diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..15a45f8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# Ignore everything +* + +# But not NGINX +!nginx +!nginx/**/* diff --git a/nginx/conf.d/ayaya.beauty.conf b/nginx/conf.d/ayaya.beauty.conf index ffd8c3e..3b05451 100644 --- a/nginx/conf.d/ayaya.beauty.conf +++ b/nginx/conf.d/ayaya.beauty.conf @@ -1,54 +1,42 @@ server { - access_log /var/log/nginx/ayaya.beauty.log combined; - server_name ~.ayaya.beauty ayaya.beauty; - include configs/general.conf; - include configs/security.conf; + access_log /var/log/nginx/ayaya.beauty.log combined; + server_name ~.ayaya.beauty ayaya.beauty; + include configs/general.conf; + include configs/security.conf; - location / { - proxy_pass http://file-uploader; - include configs/proxy.conf; - proxy_pass_request_headers on; - } + location / { + proxy_pass http://file-uploader; + include configs/proxy.conf; + proxy_pass_request_headers on; + } - client_max_body_size 1024M; - # QUIC - include configs/http3.conf; + client_max_body_size 1024M; + # QUIC + include configs/http3.conf; - listen 443 ssl; - http2 on; + listen 443 ssl; + http2 on; } -server { - set $x ""; - if ($host = ~.ayaya.beauty||ayaya.beauty) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - server_name ~.ayaya.beauty ayaya.beauty ~.lamartina.gay lamartina.gay; - return 404; -} server { - access_log /var/log/nginx/ayaya.beauty.log combined; - server_name ~.lamartina.gay lamartina.gay; - include configs/general.conf; - include configs/security.conf; + access_log /var/log/nginx/ayaya.beauty.log combined; + server_name ~.lamartina.gay lamartina.gay; + include configs/general.conf; + include configs/security.conf; - location / { - proxy_pass http://file-uploader; - include configs/proxy.conf; - proxy_pass_request_headers on; - } + location / { + proxy_pass http://file-uploader; + include configs/proxy.conf; + proxy_pass_request_headers on; + } - client_max_body_size 1024M; - # QUIC - include configs/http3.conf; + client_max_body_size 1024M; + # QUIC + include configs/http3.conf; - listen 443 ssl; - http2 on; - ssl_certificate /etc/letsencrypt/live/lamartina.gay/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lamartina.gay/privkey.pem; + listen 443 ssl; + http2 on; + ssl_certificate /etc/letsencrypt/live/lamartina.gay/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lamartina.gay/privkey.pem; } diff --git a/nginx/conf.d/dav.zzls.xyz.conf b/nginx/conf.d/dav.zzls.xyz.conf deleted file mode 100644 index b39f776..0000000 --- a/nginx/conf.d/dav.zzls.xyz.conf +++ /dev/null @@ -1,46 +0,0 @@ -server { - access_log /var/log/nginx/dav.access.log; - error_log /var/log/nginx/dav.error.log; - server_name dav.zzls.xyz dav.nadeko.net; - root /opt/baikal/html; - index index.php; - include configs/general.conf; - include configs/security.conf; - - rewrite ^/.well-known/caldav /dav redirect; - rewrite ^/.well-known/carddav /dav redirect; - - charset utf-8; - - location ~ /(\.ht|Core|Specific|config) { - deny all; - return 404; - } - - location ~ ^(.+\.php)(.*)$ { - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass php-fpm; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - - listen 443 ssl; - http2 on; -} - -server { - set $x ""; - if ($host = dav.zzls.xyz) { - set $x 1; - } - if ($host = dav.