add the current servers settings

nginx/configs/configs/general.conf

@@ -0,0 +1,11 @@
+# gzip
+gzip              on;
+gzip_vary         on;
+gzip_proxied      any;
+gzip_comp_level   6;
+gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# brotli
+#brotli            on;
+#brotli_comp_level 6;
+#brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

nginx/configs/configs/proxyheaders.conf

@@ -0,0 +1,20 @@
+proxy_http_version                 1.1;
+proxy_cache_bypass                 $http_upgrade;
+
+# Proxy SSL
+proxy_ssl_server_name              on;
+
+# Proxy headers
+proxy_set_header Upgrade           $http_upgrade;
+#proxy_set_header Connection        $connection_upgrade;
+proxy_set_header X-Real-IP         $remote_addr;
+proxy_set_header Forwarded         $proxy_add_forwarded;
+proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host  $host;
+proxy_set_header X-Forwarded-Port  $server_port;
+
+# Proxy timeouts
+proxy_connect_timeout              60s;
+proxy_send_timeout                 60s;
+proxy_read_timeout                 60s;

nginx/configs/configs/securityheaders.conf

@@ -0,0 +1,12 @@
+# security headers
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+#add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+# . files
+#location ~ /\.(?!well-known) {
+#    deny all;
+#}

nginx/configs/general.conf

@@ -0,0 +1,11 @@
+# gzip
+gzip              on;
+gzip_vary         on;
+gzip_proxied      any;
+gzip_comp_level   6;
+gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# brotli
+#brotli            on;
+#brotli_comp_level 6;
+#brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

nginx/configs/proxyheaders.conf

@@ -0,0 +1,20 @@
+proxy_http_version                 1.1;
+proxy_cache_bypass                 $http_upgrade;
+
+# Proxy SSL
+proxy_ssl_server_name              on;
+
+# Proxy headers
+proxy_set_header Upgrade           $http_upgrade;
+#proxy_set_header Connection        $connection_upgrade;
+proxy_set_header X-Real-IP         $remote_addr;
+proxy_set_header Forwarded         $proxy_add_forwarded;
+proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host  $host;
+proxy_set_header X-Forwarded-Port  $server_port;
+
+# Proxy timeouts
+proxy_connect_timeout              60s;
+proxy_send_timeout                 60s;
+proxy_read_timeout                 60s;

nginx/configs/securityheaders.conf

@@ -0,0 +1,12 @@
+# security headers
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+#add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+# . files
+#location ~ /\.(?!well-known) {
+#    deny all;
+#}

nginx/nginx.conf

@@ -0,0 +1,103 @@
+worker_processes auto;
+worker_rlimit_nofile 65535;
+
+# Include Modules
+include /etc/nginx/modules-enabled/*.conf;
+#load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
+load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
+load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+
+#Include external config
+include /etc/nginx/conf.d/*.conf;
+
+events {
+    multi_accept on;
+    worker_connections 65535;
+}
+
+stream {
+    include /etc/nginx/streams/*;
+}
+
+http {
+
+    # Basic Settings
+    charset utf-8;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_tokens off;
+    log_not_found off;
+    types_hash_max_size 4096;
+    types_hash_bucket_size 64;
+
+    # Virtual Host Configs
+    include /etc/nginx/sites-enabled/*.conf;
+
+    # MIME
+    include mime.types;
+    default_type application/octet-stream;
+
+    # SSL
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+    ssl_prefer_server_ciphers off;
+    #
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;
+    ssl_session_tickets off;
+
+	# Diffie-Hellman parameter for DHE ciphersuites
+    ssl_dhparam /etc/nginx/dhparam.pem;
+
+    # HTTP2 Settings
+    http2_max_field_size 64k;
+    http2_max_header_size 512k;
+
+    # DDOS Protection
+    limit_conn_zone $binary_remote_addr zone=perip:10m;
+    limit_conn perip 100;
+
+    limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
+    limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
+
+    # reset timed out connections freeing ram
+    reset_timedout_connection on;
+    # maximum time between packets the client can pause when sending nginx any data
+    client_body_timeout 10s;
+    # maximum time the client has to send the entire header to nginx
+    client_header_timeout 10s;
+    # timeout which a single keep-alive client connection will stay open
+    keepalive_timeout 65s;
+    # maximum time between packets nginx is allowed to pause when sending the client data
+    send_timeout 10s;
+
+	# Connection header for WebSocket reverse proxy
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ""      close;
+    }
+
+    map $remote_addr $proxy_forwarded_elem {
+
+        # IPv4 addresses can be sent as-is
+        ~^[0-9.]+$        "for=$remote_addr";
+
+        # IPv6 addresses need to be bracketed and quoted
+        ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
+
+        # Unix domain socket names cannot be represented in RFC 7239 syntax
+        default           "for=unknown";
+    }
+
+    map $http_forwarded $proxy_add_forwarded {
+
+        # If the incoming Forwarded header is syntactically valid, append to it
+        "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
+
+        # Otherwise, replace it
+        default "$proxy_forwarded_elem";
+    }
+
+}
+

