Apply some changes from the selfhost branch
This commit is contained in:
parent
1bff32e01f
commit
19c2dda32b
GPG key ID:
32C1DDF333EDA6A4
28 changed files with 139 additions and 591 deletions
6
.gitignore
vendored
Normal file
6
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# Ignore everything
|
||||
*
|
||||
|
||||
# But not NGINX
|
||||
!nginx
|
||||
!nginx/**/*
|
||||
|
|
@ -18,18 +18,6 @@ server {
|
|||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = ~.ayaya.beauty||ayaya.beauty) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ~.ayaya.beauty ayaya.beauty ~.lamartina.gay lamartina.gay;
|
||||
return 404;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/ayaya.beauty.log combined;
|
||||
|
|
|
|||
|
|
@ -1,46 +0,0 @@
|
|||
server {
|
||||
access_log /var/log/nginx/dav.access.log;
|
||||
error_log /var/log/nginx/dav.error.log;
|
||||
server_name dav.zzls.xyz dav.nadeko.net;
|
||||
root /opt/baikal/html;
|
||||
index index.php;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
rewrite ^/.well-known/caldav /dav redirect;
|
||||
rewrite ^/.well-known/carddav /dav redirect;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location ~ /(\.ht|Core|Specific|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass php-fpm;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = dav.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = dav.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name dav.zzls.xyz dav.nadeko.net;
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
server {
|
||||
access_log /var/log/nginx/files.zzls.xyz.log combined;
|
||||
server_name files.zzls.xyz files.nadeko.net;
|
||||
server_name files.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
|
|
@ -36,18 +36,3 @@ server {
|
|||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = files.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = files.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name files.zzls.xyz files.nadeko.net;
|
||||
return 404;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,15 +18,4 @@ server {
|
|||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = live.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
return 404;
|
||||
server_name live.nadeko.net;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,17 +1,10 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lol.zzls.xyz.access.log;
|
||||
server_name lol.zzls.xyz;
|
||||
server_name lol.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
# security headers
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
include configs/proxy.conf;
|
||||
|
|
@ -22,12 +15,4 @@ server {
|
|||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lol.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name lol.zzls.xyz;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
# mail.nadeko.net
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/mail.nadeko.net.log combined;
|
||||
error_log /var/log/nginx/mail.nadeko.net.error;
|
||||
|
|
@ -18,31 +17,14 @@ server {
|
|||
alias /var/www/mail/favicon.png;
|
||||
}
|
||||
|
||||
# location ^~ /.well-known/mta-sts.txt {
|
||||
# return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
|
||||
# }
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = mail.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name mail.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# mta-sts.nadeko.net
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/mta-sts.nadeko.net.log combined;
|
||||
error_log /var/log/nginx/mta-sts.nadeko.net.error;
|
||||
|
|
@ -58,16 +40,3 @@ server {
|
|||
listen 443 ssl;
|
||||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = mta-sts.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name mta-sts.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
||||
|
|
|
|||
14
nginx/conf.d/redirector.conf
Normal file
14
nginx/conf.d/redirector.conf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
# https://stackoverflow.com/a/39563133
|
||||
server {
|
||||
server_name ~^(?<name>\w+)\.zzls\.xyz$;
|
||||
rewrite ^ https://$name.nadeko.net$request_uri? permanent;
|
||||
listen 443 ssl;
|
||||
listen 80;
|
||||
}
|
||||
|
||||
# HTTPS Redirector
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
|
||||
error_log /var/log/nginx/twitch.zzls.xyz.error.log;
|
||||
server_name twitch.zzls.xyz twitch.nadeko.net;
|
||||
server_name twitch.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
|
@ -23,17 +23,3 @@ server {
|
|||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = twitch.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = twitch.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name twitch.zzls.xyz twitch.nadeko.net;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,3 @@
|
|||
server {
|
||||
server_name znc.zzls.xyz;
|
||||
rewrite ^ https://znc.nadeko.net$request_uri? permanent;
|
||||
|
||||
listen 443 ssl;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/znc.zzls.xyz.log combined;
|
||||
server_name znc.nadeko.net;
|
||||
|
|
@ -23,18 +16,3 @@ server {
|
|||
http2 on;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = znc.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = znc.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name znc.zzls.xyz znc.nadeko.net;
|
||||
return 404;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,22 +37,11 @@ server {
|
|||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = www.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name zzls.xyz www.zzls.xyz;
|
||||
listen 80;
|
||||
}
|
||||
|
||||
server {
|
||||
access_log /var/log/nginx/nadeko.net.log;
|
||||
root /var/www/website;
|
||||
index index.html;
|
||||
server_name www.nadeko.net nadeko.net;
|
||||
server_name _ www.nadeko.net nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
|
||||
|
|
@ -91,13 +80,3 @@ server {
|
|||
http2 on;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = www.nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
if ($host = nadeko.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name _ nadeko.net www.nadeko.net;
|
||||
listen 80;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/4get.zzls.xyz.fallback.conf
|
||||
|
|
@ -1,94 +0,0 @@
|
|||
# FUCK BOTS
|
||||
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
|
||||
|
||||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/4getus.access.log;
|
||||
error_log /var/log/nginx/4getus.error.log;
|
||||
server_name 4getus.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /var/www/4get-zzls/;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
location /web {
|
||||
try_files $uri @upstream;
|
||||
limit_req zone=4get;
|
||||
limit_req_status 444;
|
||||
include snippets/torblacklist.conf;
|
||||
include snippets/spys.me.proxies.blacklist.conf;
|
||||
error_page 403 =302 /torisblocked;
|
||||
}
|
||||
location /torisblocked {
|
||||
access_log /var/log/nginx/4getus.torblocked.access.log;
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "
|
||||
Tor and Proxies are not allowed in this service, sorry.
