Evrything is fine
This commit is contained in:
parent
717ee6483e
commit
c3897be2af
|
@ -0,0 +1 @@
|
|||
*.bak
|
|
@ -1,3 +1,3 @@
|
|||
# nginx-configs
|
||||
# ~vern nginx configurations
|
||||
|
||||
~vern nginx configurations
|
||||
The configurations used by ~vern's nginx server. This is basically just a clone of the /etc/nginx directory.
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
add_header Onion-Location http://git.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
client_max_body_size 100m;
|
||||
proxy_pass http://localhost:3000/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
add_header Onion-Location http://inv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log crit;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.7.0.1:2500/;
|
||||
# proxy_pass http://127.0.0.1:2500/; # in case we cant host it on vps anymore
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
add_header Onion-Location http://lbry.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log crit;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3001/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
add_header Onion-Location http://lr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:2501/; # The / is important!
|
||||
proxy_http_version 1.1;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
add_header Onion-Location http://lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5001/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
add_header Onion-Location http://mail.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
root /srv/modoboa/instance;
|
||||
|
||||
client_max_body_size 10M;
|
||||
|
||||
access_log /var/log/nginx/mail.vern.cc-access.log;
|
||||
error_log /var/log/nginx/mail.vern.cc-error.log;
|
||||
|
||||
location /sitestatic/ {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ^~ /new-admin {
|
||||
alias /srv/modoboa/instance/frontend/;
|
||||
index index.html;
|
||||
|
||||
expires -1;
|
||||
add_header Pragma "no-cache";
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
|
||||
|
||||
try_files $uri $uri/ /index.html = 404;
|
||||
}
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
|
||||
uwsgi_pass modoboa;
|
||||
}
|
||||
|
||||
location ~* ^/autodiscover/autodiscover.xml {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass automx;
|
||||
}
|
||||
location /mobileconfig {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass automx;
|
||||
}
|
||||
|
||||
location /radicale/ {
|
||||
proxy_pass http://localhost:5232/; # The / is important!
|
||||
proxy_set_header X-Script-Name /radicale;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass_header Authorization;
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
add_header Onion-Location http://fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 80m;
|
||||
|
||||
root /home/mastodon/live/public;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
|
||||
|
||||
#add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location /sw.js {
|
||||
add_header Cache-Control "public, max-age=0";
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://backend;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_cache CACHE;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_cache_valid 410 24h;
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
add_header Onion-Location http://mirror.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
root /var/mirror/mirror;
|
||||
ssi on;
|
||||
|
||||
location / {
|
||||
add_before_body /nav.html;
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
}
|
|
@ -0,0 +1,144 @@
|
|||
add_header Onion-Location http://nc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/nextcloud;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 1024M;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
|
||||
location ~ \.wasm$ {
|
||||
default_type application/wasm;
|
||||
}
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
add_header Onion-Location http://nt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5744/; # The / is important!
|
||||
proxy_http_version 1.1;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
add_header Onion-Location http://live.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
root /var/www/owncast;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://127.0.0.1:5394;
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
add_header Onion-Location http://pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
##
|
||||
# Application
|
||||
##
|
||||
|
||||
access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/peertube.error.log;
|
||||
|
||||
location @api {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 100k; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://ptbackend;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload-resumable {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
|
||||
limit_except POST HEAD { deny all; }
|
||||
|
||||
# This is the maximum upload size, which roughly matches the maximum size of a video file.
|
||||
# Note that temporary space is needed equal to the total size of all concurrent uploads.
|
||||
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
|
||||
# on a dedicated filesystem.
|
||||
client_max_body_size 12G; # default is 1M
|
||||
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
||||
client_max_body_size 6M; # default is 1M
|
||||
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
add_header Onion-Location http://pb.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
root /var/www/privatebin;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
add_header Onion-Location http://quora.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:2498/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
add_header Onion-Location http://rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log crit;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3506/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
add_header Onion-Location http://riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
root /var/www/matrix;
|
||||
index index.html;
|
||||
ssi on;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location = /index.html {
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
location = /version {
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
# covers config.json and config.hostname.json requests as it is prefix.
|
||||
location /config {
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
|
@ -0,0 +1,10 @@
|
|||
add_header Onion-Location http://scribe.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5467/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
add_header Onion-Location http://searx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8090/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
add_header Onion-Location http://tl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:2502/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
add_header Onion-Location http://ls.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
root /var/www/speedtest;
|
||||
ssi on;
|
|
@ -0,0 +1,52 @@
|
|||
add_header Onion-Location http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
root /var/www/website;
|
||||
index index.html;
|
||||
ssi on;
|
||||
|
||||
location / {
|
||||
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
|
||||
rewrite ^/(.*)/$ /$1 permanent;
|
||||
try_files $uri $uri/index.html $uri.html $uri/ @extensionless-php;
|
||||
|
||||
error_page 403 /errors/403;
|
||||
error_page 404 /errors/404;
|
||||
error_page 503 /errors/503;
|
||||
}
|
||||
|
||||
