Fijxu/etc-configs
1
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

I am coommiting!!!!!

Browse source
This commit is contained in:
Fijxu 2023-12-21 16:06:15 -03:00
parent 634f367c69
commit 4f545e21a8
20 changed files with 200 additions and 273 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nginx/conf.d/4get.zzls.xyz.fallback.conf
View file

@ -8,8 +8,6 @@ server {
location / { location / {
return 301 https://4getus.zzls.xyz$request_uri; return 301 https://4getus.zzls.xyz$request_uri;
} }
} }
server { server {

57
nginx/conf.d/4getus.zzls.xyz.conf
View file

@ -1,68 +1,61 @@
# FUCK BOTS
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
# CLEARNET # CLEARNET
server { server {
access_log /var/log/nginx/4getus.access.log; access_log /var/log/nginx/4getus.access.log limited;
error_log /var/log/nginx/4getus.error.log; error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz; server_name 4getus.zzls.xyz;
include configs/general.conf;
root /var/www/4get-zzls/; root /var/www/4get-zzls/;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location @upstream { location @upstream {
try_files $uri.php $uri/index.php =404; try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
} }
location ~* ^(.*)\.php$ {
return 301 $1;
}
location / { location / {
try_files $uri @upstream; try_files $uri @upstream;
} }
location /web { location /web {
try_files $uri @upstream; try_files $uri @upstream;
limit_req zone=4get;
limit_req_status 444;
include snippets/torblacklist.conf; include snippets/torblacklist.conf;
include snippets/spys.me.proxies.blacklist.conf;
error_page 403 =302 /torisblocked; error_page 403 =302 /torisblocked;
error_page 429 =302 /rl;
} }
location /torisblocked {
access_log /var/log/nginx/4getus.torblocked.access.log;
add_header Content-Type text/plain;
return 200 "
Tor and Proxies are not allowed in this service, sorry.
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
Tor y Proxies no estan permitidos en este servicio, lo siento. location /torisblocked {
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio."; alias errors/$request_uri.txt;
}
location /rl {
alias errors/$request_uri.txt;
} }
location /data { location /data {
return 444; return 444;
} }
location ~* ^(.*)\.php$ { # Tor Header
return 301 $1; add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
}
# Tor Header # QUIC
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri; include configs/http3.conf;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf; include configs/ssl.conf;
listen 443 ssl; listen 443 ssl;
listen 443 quic;
http2 on; http2 on;
} }
# TOR # TOR
server { server {
access_log /var/log/nginx/4getus.tor.access.log;
listen 80; listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion; server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/; root /var/www/4get-zzls/;
@ -71,19 +64,17 @@ server {
try_files $uri.php $uri/index.php =404; try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
} }
location / {
try_files $uri @upstream;
}
location ~* ^(.*)\.php$ { location ~* ^(.*)\.php$ {
return 301 $1; return 301 $1;
} }
location / {
try_files $uri @upstream;
}
} }
server { server {

30
nginx/conf.d/blog.zzls.xyz.conf
View file

@ -1,22 +1,18 @@
server { server {
access_log /var/log/nginx/blog.zzls.xyz.log combined; access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
root /var/www/blog; index index.html;
index index.html; server_name blog.zzls.xyz;
include configs/general.conf;
server_name blog.zzls.xyz; include configs/security.conf;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
listen 443 ssl;
include configs/ssl.conf;
} }
server { server {
if ($host = blog.zzls.xyz) { if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server_name blog.zzls.xyz; server_name blog.zzls.xyz;
listen 80; listen 80;
return 404; # managed by Certbot
} }

15
nginx/conf.d/files.zzls.xyz.conf
View file

@ -14,19 +14,14 @@ server {
index index.html index.php /_h5ai/public/index.php; index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) { location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) { if (!-f $document_root$fastcgi_script_name) {
return 404; return 404;
} }
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi.conf;
include fastcgi_params; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
} }
@ -36,6 +31,9 @@ server {
} }
# QUIC
include configs/http3.conf;
listen 443 ssl; listen 443 ssl;
http2 on; http2 on;
include configs/ssl.conf; include configs/ssl.conf;
@ -47,5 +45,4 @@ server {
} }
listen 80; listen 80;
server_name files.zzls.xyz; server_name files.zzls.xyz;
return 404; # managed by Certbot
} }

