a/common/gopherproxy.conf +++ b/common/gopherproxy.conf @@ -1,8 +1,6 @@ add_header Onion-Location http://gp.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernpl3z5syo5sblwnna2v4ktdwjmdotbta4346zekfi64is7idq.b32.i2p$request_uri; -#access_log off; -access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log crit; location / { @@ -12,3 +10,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/gothub.conf b/common/gothub.conf index 1237611..6be9397 100644 --- a/common/gothub.conf +++ b/common/gothub.conf @@ -7,3 +7,6 @@ error_log /var/log/nginx/error.log crit; location / { return 301 https://vern.cc/blog/odyssey.html; } +if ($badagent) { + return 403; +} diff --git a/common/gts.conf b/common/gts.conf index 50a9ef5..d851f5e 100644 --- a/common/gts.conf +++ b/common/gts.conf @@ -11,3 +11,6 @@ location / { } client_max_body_size 40M; +if ($badagent) { + return 403; +} diff --git a/common/guac.conf b/common/guac.conf index 2b40494..9781a3a 100644 --- a/common/guac.conf +++ b/common/guac.conf @@ -9,3 +9,6 @@ location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } +if ($badagent) { + return 403; +} diff --git a/common/hat.conf b/common/hat.conf index 816dbf8..399f61c 100644 --- a/common/hat.conf +++ b/common/hat.conf @@ -9,3 +9,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/hckrnws.conf b/common/hckrnws.conf index a6ac4c5..686ee66 100644 --- a/common/hckrnws.conf +++ b/common/hckrnws.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/hedgedoc.conf b/common/hedgedoc.conf index f396c38..fb5c3ab 100644 --- a/common/hedgedoc.conf +++ b/common/hedgedoc.conf @@ -18,3 +18,6 @@ location /socket.io/ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } +if ($badagent) { + return 403; +} diff --git a/common/hydrogen.conf b/common/hydrogen.conf index db1442e..034dbfe 100644 --- a/common/hydrogen.conf +++ b/common/hydrogen.conf @@ -21,3 +21,6 @@ location /config { # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; +if ($badagent) { + return 403; +} diff --git a/common/hyperpipe-api.conf b/common/hyperpipe-api.conf index 15703b1..e00212c 100644 --- a/common/hyperpipe-api.conf +++ b/common/hyperpipe-api.conf @@ -7,3 +7,6 @@ location / { proxy_set_header Host $host; proxy_hide_header Access-Control-Allow-Origin; } +if ($badagent) { + return 403; +} diff --git a/common/hyperpipe.conf b/common/hyperpipe.conf index 41d5dc2..1030e44 100644 --- a/common/hyperpipe.conf +++ b/common/hyperpipe.conf @@ -4,3 +4,6 @@ add_header X-I2P-Location http://vern2dwmqcksmq3oe5kynqc6gy4btviaimqhr55kg6zedjc location / { root /privfrontend/home/hyperpipe/Hyperpipe/dist; } +if ($badagent) { + return 403; +} diff --git a/common/icecast.conf b/common/icecast.conf index a2ffd81..4549565 100644 --- a/common/icecast.conf +++ b/common/icecast.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/invidious.conf b/common/invidious.conf index a1bb866..a4bd303 100644 --- a/common/invidious.conf +++ b/common/invidious.conf @@ -12,3 +12,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/jellyfin.conf b/common/jellyfin.conf index 73f25ba..ced8080 100644 --- a/common/jellyfin.conf +++ b/common/jellyfin.conf @@ -28,3 +28,6 @@ location /socket { proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; } +if ($badagent) { + return 403; +} diff --git a/common/lab.conf b/common/lab.conf index f13512f..42d165b 100644 --- a/common/lab.conf +++ b/common/lab.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/libmedium.conf b/common/libmedium.conf index e9185ed..590cba1 100644 --- a/common/libmedium.conf +++ b/common/libmedium.conf @@ -4,9 +4,12 @@ add_header X-I2P-Location http://vernaqj2qr2pijpgvf3od6ssc3ulz3nv52gwr3hba5l6hum subs_filter md.vern.cc $host; location / { - proxy_pass http://10.0.3.57:6543/; + proxy_pass http://127.0.0.1:6543/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/librarian.conf b/common/librarian.conf index 805f6ac..6b98910 100644 --- a/common/librarian.conf +++ b/common/librarian.conf @@ -1,8 +1,6 @@ add_header Onion-Location http://lbry.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernb4mvgeej5kawfg3tm337sbihdf4i6oy7w4trirgsnaq67zva.b32.i2p$request_uri; -#access_log off; -access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log crit; location / { @@ -12,3 +10,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/libreddit.conf b/common/libreddit.conf index c75c9d4..126d527 100644 --- a/common/libreddit.conf +++ b/common/libreddit.conf @@ -10,3 +10,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/libremdb.conf b/common/libremdb.conf index 4759a7b..d9ef1b5 100644 --- a/common/libremdb.conf +++ b/common/libremdb.