location /errors/.* {
|
||||
internal;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
include fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
}
|
||||
|
||||
location @extensionless-php {
|
||||
rewrite ^(.*)$ $1.php last;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '{"m.server": "mtrx.vern.cc:443"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://mtrx.vern.cc"}, "m.identity_server": { "base_url": "https://vector.im" }}';
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
## users
|
||||
location ~ ^/(~|u/)(?<user>[\w-]+)(?<user_uri>/.*)?$ {
|
||||
return 301 $scheme://$user.vern.cc;
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
add_header Onion-Location http://whoogle.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log crit;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:6942/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Whoogle knows domain
|
||||
proxy_http_version 1.1; # to keep alive
|
||||
proxy_set_header Connection ""; # to keep alive
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
# https://example.org/morty
|
||||
|
||||
location /morty {
|
||||
proxy_pass http://127.0.0.1:3000/;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
# https://example.org/searx
|
||||
|
||||
location /searx {
|
||||
proxy_pass http://127.0.0.1:4004/;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name /;
|
||||
}
|
||||
|
||||
location /searx/static/ {
|
||||
alias /usr/local/searx/searx-src/searx/static/;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/default.apps-available/morty.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/default.apps-available/searxng.conf
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEAuS47EwdD9aegi3le7HT6v6a6TiYAe8l2G0AQTdxNqAqAJF/bM9Qy
|
||||
q6ZHpvI3hZZ5fLJ2yf7lrCxKKCxHsSSUoKc7+DMHrUZsmXyMHnCK/oGerNicR5MN
|
||||
pU0d+X4Rub+CgSARazispPDqjdBNLavhEMDIvoDJm2frjq3h0qgdWKI6HKwGzWG6
|
||||
DwgSgUhN04xqF1HXpolwv+u9svdj/B9CcAyzEupdAJ5q5ehjKZaV4tid0zAlG8/2
|
||||
ecA4XR8VlaYzXKDraQbfZuolOOCwpX47NsG4JwTEYVmE+V5jVa1BgOGxyhxEq9Kr
|
||||
svIj6WF6wgtMmgMMIdK9RaWSie65hoxtvRCDwxr6HpocO1P5oaIpdNdgKbupEumi
|
||||
ywDLz5wKCtcJ+JQfPX9LpXS/uiDutZxkFuMzHhq0Rkv2r6eRlc9UL9hJLS9iKp1y
|
||||
3pzbAY7EUDbOrqLzIjKV6CHSMvCeUCQq5A23mTATK5bQt8d3QDzX/xGFEU4omm47
|
||||
xnBql1FX+MX3XGfonBsY6CxML9HLqZXPJZViazdHLj4HOJ4ZTQRazyxsqnizotkA
|
||||
+Ttqo9w748X2P08jfxFbhkm+4gH8yHWoGfPw7nL/5E3jXVGNaRl5J196RFK5b9el
|
||||
CeUu/rLig70EWJaLQ692qu/bG7VV87t/z1or83LLpEQTQmWGtz28NvsCAQI=
|
||||
-----END DH PARAMETERS-----
|
|
@ -0,0 +1,26 @@
|
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param REMOTE_USER $remote_user;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,25 @@
|
|||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param REMOTE_USER $remote_user;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,332 @@
|
|||
# Generic Worker
|
||||
#
|
||||
# note:
|
||||
# http://localhost:8083 -> matrix-synchrotron-balancer
|
||||
# generic_worker_lc -> upstream_proxy (least_conn)
|
||||
# generic_worker_ih -> upstream_proxy (ip_hash)
|
||||
#
|
||||
|
||||
## Sync requests
|
||||
location ~ ^/_matrix/client/(r0|v3)/sync$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8083;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8083;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8083;
|
||||
}
|
||||
|
||||
|
||||
## Federation requests
|
||||
location ~ ^/_matrix/federation/v1/event/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/state/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/state_ids/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/backfill/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/get_missing_events/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/publicRooms {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/query/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/make_join/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/make_leave/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/(v1|v2)/send_join/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/(v1|v2)/send_leave/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/(v1|v2)/invite/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/event_auth/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/exchange_third_party_invite/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/user/devices/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/v1/get_groups_publicised$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/key/v2/query {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
|
||||
## Inbound federation transaction request
|
||||
location ~ ^/_matrix/federation/v1/send/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_ih;
|
||||
}
|
||||
|
||||
|
||||
## Client API requests
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/versions$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/joined_groups$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
|
||||
## Encryption requests
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/query$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/room_keys/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
|
||||
## Registration/login requests
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/register$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/v1/register/m.login.registration_token/validity$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
|
||||
# STREAM WRITERS
|
||||
## Event sending requests
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://generic_worker_lc;
|
||||
}
|
||||
|
||||
## Typing
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
## Device requests
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
## Account data requests
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/tags {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
## Receipts requests
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://additional;
|
||||
}
|
||||
|
||||
## Presence requests
|
||||
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://presence;
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
location ~ ^/_synapse/admin/v1/users/@(mjolnir|root):vern.cc/admin$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8008;
|
||||
}
|
||||
location ~ ^/_synapse/admin/v1/whois/@(mjolnir|root):vern.cc$ {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8008;
|
||||
}
|
||||
|
||||
location ~ ^/_synapse/admin/v1/deactivate {
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8008;
|
||||
}
|
||||
|
||||
location ~ ^/_synapse/admin {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
include include.d/synapse-proxy.conf;
|
||||
proxy_pass http://localhost:8008;
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
port_in_redirect off;
|
||||
proxy_redirect off;
|
||||
proxy_connect_timeout 3600;
|
||||
proxy_read_timeout 3600;
|
||||
proxy_send_timeout 3600;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_buffers 8 16k;
|
||||
proxy_buffer_size 32k;
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
upstream generic_worker_ih {
|
||||
ip_hash;
|
||||
server localhost:8510;
|
||||
server localhost:8511;
|
||||
server localhost:8512;
|
||||
server localhost:8513;
|
||||
}
|
||||
|
||||
upstream generic_worker_lc {
|
||||
least_conn;
|
||||
server localhost:8510;
|
||||
server localhost:8511;
|
||||
server localhost:8512;
|
||||
server localhost:8513;
|
||||
}
|
||||
|
||||
upstream additional {
|
||||
least_conn;
|
||||
server localhost:8514;
|
||||
}
|
||||
|
||||
upstream presence {
|
||||
least_conn;
|
||||
server localhost:8516;