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - server_name dav.zzls.xyz dav.nadeko.net; -} diff --git a/nginx/conf.d/files.zzls.xyz.conf b/nginx/conf.d/files.zzls.xyz.conf index 9aaa765..3cd6044 100644 --- a/nginx/conf.d/files.zzls.xyz.conf +++ b/nginx/conf.d/files.zzls.xyz.conf @@ -1,53 +1,38 @@ server { - access_log /var/log/nginx/files.zzls.xyz.log combined; - server_name files.zzls.xyz files.nadeko.net; - include configs/general.conf; - include configs/security.conf; + access_log /var/log/nginx/files.zzls.xyz.log combined; + server_name files.nadeko.net; + include configs/general.conf; + include configs/security.conf; - location / { - if ($http_user_agent ~* (google) ) { - return 404; - } + location / { + if ($http_user_agent ~* (google) ) { + return 404; + } - root /mnt/blockstorage/files.zzls.xyz; - index index.html index.php /_h5ai/public/index.php; + root /mnt/blockstorage/files.zzls.xyz; + index index.html index.php /_h5ai/public/index.php; - location ~ [^/]\.php(/|$) { - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_pass php-fpm; - fastcgi_index index.php; - include fastcgi.conf; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_param HTTP_PROXY ""; - fastcgi_param PATH_INFO $fastcgi_path_info; - } + location ~ [^/]\.php(/|$) { + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass php-fpm; + fastcgi_index index.php; + include fastcgi.conf; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_param HTTP_PROXY ""; + fastcgi_param PATH_INFO $fastcgi_path_info; + } - location /_h5ai/private { - return 403; - } + location /_h5ai/private { + return 403; + } - } + } - # QUIC - include configs/http3.conf; + # QUIC + include configs/http3.conf; - listen 443 ssl; - http2 on; -} -server { - set $x ""; - if ($host = files.zzls.xyz) { - set $x 1; - } - if ($host = files.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - server_name files.zzls.xyz files.nadeko.net; - return 404; + listen 443 ssl; + http2 on; } diff --git a/nginx/conf.d/live.nadeko.net.conf b/nginx/conf.d/live.nadeko.net.conf index 6c2a135..99f92e4 100644 --- a/nginx/conf.d/live.nadeko.net.conf +++ b/nginx/conf.d/live.nadeko.net.conf @@ -1,32 +1,21 @@ server { - access_log /var/log/nginx/live.access.log; - error_log /var/log/nginx/live.error.log; - server_name live.nadeko.net; - include configs/general.conf; - include configs/security.conf; - include configs/robotsNone.conf; + access_log /var/log/nginx/live.access.log; + error_log /var/log/nginx/live.error.log; + server_name live.nadeko.net; + include configs/general.conf; + include configs/security.conf; + include configs/robotsNone.conf; - location / { - proxy_pass http://127.0.0.1:8889; - include configs/proxy.conf; - } + location / { + proxy_pass http://127.0.0.1:8889; + include configs/proxy.conf; + } - # QUIC - include configs/http3.conf; + # QUIC + include configs/http3.conf; - listen 443 ssl; - http2 on; + listen 443 ssl; + http2 on; } -server { - set $x ""; - if ($host = live.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - return 404; - server_name live.nadeko.net; -} + diff --git a/nginx/conf.d/lol.zzls.xyz.conf b/nginx/conf.d/lol.zzls.xyz.conf index 7b64e87..9f0c415 100644 --- a/nginx/conf.d/lol.zzls.xyz.conf +++ b/nginx/conf.d/lol.zzls.xyz.conf @@ -1,33 +1,18 @@ server { - access_log /var/log/nginx/lol.zzls.xyz.access.log; - server_name lol.zzls.xyz; - include configs/general.conf; - include configs/robotsNone.conf; + access_log /var/log/nginx/lol.zzls.xyz.access.log; + server_name lol.nadeko.net; + include configs/general.conf; + include configs/security.conf; + include configs/robotsNone.conf; - # security headers - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; - add_header Permissions-Policy "interest-cohort=()" always; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + location / { + proxy_pass http://127.0.0.1:40010; + include configs/proxy.conf; + } - location / { - proxy_pass http://127.0.0.1:40010; - include configs/proxy.conf; - } - - # QUIC - include configs/http3.conf; - - listen 443 ssl; - http2 on; + # QUIC + include configs/http3.conf; -} -server { - if ($host = lol.