Fijxu/etc-configs
1
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor in pc xdxd

Browse source
This commit is contained in:
root 2023-12-21 14:01:35 -03:00
parent a5760cf3b7
commit 2275e26c16
30 changed files with 787 additions and 138 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
nginx/conf.d/default.conf.bal Normal file
View file

@ -0,0 +1,44 @@
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

7
nginx/configs/general.conf
View file

@ -10,4 +10,9 @@ gzip_types text/plain text/css text/xml application/json application/java
#brotli_comp_level 6;
#brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
location /robots.txt { alias /var/www/html/robots.txt; }
#location /robots.txt { alias /var/www/html/robots.txt; }
# FUCK SEMRUSH
if ($http_user_agent ~ (SemrushBot|Bytespider)) {
return 401;
}

26
nginx/configs/robots.conf Normal file
View file

@ -0,0 +1,26 @@
location /robots.txt { return 200 "User-agent: AhrefsBot
Disallow: /
User-agent: dotbot
Disallow: /
User-agent: SiteAuditBot
Disallow: /
User-agent: SemrushBot-BA
Disallow: /
User-agent: SemrushBot-SI
Disallow: /
User-agent: SemrushBot-SWA
Disallow: /
User-agent: SemrushBot-CT
Disallow: /
User-agent: SplitSignalBot
Disallow: /
User-agent: SemrushBot-COUB
Disallow: /"; }

1
nginx/configs/robotsNone.conf Normal file
View file

@ -0,0 +1 @@
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}

5
nginx/configs/security.conf
View file

@ -6,8 +6,3 @@ add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}

2
nginx/configs/ssl.conf
View file

@ -1,4 +1,4 @@
ssl_certificate /etc/ssl/certs/zzlschain.pem;
ssl_certificate_key /etc/ssl/private/zzlskey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

12
nginx/configs/sslConfig.conf Normal file
View file

@ -0,0 +1,12 @@
# SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_early_data on;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;

99
nginx/mime.types Executable file
View file

@ -0,0 +1,99 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

89
nginx/nginx.conf
View file

@ -3,6 +3,7 @@ worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/lib/nginx/modules/ngx_rtmp_module.so;
include /etc/nginx/conf.d/*.conf;
events {
@ -10,9 +11,52 @@ events {
multi_accept on;
}
rtmp_auto_push on;
rtmp_auto_push_reconnect 10s;
rtmp {
max_connections 1000;
server {
listen 1935;
allow publish 0.0.0.0;
deny play all;
chunk_size 4096;
application live {
sync 100ms;
# play_restart on;
interleave on;
# wait_key on;
# wait_video on;
drop_idle_publisher 10s;
#dash
dash on;
dash_path /tmp/dash;
dash_fragment 1;
dash_playlist_length 10;
#hls
hls on;
hls_fragment_naming system;
hls_path /tmp/hls;
hls_fragment 1;
hls_playlist_length 10;
hls_continuous on;
#rtmp
#on_publish http://127.0.0.1:7069/forms/stream;
live on;
record off;
}
}
}
http {
access_log off;
error_log /dev/null;
log_format limited '$remote_addr - $remote_user [$time_local] '
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
'"-" "Bogus/66.6"';
access_log off;
error_log /dev/null;
# Basic Settings
charset utf-8;
@ -21,39 +65,21 @@ error_log /dev/null;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 4096;
types_hash_max_size 1024;
types_hash_bucket_size 64;
server_names_hash_bucket_size 128;
# MIME
include mime.types;
default_type application/octet-stream;
# SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
#
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;
# HTTP2 Settings
http2_max_field_size 64k;
http2_max_header_size 512k;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
include configs/sslConfig.conf;
# DDOS Protection
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
@ -61,10 +87,23 @@ error_log /dev/null;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 65s;
keepalive_timeout 60s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
include /etc/nginx/snippets/maps.conf;
# QUIC AND HTTP3 SHIT
http3 on;
quic_retry on;
quic_gso on;
# PERFORMANCE / ASYNC I/O
aio threads=default;
aio_write on;
directio 2m;
# Maps
include /etc/nginx/snippets/maps.conf;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
}

21
nginx/sites-available/4get.zzls.xyz.fallback.conf Normal file
View file

@ -0,0 +1,21 @@
# CLEARNET
server {
server_name 4get.zzls.xyz;
include configs/general.conf;
include configs/ssl.conf;
include configs/security.conf;
location / {
return 301 https://4getus.zzls.xyz$request_uri;
}
}
server {
if ($host = 4get.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4get.zzls.xyz;
}