|
||||
}
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
|
||||
# This map is not a full koi8-r <> utf8 map: it does not contain
|
||||
# box-drawing and some other characters. Besides this map contains
|
||||
# several koi8-u and Byelorussian letters which are not in koi8-r.
|
||||
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
|
||||
# map instead.
|
||||
|
||||
charset_map koi8-r utf-8 {
|
||||
|
||||
80 E282AC ; # euro
|
||||
|
||||
95 E280A2 ; # bullet
|
||||
|
||||
9A C2A0 ; #
|
||||
|
||||
9E C2B7 ; # ·
|
||||
|
||||
A3 D191 ; # small yo
|
||||
A4 D194 ; # small Ukrainian ye
|
||||
|
||||
A6 D196 ; # small Ukrainian i
|
||||
A7 D197 ; # small Ukrainian yi
|
||||
|
||||
AD D291 ; # small Ukrainian soft g
|
||||
AE D19E ; # small Byelorussian short u
|
||||
|
||||
B0 C2B0 ; # °
|
||||
|
||||
B3 D081 ; # capital YO
|
||||
B4 D084 ; # capital Ukrainian YE
|
||||
|
||||
B6 D086 ; # capital Ukrainian I
|
||||
B7 D087 ; # capital Ukrainian YI
|
||||
|
||||
B9 E28496 ; # numero sign
|
||||
|
||||
BD D290 ; # capital Ukrainian soft G
|
||||
BE D18E ; # capital Byelorussian short U
|
||||
|
||||
BF C2A9 ; # (C)
|
||||
|
||||
C0 D18E ; # small yu
|
||||
C1 D0B0 ; # small a
|
||||
C2 D0B1 ; # small b
|
||||
C3 D186 ; # small ts
|
||||
C4 D0B4 ; # small d
|
||||
C5 D0B5 ; # small ye
|
||||
C6 D184 ; # small f
|
||||
C7 D0B3 ; # small g
|
||||
C8 D185 ; # small kh
|
||||
C9 D0B8 ; # small i
|
||||
CA D0B9 ; # small j
|
||||
CB D0BA ; # small k
|
||||
CC D0BB ; # small l
|
||||
CD D0BC ; # small m
|
||||
CE D0BD ; # small n
|
||||
CF D0BE ; # small o
|
||||
|
||||
D0 D0BF ; # small p
|
||||
D1 D18F ; # small ya
|
||||
D2 D180 ; # small r
|
||||
D3 D181 ; # small s
|
||||
D4 D182 ; # small t
|
||||
D5 D183 ; # small u
|
||||
D6 D0B6 ; # small zh
|
||||
D7 D0B2 ; # small v
|
||||
D8 D18C ; # small soft sign
|
||||
D9 D18B ; # small y
|
||||
DA D0B7 ; # small z
|
||||
DB D188 ; # small sh
|
||||
DC D18D ; # small e
|
||||
DD D189 ; # small shch
|
||||
DE D187 ; # small ch
|
||||
DF D18A ; # small hard sign
|
||||
|
||||
E0 D0AE ; # capital YU
|
||||
E1 D090 ; # capital A
|
||||
E2 D091 ; # capital B
|
||||
E3 D0A6 ; # capital TS
|
||||
E4 D094 ; # capital D
|
||||
E5 D095 ; # capital YE
|
||||
E6 D0A4 ; # capital F
|
||||
E7 D093 ; # capital G
|
||||
E8 D0A5 ; # capital KH
|
||||
E9 D098 ; # capital I
|
||||
EA D099 ; # capital J
|
||||
EB D09A ; # capital K
|
||||
EC D09B ; # capital L
|
||||
ED D09C ; # capital M
|
||||
EE D09D ; # capital N
|
||||
EF D09E ; # capital O
|
||||
|
||||
F0 D09F ; # capital P
|
||||
F1 D0AF ; # capital YA
|
||||
F2 D0A0 ; # capital R
|
||||
F3 D0A1 ; # capital S
|
||||
F4 D0A2 ; # capital T
|
||||
F5 D0A3 ; # capital U
|
||||
F6 D096 ; # capital ZH
|
||||
F7 D092 ; # capital V
|
||||
F8 D0AC ; # capital soft sign
|
||||
F9 D0AB ; # capital Y
|
||||
FA D097 ; # capital Z
|
||||
FB D0A8 ; # capital SH
|
||||
FC D0AD ; # capital E
|
||||
FD D0A9 ; # capital SHCH
|
||||
FE D0A7 ; # capital CH
|
||||
FF D0AA ; # capital hard sign
|
||||
}
|
|
@ -0,0 +1,103 @@
|
|||
|
||||
charset_map koi8-r windows-1251 {
|
||||
|
||||
80 88 ; # euro
|
||||
|
||||
95 95 ; # bullet
|
||||
|
||||
9A A0 ; #
|
||||
|
||||
9E B7 ; # ·
|
||||
|
||||
A3 B8 ; # small yo
|
||||
A4 BA ; # small Ukrainian ye
|
||||
|
||||
A6 B3 ; # small Ukrainian i
|
||||
A7 BF ; # small Ukrainian yi
|
||||
|
||||
AD B4 ; # small Ukrainian soft g
|
||||
AE A2 ; # small Byelorussian short u
|
||||
|
||||
B0 B0 ; # °
|
||||
|
||||
B3 A8 ; # capital YO
|
||||
B4 AA ; # capital Ukrainian YE
|
||||
|
||||
B6 B2 ; # capital Ukrainian I
|
||||
B7 AF ; # capital Ukrainian YI
|
||||
|
||||
B9 B9 ; # numero sign
|
||||
|
||||
BD A5 ; # capital Ukrainian soft G
|
||||
BE A1 ; # capital Byelorussian short U
|
||||
|
||||
BF A9 ; # (C)
|
||||
|
||||
C0 FE ; # small yu
|
||||
C1 E0 ; # small a
|
||||
C2 E1 ; # small b
|
||||
C3 F6 ; # small ts
|
||||
C4 E4 ; # small d
|
||||
C5 E5 ; # small ye
|
||||
C6 F4 ; # small f
|
||||
C7 E3 ; # small g
|
||||
C8 F5 ; # small kh
|
||||
C9 E8 ; # small i
|
||||
CA E9 ; # small j
|
||||
CB EA ; # small k
|
||||
CC EB ; # small l
|
||||
CD EC ; # small m
|
||||
CE ED ; # small n
|
||||
CF EE ; # small o
|
||||
|
||||
D0 EF ; # small p
|
||||
D1 FF ; # small ya
|
||||
D2 F0 ; # small r
|
||||
D3 F1 ; # small s
|
||||
D4 F2 ; # small t
|
||||
D5 F3 ; # small u
|
||||
D6 E6 ; # small zh
|
||||
D7 E2 ; # small v
|
||||
D8 FC ; # small soft sign
|
||||
D9 FB ; # small y
|
||||
DA E7 ; # small z
|
||||
DB F8 ; # small sh
|
||||
DC FD ; # small e
|
||||
DD F9 ; # small shch
|
||||
DE F7 ; # small ch
|
||||
DF FA ; # small hard sign
|
||||
|
||||
E0 DE ; # capital YU
|
||||
E1 C0 ; # capital A
|
||||
E2 C1 ; # capital B
|
||||
E3 D6 ; # capital TS
|
||||
E4 C4 ; # capital D
|
||||
E5 C5 ; # capital YE
|
||||
E6 D4 ; # capital F
|
||||
E7 C3 ; # capital G
|
||||
E8 D5 ; # capital KH
|
||||
E9 C8 ; # capital I
|
||||
EA C9 ; # capital J
