Bump

.gitignore

@@ -1,3 +1,4 @@
+*.htpasswd
 *.bak
 phpcache
 cache

common/federationtester.conf

@@ -4,7 +4,7 @@ add_header X-I2P-Location http://vern54jxta6pdm4zduragtjln4lybvrkuymmdslxlnec3sx
 location / {
 	proxy_pass https://ft.vern.cc/;
 	proxy_redirect off;
-	proxy_set_header Host $host;
+	proxy_set_header Host ft.vern.cc;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header X-Forwarded-Proto $scheme;
 }

common/invidious.conf

@@ -5,8 +5,7 @@ access_log off;
 error_log /var/log/nginx/error.log crit;
 
 location / {
-	#proxy_pass http://10.7.0.1:2500/;
-	proxy_pass http://127.0.0.1:2500/; # in case we cant host it on vps anymore
+	proxy_pass https://inv.vern.cc;
 	proxy_set_header X-Forwarded-For $remote_addr;
 	proxy_set_header Host $host;	# so Invidious knows domain
 	proxy_http_version 1.1;	 # to keep alive

common/mumble.conf

@@ -2,15 +2,13 @@ add_header Onion-Location http://mumble.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5
 add_header X-I2P-Location http://vernlt2ydc2xvpy2vbcmgxfycekwkofkciwmp7oz2y6psneanlqa.b32.i2p$request_uri;
 
 location / {
-	root /usr/lib/node_modules/mumble-web/dist;
+	proxy_pass https://mumble.vern.cc/;
+	proxy_redirect off;
+	proxy_set_header Host mumble.vern.cc;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
 }
 
-location /vern {
-	proxy_pass http://localhost:64736;
-	proxy_http_version 1.1;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection $connection_upgrade;
-}
 if ($badagent) {
 	return 403;
 }

common/nitter.conf

@@ -4,7 +4,7 @@ add_header X-I2P-Location http://vernzdedoxuflrrxc4vbatbkpjh4k22ecgiqgimdiif62on
 error_log off;
 
 location / {
-	proxy_pass http://127.0.0.1:5744/;
+	proxy_pass http://crescent.vern.cc:5744/;
 	proxy_http_version 1.1;
 	proxy_redirect off;
 	proxy_set_header Host $host;

common/simplelogin.conf

@@ -4,9 +4,9 @@ add_header X-I2P-Location http://verndokks33kdmyo23qihg45lb4sinl6f6b34hc7be6754p
 error_log /var/log/nginx/error.log crit;
 
 location / {
-	proxy_pass http://iceberg.vern.cc:7777;
+	proxy_pass https://sl.vern.cc;
+	proxy_set_header Host sl.vern.cc;
 	proxy_set_header X-Forwarded-For $remote_addr;
-	proxy_set_header Host $host;	# so Invidious knows domain
 	proxy_http_version 1.1;	 # to keep alive
 	proxy_set_header Connection ""; # to keep alive
 }

common/speedtest.conf

@@ -3,7 +3,7 @@ add_header X-I2P-Location http://verncfvtpzdyrq4iy72nsv5tq3tmoxblywsxg25v2eydyao
 
 location / {
 	proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-#	proxy_set_header   Host "ls.vern.cc";
+	proxy_set_header   Host "ls.vern.cc";
 	proxy_pass         https://ls.vern.cc/;
 	proxy_http_version 1.1;
 	proxy_set_header   Upgrade $http_upgrade;

common/status.conf

@@ -0,0 +1,13 @@
+#access_log off;
+error_log /var/log/nginx/error.log crit;
+
+location / {
+	proxy_pass https://status.vern.cc;
+	proxy_set_header Host status.vern.cc;
+	proxy_set_header X-Forwarded-For $remote_addr;
+	proxy_http_version 1.1;	 # to keep alive
+	proxy_set_header Connection ""; # to keep alive
+}
+if ($badagent) {
+	return 403;
+}

common/website.conf

@@ -29,8 +29,11 @@ location @extensionless-php {
 }
 location ~ (\.cgi|\.py|\.sh|\.pl|\.lua|\/cgi-bin)$ {
 	gzip off;
+	ssi on;
+	try_files $uri /$lang$uri /en$uri =404;
+	fastcgi_param SCRIPT_FILENAME $realpath_root$uri;
+	fastcgi_param POST_STRING $request_body;
 	fastcgi_pass unix:/run/fcgiwrap.socket;
-	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
 }
 