13
nginx/conf.d/inv.zzls.xyz.fallback.conf
View file

@ -1,17 +1,10 @@
server { server {
listen 80; listen 80;
root /var/www/website/invidious;
server_name inv.zzls.xyz;
include configs/general.conf; include configs/general.conf;
include configs/robotsNone.conf; include configs/robotsNone.conf;
server_name inv.zzls.xyz;
root /var/www/website/invidious;
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf; include configs/ssl.conf;
listen 443 ssl;
} }

43
nginx/conf.d/logs.spanix.team.conf
View file

@ -1,33 +1,24 @@
server { server {
access_log /var/log/nginx/logs.spanix.team.log combined; access_log /var/log/nginx/logs.spanix.team.log combined;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
server_name logs.spanix.team; location / {
include configs/general.conf; proxy_pass http://127.0.0.1:40004;
include configs/security.conf; include configs/proxy.conf;
}
location / { listen 443 ssl http2; # managed by Certbot
proxy_pass http://127.0.0.1:40004; ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
include configs/proxy.conf; ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
} include configs/sslConfig.conf;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} }
server { server {
if ($host = logs.spanix.team) { if ($host = logs.spanix.team) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
# managed by Certbot listen 80;
server_name logs.spanix.team;
listen 80;
server_name logs.spanix.team;
return 404; # managed by Certbot
} }

70
nginx/conf.d/logs.zzls.xyz.conf
View file

@ -1,49 +1,45 @@
server { server {
access_log /var/log/nginx/logs.zzls.xyz.log combined; access_log /var/log/nginx/logs.zzls.xyz.log combined;
server_name logs.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name logs.zzls.xyz; location / {
include configs/general.conf; proxy_pass http://127.0.0.1:40003;
include configs/security.conf; include configs/proxy.conf;
location / { location ~ ^/(channel/rubius|channelid/39276140)/ {
proxy_pass http://127.0.0.1:40003; return 401 "Los logs de Rubius han sido deshabilitados";
include configs/proxy.conf; }
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
location ~ ^/(channel/rubius|channelid/39276140)/ { location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "Los logs de Rubius han sido deshabilitados"; return 401 "lol";
} }
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ { error_page 501 502 503 /50x.html;
# return 401 "XD"; proxy_intercept_errors on;
# } }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
error_page 501 502 503 /50x.html; location = /50x.html {
proxy_intercept_errors on; root /var/www/logs;
} index 50x.html;
}
location = /50x.html { # QUIC
root /var/www/logs; include configs/http3.conf;
index 50x.html;
}
listen 443 ssl; include configs/ssl.conf;
include configs/ssl.conf; listen 443 ssl;
http2 on;
} }
server { server {
if ($host = logs.zzls.xyz) { if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
listen 80; listen 80;
server_name logs.zzls.xyz; server_name logs.zzls.xyz;
return 404; # managed by Certbot
} }

7
nginx/conf.d/lol.zzls.xyz.conf
View file

@ -1,13 +1,13 @@
server { server {
access_log /var/log/nginx/lol.zzls.xyz.access.log; access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz; server_name lol.zzls.xyz;
include configs/general.conf; include configs/general.conf;
include configs/robotsNone.conf; include configs/robotsNone.conf;
# security headers # security headers
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always; add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
@ -17,10 +17,9 @@ server {
} }
# QUIC # QUIC
add_header Alt-Svc 'h3=":443"; ma=86400'; include configs/http3.conf
listen 443 ssl; listen 443 ssl;
listen 443 quic;
http2 on; http2 on;
include configs/ssl.conf; include configs/ssl.conf;