|
||||
EB CA ; # capital K
|
||||
EC CB ; # capital L
|
||||
ED CC ; # capital M
|
||||
EE CD ; # capital N
|
||||
EF CE ; # capital O
|
||||
|
||||
F0 CF ; # capital P
|
||||
F1 DF ; # capital YA
|
||||
F2 D0 ; # capital R
|
||||
F3 D1 ; # capital S
|
||||
F4 D2 ; # capital T
|
||||
F5 D3 ; # capital U
|
||||
F6 C6 ; # capital ZH
|
||||
F7 C2 ; # capital V
|
||||
F8 DC ; # capital soft sign
|
||||
F9 DB ; # capital Y
|
||||
FA C7 ; # capital Z
|
||||
FB D8 ; # capital SH
|
||||
FC DD ; # capital E
|
||||
FD D9 ; # capital SHCH
|
||||
FE D7 ; # capital CH
|
||||
FF DA ; # capital hard sign
|
||||
}
|
|
@ -0,0 +1,89 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
|
||||
application/font-woff woff;
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-auth-pam.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-dav-ext.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-echo.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-geoip.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-geoip2.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-image-filter.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-subs-filter.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-mail.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-stream.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-stream-geoip.conf
|
|
@ -0,0 +1 @@
|
|||
/usr/share/nginx/modules-available/mod-stream-geoip2.conf
|
|
@ -0,0 +1,82 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
types_hash_max_size 2048;
|
||||
# server_tokens off;
|
||||
|
||||
server_names_hash_bucket_size 128;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
|
@ -0,0 +1,4 @@
|
|||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
@ -0,0 +1,17 @@
|
|||
|
||||
scgi_param REQUEST_METHOD $request_method;
|
||||
scgi_param REQUEST_URI $request_uri;
|
||||
scgi_param QUERY_STRING $query_string;
|
||||
scgi_param CONTENT_TYPE $content_type;
|
||||
|
||||
scgi_param DOCUMENT_URI $document_uri;
|
||||
scgi_param DOCUMENT_ROOT $document_root;
|
||||
scgi_param SCGI 1;
|
||||
scgi_param SERVER_PROTOCOL $server_protocol;
|
||||
scgi_param REQUEST_SCHEME $scheme;
|
||||
scgi_param HTTPS $https if_not_empty;
|
||||
|
||||
scgi_param REMOTE_ADDR $remote_addr;
|
||||
scgi_param REMOTE_PORT $remote_port;
|
||||
scgi_param SERVER_PORT $server_port;
|
||||
scgi_param SERVER_NAME $server_name;
|
|
@ -0,0 +1,30 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 8448 ssl http2;
|
||||
listen [::]:8448 ssl http2;
|
||||
server_name matrix.aryak.ml;
|
||||
merge_slashes off;
|
||||
|
||||
location /_matrix/ {
|
||||
proxy_pass http://10.7.0.4:6167$request_uri;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_buffering off;
|
||||
}
|
||||
ssl_certificate /etc/letsencrypt/live/matrix.aryak.ml/fullchain.pem; # EDIT THIS
|
||||
ssl_certificate_key /etc/letsencrypt/live/matrix.aryak.ml/privkey.pem; # EDIT THIS
|
||||
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.server": "matrix.aryak.ml:443"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.aryak.ml"}}';
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# This file was automatically installed on 2022-06-06T12:55:58.280671
|
||||
upstream automx {
|
||||
server unix:/run/uwsgi/app/automx_instance/socket fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name autoconfig.vern.cc;
|
||||
root /srv/automx/instance;
|
||||
|
||||
access_log /var/log/nginx/autoconfig.vern.cc-access.log;
|
||||
error_log /var/log/nginx/autoconfig.vern.cc-error.log;
|
||||
|
||||
location /mail/config-v1.1.xml {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass automx;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,240 @@
|
|||
# This file is included strictly as an example of how Nginx can be configured
|
||||
# to work with CryptPad. This example WILL NOT WORK AS IS. For best results,
|
||||
# compare the sections of this configuration file against a working CryptPad
|
||||
# installation (http server by the Nodejs process). If you are using CryptPad
|
||||
# in production and require professional support please contact sales@cryptpad.fr
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
|
||||
# CryptPad serves static assets over these two domains.
|
||||
# `main_domain` is what users will enter in their address bar.
|
||||
# Privileged computation such as key management is handled in this scope
|
||||
# UI content is loaded via the `sandbox_domain`.
|
||||
# "Content Security Policy" headers prevent content loaded via the sandbox
|
||||
# from accessing privileged information.
|
||||
# These variables must be different to take advantage of CryptPad's sandboxing techniques.
|
||||
# In the event of an XSS vulnerability in CryptPad's front-end code
|
||||
# this will limit the amount of information accessible to attackers.
|
||||
set $main_domain "pad.vern.cc";
|
||||
set $sandbox_domain "crypt-sandbox.vern.cc";