 # Main
@@ -110,7 +113,7 @@ location /finreport {
 	alias /var/www/website/en/finreport;
 	fancyindex on;
 	fancyindex_exact_size off;
-	fancyindex_default_sort date_desc;
+	fancyindex_default_sort name_desc;
 	fancyindex_time_format "%a, %e %B %Y %I:%M:%S %p";
 }
 

common/znc.conf

@@ -2,9 +2,9 @@ add_header Onion-Location http://znc.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kaj
 add_header X-I2P-Location http://vernd722rkd3v2o5ppu3aphmfhdthmillq5patn4fa7qvk5ngiaq.b32.i2p$request_uri;
 
 location / {
-	proxy_pass https://127.0.0.1:6697/;
+	proxy_pass http://127.0.0.1:6667/;
 	proxy_redirect off;
-	proxy_set_header Host $host;
+	proxy_set_header Host znc.vern.cc;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header X-Forwarded-Proto $scheme;
 }

conf.d/checkstatus.conf

@@ -1,3 +1,20 @@
+map $arg_b32 $b32 {
+	default  $arg_b32;
+	''       verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p;
+}
+map $arg_port $dn_port {
+	default  :$arg_port;
+	''       $arg_port;
+}
+map $arg_subdomain $onion {
+	default  $arg_subdomain;
+	''       www;
+}
+map $arg_uri $dn_uri {
+	default  $arg_uri;
+	''       /;
+}
+
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
@@ -9,11 +26,13 @@ server {
 	access_log /var/log/checkstatus.log;
 	ssi on;
 	gzip off;
-	include snippets/fastcgi.conf;
-	fastcgi_buffering off;
 	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+	fastcgi_param QUERY_STRING $query_string;
 	fastcgi_param REDIRECT_STATUS 0;
+	fastcgi_buffering off;
 	fastcgi_param NO_BUFFERING 1;
+	fastcgi_connect_timeout 300;
+	fastcgi_read_timeout 300;
 	location /udp {
 		fastcgi_pass unix:/run/fcgiwrap/checkstatus-udp.socket;
 	}
@@ -21,7 +40,7 @@ server {
 		fastcgi_pass unix:/run/fcgiwrap/checkstatus-onion.socket;
 	}
 	location /i2p {
-		fastcgi_pass unix:/run/fcgiwrap/checkstatus-i2p.socket;
+		fastcgi_pass unix:/run/fcgiwrap/checkstatus-onion.socket;
 	}
 
 }

conf.d/libreddit.conf

@@ -21,6 +21,8 @@ server {
 	listen [::]:443 ssl http2;
 	include snippets/lets-encrypt.conf;
 	server_name lr.vern.cc reddit.vern.cc libreddit.vern.cc fr.vern.cc ferrit.vern.cc;
+	auth_basic "Ratelimit protection";
+	auth_basic_user_file /etc/nginx/.libreddit.htpasswd;
 	include common/libreddit.conf;
 }
 

conf.d/riot.conf

@@ -2,7 +2,7 @@ server {
 	listen 80;
 	listen [::]:80;
 
-	server_name riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion el.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	server_name riot.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion el.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion element.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
 
 	include common/riot.conf;
 }
@@ -20,7 +20,7 @@ server {
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
-	server_name riot.vern.cc el.vern.cc;
+	server_name riot.vern.cc el.vern.cc element.vern.cc;
 	include snippets/lets-encrypt.conf;
 
 	include common/riot.conf;
@@ -29,6 +29,6 @@ server {
 server {
 	listen 80;
 	listen [::]:80;
-	server_name riot.vern.cc el.vern.cc;
+	server_name riot.vern.cc el.vern.cc element.vern.cc;
 	return 301 https://$host$request_uri;
 }

conf.d/status.conf

@@ -0,0 +1,17 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name status.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/status.conf;
+}
+
+server {
+	listen 11111;
+	listen [::]:11111;
+
+	server_name verndmjrrvx4fgk4ykgjcnflywlaj5h5wezpixq636mewn42khlq.b32.i2p;
+
+	include common/status.conf;
+}

nginx.conf

@@ -3,7 +3,7 @@ worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
-	worker_connections 768;
+	worker_connections 786;
 	# multi_accept on;
 }
 
@@ -22,7 +22,7 @@ http {
 	# Logging Settings
 	log_format main '$remote_addr - $remote_user [$time_local]  $status "$host" "$request" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
 	access_log /var/log/nginx/access.log main;
-	error_log /var/log/nginx/error.log;
+	error_log /var/log/nginx/error.log debug;
 	gzip on;
 	# gzip_vary on;
 	# gzip_proxied any;