|
||||
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
|
||||
|
||||
Tor y Proxies no estan permitidos en este servicio, lo siento.
|
||||
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
|
||||
}
|
||||
|
||||
location /data {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
# Tor Header
|
||||
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
access_log /var/log/nginx/4getus.tor.access.log;
|
||||
listen 80;
|
||||
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
|
||||
root /var/www/4get-zzls/;
|
||||
|
||||
location @upstream {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @upstream;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = 4getus.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name 4getus.zzls.xyz;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/blog.zzls.xyz.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/cgit.zzls.xyz.conf
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
server {
|
||||
access_log /var/log/nginx/dav.access.log;
|
||||
error_log /var/log/nginx/dav.error.log;
|
||||
server_name dav.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
root /opt/baikal/html;
|
||||
index index.php
|
||||
|
||||
rewrite ^/.well-known/caldav /dav redirect;
|
||||
rewrite ^/.well-known/carddav /dav redirect;
|
||||
|
||||
charset utf-8;
|
||||
|
||||
location ~ /(\.ht|Core|Specific|config) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = dav.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name dav.zzls.xyz;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/files.zzls.xyz.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/inv.zzls.xyz.fallback.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/logs.spanix.team.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/logs.zzls.xyz.conf
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
server {
|
||||
access_log /var/log/nginx/lol.zzls.xyz.access.log;
|
||||
server_name lol.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
# security headers
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = lol.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name lol.zzls.xyz;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/lsf.spanix.team.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/mail.zzls.xyz.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/posts.zzls.xyz.conf
|
||||
|
|
@ -1 +0,0 @@
|
|||
../sites-available/status.zzls.xyz.conf
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
# CLEARNET
|
||||
server {
|
||||
access_log /var/log/nginx/stream.access.log;
|
||||
error_log /var/log/nginx/stream.error.log;
|
||||
server_name stream.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
|
||||
location /hls/ {
|
||||
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location /dash/ {
|
||||
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
|
||||
root /tmp/;
|
||||
}
|
||||
|
||||
location = /streams {
|
||||
rtmp_stat all;
|
||||
rtmp_stat_stylesheet /stat.xsl;
|
||||
}
|
||||
|
||||
location /stat.xsl {
|
||||
root /var/www/stream/public/;
|
||||
}
|
||||
|
||||
location /viewers/ {
|
||||
default_type text/plain;
|
||||
add_header Content-Type "text/plain";
|
||||
add_header Refresh "30; $request_uri";
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /viewers.txt =404;
|
||||
}
|
||||
|
||||
location /posters/ {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri /offline.png =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /var/www/stream/public/;
|
||||
try_files $uri $uri/hls.html =404;
|
||||
}
|
||||
|
||||
|
||||
# CSP + Security Headers
|
||||
include configs/security.conf;
|
||||
include configs/ssl.conf;
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = stream.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name stream.zzls.xyz;
|
||||
}
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
server {
|
||||
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
|
||||
server_name twitch.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
|
||||
|
||||
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
|
||||
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
|
||||
|
||||
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
|
||||
|
||||
Enjoy :3";
|
||||
|
||||
}
|
||||
|
||||
location ~ ^/(?!$) {
|
||||
proxy_pass http://127.0.0.1:9595;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
http2 on;
|
||||
include configs/ssl.conf;
|
||||
|
||||
}
|
||||
server {
|
||||
if ($host = twitch.zzls.xyz) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name twitch.zzls.xyz;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/zzls.xyz.conf
|
||||
Loading…
Add table
Reference in a new issue