nginx/sites-available/7tv.gay.conf

@@ -0,0 +1,40 @@
+server {
+    access_log /var/log/nginx/7tv.gay.access.log combined;
+    error_log /var/log/nginx/7tv.gay.error.log;
+    root /var/www/7tv;
+    index index.html index index.htm;
+    server_name 7tv.gay;
+
+    # Security headers and general settings
+    include configs/securityheaders.conf;
+    include configs/general.conf;
+
+    #alocation = / {
+    #    alias /var/www/7tv/gayge.png;
+#	index
+ #   }
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/7tv.gay/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/7tv.gay/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = 7tv.gay) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name 7tv.gay;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/archive.zzls.xyz.conf

@@ -0,0 +1,34 @@
+server {
+    access_log /var/log/nginx/archive.zzls.xyz.log combined;
+    error_log /var/log/nginx/archive.zzls.xyz.error.log;
+
+    server_name archive.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://127.0.0.1:40015;
+        include configs/proxyheaders.conf;
+    }
+
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/archive.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/archive.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = archive.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name archive.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/ayaya.beauty.conf

@@ -0,0 +1,49 @@
+server {
+    access_log /var/log/nginx/ayaya.beauty.log combined;
+    error_log /var/log/nginx/ayaya.beauty.error.log;
+
+    server_name       ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    root              /var/www/uguu/dist/public/;
+    autoindex         off;
+    # access_log        off;
+    index index.html  index.php;
+
+    client_max_body_size 64M;
+
+    location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
+      expires         30d;
+    }
+
+    location ~* \.php$ {
+    fastcgi_pass     unix:/var/run/php-fpm/php-fpm.sock;
+    fastcgi_intercept_errors on;
+    fastcgi_index    index.php;
+    fastcgi_split_path_info ^(.+\.php)(.*)$;
+    include          fastcgi_params;
+    fastcgi_param    SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/gitea.zzls.xyz.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/git.access.log combined;
+
+    server_name git.zzls.xyz;
+    # Security headers and general settings
+    include configs/securityheaders.conf;
+    include configs/general.conf;
+
+    location / {
+        proxy_pass http://unix:/run/gitea/gitea.socket;
+        include configs/proxyheaders.conf;
+    }
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = git.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name git.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/i.ayaya.beauty.conf

@@ -0,0 +1,39 @@
+server {
+    access_log /var/log/nginx/i.ayaya.beauty.log combined;
+    error_log /var/log/nginx/i.ayaya.beauty.error.log;
+
+    server_name i.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    root             /mnt/storage/uguufiles;
+    autoindex        off;
+    # access_log       off;
+    index            index.html;
+
+    location / {
+    error_page 403 =301 https://ayaya.beauty;
+    error_page 404 = /404.gif;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = i.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name i.ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/ii.zzls.xyz.conf

@@ -0,0 +1,40 @@
+server {
+    access_log /var/log/nginx/ii.access.log combined;
+    error_log /var/log/nginx/ii.error.log;
+
+    root /opt/ImageUpload/ifiles/;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name ii.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location /upload {
+        client_max_body_size 4096M;
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/fileupload.htpasswd;
+        proxy_pass http://localhost:40006;
+        include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = ii.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name ii.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/mpd.ayaya.beauty.conf

@@ -0,0 +1,45 @@
+server {
+    access_log /var/log/nginx/mpd.ayaya.beauty.log combined;
+    error_log /var/log/nginx/mpd.ayaya.beauty.error.log;
+
+    server_name mpd.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://192.168.1.2:40420;
+        #include configs/proxyheaders.conf;
+        proxy_connect_timeout 1;
+        proxy_send_timeout 1;
+        proxy_read_timeout 1;
+    }
+    location /status {
+        # Turn on stats
+        stub_status on;
+        access_log off;
+        # only allow access from 192.168.1.5 #
+        allow 192.168.1.2;
+        deny all;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/mpd.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mpd.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = mpd.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        server_name mpd.ayaya.beauty;
+
+        listen 80;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/paste.zzls.xyz.conf

