Lots of stuff that was never committed

2023-07-18 22:46:34 +00:00 · 2023-07-18 22:46:34 +00:00 · 82d896ba23
parent f271db3020
commit 82d896ba23
18 changed files with 279 additions and 15 deletions
--- a/common/gts.conf
+++ b/common/gts.conf
@ -0,0 +1,13 @@
+add_header Onion-Location http://gts.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+
+location / {
+	# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
+	proxy_pass http://127.0.0.1:1420;
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-For $remote_addr;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
+client_max_body_size 40M;
+
--- a/common/icecast.conf
+++ b/common/icecast.conf
@ -0,0 +1,10 @@
+add_header Onion-Location http://radio.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernwe65i5iwfypgmlaciaqsbuvzouxf7qco6xl6qkfgdzsmvf2a.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://127.0.0.1:8533;
+	proxy_redirect off;
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
--- a/common/jellyfin.conf
+++ b/common/jellyfin.conf
@ -14,3 +14,17 @@ location / {
 	proxy_set_header X-Forwarded-Host $http_host;
 	proxy_buffering off;
 }
+
+location /socket {
+	# Proxy Jellyfin Websockets traffic
+	proxy_pass http://localhost:8096;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_set_header X-Forwarded-Protocol $scheme;
+	proxy_set_header X-Forwarded-Host $http_host;
+}
--- a/common/libretranslate.conf
+++ b/common/libretranslate.conf
@ -0,0 +1,9 @@
+add_header Onion-Location http://lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernf45n7mxwqnp5riaax7p67pwcl7wcefdcnqqvim7ckdx4264a.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://127.0.0.1:5001;
+	proxy_redirect off;
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
--- a/common/piped.conf
+++ b/common/piped.conf
@ -5,3 +5,8 @@ location / {
 	proxy_pass http://localhost:8058/;
 	proxy_set_header Host $host;
 }
+
+if ($http_user_agent = "FeedFetcher-Google; (+http://www.google.com/feedfetcher.html)") {
+	return 403;
+}
+
--- a/common/safetwitch-backend.conf
+++ b/common/safetwitch-backend.conf
@ -0,0 +1,11 @@
+add_header Onion-Location http://ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://10.0.3.57:7420;
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-For $remote_addr;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
--- a/common/safetwitch.conf
+++ b/common/safetwitch.conf
@ -0,0 +1,18 @@
+add_header strict_sni on;
+add_header strict_sni_header on;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header Content-Security-Policy upgrade-insecure-requests;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options "DENY";
+add_header Clear-Site-Data "cookies";
+add_header Referrer-Policy "no-referrer";
+add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
+add_header Onion-Location http://sw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p$request_uri;
+
+location / {
+	root /var/www/safetwitch;
+	index index.html;
+	try_files $uri $uri/ /index.html;
+}
--- a/common/tent.conf
+++ b/common/tent.conf
@ -0,0 +1,14 @@
+add_header Onion-Location http://tn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernk23oml2talve3keetcqmjylmu7r7kdrcfciv36oxitgpos5a.b32.i2p$request_uri;
+root /var/www/Tent/pages;
+index index.php index.html index.htm;
+location / {
+	try_files $uri $uri/ /index.php;
+}
+
+location ~ \.php$ {
+	fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+	fastcgi_index index.php;
+	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	include /etc/nginx/snippets/fastcgi.conf;
+}
--- a/conf.d/0x0.conf
+++ b/conf.d/0x0.conf
@ -35,18 +35,6 @@ server {
 	listen 80;
 	listen [::]:80;