|
||||
|
||||
# By default CryptPad allows remote domains to embed CryptPad documents in iframes.
|
||||
# This behaviour can be blocked by changing $allowed_origins from "*" to the
|
||||
# sandbox domain, which must be permitted to load content from the main domain
|
||||
# in order for CryptPad to work as expected.
|
||||
#
|
||||
# An example is given below which can be uncommented if you want to block
|
||||
# remote sites from including content from your server
|
||||
set $allowed_origins "*";
|
||||
# set $allowed_origins "https://${sandbox_domain}";
|
||||
|
||||
# CryptPad's dynamic content (websocket traffic and encrypted blobs)
|
||||
# can be served over separate domains. Using dedicated domains (or subdomains)
|
||||
# for these purposes allows you to move them to a separate machine at a later date
|
||||
# if you find that a single machine cannot handle all of your users.
|
||||
# If you don't use dedicated domains, this can be the same as $main_domain
|
||||
# If you do, they can be added as exceptions to any rules which block connections to remote domains.
|
||||
# You can find these variables referenced below in the relevant places
|
||||
set $api_domain "pad.vern.cc";
|
||||
set $files_domain "pad.vern.cc";
|
||||
|
||||
# nginx doesn't let you set server_name via variables, so you need to hardcode your domains here
|
||||
server_name pad.vern.cc crypt-sandbox.vern.cc;
|
||||
|
||||
# You'll need to Set the path to your certificates and keys here
|
||||
# IMPORTANT: this config is intended to serve assets for at least two domains
|
||||
# (your main domain and your sandbox domain). As such, you'll need to generate a single SSL certificate
|
||||
# that includes both domains in order for things to work as expected.
|
||||
include snippets/lets-encrypt.conf;
|
||||
# Speeds things up a little bit when resuming a session
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:5m;
|
||||
|
||||
# You'll need nginx 1.13.0 or better to support TLSv1.3
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
# https://cipherli.st/
|
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Access-Control-Allow-Origin "${allowed_origins}";
|
||||
# add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
# Opt out of Google's FLoC Network
|
||||
add_header Permissions-Policy interest-cohort=();
|
||||
|
||||
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
|
||||
add_header Cross-Origin-Resource-Policy cross-origin;
|
||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
||||
|
||||
# Insert the path to your CryptPad repository root here
|
||||
root /home/cryptpad/cryptpad;
|
||||
index index.html;
|
||||
error_page 404 /customize.dist/404.html;
|
||||
|
||||
# any static assets loaded with "ver=" in their URL will be cached for a year
|
||||
if ($args ~ ver=) {
|
||||
set $cacheControl max-age=31536000;
|
||||
}
|
||||
if ($uri ~ ^/.*(\/|\.html)$) {
|
||||
set $cacheControl no-cache;
|
||||
}
|
||||
# Will not set any header if it is emptystring
|
||||
add_header Cache-Control $cacheControl;
|
||||
|
||||
# CSS can be dynamically set inline, loaded from the same domain, or from $main_domain
|
||||
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
|
||||
|
||||
# connect-src restricts URLs which can be loaded using script interfaces
|
||||
# if you have configured your instance to use a dedicated $files_domain or $api_domain
|
||||
# you will need to add them below as: https://${files_domain} and https://${api_domain}
|
||||
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
|
||||
|
||||
# fonts can be loaded from data-URLs or the main domain
|
||||
set $fontSrc "'self' data: https://${main_domain}";
|
||||
|
||||
# images can be loaded from anywhere, though we'd like to deprecate this as it allows the use of images for tracking
|
||||
set $imgSrc "'self' data: blob: https://${main_domain}";
|
||||
|
||||
# frame-src specifies valid sources for nested browsing contexts.
|
||||
# this prevents loading any iframes from anywhere other than the sandbox domain
|
||||
set $frameSrc "'self' https://${sandbox_domain} blob:";
|
||||
|
||||
# specifies valid sources for loading media using video or audio
|
||||
set $mediaSrc "blob:";
|
||||
|
||||
# defines valid sources for webworkers and nested browser contexts
|
||||
# deprecated in favour of worker-src and frame-src
|
||||
set $childSrc "https://${main_domain}";
|
||||
|
||||
# specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.
|
||||
# supercedes child-src but is unfortunately not yet universally supported.
|
||||
set $workerSrc "'self'";
|
||||
|
||||
# script-src specifies valid sources for javascript, including inline handlers
|
||||
set $scriptSrc "'self' resource: https://${main_domain}";
|
||||
|
||||
# frame-ancestors specifies which origins can embed your CryptPad instance
|
||||
# this must include 'self' and your main domain (over HTTPS) in order for CryptPad to work
|
||||
# if you have enabled remote embedding via the admin panel then this must be more permissive.
|
||||
# note: cryptpad.fr permits web pages served via https: and vector: (element desktop app)
|
||||
#set $frameAncestors "'self' https://${main_domain}";
|
||||
set $frameAncestors "'self' https: vector:";
|
||||
|
||||
set $unsafe 0;
|
||||
# the following assets are loaded via the sandbox domain
|
||||
# they unfortunately still require exceptions to the sandboxing to work correctly.
|
||||
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
|
||||
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
|
||||
|
||||
# everything except the sandbox domain is a privileged scope, as they might be used to handle keys
|
||||
if ($host != $sandbox_domain) { set $unsafe 0; }
|
||||
# this iframe is an exception. Office file formats are converted outside of the sandboxed scope
|
||||
# because of bugs in Chromium-based browsers that incorrectly ignore headers that are supposed to enable
|
||||
# the use of some modern APIs that we require when javascript is run in a cross-origin context.
|
||||
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
|
||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||
|
||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
# Finally, set all the rules you composed above.
|
||||
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
|
||||
|
||||
# The nodejs process can handle all traffic whether accessed over websocket or as static assets
|
||||
# We prefer to serve static content from nginx directly and to leave the API server to handle
|
||||
# the dynamic content that only it can manage. This is primarily an optimization
|
||||
location ^~ /cryptpad_websocket {
|
||||
proxy_pass http://localhost:3475;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# WebSocket support (nginx 1.4)
