Fijxu/etc-configs
1
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

I am coommiting!!!!!

Browse source
This commit is contained in:
Fijxu 2023-12-21 16:06:15 -03:00
parent 634f367c69
commit 4f545e21a8
20 changed files with 200 additions and 273 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nginx/conf.d/4get.zzls.xyz.fallback.conf
View file

@ -8,8 +8,6 @@ server {
location / {
return 301 https://4getus.zzls.xyz$request_uri;
}
}
server {

57
nginx/conf.d/4getus.zzls.xyz.conf
View file

@ -1,68 +1,61 @@
# FUCK BOTS
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
# CLEARNET
server {
access_log /var/log/nginx/4getus.access.log;
access_log /var/log/nginx/4getus.access.log limited;
error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz;
include configs/general.conf;
root /var/www/4get-zzls/;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
location / {
try_files $uri @upstream;
}
location /web {
try_files $uri @upstream;
limit_req zone=4get;
limit_req_status 444;
include snippets/torblacklist.conf;
include snippets/spys.me.proxies.blacklist.conf;
error_page 403 =302 /torisblocked;
error_page 429 =302 /rl;
}
location /torisblocked {
access_log /var/log/nginx/4getus.torblocked.access.log;
add_header Content-Type text/plain;
return 200 "
Tor and Proxies are not allowed in this service, sorry.
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
Tor y Proxies no estan permitidos en este servicio, lo siento.
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
location /torisblocked {
alias errors/$request_uri.txt;
}
location /rl {
alias errors/$request_uri.txt;
}
location /data {
return 444;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# QUIC
include configs/http3.conf;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
# TOR
server {
access_log /var/log/nginx/4getus.tor.access.log;
listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/;
@ -71,19 +64,17 @@ server {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
location / {
try_files $uri @upstream;
}
}
server {

30
nginx/conf.d/blog.zzls.xyz.conf
View file

@ -1,22 +1,18 @@
server {
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
return 404; # managed by Certbot
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
}

15
nginx/conf.d/files.zzls.xyz.conf
View file

@ -14,19 +14,14 @@ server {
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_param PATH_INFO $fastcgi_path_info;
}
@ -36,6 +31,9 @@ server {
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf;
@ -47,5 +45,4 @@ server {
}
listen 80;
server_name files.zzls.xyz;
return 404; # managed by Certbot
}

13
nginx/conf.d/inv.zzls.xyz.fallback.conf
View file

@ -1,17 +1,10 @@
server {
listen 80;
root /var/www/website/invidious;
server_name inv.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
server_name inv.zzls.xyz;
root /var/www/website/invidious;
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
listen 443 ssl;
}

43
nginx/conf.d/logs.spanix.team.conf
View file

@ -1,33 +1,24 @@
server {
access_log /var/log/nginx/logs.spanix.team.log combined;
access_log /var/log/nginx/logs.spanix.team.log combined;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40004;
include configs/proxy.conf;
}
location / {
proxy_pass http://127.0.0.1:40004;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include configs/sslConfig.conf;
}
server {
if ($host = logs.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name logs.spanix.team;
return 404; # managed by Certbot
if ($host = logs.spanix.team) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.spanix.team;
}

70
nginx/conf.d/logs.zzls.xyz.conf
View file

@ -1,49 +1,45 @@
server {
access_log /var/log/nginx/logs.zzls.xyz.log combined;
access_log /var/log/nginx/logs.zzls.xyz.log combined;
server_name logs.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name logs.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40003;
include configs/proxy.conf;
location / {
proxy_pass http://127.0.0.1:40003;
include configs/proxy.conf;
location ~ ^/(channel/rubius|channelid/39276140)/ {
return 401 "Los logs de Rubius han sido deshabilitados";
}
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
location ~ ^/(channel/rubius|channelid/39276140)/ {
return 401 "Los logs de Rubius han sido deshabilitados";
}
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ {
# return 401 "XD";
# }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
error_page 501 502 503 /50x.html;
proxy_intercept_errors on;
}
error_page 501 502 503 /50x.html;
proxy_intercept_errors on;
}
location = /50x.html {
root /var/www/logs;
index 50x.html;
}
location = /50x.html {
root /var/www/logs;
index 50x.html;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
include configs/ssl.conf;
include configs/ssl.conf;
listen 443 ssl;
http2 on;
}
server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.zzls.xyz;
return 404; # managed by Certbot
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.zzls.xyz;
}

7
nginx/conf.d/lol.zzls.xyz.conf
View file

@ -1,13 +1,13 @@
server {
access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz;
server_name lol.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
@ -17,10 +17,9 @@ server {
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
include configs/http3.conf
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;