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name lol.zzls.xyz; + listen 443 ssl; + http2 on; } diff --git a/nginx/conf.d/mail.zzls.xyz.conf b/nginx/conf.d/mail.zzls.xyz.conf index 6576a33..8330f7e 100644 --- a/nginx/conf.d/mail.zzls.xyz.conf +++ b/nginx/conf.d/mail.zzls.xyz.conf @@ -1,73 +1,42 @@ # mail.nadeko.net - server { - access_log /var/log/nginx/mail.nadeko.net.log combined; - error_log /var/log/nginx/mail.nadeko.net.error; - server_name mail.nadeko.net; - include configs/general.conf; - include configs/robotsNone.conf; - include configs/security.conf; + access_log /var/log/nginx/mail.nadeko.net.log combined; + error_log /var/log/nginx/mail.nadeko.net.error; + server_name mail.nadeko.net; + include configs/general.conf; + include configs/robotsNone.conf; + include configs/security.conf; - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass https://email; - } + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass https://email; + } - location /favicon.ico { - alias /var/www/mail/favicon.png; - } + location /favicon.ico { + alias /var/www/mail/favicon.png; + } -# location ^~ /.well-known/mta-sts.txt { -# return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n"; -# } + # QUIC + include configs/http3.conf; - # QUIC - include configs/http3.conf; - - listen 443 ssl; - http2 on; -} -server { - set $x ""; - if ($host = mail.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - server_name mail.nadeko.net; - listen 80; - return 404; + listen 443 ssl; + http2 on; } # mta-sts.nadeko.net - server { - access_log /var/log/nginx/mta-sts.nadeko.net.log combined; - error_log /var/log/nginx/mta-sts.nadeko.net.error; - server_name mta-sts.nadeko.net; - include configs/general.conf; - include configs/robotsNone.conf; - include configs/security.conf; + access_log /var/log/nginx/mta-sts.nadeko.net.log combined; + error_log /var/log/nginx/mta-sts.nadeko.net.error; + server_name mta-sts.nadeko.net; + include configs/general.conf; + include configs/robotsNone.conf; + include configs/security.conf; - location ^~ /.well-known/mta-sts.txt { - return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n"; - } + location ^~ /.well-known/mta-sts.txt { + return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n"; + } - listen 443 ssl; - http2 on; -} - -server { - set $x ""; - if ($host = mta-sts.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - server_name mta-sts.nadeko.net; - listen 80; - return 404; + listen 443 ssl; + http2 on; } diff --git a/nginx/conf.d/redirector.conf b/nginx/conf.d/redirector.conf new file mode 100644 index 0000000..35c6d15 --- /dev/null +++ b/nginx/conf.d/redirector.conf @@ -0,0 +1,14 @@ +# https://stackoverflow.com/a/39563133 +server { + server_name ~^(?\w+)\.zzls\.xyz$; + rewrite ^ https://$name.nadeko.net$request_uri? permanent; + listen 443 ssl; + listen 80; +} + +# HTTPS Redirector +server { + listen 80; + + return 301 https://$host$request_uri; +} diff --git a/nginx/conf.d/twitch.zzls.xyz.conf b/nginx/conf.d/twitch.zzls.xyz.conf index 6512498..4cc0565 100644 --- a/nginx/conf.d/twitch.zzls.xyz.conf +++ b/nginx/conf.d/twitch.zzls.xyz.conf @@ -1,7 +1,7 @@ server { access_log /var/log/nginx/twitch.zzls.xyz.access.log; error_log /var/log/nginx/twitch.zzls.xyz.error.log; - server_name twitch.zzls.xyz twitch.nadeko.net; + server_name twitch.nadeko.net; include configs/general.conf; include configs/security.conf; include configs/robotsNone.conf; @@ -23,17 +23,3 @@ server { http2 on; } -server { - set $x ""; - if ($host = twitch.zzls.xyz) { - set $x 1; - } - if ($host = twitch.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - server_name twitch.zzls.xyz twitch.nadeko.net; -} diff --git a/nginx/conf.d/znc.nadeko.net.conf b/nginx/conf.d/znc.nadeko.net.conf index 9b76ced..0176c16 100644 --- a/nginx/conf.d/znc.nadeko.net.conf +++ b/nginx/conf.d/znc.nadeko.net.conf @@ -1,10 +1,3 @@ -server { - server_name znc.zzls.xyz; - rewrite ^ https://znc.nadeko.net$request_uri? permanent; - - listen 443 ssl; -} - server { access_log /var/log/nginx/znc.zzls.xyz.log combined; server_name znc.nadeko.net; @@ -23,18 +16,3 @@ server { http2 on; } -server { - set $x ""; - if ($host = znc.zzls.xyz) { - set $x 1; - } - if ($host = znc.nadeko.net) { - set $x 1; - } - if ($x = 1) { - return 301 https://$host$request_uri; - } - listen 80; - server_name znc.zzls.xyz znc.nadeko.net; - return 404; -} diff --git a/nginx/conf.d/zzls.xyz.conf b/nginx/conf.d/zzls.xyz.conf index 62a58ca..0399dd5 100644 --- a/nginx/conf.d/zzls.xyz.conf +++ b/nginx/conf.d/zzls.xyz.conf @@ -37,22 +37,11 @@ server { http2 on; } -server { - if ($host = www.zzls.xyz) { - return 301 https://$host$request_uri; - } - if ($host = zzls.xyz) { - return 301 https://$host$request_uri; - } - server_name zzls.xyz www.zzls.xyz; - listen 80; -} - server { access_log /var/log/nginx/nadeko.net.log; root /var/www/website; index index.html; - server_name www.nadeko.net nadeko.net; + server_name _ www.nadeko.net nadeko.net; include configs/general.conf; include configs/security.conf; @@ -69,7 +58,7 @@ server { } location /.well-known/matrix/support { - return 200 '{"contacts": [{"matrix_id": "@fijxu:nadeko.net","email_address": "fijxu@nadeko.net","role": "m.role.admin"},{"email_address": "fijxu@nadeko.net","role": "m.role.security"}],"support_page": "https://nadeko.net/contact" }'; + return 200 '{"contacts": [{"matrix_id": "@fijxu:nadeko.net","email_address": "fijxu@nadeko.net","role": "m.role.admin"},{"email_address": "fijxu@nadeko.net","role": "m.role.security"}],"support_page": "https://nadeko.net/contact" }'; } location / { @@ -91,13 +80,3 @@ server { http2 on; } -server { - if ($host = www.nadeko.net) { - return 301 https://$host$request_uri; - } - if ($host = nadeko.net) { - return 301 https://$host$request_uri; - } - server_name _ nadeko.net www.nadeko.net; - listen 80; -} diff --git a/nginx/sites-enabled/4get.zzls.xyz.fallback.conf b/nginx/sites-enabled/4get.zzls.xyz.fallback.conf deleted file mode 120000 index f9d6a29..0000000 --- a/nginx/sites-enabled/4get.zzls.xyz.fallback.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/4get.zzls.xyz.fallback.conf \ No newline at end of file diff --git a/nginx/sites-enabled/4getus.zzls.xyz.conf b/nginx/sites-enabled/4getus.zzls.xyz.conf deleted file mode 100644 index e119fdb..0000000 --- a/nginx/sites-enabled/4getus.zzls.xyz.conf +++ /dev/null @@ -1,94 +0,0 @@ -# FUCK BOTS -limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s; - -# CLEARNET -server { - access_log /var/log/nginx/4getus.access.log; - error_log /var/log/nginx/4getus.error.log; - server_name 4getus.zzls.xyz; - include configs/general.conf; - root /var/www/4get-zzls/; - - location @upstream { - try_files $uri.php $uri/index.php =404; - fastcgi_pass unix:/run/php/php8.2-fpm.sock; - fastcgi_index index.php; - include fastcgi.conf - fastcgi_intercept_errors on; - } - - location / { - try_files $uri @upstream; - } - location /web { - try_files $uri @upstream; - limit_req zone=4get; - limit_req_status 444; - include snippets/torblacklist.conf; - include snippets/spys.me.proxies.blacklist.conf; - error_page 403 =302 /torisblocked; - } - location /torisblocked { - access_log /var/log/nginx/4getus.torblocked.access.log; - add_header Content-Type text/plain; - return 200 " - Tor and Proxies are not allowed in this service, sorry. - Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service. - - Tor y Proxies no estan permitidos en este servicio, lo siento. - Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio."; - } - - location /data { - return 444; - } - - location ~* ^(.*)\.php$ { - return 301 $1; - } - - # Tor Header - add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri; - - # CSP + Security Headers - include configs/security.conf; - include configs/ssl.conf; - listen 443 ssl; - listen 443 quic; - http2 on; - -} - -# TOR -server { - access_log /var/log/nginx/4getus.tor.access.log; - listen 80; - server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion; - root /var/www/4get-zzls/; - - location @upstream { - try_files $uri.php $uri/index.php =404; - fastcgi_pass unix:/run/php/php8.2-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_intercept_errors on; - } - - location / { - try_files $uri @upstream; - } - - location ~* ^(.