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/libretranslate.conf b/common/libretranslate.conf index 352494d..fdbae98 100644 --- a/common/libretranslate.conf +++ b/common/libretranslate.conf @@ -7,3 +7,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/librex.conf b/common/librex.conf index 0f0bd19..694dc76 100644 --- a/common/librex.conf +++ b/common/librex.conf @@ -16,3 +16,6 @@ location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/snippets/fastcgi.conf; } +if ($badagent) { + return 403; +} diff --git a/common/lists.conf b/common/lists.conf index 494507d..d3cf195 100644 --- a/common/lists.conf +++ b/common/lists.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/littlelink.conf b/common/littlelink.conf index 47bd263..4d7b068 100644 --- a/common/littlelink.conf +++ b/common/littlelink.conf @@ -30,3 +30,6 @@ location ~ \.env$ { deny all; } location ~ /\.htaccess { allow all; } +if ($badagent) { + return 403; +} diff --git a/common/mail.conf b/common/mail.conf index cc0116e..33191c5 100644 --- a/common/mail.conf +++ b/common/mail.conf @@ -5,7 +5,7 @@ root /srv/modoboa/instance; client_max_body_size 10M; -access_log /var/log/nginx/mail.vern.cc-access.log; +access_log /var/log/nginx/mail.vern.cc-access.log main; error_log /var/log/nginx/mail.vern.cc-error.log; location /sitestatic/ { @@ -51,3 +51,6 @@ location /radicale/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Authorization; } +if ($badagent) { + return 403; +} diff --git a/common/mastodon.conf b/common/mastodon.conf deleted file mode 100644 index 56a820e..0000000 --- a/common/mastodon.conf +++ /dev/null @@ -1,53 +0,0 @@ -add_header Onion-Location http://fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; -add_header X-I2P-Location http://verncc3ifybf2wvag5sgjmpsdp4lcv3ppuvpnlihcgffuqytkaxa.b32.i2p$request_uri; - -keepalive_timeout 70; -sendfile on; -client_max_body_size 80m; - -root /home/mastodon/live/public; -error_log /var/log/nginx/mastodon.err; - -gzip on; -gzip_disable "msie6"; -gzip_vary on; -gzip_proxied any; -gzip_comp_level 6; -gzip_buffers 16 8k; -gzip_http_version 1.1; -gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon; - -#add_header Strict-Transport-Security "max-age=31536000" always; - -location / { - try_files $uri @proxy; -} - -location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - add_header Cache-Control "public, max-age=31536000, immutable"; - try_files $uri @proxy; -} - -location /sw.js { - add_header Cache-Control "public, max-age=0"; - try_files $uri @proxy; -} - -location @proxy { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Proxy ""; - proxy_pass_header Server; - - proxy_pass http://backend; - proxy_buffering on; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_cache CACHE; - proxy_cache_valid 200 7d; - proxy_cache_valid 410 24h; -} diff --git a/common/matrix-static.conf b/common/matrix-static.conf index fa4006c..32df557 100644 --- a/common/matrix-static.conf +++ b/common/matrix-static.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/matrix-sydent.conf b/common/matrix-sydent.conf index 18e28d0..40e2582 100644 --- a/common/matrix-sydent.conf +++ b/common/matrix-sydent.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/matrixto.conf b/common/matrixto.conf index 5cd0da2..ce029c0 100644 --- a/common/matrixto.conf +++ b/common/matrixto.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/miniflux.conf b/common/miniflux.conf index 22ce05c..14ed055 100644 --- a/common/miniflux.conf +++ b/common/miniflux.conf @@ -9,3 +9,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/mirror.conf b/common/mirror.conf index 6f35def..919ef13 100644 --- a/common/mirror.conf +++ b/common/mirror.conf @@ -32,3 +32,6 @@ location /gnu { subs_filter "body,html {background:#fff;font-family:\"Bitstream Vera Sans\",\"Lucida Grande\",\"Lucida Sans Unicode\",Lucidux,Verdana,Lucida,sans-serif;}tr:nth-child(even) {background:#f4f4f4;}th,td {padding:0.1em 0.5em;}th {text-align:left;font-weight:bold;background:#eee;border-bottom:1px solid #aaa;}#list {border:1px solid #aaa;width:100%;}a {color:#a33;}a:hover {color:#e33;}" ""; } +if ($badagent) { + return 403; +} diff --git a/common/morss.conf b/common/morss.conf index ff84fbf..a10b4e4 100644 --- a/common/morss.conf +++ b/common/morss.conf @@ -6,3 +6,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/mumble.conf b/common/mumble.conf index c418a1a..8feff8e 100644 --- a/common/mumble.conf +++ b/common/mumble.conf @@ -11,3 +11,6 @@ location /vern { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } +if ($badagent) { + return 403; +} diff --git a/common/neuters.conf b/common/neuters.conf index c32633f..9229ae5 100644 --- a/common/neuters.conf +++ b/common/neuters.conf @@ -2,9 +2,12 @@ add_header Onion-Location http://nu.