45
nginx/conf.d/lsf.spanix.team.conf
View file

@ -1,34 +1,25 @@
server {
access_log /var/log/nginx/lsf.spanix.team.log combined;
access_log /var/log/nginx/lsf.spanix.team.log combined;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40050;
include configs/proxy.conf;
}
location / {
proxy_pass http://127.0.0.1:40050;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include configs/sslConfig.conf;
}
server {
if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
listen [::]:80;
server_name lsf.spanix.team;
return 404; # managed by Certbot
if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lsf.spanix.team;
}

35
nginx/conf.d/mail.zzls.xyz.conf
View file

@ -1,12 +1,12 @@
server {
access_log /var/log/nginx/mail.zzls.xyz.log combined;
error_log /var/log/nginx/mail.zzls.xyz.error;
root /var/www/mail;
index index.html index.php;
index index.html;
server_name mail.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location ^~ /baikal {
root /opt/baikal/html;
@ -23,35 +23,19 @@ server {
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# location @baikal {
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last;
# }
location /radicale/ {
proxy_pass http://127.0.0.1:40001/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
}
# QUIC
include configs/http3.conf;
listen 443 ssl http2;
listen 443 ssl
http2 on;
include configs/ssl.conf;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "sameorigin" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}
server {
if ($host = mail.zzls.xyz) {
@ -59,5 +43,4 @@ server {
}
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

30
nginx/conf.d/posts.zzls.xyz.conf
View file

@ -1,22 +1,20 @@
server {
access_log /var/log/nginx/posts.zzls.xyz.log combined;
access_log /var/log/nginx/posts.zzls.xyz.log combined;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name posts.zzls.xyz;
listen 80;
return 404; # managed by Certbot
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name posts.zzls.xyz;
listen 80;
}

34
nginx/conf.d/status.zzls.xyz.conf
View file

@ -1,24 +1,26 @@
server {
access_log /var/log/nginx/status.zzls.xyz.log combined;
access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:8080;
include configs/proxy.conf;
}
location / {
proxy_pass http://127.0.0.1:8080;
include configs/proxy.conf;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
include configs/ssl.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz;
return 404; # managed by Certbot
if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz;
}

9
nginx/conf.d/stream.zzls.xyz.conf
View file

@ -42,14 +42,12 @@ server {
try_files $uri $uri/hls.html =404;
}
# QUIC
include config/http3.conf;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
@ -58,4 +56,5 @@ server {
}
listen 80;
server_name stream.zzls.xyz;
return 404;
}

22
nginx/conf.d/twitch.zzls.xyz.conf
View file

@ -1,21 +1,12 @@
server {
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
server_name twitch.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
server_name twitch.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
location / {
add_header Content-Type text/plain;
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
Enjoy :3";
alias static/twitch.txt;
}
location ~ ^/(?!$) {
@ -24,10 +15,9 @@ server {
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
include configs/http3.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;

11
nginx/conf.d/zzls.xyz.conf
View file

@ -21,7 +21,7 @@ server {
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
expires 24h;
expires 1h;
}
location /transparency {
@ -31,10 +31,12 @@ server {
autoindex_localtime on;
}
listen 443 ssl http2;
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
@ -60,5 +62,4 @@ server {
}
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

12
nginx/configs/general.conf
View file

@ -5,14 +5,6 @@ gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# brotli
#brotli on;
#brotli_comp_level 6;
#brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
#location /robots.txt { alias /var/www/html/robots.txt; }
# FUCK SEMRUSH
if ($http_user_agent ~ (SemrushBot|Bytespider)) {
return 401;
if ($poop) {
return 444;
}

7
nginx/configs/ssl.conf
View file

@ -1,4 +1,3 @@
ssl_certificate /etc/ssl/certs/zzlschain.pem;
ssl_certificate_key /etc/ssl/private/zzlskey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem;
include configs/sslConfig.conf

8
nginx/configs/sslConfig.conf
View file

@ -1,12 +1,12 @@
# SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:
ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_early_data on;
# Diffie-Hellman parameter for DHE ciphersuites
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
# Changed to a custom one for trust purposes
ssl_dhparam /etc/nginx/dhparam.pem;

14
nginx/nginx.conf
View file

@ -86,11 +86,13 @@ http {
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
client_body_buffer_size 32k;
client_max_body_size 2m;
# QUIC AND HTTP3 SHIT
http3 on;
quic_retry on;
quic_gso on;
open_file_cache max=1024 inactive=10s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# PERFORMANCE / ASYNC I/O
aio threads=default;
@ -99,7 +101,7 @@ http {
# Maps
include /etc/nginx/snippets/maps.conf;
include /etc/nginx/snippets/poop.conf;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/conf.d/*.conf;
}

9
nginx/snippets/poop.conf Normal file
View file

@ -0,0 +1,9 @@
map $http_user_agent $poop {
default 0;
~*my-tiny-bot 1;
~*thesis-research-bot 1;
~*SemrushBot 1;
~*Bytespider 1;
~*PetalBot 1;
~*Amazonbot 1;
}