*)\.php$ { - return 301 $1; - } - -} - -server { - if ($host = 4getus.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name 4getus.zzls.xyz; -} diff --git a/nginx/sites-enabled/blog.zzls.xyz.conf b/nginx/sites-enabled/blog.zzls.xyz.conf deleted file mode 120000 index e4d7c81..0000000 --- a/nginx/sites-enabled/blog.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/blog.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/cgit.zzls.xyz.conf b/nginx/sites-enabled/cgit.zzls.xyz.conf deleted file mode 120000 index a4543a9..0000000 --- a/nginx/sites-enabled/cgit.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/cgit.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/dav.zzls.xyz.conf b/nginx/sites-enabled/dav.zzls.xyz.conf deleted file mode 100644 index 849b33c..0000000 --- a/nginx/sites-enabled/dav.zzls.xyz.conf +++ /dev/null @@ -1,43 +0,0 @@ -server { - access_log /var/log/nginx/dav.access.log; - error_log /var/log/nginx/dav.error.log; - server_name dav.zzls.xyz; - include configs/general.conf; - root /opt/baikal/html; - index index.php - - rewrite ^/.well-known/caldav /dav redirect; - rewrite ^/.well-known/carddav /dav redirect; - - charset utf-8; - - location ~ /(\.ht|Core|Specific|config) { - deny all; - return 404; - } - - location ~ ^(.+\.php)(.*)$ { - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass unix:/run/php/php8.2-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - - # CSP + Security Headers - include configs/security.conf; - include configs/ssl.conf; - listen 443 ssl; - listen 443 quic; - http2 on; - -} - -server { - if ($host = dav.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name dav.zzls.xyz; -} diff --git a/nginx/sites-enabled/files.zzls.xyz.conf b/nginx/sites-enabled/files.zzls.xyz.conf deleted file mode 120000 index 2e4c7b4..0000000 --- a/nginx/sites-enabled/files.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/files.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/inv.zzls.xyz.fallback.conf b/nginx/sites-enabled/inv.zzls.xyz.fallback.conf deleted file mode 120000 index 7e2b637..0000000 --- a/nginx/sites-enabled/inv.zzls.xyz.fallback.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/inv.zzls.xyz.fallback.conf \ No newline at end of file diff --git a/nginx/sites-enabled/logs.spanix.team.conf b/nginx/sites-enabled/logs.spanix.team.conf deleted file mode 120000 index 5457559..0000000 --- a/nginx/sites-enabled/logs.spanix.team.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/logs.spanix.team.conf \ No newline at end of file diff --git a/nginx/sites-enabled/logs.zzls.xyz.conf b/nginx/sites-enabled/logs.zzls.xyz.conf deleted file mode 120000 index bd7d55a..0000000 --- a/nginx/sites-enabled/logs.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/logs.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/lol.zzls.xyz.conf b/nginx/sites-enabled/lol.zzls.xyz.conf deleted file mode 100644 index 366d191..0000000 --- a/nginx/sites-enabled/lol.zzls.xyz.conf +++ /dev/null @@ -1,34 +0,0 @@ -server { - access_log /var/log/nginx/lol.zzls.xyz.access.log; - server_name lol.zzls.xyz; - include configs/general.conf; - include configs/robotsNone.conf; - # security headers - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; -#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; - add_header Permissions-Policy "interest-cohort=()" always; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; - - location / { - proxy_pass http://127.0.0.1:40010; - include configs/proxy.conf; - } - - # QUIC - add_header Alt-Svc 'h3=":443"; ma=86400'; - - listen 443 ssl; - listen 443 quic; - http2 on; - include configs/ssl.conf; - -} -server { - if ($host = lol.