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajh add_header X-I2P-Location http://vernkhr6duyh3tvrh7erkrwpwbqpztulwizzr2ma4ivvmr3xbdga.b32.i2p$request_uri; location / { - proxy_pass http://10.0.3.57:13370/; + proxy_pass http://10.0.3.57:13369/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/nextcloud.conf b/common/nextcloud.conf index 2c903a7..08c3567 100644 --- a/common/nextcloud.conf +++ b/common/nextcloud.conf @@ -144,3 +144,6 @@ location /remote { location / { try_files $uri $uri/ /index.php$request_uri; } +if ($badagent) { + return 403; +} diff --git a/common/nitter.conf b/common/nitter.conf index 5fbe01a..8e1a954 100644 --- a/common/nitter.conf +++ b/common/nitter.conf @@ -4,9 +4,12 @@ add_header X-I2P-Location http://vernzdedoxuflrrxc4vbatbkpjh4k22ecgiqgimdiif62on error_log off; location / { - proxy_pass http://10.0.3.57:5744/; + proxy_pass http://127.0.0.1:5744/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/ntfy.conf b/common/ntfy.conf index d5091f2..d7de442 100644 --- a/common/ntfy.conf +++ b/common/ntfy.conf @@ -16,3 +16,6 @@ location / { proxy_read_timeout 3m; client_max_body_size 20m; # Must be >= attachment-file-size-limit in /etc/ntfy/server.yml } +if ($badagent) { + return 403; +} diff --git a/common/owncast.conf b/common/owncast.conf index f2e6a0d..89805b3 100644 --- a/common/owncast.conf +++ b/common/owncast.conf @@ -13,3 +13,6 @@ location / { proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:5394; } +if ($badagent) { + return 403; +} diff --git a/common/peertube.conf b/common/peertube.conf index 62d3c00..0119817 100644 --- a/common/peertube.conf +++ b/common/peertube.conf @@ -191,3 +191,6 @@ location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { try_files $uri @api; } +if ($badagent) { + return 403; +} diff --git a/common/penpot.conf b/common/penpot.conf index 86d6f87..f330675 100644 --- a/common/penpot.conf +++ b/common/penpot.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/pgp.conf b/common/pgp.conf index 588b3ae..f4e2edd 100644 --- a/common/pgp.conf +++ b/common/pgp.conf @@ -2,3 +2,6 @@ add_header Onion-Location http://pgp.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kaj add_header X-I2P-Location http://vernqfnkg7oybcbrr6roinm64wkd6goetv4funbqjgtddmsexo7q.b32.i2p$request_uri; root /var/www/pgp; index index.html index.htm; +if ($badagent) { + return 403; +} diff --git a/common/piped.conf b/common/piped.conf index 50a0953..0922bc9 100644 --- a/common/piped.conf +++ b/common/piped.conf @@ -10,3 +10,6 @@ if ($http_user_agent = "FeedFetcher-Google; (+http://www.google.com/feedfetcher. return 403; } +if ($badagent) { + return 403; +} diff --git a/common/privatebin.conf b/common/privatebin.conf index d574e25..501a3ec 100644 --- a/common/privatebin.conf +++ b/common/privatebin.conf @@ -14,3 +14,6 @@ location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/snippets/fastcgi.conf; } +if ($badagent) { + return 403; +} diff --git a/common/proxigram.conf b/common/proxigram.conf new file mode 100644 index 0000000..c1c8ae7 --- /dev/null +++ b/common/proxigram.conf @@ -0,0 +1,15 @@ +add_header Onion-Location http://ig.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; +add_header X-I2P-Location http://vernatajdc43yxqrtgyhpynuxxksiwrcayqk7xdflkuqss2f4soa.b32.i2p$request_uri; + +recursive_error_pages on; + +location / { + proxy_pass http://10.0.3.57:3445; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; +} +if ($badagent) { + return 403; +} diff --git a/common/proxitok.conf b/common/proxitok.conf index 563ff4d..ed77e59 100644 --- a/common/proxitok.conf +++ b/common/proxitok.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/quetre.conf b/common/quetre.conf index f115b16..7d1ac1c 100644 --- a/common/quetre.conf +++ b/common/quetre.conf @@ -1,8 +1,6 @@ add_header Onion-Location http://qr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernnflenvsqccuanaun7yydnmturi4jkyxlyzhn6ultpje66c3q.b32.i2p$request_uri; -access_log /var/log/nginx/quetre-access.log; - location / { # proxy_pass http://10.0.3.57:5068/; proxy_pass http://crescent.vern.cc:5068/; @@ -16,3 +14,6 @@ location / { if ($http_user_agent = "Mozilla/5.0 (compatible; Farside/0.1.0; +https://farside.link)") { return 403; } +if ($badagent) { + return 403; +} diff --git a/common/rimgo.conf b/common/rimgo.conf index 4aa0519..6b31b7a 100644 --- a/common/rimgo.conf +++ b/common/rimgo.conf @@ -1,9 +1,6 @@ -access_log /var/log/nginx/access.log; add_header Onion-Location http://rg.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernu3bfx2rvpuaccs5q27yncv6srdijkan6ixbkvyc2lsbrslxq.b32.i2p$request_uri; -#access_log off; -access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log crit; subs_filter rimgo.vern.cc $host; @@ -15,3 +12,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/riot.conf b/common/riot.conf index 33e9e5d..fa4cab8 100644 --- a/common/riot.conf +++ b/common/riot.conf @@ -21,3 +21,6 @@ location /config { # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; +if ($badagent) { + return 403; +} diff --git a/common/roundcube.conf b/common/roundcube.conf index b89dd87..219d93f 100644 --- a/common/roundcube.conf +++ b/common/roundcube.conf @@ -22,3 +22,6 @@ location ~ \.php(?:$|/) { } +if ($badagent) { + return 403; +} diff --git a/common/rssbridge.conf b/common/rssbridge.conf index 1caafc6..026df72 100644 --- a/common/rssbridge.conf +++ b/common/rssbridge.conf @@ -14,3 +14,6 @@ location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/snippets/fastcgi.conf; } +if ($badagent) { + return 403; +} diff --git a/common/ruraldict.conf b/common/ruraldict.conf index 27fb8cb..da473af 100644 --- a/common/ruraldict.conf +++ b/common/ruraldict.