22
nginx/sites-available/blog.zzls.xyz.conf Executable file
View file

@ -0,0 +1,22 @@
server {
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

41
nginx/sites-available/cgit.zzls.xyz.conf Normal file
View file

@ -0,0 +1,41 @@
# CLEARNET
server {
access_log /var/log/nginx/cgit.access.log;
server_name cgit.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /usr/share/cgit;
try_files $uri @cgit;
# Configure HTTP transport
#location ~ /.+/(info/refs|git-upload-pack) {
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
# fastcgi_param PATH_INFO $uri;
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
# fastcgi_param HOME /srv/git;
# fastcgi_pass unix:/run/fcgiwrap.socket;
# }
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = cgit.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name cgit.zzls.xyz;
}

15
nginx/sites-available/contador.zzls.xyz.conf Executable file
View file

@ -0,0 +1,15 @@
server {
listen 80;
access_log /var/log/nginx/contador.xyz.log;
root /var/www/website;
index contador.html;
server_name contador.ayaya.beauty;
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
}
}

69
nginx/sites-available/files.zzls.xyz.conf
View file

@ -1,50 +1,51 @@
server {
access_log /var/log/nginx/files.zzls.xyz.log combined;
access_log /var/log/nginx/files.zzls.xyz.log combined;
server_name files.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name files.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/files.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
root /mnt/blockstorage/files.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
location /_h5ai/private {
return 403;
}
}
}
listen 443 ssl http2;
include configs/ssl.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = files.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name files.zzls.xyz;
return 404; # managed by Certbot
if ($host = files.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name files.zzls.xyz;
return 404; # managed by Certbot
}

3
nginx/sites-available/i.zzls.xyz.conf
View file

@ -9,7 +9,8 @@ server {
rewrite ^/(.*)$ https://i.ayaya.beauty/$1 redirect;
}
listen 443 ssl http2;
listen 443 ssl;
http2 on
include configs/ssl.conf;
}

17
nginx/sites-available/inv.zzls.xyz.fallback.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 80;
include configs/general.conf;
include configs/robotsNone.conf;
server_name inv.zzls.xyz;
root /var/www/website/invidious;
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}

23
nginx/sites-available/logs.zzls.xyz.conf
View file

@ -9,16 +9,19 @@ server {
proxy_pass http://127.0.0.1:40003;
include configs/proxy.conf;
# location ~ ^/(channel/rubius|channelid/39276140)/ {
# return 401 "Los logs de Rubius han sido deshabilitados";
# }
# location ~ ^/(channel/ibai|channelid/83232866)/ {
# return 401 "Los logs de Ibai han sido deshabilitados";
# }
location ~ ^/(channel/rubius|channelid/39276140)/ {
return 401 "Los logs de Rubius han sido deshabilitados";
}
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053)/ {
return 401 "XD";
}
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ {
# return 401 "XD";
# }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
@ -32,7 +35,7 @@ server {
index 50x.html;
}
listen 443 ssl http2;
listen 443 ssl;
include configs/ssl.conf;
}

77
nginx/sites-available/mail.zzls.xyz.conf
View file

@ -1,34 +1,63 @@
server {
access_log /var/log/nginx/mail.zzls.xyz.log combined;
access_log /var/log/nginx/mail.zzls.xyz.log combined;
error_log /var/log/nginx/mail.zzls.xyz.error;
root /var/www/mail;
index index.html;
root /var/www/mail;
index index.html index.php;
server_name mail.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name mail.zzls.xyz;
include configs/general.conf;
location / {
try_files $uri $uri/ =404;
}
location ^~ /baikal {
root /opt/baikal/html;
index index.php;
if (!-e $request_filename) { rewrite ^ /baikal/index.php last; }
rewrite ^/.well-known/caldav /dav.php redirect;
rewrite ^/.well-known/carddav /dav.php redirect;
location /radicale/ {
proxy_pass http://127.0.0.1:40001/; # The / is important!
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Authorization;
}
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
listen 443 ssl http2;
include configs/ssl.conf;
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# location @baikal {
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last;
# }
location /radicale/ {
proxy_pass http://127.0.0.1:40001/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
}
listen 443 ssl http2;
include configs/ssl.conf;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "sameorigin" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}
server {
if ($host = mail.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
if ($host = mail.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