45
nginx/conf.d/lsf.spanix.team.conf
View file

@ -1,34 +1,25 @@
server { server {
access_log /var/log/nginx/lsf.spanix.team.log combined; access_log /var/log/nginx/lsf.spanix.team.log combined;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
server_name lsf.spanix.team; location / {
include configs/general.conf; proxy_pass http://127.0.0.1:40050;
include configs/security.conf; include configs/proxy.conf;
}
location / { listen 443 ssl;
proxy_pass http://127.0.0.1:40050; http2 on;
include configs/proxy.conf; ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
} ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include configs/sslConfig.conf;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} }
server { server {
if ($host = lsf.spanix.team) { if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
# managed by Certbot listen 80;
server_name lsf.spanix.team;
listen 80;
listen [::]:80;
server_name lsf.spanix.team;
return 404; # managed by Certbot
} }

35
nginx/conf.d/mail.zzls.xyz.conf
View file

@ -1,12 +1,12 @@
server { server {
access_log /var/log/nginx/mail.zzls.xyz.log combined; access_log /var/log/nginx/mail.zzls.xyz.log combined;
error_log /var/log/nginx/mail.zzls.xyz.error; error_log /var/log/nginx/mail.zzls.xyz.error;
root /var/www/mail; root /var/www/mail;
index index.html index.php; index index.html;
server_name mail.zzls.xyz; server_name mail.zzls.xyz;
include configs/general.conf; include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location ^~ /baikal { location ^~ /baikal {
root /opt/baikal/html; root /opt/baikal/html;
@ -23,35 +23,19 @@ server {
location ~ \.php$ { location ~ \.php$ {
if (!-f $request_filename) { return 404; } if (!-f $request_filename) { return 404; }
try_files $uri =404; try_files $uri =404;
include fastcgi_params; include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
} }
} }
# location @baikal { # QUIC
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last; include configs/http3.conf;
# }
location /radicale/ {
proxy_pass http://127.0.0.1:40001/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
}
listen 443 ssl http2; listen 443 ssl
http2 on;
include configs/ssl.conf; include configs/ssl.conf;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "sameorigin" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
} }
server { server {
if ($host = mail.zzls.xyz) { if ($host = mail.zzls.xyz) {
@ -59,5 +43,4 @@ server {
} }
server_name mail.zzls.xyz; server_name mail.zzls.xyz;
listen 80; listen 80;
return 404; # managed by Certbot
} }

30
nginx/conf.d/posts.zzls.xyz.conf
View file

@ -1,22 +1,20 @@
server { server {
access_log /var/log/nginx/posts.zzls.xyz.log combined; access_log /var/log/nginx/posts.zzls.xyz.log combined;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /var/www/posts; listen 443 ssl;
index index.html; http2 on;
include configs/ssl.conf;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
} }
server { server {
if ($host = posts.zzls.xyz) { if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server_name posts.zzls.xyz; server_name posts.zzls.xyz;
listen 80; listen 80;
return 404; # managed by Certbot
} }

34
nginx/conf.d/status.zzls.xyz.conf
View file

@ -1,24 +1,26 @@
server { server {
access_log /var/log/nginx/status.zzls.xyz.log combined; access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
server_name status.zzls.xyz; location / {
include configs/general.conf; proxy_pass http://127.0.0.1:8080;
include configs/security.conf; include configs/proxy.conf;
}
location / { # QUIC
proxy_pass http://127.0.0.1:8080; include configs/http3.conf;
include configs/proxy.conf;
}
listen 443 ssl; listen 443 ssl;
include configs/ssl.conf; http2 on;
include configs/ssl.conf;
} }
server { server {
if ($host = status.zzls.xyz) { if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
listen 80; listen 80;
server_name status.zzls.xyz; server_name status.zzls.xyz;
return 404; # managed by Certbot
} }

9
nginx/conf.d/stream.zzls.xyz.conf
View file

@ -42,14 +42,12 @@ server {
try_files $uri $uri/hls.html =404; try_files $uri $uri/hls.html =404;
} }
# QUIC
include config/http3.conf;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl; listen 443 ssl;
listen 443 quic;
http2 on; http2 on;
include configs/ssl.conf;
} }
server { server {
@ -58,4 +56,5 @@ server {
} }
listen 80; listen 80;
server_name stream.zzls.xyz; server_name stream.zzls.xyz;
return 404;
} }