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/safetwitch-backend.conf b/common/safetwitch-backend.conf index 3e72809..7f5ee63 100644 --- a/common/safetwitch-backend.conf +++ b/common/safetwitch-backend.conf @@ -9,3 +9,6 @@ location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/safetwitch.conf b/common/safetwitch.conf index 20c1d2d..6bc56ac 100644 --- a/common/safetwitch.conf +++ b/common/safetwitch.conf @@ -8,7 +8,7 @@ add_header X-Frame-Options "DENY"; add_header Clear-Site-Data "cookies"; add_header Referrer-Policy "no-referrer"; add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; -add_header Onion-Location http://sw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; +add_header Onion-Location http://ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p$request_uri; location / { @@ -16,3 +16,6 @@ location / { index index.html; try_files $uri $uri/ /index.html; } +if ($badagent) { + return 403; +} diff --git a/common/scribe.conf b/common/scribe.conf index 4495028..8defb23 100644 --- a/common/scribe.conf +++ b/common/scribe.conf @@ -11,3 +11,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/searxng.conf b/common/searxng.conf index ee2678d..9ffd841 100644 --- a/common/searxng.conf +++ b/common/searxng.conf @@ -17,3 +17,6 @@ location / { uwsgi_param HTTP_X_REAL_IP $remote_addr; uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for; } +if ($badagent) { + return 403; +} diff --git a/common/simpleamazon.conf b/common/simpleamazon.conf index 3f51b0b..fe69340 100644 --- a/common/simpleamazon.conf +++ b/common/simpleamazon.conf @@ -1,8 +1,6 @@ add_header Onion-Location http://az.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernlncxo4aswplv7naacpjvp5ts4uhrv4wbv3y4skufdbz763gq.b32.i2p$request_uri; -#access_log off; -access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log crit; location / { @@ -12,3 +10,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/simpleertube.conf b/common/simpleertube.conf index e4091f7..91db4ab 100644 --- a/common/simpleertube.conf +++ b/common/simpleertube.conf @@ -7,3 +7,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/simplelogin.conf b/common/simplelogin.conf index baf9c4c..4b2838d 100644 --- a/common/simplelogin.conf +++ b/common/simplelogin.conf @@ -1,7 +1,6 @@ add_header Onion-Location http://sl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://verndokks33kdmyo23qihg45lb4sinl6f6b34hc7be6754p3b4aa.b32.i2p$request_uri; #access_log off; -access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log crit; location / { @@ -11,3 +10,6 @@ location / { proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/simplytranslate.conf b/common/simplytranslate.conf index 53aa3dd..4af15bf 100644 --- a/common/simplytranslate.conf +++ b/common/simplytranslate.conf @@ -7,3 +7,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/speedtest.conf b/common/speedtest.conf index ea40091..a52d968 100644 --- a/common/speedtest.conf +++ b/common/speedtest.conf @@ -9,3 +9,6 @@ location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } +if ($badagent) { + return 403; +} diff --git a/common/spyda.conf b/common/spyda.conf index 9bfee2e..6340746 100644 --- a/common/spyda.conf +++ b/common/spyda.conf @@ -11,3 +11,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/srht.conf b/common/srht.conf index 7771f83..3614fee 100644 --- a/common/srht.conf +++ b/common/srht.conf @@ -5,3 +5,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/suds.conf b/common/suds.conf index fa7f2bc..cd8169e 100644 --- a/common/suds.conf +++ b/common/suds.conf @@ -17,3 +17,6 @@ location /proxy/ { proxy_set_header X-Forwarded-Proto $scheme; proxy_cache suds; } +if ($badagent) { + return 403; +} diff --git a/common/teddit.conf b/common/teddit.conf index 86dbe94..af98304 100644 --- a/common/teddit.conf +++ b/common/teddit.conf @@ -9,3 +9,6 @@ location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/tent.conf b/common/tent.conf index b3bdc63..133ad42 100644 --- a/common/tent.conf +++ b/common/tent.conf @@ -12,3 +12,6 @@ location ~ \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/snippets/fastcgi.conf; } +if ($badagent) { + return 403; +} diff --git a/common/tmate.conf b/common/tmate.conf index a5395b6..5358fde 100644 --- a/common/tmate.conf +++ b/common/tmate.conf @@ -6,3 +6,6 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; } +if ($badagent) { + return 403; +} diff --git a/common/torproject.conf b/common/torproject.conf index 825c8dc..987ec77 100644 --- a/common/torproject.conf +++ b/common/torproject.conf @@ -4,3 +4,6 @@ root /var/mirror/torproject.org; location / { autoindex on; } +if ($badagent) { + return 403; +} diff --git a/common/usersites-socket.conf b/common/usersites-socket.conf index 7122d7d..df5c0fb 100644 --- a/common/usersites-socket.conf +++ b/common/usersites-socket.conf @@ -13,3 +13,6 @@ location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } +if ($badagent) { + return 403; +} diff --git a/common/usersites.conf b/common/usersites.conf index 041ea3c..89fdd3d 100644 --- a/common/usersites.conf +++ b/common/usersites.conf @@ -25,6 +25,7 @@ location ~ (\.cgi|\.py|\.sh|\.pl|\.lua|\/cgi-bin)$ { autoindex on; autoindex_exact_size off; +charset utf-8; #location / { #try_files @socket =404; @@ -39,3 +40,6 @@ location /media { autoindex on; } +if ($badagent) { + return 403; +} diff --git a/common/vaultwarden.conf b/common/vaultwarden.conf index 10e43a9..7a383ee 100644 --- a/common/vaultwarden.conf +++ b/common/vaultwarden.conf @@ -36,3 +36,6 @@ location /admin { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8056; } +if ($badagent) { + return 403; +} diff --git a/common/vikunja.conf b/common/vikunja.conf deleted file mode 100644 index 76aa8e7..0000000 --- a/common/vikunja.conf +++ /dev/null @@ -1,26 +0,0 @@ -add_header Onion-Location http://todo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; -add_header X-I2P-Location http://verniioll6ezxh2ns3l2hbt76zlklmwqguomnjgg37olnmbhgodq.b32.i2p$request_uri; - -subs_filter "todo.vern.cc" "$host"; - -location / { - root /var/www/vikunja-frontend/dist; - try_files $uri $uri/ /; - index index.html index.htm; -} - -location ~* ^/(api|dav|\.well-known)/ { - proxy_pass http://127.0.0.1:3456; - client_max_body_size 20M; -} -gzip on; -gzip_disable "msie6"; - -gzip_vary on; -gzip_proxied any; -gzip_comp_level 6; -gzip_buffers 16 8k; -gzip_http_version 1.1; -gzip_min_length 256; -gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml; - diff --git a/common/vnu.conf b/common/vnu.conf index 9f56bf5..4af661c 100644 --- a/common/vnu.conf +++ b/common/vnu.conf @@ -6,3 +6,6 @@ location / { proxy_redirect off; proxy_set_header Host $host; } +if ($badagent) { + return 403; +} diff --git a/common/website.conf b/common/website.conf index 7cb382e..13d7e2f 100644 --- a/common/website.conf +++ b/common/website.conf @@ -1,7 +1,6 @@ add_header Onion-Location http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p$request_uri; root /var/www/website; -access_log /var/log/nginx/access.log; index index.html index.php; ssi on; gzip on; @@ -85,12 +84,12 @@ location /sitemap { error_page 404 /en/errors/404; error_page 503 /en/errors/503; } -location /status { - vhost_traffic_status_display; - vhost_traffic_status_display_format html; - auth_basic "Administrator Login"; - auth_basic_user_file /var/www/htpasswd; -} +#location /status { +# vhost_traffic_status_display; +# vhost_traffic_status_display_format html; +# auth_basic "Administrator Login"; +# auth_basic_user_file /var/www/htpasswd; +#} location ~^/[^u~].*\.(jpg|jpeg|png|gif|ico)$ { expires 30d; @@ -192,3 +191,6 @@ location ~ ^/(~|u/)(?[\w-]+)(?/.*)?$ { } } +if ($badagent) { + return 403; +} diff --git a/common/whoogle.conf b/common/whoogle.conf index 8a59ebf..36589b5 100644 --- a/common/whoogle.conf +++ b/common/whoogle.conf @@ -2,9 +2,12 @@ add_header Onion-Location http://wg.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajh add_header X-I2P-Location http://verneks7rfjptpz5fpii7n7nrxilsidi2qxepeuuf66c3tsf4nhq.b32.i2p$request_uri; location / { - proxy_pass http://10.0.3.57:5015/; + proxy_pass http://127.0.0.1:5015/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; # so Whoogle knows domain proxy_http_version 1.1; # to keep alive proxy_set_header Connection ""; # to keep alive } +if ($badagent) { + return 403; +} diff --git a/common/wikiless.conf b/common/wikiless.conf index 33981da..9329b5f 100644 --- a/common/wikiless.conf +++ b/common/wikiless.conf @@ -2,9 +2,12 @@ add_header Onion-Location http://wl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajh add_header X-I2P-Location http://vernesciy2defjsputrjrv6pa5ll6qzrckfffi5lgkumstdojyga.b32.i2p$request_uri; location / { - proxy_pass http://10.0.3.57:6629/; + proxy_pass http://127.0.0.1:6629/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/common/woodpeckerci.conf b/common/woodpeckerci.conf index 17eb822..d33742a 100644 --- a/common/woodpeckerci.conf +++ b/common/woodpeckerci.conf @@ -11,3 +11,6 @@ location / { proxy_buffering off; chunked_transfer_encoding off; } +if ($badagent) { + return 403; +} diff --git a/common/yacy.conf b/common/yacy.conf index 9fbd42a..942afcd 100644 --- a/common/yacy.conf +++ b/common/yacy.conf @@ -1,2 +1,5 @@ add_header Onion-Location http://yacy.