24
nginx/sites-available/status.zzls.xyz.conf Executable file
View file

@ -0,0 +1,24 @@
server {
access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:8080;
include configs/proxy.conf;
}
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz;
return 404; # managed by Certbot
}

89
nginx/sites-available/zzls.xyz.conf
View file

@ -1,47 +1,64 @@
server {
access_log /var/log/nginx/zzls.xyz.log;
root /var/www/website;
index index.html;
server_name zzls.xyz www.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /var/www/website;
index index.html;
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
server_name zzls.xyz www.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
expires 24h;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /transparency {
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
location / {
try_files $uri $uri/ =404;
}
listen 443 ssl http2;
include configs/ssl.conf;
location /transparency {
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
access_log /var/log/nginx/zzls.i2p.log;
listen 30001;
server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p;
root /var/www/website;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

1
nginx/sites-enabled/4get.zzls.xyz.fallback.conf Symbolic link
View file

@ -0,0 +1 @@
../sites-available/4get.zzls.xyz.fallback.conf

95
nginx/sites-enabled/4getus.zzls.xyz.conf Normal file
View file

@ -0,0 +1,95 @@
# FUCK BOTS
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
# CLEARNET
server {
access_log /var/log/nginx/4getus.access.log;
error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz;
include configs/general.conf;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location /web {
try_files $uri @upstream;
limit_req zone=4get;
limit_req_status 444;
include snippets/torblacklist.conf;
include snippets/spys.me.proxies.blacklist.conf;
error_page 403 =302 /torisblocked;
}
location /torisblocked {
access_log /var/log/nginx/4getus.torblocked.access.log;
add_header Content-Type text/plain;
return 200 "
Tor and Proxies are not allowed in this service, sorry.
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
Tor y Proxies no estan permitidos en este servicio, lo siento.
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
}
location /data {
return 444;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
# TOR
server {
access_log /var/log/nginx/4getus.tor.access.log;
listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
}
server {
if ($host = 4getus.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4getus.zzls.xyz;
}

1
nginx/sites-enabled/blog.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
../sites-available/blog.zzls.xyz.conf

1
nginx/sites-enabled/cgit.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
../sites-available/cgit.zzls.xyz.conf

43
nginx/sites-enabled/dav.zzls.xyz.conf Normal file
View file

@ -0,0 +1,43 @@
server {
access_log /var/log/nginx/dav.access.log;
error_log /var/log/nginx/dav.error.log;
server_name dav.zzls.xyz;
include configs/general.conf;
root /opt/baikal/html;
index index.php
rewrite ^/.well-known/caldav /dav redirect;
rewrite ^/.well-known/carddav /dav redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
location ~ ^(.+\.php)(.*)$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
server {
if ($host = dav.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name dav.zzls.xyz;
}

1
nginx/sites-enabled/i.zzls.xyz.conf
View file

@ -1 +0,0 @@
/etc/nginx/sites-available/i.zzls.xyz.conf

1
nginx/sites-enabled/inv.zzls.xyz.fallback.conf Symbolic link
View file

@ -0,0 +1 @@
../sites-available/inv.zzls.xyz.fallback.conf

34
nginx/sites-enabled/lol.zzls.xyz.conf Normal file
View file

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://127.0.0.1:40010;
include configs/proxy.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = lol.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lol.zzls.xyz;
}

1
nginx/sites-enabled/status.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
../sites-available/status.zzls.xyz.conf

61
nginx/sites-enabled/stream.zzls.xyz.conf Normal file
View file

@ -0,0 +1,61 @@
# CLEARNET
server {
access_log /var/log/nginx/stream.access.log;
error_log /var/log/nginx/stream.error.log;
server_name stream.zzls.xyz;
include configs/general.conf;
location /hls/ {
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
root /tmp/;
}
location /dash/ {
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
root /tmp/;
}
location = /streams {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /stat.xsl {
root /var/www/stream/public/;
}
location /viewers/ {
default_type text/plain;
add_header Content-Type "text/plain";
add_header Refresh "30; $request_uri";
root /var/www/stream/public/;
try_files $uri /viewers.txt =404;
}
location /posters/ {
root /var/www/stream/public/;
try_files $uri /offline.png =404;
}
location / {
root /var/www/stream/public/;
try_files $uri $uri/hls.html =404;
}
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
server {
if ($host = stream.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name stream.zzls.xyz;
}