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
}
|
||||
|
||||
location ^~ /customize.dist/ {
|
||||
# This is needed in order to prevent infinite recursion between /customize/ and the root
|
||||
}
|
||||
# try to load customizeable content via /customize/ and fall back to the default content
|
||||
# located at /customize.dist/
|
||||
# This is what allows you to override behaviour.
|
||||
location ^~ /customize/ {
|
||||
rewrite ^/customize/(.*)$ $1 break;
|
||||
try_files /customize/$uri /customize.dist/$uri;
|
||||
}
|
||||
|
||||
# /api/config is loaded once per page load and is used to retrieve
|
||||
# the caching variable which is applied to every other resource
|
||||
# which is loaded during that session.
|
||||
location ~ ^/api/.*$ {
|
||||
proxy_pass http://localhost:3475;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# These settings prevent both NGINX and the API server
|
||||
# from setting the same headers and creating duplicates
|
||||
proxy_hide_header Cross-Origin-Resource-Policy;
|
||||
add_header Cross-Origin-Resource-Policy cross-origin;
|
||||
proxy_hide_header Cross-Origin-Embedder-Policy;
|
||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
||||
}
|
||||
|
||||
# encrypted blobs are immutable and are thus cached for a year
|
||||
location ^~ /blob/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'application/octet-stream; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Cache-Control max-age=31536000;
|
||||
add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
|
||||
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
# the "block-store" serves encrypted payloads containing users' drive keys
|
||||
# these payloads are unlocked via login credentials. They are mutable
|
||||
# and are thus never cached. They're small enough that it doesn't matter, in any case.
|
||||
location ^~ /block/ {
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Cache-Control max-age=0;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
# This block provides an alternative means of loading content
|
||||
# otherwise only served via websocket. This is solely for debugging purposes,
|
||||
# and is thus not allowed by default.
|
||||
#location ^~ /datastore/ {
|
||||
#add_header Cache-Control max-age=0;
|
||||
#try_files $uri =404;
|
||||
#}
|
||||
|
||||
# The nodejs server has some built-in forwarding rules to prevent
|
||||
# URLs like /pad from resulting in a 404. This simply adds a trailing slash
|
||||
# to a variety of applications.
|
||||
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
|
||||
rewrite ^(.*)$ $1/ redirect;
|
||||
}
|
||||
|
||||
# Finally, serve anything the above exceptions don't govern.
|
||||
try_files /www/$uri /www/$uri/index.html /customize/$uri;
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name git.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccz7eh2z3adn74wbnyv62xsjqnifc62kdmfnqhbsg4i2gy4q.b32.i2p;
|
||||
|
||||
include common/gitea.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name git.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/gitea.conf;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name git.vern.cc;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name inv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion invidious.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion yt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccdzixves4eekynqgfhb7fjbldgtocepf7cq3c3327ttb7zq.b32.i2p;
|
||||
|
||||
include common/invidious.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name inv.vern.cc invidious.vern.cc yt.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/invidious.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name inv.vern.cc invidious.vern.cc yt.vern.cc;
|
||||
}
|
|
@ -0,0 +1,147 @@
|
|||
#server_names_hash_bucket_size 64;
|
||||
|
||||
types {
|
||||
# nginx's default mime.types doesn't include a mapping for wasm
|
||||
application/wasm wasm;
|
||||
}
|
||||
upstream prosody {
|
||||
zone upstreams 64K;
|
||||
server 127.0.0.1:5280;
|
||||
keepalive 2;
|
||||
}
|
||||
upstream jvb1 {
|
||||
zone upstreams 64K;
|
||||
server 127.0.0.1:9090;
|
||||
keepalive 2;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name jitsi.vern.cc;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name jitsi.vern.cc;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
set $prefix "";
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
# ssi on with javascript for multidomain variables in config.js
|
||||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
|
||||
gzip_vary on;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 512;
|
||||
|
||||
location = /config.js {
|
||||
alias /etc/jitsi/meet/jitsi.vern.cc-config.js;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
# ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
||||
{
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
|
||||
# cache all versioned files
|
||||
if ($arg_v) {
|
||||
expires 1y;
|
||||
}
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Connection "";
|
||||
}
|
||||
|
||||
# xmpp websockets
|
||||
location = /xmpp-websocket {
|
||||
proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# colibri (JVB) websockets for jvb1
|
||||
location ~ ^/colibri-ws/default-id/(.*) {
|
||||
proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# load test minimal client, uncomment when used
|
||||
#location ~ ^/_load-test/([^/?&:'"]+)$ {
|
||||
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
|
||||
#}
|
||||
#location ~ ^/_load-test/libs/(.*)$ {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# alias /usr/share/jitsi-meet/load-test/libs/$1;
|
||||
#}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)/config.js$
|
||||
{
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
|
||||
alias /etc/jitsi/meet/jitsi.vern.cc-config.js;
|
||||
}
|
||||
|
||||
# BOSH for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/http-bind {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /http-bind;
|
||||
}
|
||||
|
||||
# websockets for subdomains
|
||||
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
set $prefix "$1";
|
||||
|
||||
rewrite ^/(.*)$ /xmpp-websocket;
|
||||
}
|
||||
|
||||
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
|
||||
location ~ ^/([^/?&:'"]+)/(.*)$ {
|
||||
set $subdomain "$1.";
|
||||
set $subdir "$1/";
|
||||
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name ldapadmin.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
# document root
|
||||
root /usr/share/phpldapadmin/htdocs;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lbry.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion librarian.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name verncca2sx2o6g6cxxfjjvllak454aaanqjs42ofa6m4bil6hbva.b32.i2p;
|
||||
|
||||
include common/librarian.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name lbry.vern.cc librarian.vern.cc;
|
||||
include common/librarian.conf;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name lbry.vern.cc librarian.vern.cc;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libreddit.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion reddit.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccglp4wuobxu7ndh2dbpnczjhjnggh3hmuf2t32qd3lac5oa.b32.i2p;
|
||||
|
||||
include common/libreddit.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
server_name lr.vern.cc reddit.vern.cc libreddit.vern.cc;
|
||||
include snippets/headers.conf;
|
||||
include common/libreddit.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name libreddit.vern.cc lr.vern.cc reddit.vern.cc;
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libretranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccoqc6q5wa6p3h55arp3gllizhuwa5d3nomudbkpzn46pgda.b32.i2p;
|
||||
|
||||
include common/libretranslate.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
server_name lt.vern.cc libretranslate.vern.cc;
|
||||
include snippets/headers.conf;
|
||||
include common/libretranslate.conf;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name lt.vern.cc libretranslate.vern.cc;
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
# This file was automatically installed on 2022-06-06T12:55:58.295391
|
||||
upstream modoboa {
|
||||
server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name mail.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccapspxuupmhjbsizhynlvqbs76ci447ez5uz27bazy3q5wq.b32.i2p;
|
||||
|
||||
# rewrite ^ https://$server_name$request_uri permanent;
|
||||
include common/mail.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name mail.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/mail.conf;
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream backend {
|
||||
server 127.0.0.1:3999 fail_timeout=0;
|
||||
}
|
||||
|
||||
upstream streaming {
|
||||
server 127.0.0.1:4000 fail_timeout=0;
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mastodon.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccxro6qjs2fmwp2as5eavlnz6uzsxqqnhk3skkhpszp73ubq.b32.i2p;
|
||||
|
||||
include common/mastodon.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name fedi.vern.cc mastodon.vern.cc;
|
||||
|
||||
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
|
||||
include common/mastodon.conf;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name bloat.vern.cc;
|
||||
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
location / {
|
||||
client_max_body_size 100m;
|
||||
proxy_pass http://localhost:5041/; # The / is important!