-	server_name 0.vern.cc vern0.me;
-
-	return 301 https://$host$request_uri;
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name vern0.me;
-	ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem;
-	ssl_certificate /etc/letsencrypt/live/vern0.me/fullchain.pem;
-	default_type text/plain;
-	return 200 "vern0.me is deprecated. Please use 0.vern.cc.\n";
+	server_name 0.vern.cc;
+	include common/0x0.conf;
 }
--- a/conf.d/gts.conf
+++ b/conf.d/gts.conf
@ -0,0 +1,19 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name gts.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/gts.conf;
+}
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name gts.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/gts.conf;
+}
+server {
+	listen 80;
+	listen [::]:80;
+	server_name gts.vern.cc;
+	return 301 https://$host$request_uri;
+}
--- a/conf.d/icecast.conf
+++ b/conf.d/icecast.conf
@ -0,0 +1,32 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name radio.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion icecast.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/icecast.conf;
+}
+
+server {
+	listen 11106;
+	listen [::]:11106;
+
+	server_name vernwe65i5iwfypgmlaciaqsbuvzouxf7qco6xl6qkfgdzsmvf2a.b32.i2p;
+
+	include common/icecast.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name radio.vern.cc icecast.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/icecast.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name radio.vern.cc icecast.vern.cc;
+}
--- a/conf.d/libretranslate.conf
+++ b/conf.d/libretranslate.conf
@ -0,0 +1,31 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libretranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/libretranslate.conf;
+}
+
+server {
+	listen 11005;
+	listen [::]:11005;
+
+	server_name vernpizcdua537tg7wbhtrjumxotqbpj34w6gqzgnnqhgsavvbaa.b32.i2p;
+
+	include common/libretranslate.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	include snippets/lets-encrypt.conf;
+	server_name lt.vern.cc libretranslate.vern.cc;
+	include common/libretranslate.conf;
+}
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name lt.vern.cc libretranslate.vern.cc;
+}
--- a/conf.d/matrix.conf
+++ b/conf.d/matrix.conf
@ -72,6 +72,10 @@ server {
 		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
 		client_max_body_size 1024M;
 	}
+	location /synapseadmin {
+		alias /var/www/synapse-admin;
+		index index.html;
+	}
 	## well-known
 	location /.well-known/matrix/support {
 		add_header Access-Control-Allow-Origin '*' always;
@ -120,6 +124,10 @@ server {
 		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
 		client_max_body_size 1024M;
 	}
+	location /synapseadmin {
+		alias /var/www/synapse-admin;
+		index index.html;
+	}
 	## well-known
 	location /.well-known/matrix/support {
 		add_header Access-Control-Allow-Origin '*' always;
@ -168,7 +176,7 @@ server {
 		client_max_body_size 1024M;
 	}
 	location /synapseadmin {
-		root /var/www/synapse-admin;
+		alias /var/www/synapse-admin;
 		index index.html;
 	}
 	## well-known
--- a/conf.d/private.dat
+++ b/conf.d/private.dat
--- a/conf.d/safetwitch-backend.conf
+++ b/conf.d/safetwitch-backend.conf
@ -0,0 +1,28 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 11109;
+	listen [::]:11109;
+	server_name vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name ttvbackend.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttvbackend.vern.cc;
+	return 301 https://$host$request_uri;
+}
--- a/conf.d/safetwitch.conf
+++ b/conf.d/safetwitch.conf
@ -0,0 +1,30 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion safetwitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	subs_filter ttvbackend.vern.cc ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 11108;
+	listen [::]:11108;
+	server_name vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p;
+	subs_filter ttvbackend.vern.cc vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name ttv.vern.cc safetwitch.vern.cc twitch.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttv.vern.cc safetwitch.vern.cc twitch.vern.cc;
+	return 301 https://$host$request_uri;
+}
--- a/conf.d/tent.conf
+++ b/conf.d/tent.conf
@ -0,0 +1,32 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion tent.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion bandcamp.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/tent.conf;
+}
+
+server {
+	listen 11107;
+	listen [::]:11107;
+
+	server_name vernk23oml2talve3keetcqmjylmu7r7kdrcfciv36oxitgpos5a.b32.i2p;
+
+	include common/tent.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	include snippets/lets-encrypt.conf;
+	server_name tn.vern.cc bandcamp.vern.cc tent.vern.cc;
+	include common/tent.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name tent.vern.cc tn.vern.cc bandcamp.vern.cc;
+}
--- a/conf.d/usersites.conf
+++ b/conf.d/usersites.conf
@ -14,6 +14,7 @@ server {
 			return 307 http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/;
 		}
 		autoindex on;
+		ssi on;
 	}
 }

@ -32,6 +33,7 @@ server {
 			return 307 https://vern.cc/;
 		}
 		autoindex on;
+		ssi on;
 	}
 }