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name lol.zzls.xyz; -} diff --git a/nginx/sites-enabled/lsf.spanix.team.conf b/nginx/sites-enabled/lsf.spanix.team.conf deleted file mode 120000 index 85c8350..0000000 --- a/nginx/sites-enabled/lsf.spanix.team.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/lsf.spanix.team.conf \ No newline at end of file diff --git a/nginx/sites-enabled/mail.zzls.xyz.conf b/nginx/sites-enabled/mail.zzls.xyz.conf deleted file mode 120000 index b57c391..0000000 --- a/nginx/sites-enabled/mail.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/mail.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/posts.zzls.xyz.conf b/nginx/sites-enabled/posts.zzls.xyz.conf deleted file mode 120000 index a59237c..0000000 --- a/nginx/sites-enabled/posts.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/posts.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/status.zzls.xyz.conf b/nginx/sites-enabled/status.zzls.xyz.conf deleted file mode 120000 index 5aca602..0000000 --- a/nginx/sites-enabled/status.zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/status.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/stream.zzls.xyz.conf b/nginx/sites-enabled/stream.zzls.xyz.conf deleted file mode 100644 index 8118dc9..0000000 --- a/nginx/sites-enabled/stream.zzls.xyz.conf +++ /dev/null @@ -1,61 +0,0 @@ -# CLEARNET -server { - access_log /var/log/nginx/stream.access.log; - error_log /var/log/nginx/stream.error.log; - server_name stream.zzls.xyz; - include configs/general.conf; - - location /hls/ { - types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } - root /tmp/; - } - - location /dash/ { - types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; } - root /tmp/; - } - - location = /streams { - rtmp_stat all; - rtmp_stat_stylesheet /stat.xsl; - } - - location /stat.xsl { - root /var/www/stream/public/; - } - - location /viewers/ { - default_type text/plain; - add_header Content-Type "text/plain"; - add_header Refresh "30; $request_uri"; - root /var/www/stream/public/; - try_files $uri /viewers.txt =404; - } - - location /posters/ { - root /var/www/stream/public/; - try_files $uri /offline.png =404; - } - - location / { - root /var/www/stream/public/; - try_files $uri $uri/hls.html =404; - } - - - # CSP + Security Headers - include configs/security.conf; - include configs/ssl.conf; - listen 443 ssl; - listen 443 quic; - http2 on; - -} - -server { - if ($host = stream.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name stream.zzls.xyz; -} diff --git a/nginx/sites-enabled/twitch.zzls.xyz.conf b/nginx/sites-enabled/twitch.zzls.xyz.conf deleted file mode 100644 index 5f8cf2e..0000000 --- a/nginx/sites-enabled/twitch.zzls.xyz.conf +++ /dev/null @@ -1,41 +0,0 @@ -server { - access_log /var/log/nginx/twitch.zzls.xyz.access.log; - server_name twitch.zzls.xyz; - include configs/general.conf; - include configs/security.conf; - include configs/robotsNone.conf; - - location / { - add_header Content-Type text/plain; - return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol. - - If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options. - If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument. - - This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency. - - Enjoy :3"; - - } - - location ~ ^/(?!$) { - proxy_pass http://127.0.0.1:9595; - include configs/proxy.conf; - } - - # QUIC - add_header Alt-Svc 'h3=":443"; ma=86400'; - - listen 443 ssl; - listen 443 quic; - http2 on; - include configs/ssl.conf; - -} -server { - if ($host = twitch.zzls.xyz) { - return 301 https://$host$request_uri; - } - listen 80; - server_name twitch.zzls.xyz; -} diff --git a/nginx/sites-enabled/zzls.xyz.conf b/nginx/sites-enabled/zzls.xyz.conf deleted file mode 120000 index a198d6b..0000000 --- a/nginx/sites-enabled/zzls.xyz.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/zzls.xyz.conf \ No newline at end of file