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
|
||||
}
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
# For the federation port
|
||||
listen 8448 ssl http2 default_server;
|
||||
listen [::]:8448 ssl http2 default_server;
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
server_name mtrx.vern.cc;
|
||||
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
# note: do not add a path (even a single /) after the port in `proxy_pass`,
|
||||
# otherwise nginx will canonicalise the URI and cause signature verification
|
||||
# errors.
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
# Nginx by default only allows file uploads up to 1M in size
|
||||
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
||||
client_max_body_size 1024M;
|
||||
}
|
||||
## well-known
|
||||
location /.well-known/matrix/support {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.server": "mtrx.vern.cc:443"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
add_header Access-Control-Allow-Origin '*' always;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://mtrx.vern.cc"}}';
|
||||
}
|
||||
|
||||
}
|
||||
server {
|
||||
server_name dim.vern.cc;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
root /var/www/matrix;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://localhost:8184;
|
||||
}
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
server_name mau.vern.cc;
|
||||
|
||||
location /_matrix/maubot/v1/logs {
|
||||
proxy_pass http://localhost:29316;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
location /_matrix/maubot {
|
||||
proxy_pass http://localhost:29316;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name mirror.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mirrors.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name verncc62kgfizkkwygmeouhmnu3wliz6bdrretmcpy6s5nsphmwa.b32.i2p;
|
||||
|
||||
include common/mirror.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
server_name mirror.vern.cc mirrors.vern.cc;
|
||||
|
||||
include common/mirror.conf;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name mirror.vern.cc mirrors.vern.cc;
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name mumble.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
location / {
|
||||
root /usr/lib/node_modules/mumble-web/dist;
|
||||
}
|
||||
location /vern {
|
||||
proxy_pass http://localhost:64737;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
upstream php-handler {
|
||||
server unix:/var/run/php/php7.4-fpm.sock;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default "immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name nc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion nextcloud.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/nextcloud.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name nc.vern.cc nextcloud.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/nextcloud.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name nc.vern.cc nextcloud.vern.cc;
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name nt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion nitter.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twitter.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccbxzdhyh2gqgmljbi4jgwuuqbd23gfi4ir2wwhkltf2yebq.b32.i2p;
|
||||
|
||||
include common/nitter.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
server_name nt.vern.cc nitter.vern.cc twitter.vern.cc;
|
||||
include common/nitter.conf;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name nt.vern.cc nitter.vern.cc twitter.vern.cc;
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name live.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion owncast.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion oc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name verncckvmp4lz2yrprjt22dsnjpfo7z3zefzxiz5gi2jvm3fusqq.b32.i2p;
|
||||
|
||||
include common/owncast.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
# listen 80 ;
|
||||
# listen [::]:80 ;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name live.vern.cc owncast.vern.cc oc.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/owncast.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name live.vern.cc owncast.vern.cc oc.vern.cc;
|
||||
}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
|
||||
# Please check your Nginx installation features the following modules via 'nginx -V':
|
||||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name pt.vern.cc;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
default_type "text/plain";
|
||||
root /var/www/certbot;
|
||||
}
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccc7oiixqimnolwtlmnn2legfwgrgjoseg54lsywv6ruwawq.b32.i2p;
|
||||
|
||||
include common/peertube.conf;
|
||||
}
|
||||
|
||||
upstream ptbackend {
|
||||
server 127.0.0.1:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name pt.vern.cc;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
include snippets/lets-encrypt.conf;
|
||||
location ^~ '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
# based on Mozilla Guideline v5.6
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||
ssl_session_timeout 1d; # defaults to 5m
|
||||
ssl_session_tickets off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
include common/peertube.conf;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name pb.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion privatebin.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name verncc4deius22jbrmjclinuoysckhwk2a5hrc7pwhsubzd5kkga.b32.i2p;
|
||||
|
||||
include common/privatebin.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name pb.vern.cc privatebin.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/privatebin.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name pb.vern.cc privatebin.vern.cc;
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name qr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion quora.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion quetre.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccfaprbhma4f4bxc3wbiuvxgmcpp6l77cflbyx6sqahgjyza.b32.i2p;
|
||||
|
||||
include common/quetre.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name qr.vern.cc quora.vern.cc quetre.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/quetre.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name qr.vern.cc quora.vern.cc quetre.vern.cc;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion imgur.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccofxbclvqveqvy3bty6k4ronb7oj7efn6c7y2blmm3zcfpq.b32.i2p;
|
||||
|
||||
include common/rimgo.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name rimgo.vern.cc imgur.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/rimgo.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name rimgo.vern.cc imgur.vern.cc;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccc5q77vdlpedz4sqzqgh2avkcb5lswmfs6ksndxrddz44sq.b32.i2p;
|
||||
|
||||