22
nginx/conf.d/twitch.zzls.xyz.conf
View file

@ -1,21 +1,12 @@
server { server {
access_log /var/log/nginx/twitch.zzls.xyz.access.log; access_log /var/log/nginx/twitch.zzls.xyz.access.log;
server_name twitch.zzls.xyz; server_name twitch.zzls.xyz;
include configs/general.conf; include configs/general.conf;
include configs/security.conf; include configs/security.conf;
include configs/robotsNone.conf; include configs/robotsNone.conf;
location / { location / {
add_header Content-Type text/plain; alias static/twitch.txt;
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
Enjoy :3";
} }
location ~ ^/(?!$) { location ~ ^/(?!$) {
@ -24,10 +15,9 @@ server {
} }
# QUIC # QUIC
add_header Alt-Svc 'h3=":443"; ma=86400'; include configs/http3.conf;
listen 443 ssl; listen 443 ssl;
listen 443 quic;
http2 on; http2 on;
include configs/ssl.conf; include configs/ssl.conf;

11
nginx/conf.d/zzls.xyz.conf
View file

@ -21,7 +21,7 @@ server {
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
expires 24h; expires 1h;
} }
location /transparency { location /transparency {
@ -31,10 +31,12 @@ server {
autoindex_localtime on; autoindex_localtime on;
} }
listen 443 ssl http2; # QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;
include configs/ssl.conf; include configs/ssl.conf;
} }
server { server {
@ -60,5 +62,4 @@ server {
} }
server_name zzls.xyz www.zzls.xyz; server_name zzls.xyz www.zzls.xyz;
listen 80; listen 80;
return 404; # managed by Certbot
} }

12
nginx/configs/general.conf
View file

@ -5,14 +5,6 @@ gzip_proxied any;
gzip_comp_level 6; gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# brotli if ($poop) {
#brotli on; return 444;
#brotli_comp_level 6;
#brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
#location /robots.txt { alias /var/www/html/robots.txt; }
# FUCK SEMRUSH
if ($http_user_agent ~ (SemrushBot|Bytespider)) {
return 401;
} }

7
nginx/configs/ssl.conf
View file

@ -1,4 +1,3 @@
ssl_certificate /etc/ssl/certs/zzlschain.pem; ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem;
ssl_certificate_key /etc/ssl/private/zzlskey.pem; ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; include configs/sslConfig.conf
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

8
nginx/configs/sslConfig.conf
View file

@ -1,12 +1,12 @@
# SSL # SSL
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305: ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; ssl_session_tickets off;
ssl_early_data on; ssl_early_data on;
# Diffie-Hellman parameter for DHE ciphersuites # Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
# Changed to a custom one for trust purposes
ssl_dhparam /etc/nginx/dhparam.pem; ssl_dhparam /etc/nginx/dhparam.pem;

14
nginx/nginx.conf
View file

@ -86,11 +86,13 @@ http {
# maximum time between packets nginx is allowed to pause when sending the client data # maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s; send_timeout 10s;
client_body_buffer_size 32k;
client_max_body_size 2m;
# QUIC AND HTTP3 SHIT open_file_cache max=1024 inactive=10s;
http3 on; open_file_cache_valid 60s;
quic_retry on; open_file_cache_min_uses 2;
quic_gso on; open_file_cache_errors on;
# PERFORMANCE / ASYNC I/O # PERFORMANCE / ASYNC I/O
aio threads=default; aio threads=default;
@ -99,7 +101,7 @@ http {
# Maps # Maps
include /etc/nginx/snippets/maps.conf; include /etc/nginx/snippets/maps.conf;
include /etc/nginx/snippets/poop.conf;
# Virtual Host Configs include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
} }

9
nginx/snippets/poop.conf Normal file
View file

@ -0,0 +1,9 @@
map $http_user_agent $poop {
default 0;
~*my-tiny-bot 1;
~*thesis-research-bot 1;
~*SemrushBot 1;
~*Bytespider 1;
~*PetalBot 1;
~*Amazonbot 1;
}