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; add_header X-I2P-Location http://vernxiu4oiyb6t2impixu7kqot4irhdr3pzmgszbaxjbpwblapeq.b32.i2p$request_uri; +if ($badagent) { + return 403; +} diff --git a/common/yarn.conf b/common/yarn.conf deleted file mode 100644 index b1bc9ff..0000000 --- a/common/yarn.conf +++ /dev/null @@ -1,14 +0,0 @@ -add_header Onion-Location http://yn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; -add_header X-I2P-Location http://vernlebgbpxnln2oluosc4hrnjr7byg2e5pqiwi2phhwmudbhirq.b32.i2p$request_uri; - -subs_filter_types text/html text/css text/xml application/javascript text/plain; -subs_filter "yn.vern.cc" "$host"; - -location / { - proxy_pass http://127.0.0.1:8481/; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax"; -} diff --git a/common/znc.conf b/common/znc.conf index db91e9a..4d05288 100644 --- a/common/znc.conf +++ b/common/znc.conf @@ -8,3 +8,6 @@ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } +if ($badagent) { + return 403; +} diff --git a/conf.d/agreper.conf b/conf.d/agreper.conf deleted file mode 100644 index 20551d8..0000000 --- a/conf.d/agreper.conf +++ /dev/null @@ -1,32 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name ag.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion agreper.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion forum.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - include common/agreper.conf; -} - -server { - listen 11051; - listen [::]:11051; - - server_name vern6xwzdgt2l7jhgl5dyv6cqjfhd2fnbgbm7i7cd6ssfboqra5a.b32.i2p; - - include common/agreper.conf; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ag.vern.cc agreper.vern.cc forum.vern.cc; - include snippets/lets-encrypt.conf; - include common/agreper.conf; -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; - server_name ag.vern.cc agreper.vern.cc forum.vern.cc; -} diff --git a/conf.d/checkstatus.conf b/conf.d/checkstatus.conf index cccd7c3..530c378 100644 --- a/conf.d/checkstatus.conf +++ b/conf.d/checkstatus.conf @@ -5,14 +5,24 @@ server { include snippets/lets-encrypt.conf; root /var/www/checkstatus; - error_log off; - index index.html index.php index.cgi index.py index.sh index.pl index.lua; + error_log /var/log/checkstatus.err; + access_log /var/log/checkstatus.log; ssi on; -location ~ (\.cgi|\.py|\.sh|\.pl|\.lua|\/cgi-bin)$ { gzip off; - fastcgi_pass 127.0.0.1:5594; + include snippets/fastcgi.conf; + fastcgi_buffering off; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; -} + fastcgi_param REDIRECT_STATUS 0; + fastcgi_param NO_BUFFERING 1; + location /udp { + fastcgi_pass unix:/run/fcgiwrap/checkstatus-udp.socket; + } + location /onion { + fastcgi_pass unix:/run/fcgiwrap/checkstatus-onion.socket; + } + location /i2p { + fastcgi_pass unix:/run/fcgiwrap/checkstatus-i2p.socket; + } } diff --git a/conf.d/etherpad.conf b/conf.d/etherpad.conf deleted file mode 100644 index 3305f73..0000000 --- a/conf.d/etherpad.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name ep.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion etherpad.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - include common/etherpad.conf; -} - -server { - listen 11078; - listen [::]:11078; - - server_name vernbm2ykmrqpkhpygk3skotirppddevw3xpkzyyxbcsfqchb27q.b32.i2p; - - include common/etherpad.conf; -} -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ep.vern.cc etherpad.vern.cc; - include snippets/lets-encrypt.conf; - include common/etherpad.conf; -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; - server_name ep.vern.cc etherpad.vern.cc; -} diff --git a/conf.d/mastodon.conf b/conf.d/mastodon.conf deleted file mode 100644 index 025770f..0000000 --- a/conf.d/mastodon.conf +++ /dev/null @@ -1,52 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -upstream backend { - server 127.0.0.1:3999 fail_timeout=0; -} - -upstream streaming { - server 127.0.0.1:4000 fail_timeout=0; -} - -proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g; - -server { - listen 80; - listen [::]:80; - - server_name fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mastodon.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - include common/mastodon.conf; -} - -server { - listen 11007; - listen [::]:11007; - - server_name verncc3ifybf2wvag5sgjmpsdp4lcv3ppuvpnlihcgffuqytkaxa.b32.i2p; - - include common/mastodon.conf; -} - -server { - listen 80; - listen [::]:80; - - server_name fedi.vern.cc; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name fedi.vern.cc; - - if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS - include snippets/lets-encrypt.conf; - - include common/mastodon.conf; -} diff --git a/conf.d/matrix.conf.cobrafuckedupsomestuff b/conf.d/matrix.conf.cobrafuckedupsomestuff deleted file mode 100644 index a23de60..0000000 --- a/conf.d/matrix.conf.cobrafuckedupsomestuff +++ /dev/null @@ -1,131 +0,0 @@ -server { - listen 80; - listen [::]:80; - - listen 8449 default_server; - listen [::]:8449 default_server; - - server_name mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; - - subs_filter_types application/json; - subs_filter "{\"base_url\":\"https://mtrx.vern.cc/\"}" "{\"base_url\":\"http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/\"}"; - - location ~ ^(/_matrix|/_synapse/client) { - # note: do not add a path (even a single /) after the port in `proxy_pass`, - # otherwise nginx will canonicalise the URI and cause signature verification - # errors. - proxy_pass http://localhost:8008; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - - # Nginx by default only allows file uploads up to 1M in size - # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml - client_max_body_size 1024M; - } - ## well-known - location /.well-known/matrix/support { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}'; - } - - location /.well-known/matrix/server { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"m.server": "mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion:80"}'; - } - - location /.well-known/matrix/client { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"m.homeserver": {"base_url": "http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion"}, "m.identity_server": { "base_url": "https://id.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion" }}'; - } -} - -server { - listen 11043; - listen [::]:11043; - - listen 8450 default_server; - listen [::]:8450 default_server; - - server_name verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p; - - add_header Onion-Location http://mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri; - - subs_filter_types application/json; - subs_filter "{\"base_url\":\"https://mtrx.vern.cc/\"}" "{\"base_url\":\"http://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p/\"}"; - - location ~ ^(/_matrix|/_synapse/client) { - # note: do not add a path (even a single /) after the port in `proxy_pass`, - # otherwise nginx will canonicalise the URI and cause signature verification - # errors. - proxy_pass http://localhost:8008; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - - # Nginx by default only allows file uploads up to 1M in size - # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml - client_max_body_size 1024M; - } - ## well-known - location /.well-known/matrix/support { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}'; - } - - location /.well-known/matrix/server { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"m.server": "verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p:80"}'; - } - - location /.well-known/matrix/client { - add_header Access-Control-Allow-Origin '*' always; - add_header Content-Type application/json; - return 200 '{"m.homeserver": {"base_url": "http://verndnomc4cnte4aw7yrfpse33vrw2nlwoxozxmf77zqquk6ea7q.b32.i2p"}, "m.identity_server": { "base_url": "http://vern4l4bo3tzed7niopxkfijgbyod6vc7pmqrhice2mjvjfboqua.b32.i2p" }}'; - } -} - -server { - server_name stickers.vern.cc; - listen 443 ssl; - listen [::]:443 ssl; - - root /var/www/matrix; - index index.html; - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:8082; - } - - include snippets/lets-encrypt.conf; -} -server { - server_name dim.vern.cc; - listen 443 ssl; - listen [::]:443 ssl; - - root /var/www/matrix; - index index.html; - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:8184; - } - - include snippets/lets-encrypt.conf; -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; - server_name dim.vern.cc stickers.vern.cc; -} diff --git a/conf.d/proxigram.conf b/conf.d/proxigram.conf new file mode 100644 index 0000000..3d12e5d --- /dev/null +++ b/conf.d/proxigram.conf @@ -0,0 +1,32 @@ +server { + listen 80; + listen [::]:80; + + server_name ig.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion proxigram.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion instagram.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; + + include common/proxigram.conf; +} + +server { + listen 11110; + listen [::]:11110; + + server_name vernatajdc43yxqrtgyhpynuxxksiwrcayqk7xdflkuqss2f4soa.b32.i2p; + + include common/proxigram.conf; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ig.vern.cc proxigram.vern.cc instagram.vern.cc; + include snippets/lets-encrypt.conf; + include common/proxigram.conf; +} + +server { + listen 80; + listen [::]:80; + return 301 https://$host$request_uri; + server_name ig.vern.cc proxigram.vern.cc instagram.vern.cc; +} diff --git a/conf.d/safetwitch-backend.conf b/conf.d/safetwitch-backend.conf index 737a7e0..98df9ad 100644 --- a/conf.d/safetwitch-backend.conf +++ b/conf.d/safetwitch-backend.conf @@ -2,12 +2,16 @@ server { listen 80; listen [::]:80; server_name ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; + subs_filter ttvbackend.vern.cc ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; + subs_filter ttv.vern.cc ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; include common/safetwitch-backend.conf; } server { listen 11109; listen [::]:11109; + subs_filter ttvbackend.vern.cc vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p; + subs_filter ttv.vern.cc vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p; server_name vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p; include common/safetwitch-backend.conf; } diff --git a/conf.d/safetwitch.conf b/conf.d/safetwitch.conf index d4d8314..15e4916 100644 --- a/conf.d/safetwitch.conf +++ b/conf.d/safetwitch.conf @@ -3,6 +3,7 @@ server { listen [::]:80; server_name ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion safetwitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; subs_filter ttvbackend.vern.cc ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; + subs_filter ttv.vern.cc ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; include common/safetwitch.conf; } @@ -11,6 +12,7 @@ server { listen [::]:11108; server_name vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p; subs_filter ttvbackend.vern.cc vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p; + subs_filter ttv.vern.cc vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p; include common/safetwitch.conf; } diff --git a/conf.d/vikunja.conf b/conf.d/vikunja.conf deleted file mode 100644 index fdba7d1..0000000 --- a/conf.d/vikunja.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name vk.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion todo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - include common/vikunja.conf; -} - -server { - listen 11029; - listen [::]:11029; - - server_name verniioll6ezxh2ns3l2hbt76zlklmwqguomnjgg37olnmbhgodq.b32.i2p; - - include common/vikunja.conf; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name vk.vern.cc todo.vern.cc; - include snippets/lets-encrypt.conf; - include common/vikunja.conf; -} -server { - listen 80; - listen [::]:80; - server_name vk.vern.cc todo.vern.cc; - return 301 https://$host$request_uri; -} diff --git a/conf.d/00website.conf b/conf.d/website.conf similarity index 96% rename from conf.d/00website.conf rename to conf.d/website.conf index c67f1c9..15ee4ab 100644 --- a/conf.d/00website.conf +++ b/conf.d/website.conf @@ -82,8 +82,8 @@ server { } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; server_name www.vern.cc vern.cc; include snippets/lets-encrypt.conf; @@ -116,10 +116,10 @@ server { } server { - listen 80; - listen [::]:80; + listen 80 default_server; + listen [::]:80 default_server; return 301 https://$host$request_uri; -# return 200 "JgjvzV1cJEz0noDw0I597Euzm2vAu1Ibj_cAmGXKnt0.2r1q1Ilo1S8Gg4uYqfT96sAwG2utxR8e3gCk3tMFGWI"; +# return 200 "tkiaKXCHEXRUJdI_ThQYkV7RlAf_vRaFbT1vT6VUfrU.2r1q1Ilo1S8Gg4uYqfT96sAwG2utxR8e3gCk3tMFGWI"; server_name www.vern.cc vern.cc; } server { diff --git a/conf.d/yarn.conf b/conf.d/yarn.conf deleted file mode 100644 index 819f630..0000000 --- a/conf.d/yarn.conf +++ /dev/null @@ -1,32 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name yn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion yarn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twtxt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion; - - include common/yarn.conf; -} - -server { - listen 11056; - listen [::]:11056; - - server_name vernlebgbpxnln2oluosc4hrnjr7byg2e5pqiwi2phhwmudbhirq.b32.i2p; - - include common/yarn.conf; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name yn.vern.cc yarn.vern.cc twtxt.vern.cc; - include common/yarn.conf; - include snippets/lets-encrypt.conf; -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; - server_name yn.vern.cc yarn.vern.cc twtxt.vern.cc; -} diff --git a/mime.types.dpkg-dist b/mime.types.dpkg-dist new file mode 100644 index 0000000..692b16c --- /dev/null +++ b/mime.types.dpkg-dist @@ -0,0 +1,96 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx.conf b/nginx.conf index 26dde8c..2e92769 100644 --- a/nginx.conf +++ b/nginx.conf @@ -8,7 +8,7 @@ events { } http { - vhost_traffic_status_zone; + #vhost_traffic_status_zone; sendfile on; tcp_nopush on; types_hash_max_size 2048; @@ -20,7 +20,8 @@ http { ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; # Logging Settings - access_log /var/log/nginx/access.log; + log_format main '$remote_addr - $remote_user [$time_local] $status "$host" "$request" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log; gzip on; # gzip_vary on; @@ -29,6 +30,8 @@ http { # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + # Bad user agents + include /etc/nginx/useragent.rules; # Virtual Host Configs include /etc/nginx/conf.d/*.conf; } diff --git a/nginx.conf.dpkg-dist b/nginx.conf.dpkg-dist new file mode 100644 index 0000000..f52668a --- /dev/null +++ b/nginx.conf.dpkg-dist @@ -0,0 +1,83 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/useragent.rules b/useragent.rules new file mode 100644 index 0000000..7924cc7 --- /dev/null +++ b/useragent.rules @@ -0,0 +1,12 @@ +map $http_user_agent $badagent { + default 0; + ~*SemrushBot 1; + ~*DotBot 1; + ~*AhrefsBot 1; + ~*DataForSeoBot 1; + ~*YandexBot 1; + ~*LiveLapBot 1; + ~*PetalBot 1; + ~*Koj\sBot 1; + ~*FeedlyBot 1; +}