include common/riot.conf;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name riot.vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/riot.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name riot.vern.cc;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name scribe.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion medium.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccnnzgihftirfcjvmeviodlpt6flmc3q2naarfq7gjewppia.b32.i2p;
|
||||
|
||||
include common/scribe.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
server_name scribe.vern.cc medium.vern.cc;
|
||||
include common/scribe.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name scribe.vern.cc medium.vern.cc;
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name searx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion searxng.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion search.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion sx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/searxng.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc;
|
||||
include common/searxng.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name translate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion tl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion simplytranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
server_name vernccxplwvg6luzppkd7xbt45q4lnmcdjhdqkpwa2b5hu2mz5ya.b32.i2p;
|
||||
|
||||
include common/simplytranslate.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
server_name translate.vern.cc tl.vern.cc simplytranslate.vern.cc;
|
||||
include common/simplytranslate.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name translate.vern.cc tl.vern.cc simplytranslate.vern.cc;
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name ~^(?<user>[^.]+)\.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad\.onion;
|
||||
|
||||
error_log /var/log/nginx/vern.cc-error.log crit;
|
||||
|
||||
include snippets/user.vern.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name ~^(?<user>[^.]+)\.vern\.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
error_log /var/log/nginx/vern.cc-error.log crit;
|
||||
include snippets/user.vern.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name ~^(?<user>[^.]+)\.vern\.cc;
|
||||
}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion www.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
# replace vern.cc with onion
|
||||
subs_filter vern.cc vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
# these dont have onions
|
||||
subs_filter muc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion muc.vern.cc;
|
||||
subs_filter :vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion :vern.cc;
|
||||
subs_filter minetest.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion minetest.vern.cc:
|
||||
subs_filter pad.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pad.vern.cc:
|
||||
subs_filter status.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion status.vern.cc;
|
||||
subs_filter jitsi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion jitsi.vern.cc;
|
||||
subs_filter mumble.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mumble.vern.cc;
|
||||
subs_filter mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mtrx.vern.cc;
|
||||
subs_filter ssh://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion ssh://vern.cc;
|
||||
subs_filter vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion:6697 vern.cc:6697;
|
||||
subs_filter @vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion @vern.cc;
|
||||
|
||||
include common/website.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p;
|
||||
|
||||
# replace vern.cc with i2p
|
||||
# subs_filter git.vern.cc vernccz7eh2z3adn74wbnyv62xsjqnifc62kdmfnqhbsg4i2gy4q.b32.i2p;
|
||||
# subs_filter inv.vern.cc vernccdzixves4eekynqgfhb7fjbldgtocepf7cq3c3327ttb7zq.b32.i2p;
|
||||
# subs_filter lbry.vern.cc verncca2sx2o6g6cxxfjjvllak454aaanqjs42ofa6m4bil6hbva.b32.i2p;
|
||||
# subs_filter lr.vern.cc vernccglp4wuobxu7ndh2dbpnczjhjnggh3hmuf2t32qd3lac5oa.b32.i2p;
|
||||
# subs_filter lt.vern.cc vernccoqc6q5wa6p3h55arp3gllizhuwa5d3nomudbkpzn46pgda.b32.i2p;
|
||||
# subs_filter mail.vern.cc vernccapspxuupmhjbsizhynlvqbs76ci447ez5uz27bazy3q5wq.b32.i2p;
|
||||
# subs_filter fedi.vern.cc vernccxro6qjs2fmwp2as5eavlnz6uzsxqqnhk3skkhpszp73ubq.b32.i2p;
|
||||
# subs_filter mirror.vern.cc verncc62kgfizkkwygmeouhmnu3wliz6bdrretmcpy6s5nsphmwa.b32.i2p;
|
||||
# subs_filter nt.vern.cc vernccbxzdhyh2gqgmljbi4jgwuuqbd23gfi4ir2wwhkltf2yebq.b32.i2p;
|
||||
# subs_filter live.vern.cc verncckvmp4lz2yrprjt22dsnjpfo7z3zefzxiz5gi2jvm3fusqq.b32.i2p;
|
||||
# subs_filter pt.vern.cc vernccc7oiixqimnolwtlmnn2legfwgrgjoseg54lsywv6ruwawq.b32.i2p;
|
||||
# subs_filter pb.vern.cc verncc4deius22jbrmjclinuoysckhwk2a5hrc7pwhsubzd5kkga.b32.i2p;
|
||||
# subs_filter quora.vern.cc vernccfaprbhma4f4bxc3wbiuvxgmcpp6l77cflbyx6sqahgjyza.b32.i2p;
|
||||
# subs_filter rimgo.vern.cc vernccofxbclvqveqvy3bty6k4ronb7oj7efn6c7y2blmm3zcfpq.b32.i2p;
|
||||
# subs_filter riot.vern.cc vernccc5q77vdlpedz4sqzqgh2avkcb5lswmfs6ksndxrddz44sq.b32.i2p;
|
||||
# subs_filter scribe.vern.cc vernccnnzgihftirfcjvmeviodlpt6flmc3q2naarfq7gjewppia.b32.i2p;
|
||||
# subs_filter tl.vern.cc vernccxplwvg6luzppkd7xbt45q4lnmcdjhdqkpwa2b5hu2mz5ya.b32.i2p;
|
||||
# subs_filter whoogle.vern.cc vernccaja5okin5qjhttko3jmmerosckpnafk3t7hazojd4dbkza.b32.i2p;
|
||||
|
||||
include common/website.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name www.vern.cc vern.cc;
|
||||
include snippets/lets-encrypt.conf;
|
||||
include snippets/headers.conf;
|
||||
include common/website.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name www.vern.cc vern.cc;
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name whoogle.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/whoogle.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name whoogle.vern.cc;
|
||||
include common/whoogle.conf;
|
||||
include snippets/lets-encrypt.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
server_name whoogle.vern.cc;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/autoconfig.vern.cc.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/cryptpad.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/gitea.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/invidious.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/jitsi.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/librarian.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/libreddit.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/libretranslate.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/mail.vern.cc.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/mastodon.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/matrix.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/maubot.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/mirror.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/mumble.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/nitter.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/owncast.conf
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue