vern
/
nginx-configs
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Evrything is fine

This commit is contained in:
root 2022-07-25 06:55:46 -04:00
parent 717ee6483e
commit c3897be2af
117 changed files with 2896 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.bak

4
README.md
View File

@ -1,3 +1,3 @@
# nginx-configs
# ~vern nginx configurations
~vern nginx configurations
The configurations used by ~vern's nginx server. This is basically just a clone of the /etc/nginx directory.

11
common/gitea.conf Normal file
View File

@ -0,0 +1,11 @@
add_header Onion-Location http://git.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
client_max_body_size 100m;
proxy_pass http://localhost:3000/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
}

13
common/invidious.conf Normal file
View File

@ -0,0 +1,13 @@
add_header Onion-Location http://inv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
access_log off;
error_log /var/log/nginx/error.log crit;
location / {
proxy_pass http://10.7.0.1:2500/;
# proxy_pass http://127.0.0.1:2500/; # in case we cant host it on vps anymore
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}

12
common/librarian.conf Normal file
View File

@ -0,0 +1,12 @@
add_header Onion-Location http://lbry.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
access_log off;
error_log /var/log/nginx/error.log crit;
location / {
proxy_pass http://127.0.0.1:3001/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}

9
common/libreddit.conf Normal file
View File

@ -0,0 +1,9 @@
add_header Onion-Location http://lr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:2501/; # The / is important!
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}

8
common/libretranslate.conf Normal file
View File

@ -0,0 +1,8 @@
add_header Onion-Location http://lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:5001/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}

49
common/mail.conf Normal file
View File

@ -0,0 +1,49 @@
add_header Onion-Location http://mail.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /srv/modoboa/instance;
client_max_body_size 10M;
access_log /var/log/nginx/mail.vern.cc-access.log;
error_log /var/log/nginx/mail.vern.cc-error.log;
location /sitestatic/ {
try_files $uri $uri/ =404;
}
location /media/ {
try_files $uri $uri/ =404;
}
location ^~ /new-admin {
alias /srv/modoboa/instance/frontend/;
index index.html;
expires -1;
add_header Pragma "no-cache";
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
try_files $uri $uri/ /index.html = 404;
}
location / {
include uwsgi_params;
uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
uwsgi_pass modoboa;
}
location ~* ^/autodiscover/autodiscover.xml {
include uwsgi_params;
uwsgi_pass automx;
}
location /mobileconfig {
include uwsgi_params;
uwsgi_pass automx;
}
location /radicale/ {
proxy_pass http://localhost:5232/; # The / is important!
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Authorization;
}

51
common/mastodon.conf Normal file
View File

@ -0,0 +1,51 @@
add_header Onion-Location http://fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /home/mastodon/live/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
#add_header Strict-Transport-Security "max-age=31536000" always;
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
}

9
common/mirror.conf Normal file
View File

@ -0,0 +1,9 @@
add_header Onion-Location http://mirror.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/mirror/mirror;
ssi on;
location / {
add_before_body /nav.html;
autoindex on;
autoindex_exact_size off;
}

144
common/nextcloud.conf Normal file
View File

@ -0,0 +1,144 @@
add_header Onion-Location http://nc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
# Path to the root of your installation
root /var/www/nextcloud;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size and increase upload timeout:
client_max_body_size 1024M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}

9
common/nitter.conf Normal file
View File

@ -0,0 +1,9 @@
add_header Onion-Location http://nt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:5744/; # The / is important!
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}

14
common/owncast.conf Normal file
View File

@ -0,0 +1,14 @@
add_header Onion-Location http://live.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/www/owncast;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:5394;
}

52
common/peertube.conf Normal file
View File

@ -0,0 +1,52 @@
add_header Onion-Location http://pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
##
# Application
##
access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
error_log /var/log/nginx/peertube.error.log;
location @api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://ptbackend;
}
location / {
try_files /dev/null @api;
}
location = /api/v1/videos/upload-resumable {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
}
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
limit_except POST HEAD { deny all; }
# This is the maximum upload size, which roughly matches the maximum size of a video file.
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
}

15
common/privatebin.conf Normal file
View File

@ -0,0 +1,15 @@
add_header Onion-Location http://pb.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/www/privatebin;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

9
common/quetre.conf Normal file
View File

@ -0,0 +1,9 @@
add_header Onion-Location http://quora.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:2498/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

12
common/rimgo.conf Normal file
View File

@ -0,0 +1,12 @@
add_header Onion-Location http://rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
access_log off;
error_log /var/log/nginx/error.log crit;
location / {
proxy_pass http://127.0.0.1:3506/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}

22
common/riot.conf Normal file
View File

@ -0,0 +1,22 @@
add_header Onion-Location http://riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/www/matrix;
index index.html;
ssi on;
location / {
try_files $uri $uri/ =404;
}
location = /index.html {
add_header Cache-Control "no-cache";
}
location = /version {
add_header Cache-Control "no-cache";
}
# covers config.json and config.hostname.json requests as it is prefix.
location /config {
add_header Cache-Control "no-cache";
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;

10
common/scribe.conf Normal file
View File

@ -0,0 +1,10 @@
add_header Onion-Location http://scribe.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://127.0.0.1:5467/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
}

11
common/searxng.conf Normal file
View File

@ -0,0 +1,11 @@
add_header Onion-Location http://searx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:8090/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
}

8
common/simplytranslate.conf Normal file
View File

@ -0,0 +1,8 @@
add_header Onion-Location http://tl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
location / {
proxy_pass http://localhost:2502/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}

3
common/speedtest.conf Normal file
View File

@ -0,0 +1,3 @@
add_header Onion-Location http://ls.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/www/speedtest;
ssi on;

52
common/website.conf Normal file
View File

@ -0,0 +1,52 @@
add_header Onion-Location http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
root /var/www/website;
index index.html;
ssi on;
location / {
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;
try_files $uri $uri/index.html $uri.html $uri/ @extensionless-php;
error_page 403 /errors/403;
error_page 404 /errors/404;
error_page 503 /errors/503;
}
location /errors/.* {
internal;
}
location ~ \.php$ {
try_files $uri =404;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
location @extensionless-php {
rewrite ^(.*)$ $1.php last;
}
location /.well-known/matrix/server {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server": "mtrx.vern.cc:443"}';
}
location /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://mtrx.vern.cc"}, "m.identity_server": { "base_url": "https://vector.im" }}';
}
location /media/ {
autoindex on;
}
## users
location ~ ^/(~|u/)(?<user>[\w-]+)(?<user_uri>/.*)?$ {
return 301 $scheme://$user.vern.cc;
}

12
common/whoogle.conf Normal file
View File

@ -0,0 +1,12 @@
add_header Onion-Location http://whoogle.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
access_log off;
error_log /var/log/nginx/error.log crit;
location / {
proxy_pass http://127.0.0.1:6942/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Whoogle knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}

11
default.apps-available/morty.conf Normal file
View File

@ -0,0 +1,11 @@
# https://example.org/morty
location /morty {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
}

16
default.apps-available/searxng.conf Normal file
View File

@ -0,0 +1,16 @@
# https://example.org/searx
location /searx {
proxy_pass http://127.0.0.1:4004/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /;
}
location /searx/static/ {
alias /usr/local/searx/searx-src/searx/static/;
}

1
default.d/morty.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/default.apps-available/morty.conf

1
default.d/searxng.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/default.apps-available/searxng.conf

13
dhparam.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAuS47EwdD9aegi3le7HT6v6a6TiYAe8l2G0AQTdxNqAqAJF/bM9Qy
q6ZHpvI3hZZ5fLJ2yf7lrCxKKCxHsSSUoKc7+DMHrUZsmXyMHnCK/oGerNicR5MN
pU0d+X4Rub+CgSARazispPDqjdBNLavhEMDIvoDJm2frjq3h0qgdWKI6HKwGzWG6
DwgSgUhN04xqF1HXpolwv+u9svdj/B9CcAyzEupdAJ5q5ehjKZaV4tid0zAlG8/2
ecA4XR8VlaYzXKDraQbfZuolOOCwpX47NsG4JwTEYVmE+V5jVa1BgOGxyhxEq9Kr
svIj6WF6wgtMmgMMIdK9RaWSie65hoxtvRCDwxr6HpocO1P5oaIpdNdgKbupEumi
ywDLz5wKCtcJ+JQfPX9LpXS/uiDutZxkFuMzHhq0Rkv2r6eRlc9UL9hJLS9iKp1y
3pzbAY7EUDbOrqLzIjKV6CHSMvCeUCQq5A23mTATK5bQt8d3QDzX/xGFEU4omm47
xnBql1FX+MX3XGfonBsY6CxML9HLqZXPJZViazdHLj4HOJ4ZTQRazyxsqnizotkA
+Ttqo9w748X2P08jfxFbhkm+4gH8yHWoGfPw7nL/5E3jXVGNaRl5J196RFK5b9el
CeUu/rLig70EWJaLQ692qu/bG7VV87t/z1or83LLpEQTQmWGtz28NvsCAQI=
-----END DH PARAMETERS-----

26
fastcgi.conf Normal file
View File

@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
fastcgi_params Normal file
View File

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

332
include.d/generic_worker.conf Normal file
View File

@ -0,0 +1,332 @@
# Generic Worker
#
# note:
# http://localhost:8083 -> matrix-synchrotron-balancer
# generic_worker_lc -> upstream_proxy (least_conn)
# generic_worker_ih -> upstream_proxy (ip_hash)
#
## Sync requests
location ~ ^/_matrix/client/(r0|v3)/sync$ {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8083;
}
location ~ ^/_matrix/client/(api/v1|r0|v3)/events$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8083;
}
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8083;
}
## Federation requests
location ~ ^/_matrix/federation/v1/event/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/state/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/state_ids/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/backfill/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/get_missing_events/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/publicRooms {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/query/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/make_join/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/make_leave/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/(v1|v2)/send_join/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/(v1|v2)/send_leave/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/(v1|v2)/invite/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/event_auth/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/exchange_third_party_invite/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/user/devices/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/v1/get_groups_publicised$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/key/v2/query {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
## Inbound federation transaction request
location ~ ^/_matrix/federation/v1/send/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_ih;
}
## Client API requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/devices$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/versions$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/joined_groups$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/publicised_groups/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
## Encryption requests
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/query$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/room_keys/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
## Registration/login requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/register$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/v1/register/m.login.registration_token/validity$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
# STREAM WRITERS
## Event sending requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
include include.d/synapse-proxy.conf;
proxy_pass http://generic_worker_lc;
}
## Typing
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
## Device requests
location ~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
## Account data requests
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/tags {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
## Receipts requests
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
location ~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers {
include include.d/synapse-proxy.conf;
proxy_pass http://additional;
}
## Presence requests
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ {
include include.d/synapse-proxy.conf;
proxy_pass http://presence;
}

21
include.d/synapse-admin.conf Normal file
View File

@ -0,0 +1,21 @@
location ~ ^/_synapse/admin/v1/users/@(mjolnir|root):vern.cc/admin$ {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8008;
}
location ~ ^/_synapse/admin/v1/whois/@(mjolnir|root):vern.cc$ {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8008;
}
location ~ ^/_synapse/admin/v1/deactivate {
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8008;
}
location ~ ^/_synapse/admin {
allow 127.0.0.1;
deny all;
include include.d/synapse-proxy.conf;
proxy_pass http://localhost:8008;
}

15
include.d/synapse-proxy.conf Normal file
View File

@ -0,0 +1,15 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
port_in_redirect off;
proxy_redirect off;
proxy_connect_timeout 3600;
proxy_read_timeout 3600;
proxy_send_timeout 3600;
proxy_buffering off;
proxy_buffers 8 16k;
proxy_buffer_size 32k;

26
include.d/upstream_workers.conf Normal file
View File

@ -0,0 +1,26 @@
upstream generic_worker_ih {
ip_hash;
server localhost:8510;
server localhost:8511;
server localhost:8512;
server localhost:8513;
}
upstream generic_worker_lc {
least_conn;
server localhost:8510;
server localhost:8511;
server localhost:8512;
server localhost:8513;
}
upstream additional {
least_conn;
server localhost:8514;
}
upstream presence {
least_conn;
server localhost:8516;
}

109
koi-utf Normal file
View File

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
koi-win Normal file
View File

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
mime.types Normal file
View File

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

1
modules-enabled/50-mod-http-auth-pam.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-auth-pam.conf

1
modules-enabled/50-mod-http-dav-ext.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-dav-ext.conf

1
modules-enabled/50-mod-http-echo.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-echo.conf

1
modules-enabled/50-mod-http-geoip.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip.conf

1
modules-enabled/50-mod-http-geoip2.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip2.conf

1
modules-enabled/50-mod-http-image-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-image-filter.conf

1
modules-enabled/50-mod-http-subs-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-subs-filter.conf

1
modules-enabled/50-mod-http-upstream-fair.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf

1
modules-enabled/50-mod-http-xslt-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf

1
modules-enabled/50-mod-mail.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-mail.conf

1
modules-enabled/50-mod-stream.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream.conf

1
modules-enabled/70-mod-stream-geoip.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip.conf

1
modules-enabled/70-mod-stream-geoip2.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip2.conf

82
nginx.conf Normal file
View File

@ -0,0 +1,82 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 128;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

4
proxy_params Normal file
View File

@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

17
scgi_params Normal file
View File

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

30
sites-available/aryak.ml.conf Normal file
View File

@ -0,0 +1,30 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
server_name matrix.aryak.ml;
merge_slashes off;
location /_matrix/ {
proxy_pass http://10.7.0.4:6167$request_uri;
proxy_set_header Host $http_host;
proxy_buffering off;
}
ssl_certificate /etc/letsencrypt/live/matrix.aryak.ml/fullchain.pem; # EDIT THIS
ssl_certificate_key /etc/letsencrypt/live/matrix.aryak.ml/privkey.pem; # EDIT THIS
location /.well-known/matrix/server {
add_header Access-Control-Allow-Origin '*' always;
add_header Content-Type application/json;
return 200 '{"m.server": "matrix.aryak.ml:443"}';
}
location /.well-known/matrix/client {
add_header Access-Control-Allow-Origin '*' always;
add_header Content-Type application/json;
return 200 '{"m.homeserver": {"base_url": "https://matrix.aryak.ml"}}';
}
}

19
sites-available/autoconfig.vern.cc.conf Normal file
View File

@ -0,0 +1,19 @@
# This file was automatically installed on 2022-06-06T12:55:58.280671
upstream automx {
server unix:/run/uwsgi/app/automx_instance/socket fail_timeout=0;
}
server {
listen 80;
listen [::]:80;
server_name autoconfig.vern.cc;
root /srv/automx/instance;
access_log /var/log/nginx/autoconfig.vern.cc-access.log;
error_log /var/log/nginx/autoconfig.vern.cc-error.log;
location /mail/config-v1.1.xml {
include uwsgi_params;
uwsgi_pass automx;
}
}

240
sites-available/cryptpad.conf Normal file
View File

@ -0,0 +1,240 @@
# This file is included strictly as an example of how Nginx can be configured
# to work with CryptPad. This example WILL NOT WORK AS IS. For best results,
# compare the sections of this configuration file against a working CryptPad
# installation (http server by the Nodejs process). If you are using CryptPad
# in production and require professional support please contact sales@cryptpad.fr
server {
listen 443 ssl http2;
# CryptPad serves static assets over these two domains.
# `main_domain` is what users will enter in their address bar.
# Privileged computation such as key management is handled in this scope
# UI content is loaded via the `sandbox_domain`.
# "Content Security Policy" headers prevent content loaded via the sandbox
# from accessing privileged information.
# These variables must be different to take advantage of CryptPad's sandboxing techniques.
# In the event of an XSS vulnerability in CryptPad's front-end code
# this will limit the amount of information accessible to attackers.
set $main_domain "pad.vern.cc";
set $sandbox_domain "crypt-sandbox.vern.cc";
# By default CryptPad allows remote domains to embed CryptPad documents in iframes.
# This behaviour can be blocked by changing $allowed_origins from "*" to the
# sandbox domain, which must be permitted to load content from the main domain
# in order for CryptPad to work as expected.
#
# An example is given below which can be uncommented if you want to block
# remote sites from including content from your server
set $allowed_origins "*";
# set $allowed_origins "https://${sandbox_domain}";
# CryptPad's dynamic content (websocket traffic and encrypted blobs)
# can be served over separate domains. Using dedicated domains (or subdomains)
# for these purposes allows you to move them to a separate machine at a later date
# if you find that a single machine cannot handle all of your users.
# If you don't use dedicated domains, this can be the same as $main_domain
# If you do, they can be added as exceptions to any rules which block connections to remote domains.
# You can find these variables referenced below in the relevant places
set $api_domain "pad.vern.cc";
set $files_domain "pad.vern.cc";
# nginx doesn't let you set server_name via variables, so you need to hardcode your domains here
server_name pad.vern.cc crypt-sandbox.vern.cc;
# You'll need to Set the path to your certificates and keys here
# IMPORTANT: this config is intended to serve assets for at least two domains
# (your main domain and your sandbox domain). As such, you'll need to generate a single SSL certificate
# that includes both domains in order for things to work as expected.
include snippets/lets-encrypt.conf;
# Speeds things up a little bit when resuming a session
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# You'll need nginx 1.13.0 or better to support TLSv1.3
ssl_protocols TLSv1.2 TLSv1.3;
# https://cipherli.st/
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Access-Control-Allow-Origin "${allowed_origins}";
# add_header X-Frame-Options "SAMEORIGIN";
# Opt out of Google's FLoC Network
add_header Permissions-Policy interest-cohort=();
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
add_header Cross-Origin-Resource-Policy cross-origin;
add_header Cross-Origin-Embedder-Policy require-corp;
# Insert the path to your CryptPad repository root here
root /home/cryptpad/cryptpad;
index index.html;
error_page 404 /customize.dist/404.html;
# any static assets loaded with "ver=" in their URL will be cached for a year
if ($args ~ ver=) {
set $cacheControl max-age=31536000;
}
if ($uri ~ ^/.*(\/|\.html)$) {
set $cacheControl no-cache;
}
# Will not set any header if it is emptystring
add_header Cache-Control $cacheControl;
# CSS can be dynamically set inline, loaded from the same domain, or from $main_domain
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
# connect-src restricts URLs which can be loaded using script interfaces
# if you have configured your instance to use a dedicated $files_domain or $api_domain
# you will need to add them below as: https://${files_domain} and https://${api_domain}
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
# fonts can be loaded from data-URLs or the main domain
set $fontSrc "'self' data: https://${main_domain}";
# images can be loaded from anywhere, though we'd like to deprecate this as it allows the use of images for tracking
set $imgSrc "'self' data: blob: https://${main_domain}";
# frame-src specifies valid sources for nested browsing contexts.
# this prevents loading any iframes from anywhere other than the sandbox domain
set $frameSrc "'self' https://${sandbox_domain} blob:";
# specifies valid sources for loading media using video or audio
set $mediaSrc "blob:";
# defines valid sources for webworkers and nested browser contexts
# deprecated in favour of worker-src and frame-src
set $childSrc "https://${main_domain}";
# specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.
# supercedes child-src but is unfortunately not yet universally supported.
set $workerSrc "'self'";
# script-src specifies valid sources for javascript, including inline handlers
set $scriptSrc "'self' resource: https://${main_domain}";
# frame-ancestors specifies which origins can embed your CryptPad instance
# this must include 'self' and your main domain (over HTTPS) in order for CryptPad to work
# if you have enabled remote embedding via the admin panel then this must be more permissive.
# note: cryptpad.fr permits web pages served via https: and vector: (element desktop app)
#set $frameAncestors "'self' https://${main_domain}";
set $frameAncestors "'self' https: vector:";
set $unsafe 0;
# the following assets are loaded via the sandbox domain
# they unfortunately still require exceptions to the sandboxing to work correctly.
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
# everything except the sandbox domain is a privileged scope, as they might be used to handle keys
if ($host != $sandbox_domain) { set $unsafe 0; }
# this iframe is an exception. Office file formats are converted outside of the sandboxed scope
# because of bugs in Chromium-based browsers that incorrectly ignore headers that are supposed to enable
# the use of some modern APIs that we require when javascript is run in a cross-origin context.
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
}
# Finally, set all the rules you composed above.
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
# The nodejs process can handle all traffic whether accessed over websocket or as static assets
# We prefer to serve static content from nginx directly and to leave the API server to handle
# the dynamic content that only it can manage. This is primarily an optimization
location ^~ /cryptpad_websocket {
proxy_pass http://localhost:3475;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
location ^~ /customize.dist/ {
# This is needed in order to prevent infinite recursion between /customize/ and the root
}
# try to load customizeable content via /customize/ and fall back to the default content
# located at /customize.dist/
# This is what allows you to override behaviour.
location ^~ /customize/ {
rewrite ^/customize/(.*)$ $1 break;
try_files /customize/$uri /customize.dist/$uri;
}
# /api/config is loaded once per page load and is used to retrieve
# the caching variable which is applied to every other resource
# which is loaded during that session.
location ~ ^/api/.*$ {
proxy_pass http://localhost:3475;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# These settings prevent both NGINX and the API server
# from setting the same headers and creating duplicates
proxy_hide_header Cross-Origin-Resource-Policy;
add_header Cross-Origin-Resource-Policy cross-origin;
proxy_hide_header Cross-Origin-Embedder-Policy;
add_header Cross-Origin-Embedder-Policy require-corp;
}
# encrypted blobs are immutable and are thus cached for a year
location ^~ /blob/ {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'application/octet-stream; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header X-Content-Type-Options nosniff;
add_header Cache-Control max-age=31536000;
add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
try_files $uri =404;
}
# the "block-store" serves encrypted payloads containing users' drive keys
# these payloads are unlocked via login credentials. They are mutable
# and are thus never cached. They're small enough that it doesn't matter, in any case.
location ^~ /block/ {
add_header X-Content-Type-Options nosniff;
add_header Cache-Control max-age=0;
try_files $uri =404;
}
# This block provides an alternative means of loading content
# otherwise only served via websocket. This is solely for debugging purposes,
# and is thus not allowed by default.
#location ^~ /datastore/ {
#add_header Cache-Control max-age=0;
#try_files $uri =404;
#}
# The nodejs server has some built-in forwarding rules to prevent
# URLs like /pad from resulting in a 404. This simply adds a trailing slash
# to a variety of applications.
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
rewrite ^(.*)$ $1/ redirect;
}
# Finally, serve anything the above exceptions don't govern.
try_files /www/$uri /www/$uri/index.html /customize/$uri;
}

24
sites-available/gitea.conf Normal file
View File

@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name git.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccz7eh2z3adn74wbnyv62xsjqnifc62kdmfnqhbsg4i2gy4q.b32.i2p;
include common/gitea.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/gitea.conf;
}
server {
listen 80;
listen [::]:80;
server_name git.vern.cc;
return 301 https://$host$request_uri;
}

27
sites-available/invidious.conf Normal file
View File

@ -0,0 +1,27 @@
server {
listen 80;
listen [::]:80;
server_name inv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion invidious.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion yt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccdzixves4eekynqgfhb7fjbldgtocepf7cq3c3327ttb7zq.b32.i2p;
include common/invidious.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name inv.vern.cc invidious.vern.cc yt.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/invidious.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name inv.vern.cc invidious.vern.cc yt.vern.cc;
}

147
sites-available/jitsi.conf Normal file
View File

@ -0,0 +1,147 @@
#server_names_hash_bucket_size 64;
types {
# nginx's default mime.types doesn't include a mapping for wasm
application/wasm wasm;
}
upstream prosody {
zone upstreams 64K;
server 127.0.0.1:5280;
keepalive 2;
}
upstream jvb1 {
zone upstreams 64K;
server 127.0.0.1:9090;
keepalive 2;
}
server {
listen 80;
listen [::]:80;
server_name jitsi.vern.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi.vern.cc;
add_header Strict-Transport-Security "max-age=63072000" always;
set $prefix "";
include snippets/lets-encrypt.conf;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
gzip_vary on;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 512;
location = /config.js {
alias /etc/jitsi/meet/jitsi.vern.cc-config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_pass http://prosody/http-bind?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header Connection "";
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://prosody/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
# load test minimal client, uncomment when used
#location ~ ^/_load-test/([^/?&:'"]+)$ {
# rewrite ^/_load-test/(.*)$ /load-test/index.html break;
#}
#location ~ ^/_load-test/libs/(.*)$ {
# add_header 'Access-Control-Allow-Origin' '*';
# alias /usr/share/jitsi-meet/load-test/libs/$1;
#}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/jitsi.vern.cc-config.js;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
}

18
sites-available/ldap.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
server_name ldapadmin.vern.cc;
include snippets/lets-encrypt.conf;
# document root
root /usr/share/phpldapadmin/htdocs;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}

25
sites-available/librarian.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name lbry.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion librarian.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name verncca2sx2o6g6cxxfjjvllak454aaanqjs42ofa6m4bil6hbva.b32.i2p;
include common/librarian.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lbry.vern.cc librarian.vern.cc;
include common/librarian.conf;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name lbry.vern.cc librarian.vern.cc;
}

25
sites-available/libreddit.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name lr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libreddit.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion reddit.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccglp4wuobxu7ndh2dbpnczjhjnggh3hmuf2t32qd3lac5oa.b32.i2p;
include common/libreddit.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
server_name lr.vern.cc reddit.vern.cc libreddit.vern.cc;
include snippets/headers.conf;
include common/libreddit.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name libreddit.vern.cc lr.vern.cc reddit.vern.cc;
}

24
sites-available/libretranslate.conf Normal file
View File

@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libretranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccoqc6q5wa6p3h55arp3gllizhuwa5d3nomudbkpzn46pgda.b32.i2p;
include common/libretranslate.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
server_name lt.vern.cc libretranslate.vern.cc;
include snippets/headers.conf;
include common/libretranslate.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name lt.vern.cc libretranslate.vern.cc;
}

24
sites-available/mail.vern.cc.conf Normal file
View File

@ -0,0 +1,24 @@
# This file was automatically installed on 2022-06-06T12:55:58.295391
upstream modoboa {
server unix:/run/uwsgi/app/modoboa_instance/socket fail_timeout=0;
}
server {
listen 80;
listen [::]:80;
server_name mail.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccapspxuupmhjbsizhynlvqbs76ci447ez5uz27bazy3q5wq.b32.i2p;
# rewrite ^ https://$server_name$request_uri permanent;
include common/mail.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mail.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/mail.conf;
}

52
sites-available/mastodon.conf Normal file
View File

@ -0,0 +1,52 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream backend {
server 127.0.0.1:3999 fail_timeout=0;
}
upstream streaming {
server 127.0.0.1:4000 fail_timeout=0;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
server {
listen 80;
listen [::]:80;
server_name fedi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mastodon.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccxro6qjs2fmwp2as5eavlnz6uzsxqqnhk3skkhpszp73ubq.b32.i2p;
include common/mastodon.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name fedi.vern.cc mastodon.vern.cc;
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/mastodon.conf;
}
server {
listen 443 ssl http2;
server_name bloat.vern.cc;
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
include snippets/lets-encrypt.conf;
location / {
client_max_body_size 100m;
proxy_pass http://localhost:5041/; # The / is important!
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
}
}

59
sites-available/matrix.conf Normal file
View File

@ -0,0 +1,59 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
include snippets/lets-encrypt.conf;
server_name mtrx.vern.cc;
location ~ ^(/_matrix|/_synapse/client) {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 1024M;
}
## well-known
location /.well-known/matrix/support {
add_header Access-Control-Allow-Origin '*' always;
add_header Content-Type application/json;
return 200 '{"admins": [{"matrix_id": "@root:vern.cc", "email_address": "tildemaster@vern.cc", "role": "admin"}], "support_page": "https://matrix.to/#/#vern:vern.cc"}';
}
location /.well-known/matrix/server {
add_header Access-Control-Allow-Origin '*' always;
add_header Content-Type application/json;
return 200 '{"m.server": "mtrx.vern.cc:443"}';
}
location /.well-known/matrix/client {
add_header Access-Control-Allow-Origin '*' always;
add_header Content-Type application/json;
return 200 '{"m.homeserver": {"base_url": "https://mtrx.vern.cc"}}';
}
}
server {
server_name dim.vern.cc;
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/matrix;
index index.html;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8184;
}
include snippets/lets-encrypt.conf;
}

20
sites-available/maubot.conf Normal file
View File

@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
server_name mau.vern.cc;
location /_matrix/maubot/v1/logs {
proxy_pass http://localhost:29316;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix/maubot {
proxy_pass http://localhost:29316;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

25
sites-available/mirror.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name mirror.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mirrors.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name verncc62kgfizkkwygmeouhmnu3wliz6bdrretmcpy6s5nsphmwa.b32.i2p;
include common/mirror.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
server_name mirror.vern.cc mirrors.vern.cc;
include common/mirror.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name mirror.vern.cc mirrors.vern.cc;
}

18
sites-available/mumble.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mumble.vern.cc;
include snippets/lets-encrypt.conf;
location / {
root /usr/lib/node_modules/mumble-web/dist;
}
location /vern {
proxy_pass http://localhost:64737;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}

31
sites-available/nextcloud.conf Normal file
View File

@ -0,0 +1,31 @@
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
server_name nc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion nextcloud.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
include common/nextcloud.conf;
}
server {
listen 443 ssl http2;
server_name nc.vern.cc nextcloud.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/nextcloud.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name nc.vern.cc nextcloud.vern.cc;
}

24
sites-available/nitter.conf Normal file
View File

@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name nt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion nitter.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twitter.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccbxzdhyh2gqgmljbi4jgwuuqbd23gfi4ir2wwhkltf2yebq.b32.i2p;
include common/nitter.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
server_name nt.vern.cc nitter.vern.cc twitter.vern.cc;
include common/nitter.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name nt.vern.cc nitter.vern.cc twitter.vern.cc;
}

28
sites-available/owncast.conf Normal file
View File

@ -0,0 +1,28 @@
server {
listen 80;
listen [::]:80;
server_name live.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion owncast.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion oc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name verncckvmp4lz2yrprjt22dsnjpfo7z3zefzxiz5gi2jvm3fusqq.b32.i2p;
include common/owncast.conf;
}
server {
# listen 80 ;
# listen [::]:80 ;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name live.vern.cc owncast.vern.cc oc.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/owncast.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name live.vern.cc owncast.vern.cc oc.vern.cc;
}

62
sites-available/peertube.conf Normal file
View File

@ -0,0 +1,62 @@
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
# Please check your Nginx installation features the following modules via 'nginx -V':
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
# THIRD PARTY MODULES: None.
server {
listen 80;
listen [::]:80;
server_name pt.vern.cc;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/certbot;
}
location / { return 301 https://$host$request_uri; }
}
server {
listen 80;
listen [::]:80;
server_name pt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccc7oiixqimnolwtlmnn2legfwgrgjoseg54lsywv6ruwawq.b32.i2p;
include common/peertube.conf;
}
upstream ptbackend {
server 127.0.0.1:9000;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pt.vern.cc;
##
# Certificates
# you need a certificate to run in production. see https://letsencrypt.org/
##
include snippets/lets-encrypt.conf;
location ^~ '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/certbot;
}
##
# Security hardening (as of Nov 15, 2020)
# based on Mozilla Guideline v5.6
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
ssl_session_timeout 1d; # defaults to 5m
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
include common/peertube.conf;
}

25
sites-available/privatebin.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name pb.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion privatebin.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name verncc4deius22jbrmjclinuoysckhwk2a5hrc7pwhsubzd5kkga.b32.i2p;
include common/privatebin.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pb.vern.cc privatebin.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/privatebin.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name pb.vern.cc privatebin.vern.cc;
}

25
sites-available/quetre.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name qr.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion quora.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion quetre.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccfaprbhma4f4bxc3wbiuvxgmcpp6l77cflbyx6sqahgjyza.b32.i2p;
include common/quetre.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name qr.vern.cc quora.vern.cc quetre.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/quetre.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name qr.vern.cc quora.vern.cc quetre.vern.cc;
}

25
sites-available/rimgo.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name rimgo.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion imgur.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccofxbclvqveqvy3bty6k4ronb7oj7efn6c7y2blmm3zcfpq.b32.i2p;
include common/rimgo.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rimgo.vern.cc imgur.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/rimgo.conf;
}
server {
listen 80;
server_name rimgo.vern.cc imgur.vern.cc;
listen [::]:80;
return 301 https://$host$request_uri;
}

26
sites-available/riot.conf Normal file
View File

@ -0,0 +1,26 @@
server {
listen 80;
listen [::]:80;
server_name riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccc5q77vdlpedz4sqzqgh2avkcb5lswmfs6ksndxrddz44sq.b32.i2p;
include common/riot.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name riot.vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/riot.conf;
}
server {
listen 80;
listen [::]:80;
server_name riot.vern.cc;
return 301 https://$host$request_uri;
}

25
sites-available/scribe.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name scribe.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion medium.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccnnzgihftirfcjvmeviodlpt6flmc3q2naarfq7gjewppia.b32.i2p;
include common/scribe.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
server_name scribe.vern.cc medium.vern.cc;
include common/scribe.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name scribe.vern.cc medium.vern.cc;
}

24
sites-available/searxng.conf Normal file
View File

@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name searx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion searxng.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion search.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion sx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
include common/searxng.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc;
include common/searxng.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name searx.vern.cc searxng.vern.cc search.vern.cc sx.vern.cc;
}

25
sites-available/simplytranslate.conf Normal file
View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name translate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion tl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion simplytranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
server_name vernccxplwvg6luzppkd7xbt45q4lnmcdjhdqkpwa2b5hu2mz5ya.b32.i2p;
include common/simplytranslate.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
server_name translate.vern.cc tl.vern.cc simplytranslate.vern.cc;
include common/simplytranslate.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name translate.vern.cc tl.vern.cc simplytranslate.vern.cc;
}

27
sites-available/user.vern.cc.conf Normal file
View File

@ -0,0 +1,27 @@
server {
listen 80;
listen [::]:80;
server_name ~^(?<user>[^.]+)\.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad\.onion;
error_log /var/log/nginx/vern.cc-error.log crit;
include snippets/user.vern.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^(?<user>[^.]+)\.vern\.cc;
include snippets/lets-encrypt.conf;
error_log /var/log/nginx/vern.cc-error.log crit;
include snippets/user.vern.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name ~^(?<user>[^.]+)\.vern\.cc;
}