@@ -0,0 +1,32 @@
+server {
+    access_log /var/log/nginx/paste.access.log combined;
+
+    server_name paste.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://127.0.0.1:40020/;
+        include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = paste.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        server_name paste.zzls.xyz;
+        listen 80;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/pbin.zzls.xyz.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/pbin.access.log combined;
+
+    server_name pbin.zzls.xyz;
+    include configs/general.conf;
+
+    location / {
+        proxy_pass http://localhost:40001;
+        include configs/proxyheaders.conf;
+    }
+
+    #include configs/securityheaders.conf;
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+
+    listen 443 ssl http2;
+    listen 443 http3; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/pbin.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/pbin.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = pbin.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name pbin.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/ri.zzls.xyz.conf

@@ -0,0 +1,40 @@
+server {
+        access_log /dev/null;
+        error_log /dev/null;
+
+        server_name ri.zzls.xyz;
+        include configs/general.conf;
+
+        location / {
+                proxy_pass http://127.0.0.1:40002/;
+                include configs/proxyheaders.conf;
+        }
+
+        # security headers
+        include configs/securityheaders.conf;
+        #add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
+
+        # QUIC
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+
+        listen 443 http3;
+        listen 443 http2 ssl; # managed by Certbot
+        ssl_certificate /etc/letsencrypt/live/ri.zzls.xyz/fullchain.pem; # managed by Certbot
+        ssl_certificate_key /etc/letsencrypt/live/ri.zzls.xyz/privkey.pem; # managed by Certbot
+        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+        if ($host = ri.zzls.xyz) {
+                return 301 https://$host$request_uri;
+                } # managed by Certbot
+
+
+                listen 80;
+
+                server_name ri.zzls.xyz;
+                return 404; # managed by Certbot
+
+
+        }

nginx/sites-available/selfhost.zzls.xyz.conf

@@ -0,0 +1,42 @@
+server {
+    access_log /var/log/nginx/selfhost.log combined;
+    root /var/www/html;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name selfhost.zzls.xyz;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 ssl http2;
+    listen 443 http3; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/selfhost.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/selfhost.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = selfhost.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name selfhost.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/7tv.gay.conf

@@ -0,0 +1,40 @@
+server {
+    access_log /var/log/nginx/7tv.gay.access.log combined;
+    error_log /var/log/nginx/7tv.gay.error.log;
+    root /var/www/7tv;
+    index index.html index index.htm;
+    server_name 7tv.gay;
+
+    # Security headers and general settings
+    include configs/securityheaders.conf;
+    include configs/general.conf;
+
+    #alocation = / {
+    #    alias /var/www/7tv/gayge.png;
+#	index
+ #   }
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/7tv.gay/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/7tv.gay/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = 7tv.gay) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name 7tv.gay;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/archive.zzls.xyz.conf

@@ -0,0 +1,34 @@
+server {
+    access_log /var/log/nginx/archive.zzls.xyz.log combined;
+    error_log /var/log/nginx/archive.zzls.xyz.error.log;
+
+    server_name archive.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://127.0.0.1:40015;
+        include configs/proxyheaders.conf;
+    }
+
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/archive.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/archive.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = archive.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name archive.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/ayaya.beauty.conf

@@ -0,0 +1,49 @@
+server {
+    access_log /var/log/nginx/ayaya.beauty.log combined;
+    error_log /var/log/nginx/ayaya.beauty.error.log;
+
+    server_name       ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    root              /var/www/uguu/dist/public/;
+    autoindex         off;
+    # access_log        off;
+    index index.html  index.php;
+
+    client_max_body_size 64M;
+
+    location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
+      expires         30d;
+    }
+
+    location ~* \.php$ {
+    fastcgi_pass     unix:/var/run/php-fpm/php-fpm.sock;
+    fastcgi_intercept_errors on;
+    fastcgi_index    index.php;
+    fastcgi_split_path_info ^(.+\.php)(.*)$;
+    include          fastcgi_params;
+    fastcgi_param    SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/gitea.zzls.xyz.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/git.access.log combined;
+
+    server_name git.zzls.xyz;
+    # Security headers and general settings
+    include configs/securityheaders.conf;
+    include configs/general.conf;
+
+    location / {
+        proxy_pass http://unix:/run/gitea/gitea.socket;
+        include configs/proxyheaders.conf;
+    }
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = git.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name git.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/i.ayaya.beauty.conf

@@ -0,0 +1,39 @@
+server {
+    access_log /var/log/nginx/i.ayaya.beauty.log combined;
+    error_log /var/log/nginx/i.ayaya.beauty.error.log;
+
+    server_name i.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    root             /var/www/files/;
+    autoindex        off;
+    # access_log       off;
+    index            index.html;
+
+    location / {
+    error_page 403 =301 https://ayaya.beauty;
+    error_page 404 = /404.gif;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/i.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/i.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = i.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+        server_name i.ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/ii.zzls.xyz.conf

@@ -0,0 +1,40 @@
+server {
+    access_log /var/log/nginx/ii.access.log combined;
+    error_log /var/log/nginx/ii.error.log;
+
+    root /opt/ImageUpload/ifiles/;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name ii.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location /upload {
+        client_max_body_size 4096M;
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/fileupload.htpasswd;
+        proxy_pass http://localhost:40006;
+        include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = ii.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name ii.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/mpd.ayaya.beauty.conf

@@ -0,0 +1,45 @@
+server {
+    access_log /var/log/nginx/mpd.ayaya.beauty.log combined;
+    error_log /var/log/nginx/mpd.ayaya.beauty.error.log;
+
+    server_name mpd.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://192.168.1.2:40420;
+        #include configs/proxyheaders.conf;
+        proxy_connect_timeout 1;
+        proxy_send_timeout 1;
+        proxy_read_timeout 1;
+    }
+    location /status {
+        # Turn on stats
+        stub_status on;
+        access_log off;
+        # only allow access from 192.168.1.5 #
+        allow 192.168.1.2;
+        deny all;
+    }
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/mpd.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mpd.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = mpd.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        server_name mpd.ayaya.beauty;
+
+        listen 80;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/paste.zzls.xyz.conf

@@ -0,0 +1,32 @@
+server {
+    access_log /var/log/nginx/paste.access.log combined;
+
+    server_name paste.zzls.xyz;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location / {
+        proxy_pass http://127.0.0.1:40020/;
+        include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = paste.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        server_name paste.zzls.xyz;
+        listen 80;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/pbin.zzls.xyz.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/pbin.access.log combined;
+
+    server_name pbin.zzls.xyz;
+    include configs/general.conf;
+
+    location / {
+        proxy_pass http://localhost:40001;
+        include configs/proxyheaders.conf;
+    }
+
+    #include configs/securityheaders.conf;
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+
+    listen 443 ssl http2;
+    listen 443 http3; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/pbin.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/pbin.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = pbin.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name pbin.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/ri.zzls.xyz.conf

@@ -0,0 +1,40 @@
+server {
+        access_log /dev/null;
+        error_log /dev/null;
+
+        server_name ri.zzls.xyz;
+        include configs/general.conf;
+
+        location / {
+                proxy_pass http://127.0.0.1:40002/;
+                include configs/proxyheaders.conf;
+        }
+
+        # security headers
+        include configs/securityheaders.conf;
+        #add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
+
+        # QUIC
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+
+        listen 443 http3;
+        listen 443 http2 ssl; # managed by Certbot
+        ssl_certificate /etc/letsencrypt/live/ri.zzls.xyz/fullchain.pem; # managed by Certbot
+        ssl_certificate_key /etc/letsencrypt/live/ri.zzls.xyz/privkey.pem; # managed by Certbot
+        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+        if ($host = ri.zzls.xyz) {
+                return 301 https://$host$request_uri;
+                } # managed by Certbot
+
+
+                listen 80;
+
+                server_name ri.zzls.xyz;
+                return 404; # managed by Certbot
+
+
+        }

nginx/sites-available/sites-available/selfhost.zzls.xyz.conf

@@ -0,0 +1,42 @@
+server {
+    access_log /var/log/nginx/selfhost.log combined;
+    root /var/www/html;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name selfhost.zzls.xyz;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    listen 443 ssl http2;
+    listen 443 http3; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/selfhost.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/selfhost.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = selfhost.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name selfhost.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/sites-available/stream.ayaya.beauty.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/stream.ayaya.beauty.access.log combined;
+    error_log /var/log/nginx/stream.ayaya.beauty.error.log;
+
+    root /var/www/stream/;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name stream.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location /stream {
+	    proxy_pass http://localhost:8080/live/livestream/stream.flv;
+	    include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/stream.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/stream.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = stream.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name stream.ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/stream.ayaya.beauty.conf