70
sites-available/website.conf Normal file
View File

@ -0,0 +1,70 @@
server {
listen 80;
listen [::]:80;
server_name vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion www.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
# replace vern.cc with onion
subs_filter vern.cc vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
# these dont have onions
subs_filter muc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion muc.vern.cc;
subs_filter :vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion :vern.cc;
subs_filter minetest.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion minetest.vern.cc:
subs_filter pad.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion pad.vern.cc:
subs_filter status.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion status.vern.cc;
subs_filter jitsi.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion jitsi.vern.cc;
subs_filter mumble.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mumble.vern.cc;
subs_filter mtrx.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion mtrx.vern.cc;
subs_filter ssh://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion ssh://vern.cc;
subs_filter vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion:6697 vern.cc:6697;
subs_filter @vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion @vern.cc;
include common/website.conf;
}
server {
listen 80;
listen [::]:80;
server_name verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p;
# replace vern.cc with i2p
# subs_filter git.vern.cc vernccz7eh2z3adn74wbnyv62xsjqnifc62kdmfnqhbsg4i2gy4q.b32.i2p;
# subs_filter inv.vern.cc vernccdzixves4eekynqgfhb7fjbldgtocepf7cq3c3327ttb7zq.b32.i2p;
# subs_filter lbry.vern.cc verncca2sx2o6g6cxxfjjvllak454aaanqjs42ofa6m4bil6hbva.b32.i2p;
# subs_filter lr.vern.cc vernccglp4wuobxu7ndh2dbpnczjhjnggh3hmuf2t32qd3lac5oa.b32.i2p;
# subs_filter lt.vern.cc vernccoqc6q5wa6p3h55arp3gllizhuwa5d3nomudbkpzn46pgda.b32.i2p;
# subs_filter mail.vern.cc vernccapspxuupmhjbsizhynlvqbs76ci447ez5uz27bazy3q5wq.b32.i2p;
# subs_filter fedi.vern.cc vernccxro6qjs2fmwp2as5eavlnz6uzsxqqnhk3skkhpszp73ubq.b32.i2p;
# subs_filter mirror.vern.cc verncc62kgfizkkwygmeouhmnu3wliz6bdrretmcpy6s5nsphmwa.b32.i2p;
# subs_filter nt.vern.cc vernccbxzdhyh2gqgmljbi4jgwuuqbd23gfi4ir2wwhkltf2yebq.b32.i2p;
# subs_filter live.vern.cc verncckvmp4lz2yrprjt22dsnjpfo7z3zefzxiz5gi2jvm3fusqq.b32.i2p;
# subs_filter pt.vern.cc vernccc7oiixqimnolwtlmnn2legfwgrgjoseg54lsywv6ruwawq.b32.i2p;
# subs_filter pb.vern.cc verncc4deius22jbrmjclinuoysckhwk2a5hrc7pwhsubzd5kkga.b32.i2p;
# subs_filter quora.vern.cc vernccfaprbhma4f4bxc3wbiuvxgmcpp6l77cflbyx6sqahgjyza.b32.i2p;
# subs_filter rimgo.vern.cc vernccofxbclvqveqvy3bty6k4ronb7oj7efn6c7y2blmm3zcfpq.b32.i2p;
# subs_filter riot.vern.cc vernccc5q77vdlpedz4sqzqgh2avkcb5lswmfs6ksndxrddz44sq.b32.i2p;
# subs_filter scribe.vern.cc vernccnnzgihftirfcjvmeviodlpt6flmc3q2naarfq7gjewppia.b32.i2p;
# subs_filter tl.vern.cc vernccxplwvg6luzppkd7xbt45q4lnmcdjhdqkpwa2b5hu2mz5ya.b32.i2p;
# subs_filter whoogle.vern.cc vernccaja5okin5qjhttko3jmmerosckpnafk3t7hazojd4dbkza.b32.i2p;
include common/website.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.vern.cc vern.cc;
include snippets/lets-encrypt.conf;
include snippets/headers.conf;
include common/website.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name www.vern.cc vern.cc;
}

23
sites-available/whoogle.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen 80;
listen [::]:80;
server_name whoogle.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
include common/whoogle.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name whoogle.vern.cc;
include common/whoogle.conf;
include snippets/lets-encrypt.conf;
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name whoogle.vern.cc;
}

1
sites-enabled/autoconfig.vern.cc.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/autoconfig.vern.cc.conf

1
sites-enabled/cryptpad.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/cryptpad.conf

1
sites-enabled/gitea.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/gitea.conf

1
sites-enabled/invidious.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/invidious.conf

1
sites-enabled/jitsi.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/jitsi.conf

1
sites-enabled/librarian.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/librarian.conf

1
sites-enabled/libreddit.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/libreddit.conf

1
sites-enabled/libretranslate.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/libretranslate.conf

1
sites-enabled/mail.vern.cc.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mail.vern.cc.conf

1
sites-enabled/mastodon.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mastodon.conf

1
sites-enabled/matrix.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/matrix.conf

1
sites-enabled/maubot.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/maubot.conf

1
sites-enabled/mirror.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mirror.conf

1
sites-enabled/mumble.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mumble.conf

1
sites-enabled/nitter.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/nitter.conf

1
sites-enabled/owncast.conf Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/owncast.conf

Some files were not shown because too many files have changed in this diff Show More