@@ -0,0 +1,37 @@
+server {
+    access_log /var/log/nginx/stream.ayaya.beauty.access.log combined;
+    error_log /var/log/nginx/stream.ayaya.beauty.error.log;
+
+    root /var/www/stream/;
+    index index.html index.htm index.nginx-debian.html;
+
+    server_name stream.ayaya.beauty;
+    include configs/general.conf;
+    include configs/securityheaders.conf;
+
+    location /stream {
+	    proxy_pass http://localhost:8080/live/livestream/stream.flv;
+	    include configs/proxyheaders.conf;
+    }
+
+    listen 443 http3;
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/stream.ayaya.beauty/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/stream.ayaya.beauty/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = stream.ayaya.beauty) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name stream.ayaya.beauty;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-enabled/7tv.gay.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/7tv.gay.conf

nginx/sites-enabled/archive.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/archive.zzls.xyz.conf

nginx/sites-enabled/ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/ayaya.beauty.conf

nginx/sites-enabled/gitea.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/gitea.zzls.xyz.conf

nginx/sites-enabled/i.ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/i.ayaya.beauty.conf

nginx/sites-enabled/ii.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/ii.zzls.xyz.conf

nginx/sites-enabled/mpd.ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/mpd.ayaya.beauty.conf

nginx/sites-enabled/paste.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/paste.zzls.xyz.conf

nginx/sites-enabled/pbin.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/pbin.zzls.xyz.conf

nginx/sites-enabled/ri.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/ri.zzls.xyz.conf

nginx/sites-enabled/selfhost.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/selfhost.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/7tv.gay.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/7tv.gay.conf

nginx/sites-enabled/sites-enabled/archive.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/archive.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/ayaya.beauty.conf

nginx/sites-enabled/sites-enabled/gitea.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/gitea.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/i.ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/i.ayaya.beauty.conf

nginx/sites-enabled/sites-enabled/ii.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/ii.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/mpd.ayaya.beauty.conf

@@ -0,0 +1 @@
+../sites-available/mpd.ayaya.beauty.conf

nginx/sites-enabled/sites-enabled/paste.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/paste.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/pbin.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/pbin.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/ri.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/ri.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/selfhost.zzls.xyz.conf

@@ -0,0 +1 @@
+../sites-available/selfhost.zzls.xyz.conf

nginx/sites-enabled/sites-enabled/stream.ayaya.beauty.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/stream.ayaya.beauty.conf

nginx/sites-enabled/stream.ayaya.beauty.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/stream.ayaya.beauty.conf

sysctl.d/internet.conf

@@ -0,0 +1,62 @@
+#TCP Tweaks
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_fastopn = 3
+net.ipv4.tcp_fin_timeout = 10
+
+net.core.netdev_max_backlog = 16384
+net.core.somaxconn = 8192
+net.ipv4.tcp_mtu_probing = 1
+
+net.ipv4.tcp_rfc1337 = 1
+
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.all.rp_filter = 1
+
+# disable tcp timestamps to avoid leaking some system information
+# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
+net.ipv4.tcp_timestamps=0
+
+#TCP BBR Congestion Control Algoritm
+net.core.default_qdisc = cake
+net.ipv4.tcp_congestion_control = bbr
+net.ipv4.tcp_notsent_lowat = 16384
+
+#Ignore ICMP Ping requests
+net.ipv4.icmp_echo_ignore_all = 1
+net.ipv6.icmp.echo_ignore_all = 1
+
+#Increase the memory dedicated to the network interfaces
+net.core.rmem_default = 1048576
+net.core.rmem_max = 16777216
+net.core.wmem_default = 1048576
+net.core.wmem_max = 16777216
+net.core.optmem_max = 65536
+net.ipv4.tcp_rmem = 4096 1048576 2097152
+net.ipv4.tcp_wmem = 4096 65536 16777216
+
+net.ipv4.udp_rmem_min = 8192
+net.ipv4.udp_wmem_min = 8192
+
+# increase aslr effectiveness for mmap
+# https://lwn.net/Articles/667790
+vm.mmap_rnd_bits=32
+vm.mmap_rnd_compat_bits=16
+
+#SYN Flood Protection
+
+net.ipv4.tcp_max_syn_backlog = 8192
+net.ipv4.tcp_syn_retries = 6
+net.ipv4.tcp_synack_retries = 3
+net.ipv4.tcp_syncookies = 1a
+
+#DDOS Protection and shit
+net.ipv4.tcp_max_tw_buckets = 2000000
+
+#Dead Conections
+net.ipv4.tcp_keepalive_time = 60
+net.ipv4.tcp_keepalive_intvl = 10
+net.ipv4.tcp_keepalive_probes = 6
+
+# This will enusre that immediatly subsequent connections use the new values
+net.ipv4.route.flush = 1
+net.ipv6.route.flush = 1