Fijxu/etc-configs
1
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

asdjknjkdas

Browse source
This commit is contained in:
Fijxu 2023-12-21 15:17:35 -03:00
parent 2275e26c16
commit 634f367c69
19 changed files with 719 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
nginx/conf.d/4get.zzls.xyz.fallback.conf Normal file
View file

@ -0,0 +1,21 @@
# CLEARNET
server {
server_name 4get.zzls.xyz;
include configs/general.conf;
include configs/ssl.conf;
include configs/security.conf;
location / {
return 301 https://4getus.zzls.xyz$request_uri;
}
}
server {
if ($host = 4get.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4get.zzls.xyz;
}

95
nginx/conf.d/4getus.zzls.xyz.conf Normal file
View file

@ -0,0 +1,95 @@
# FUCK BOTS
limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s;
# CLEARNET
server {
access_log /var/log/nginx/4getus.access.log;
error_log /var/log/nginx/4getus.error.log;
server_name 4getus.zzls.xyz;
include configs/general.conf;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location /web {
try_files $uri @upstream;
limit_req zone=4get;
limit_req_status 444;
include snippets/torblacklist.conf;
include snippets/spys.me.proxies.blacklist.conf;
error_page 403 =302 /torisblocked;
}
location /torisblocked {
access_log /var/log/nginx/4getus.torblocked.access.log;
add_header Content-Type text/plain;
return 200 "
Tor and Proxies are not allowed in this service, sorry.
Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
Tor y Proxies no estan permitidos en este servicio, lo siento.
Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.";
}
location /data {
return 444;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
# Tor Header
add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri;
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
# TOR
server {
access_log /var/log/nginx/4getus.tor.access.log;
listen 80;
server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion;
root /var/www/4get-zzls/;
location @upstream {
try_files $uri.php $uri/index.php =404;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
try_files $uri @upstream;
}
location ~* ^(.*)\.php$ {
return 301 $1;
}
}
server {
if ($host = 4getus.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name 4getus.zzls.xyz;
}

22
nginx/conf.d/blog.zzls.xyz.conf Normal file
View file

@ -0,0 +1,22 @@
server {
access_log /var/log/nginx/blog.zzls.xyz.log combined;
root /var/www/blog;
index index.html;
server_name blog.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = blog.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name blog.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

41
nginx/conf.d/cgit.zzls.xyz.conf Normal file
View file

@ -0,0 +1,41 @@
# CLEARNET
server {
access_log /var/log/nginx/cgit.access.log;
server_name cgit.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
root /usr/share/cgit;
try_files $uri @cgit;
# Configure HTTP transport
#location ~ /.+/(info/refs|git-upload-pack) {
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
# fastcgi_param PATH_INFO $uri;
# fastcgi_param GIT_HTTP_EXPORT_ALL 1;
# fastcgi_param GIT_PROJECT_ROOT /srv/git;
# fastcgi_param HOME /srv/git;
# fastcgi_pass unix:/run/fcgiwrap.socket;
# }
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = cgit.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name cgit.zzls.xyz;
}

51
nginx/conf.d/files.zzls.xyz.conf Normal file
View file

@ -0,0 +1,51 @@
server {
access_log /var/log/nginx/files.zzls.xyz.log combined;
server_name files.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/files.zzls.xyz;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
listen 443 ssl;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = files.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name files.zzls.xyz;
return 404; # managed by Certbot
}

17
nginx/conf.d/inv.zzls.xyz.fallback.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 80;
include configs/general.conf;
include configs/robotsNone.conf;
server_name inv.zzls.xyz;
root /var/www/website/invidious;
access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log;
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}

33
nginx/conf.d/logs.spanix.team.conf Normal file
View file

@ -0,0 +1,33 @@
server {
access_log /var/log/nginx/logs.spanix.team.log combined;
server_name logs.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40004;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = logs.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
server_name logs.spanix.team;
return 404; # managed by Certbot
}

49
nginx/conf.d/logs.zzls.xyz.conf Normal file
View file

@ -0,0 +1,49 @@
server {
access_log /var/log/nginx/logs.zzls.xyz.log combined;
server_name logs.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40003;
include configs/proxy.conf;
location ~ ^/(channel/rubius|channelid/39276140)/ {
return 401 "Los logs de Rubius han sido deshabilitados";
}
location ~ ^/(channel/ibai|channelid/83232866)/ {
return 401 "Los logs de Ibai han sido deshabilitados";
}
#location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ {
# return 401 "XD";
# }
location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){
return 401 "lol";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
error_page 501 502 503 /50x.html;
proxy_intercept_errors on;
}
location = /50x.html {
root /var/www/logs;
index 50x.html;
}
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name logs.zzls.xyz;
return 404; # managed by Certbot
}

34
nginx/conf.d/lol.zzls.xyz.conf Normal file
View file

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/lol.zzls.xyz.access.log;
server_name lol.zzls.xyz;
include configs/general.conf;
include configs/robotsNone.conf;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://127.0.0.1:40010;
include configs/proxy.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = lol.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name lol.zzls.xyz;
}

34
nginx/conf.d/lsf.spanix.team.conf Normal file
View file

@ -0,0 +1,34 @@
server {
access_log /var/log/nginx/lsf.spanix.team.log combined;
server_name lsf.spanix.team;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:40050;
include configs/proxy.conf;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = lsf.spanix.team) {
return 301 https://$host$request_uri;
}
# managed by Certbot
listen 80;
listen [::]:80;
server_name lsf.spanix.team;
return 404; # managed by Certbot
}

63
nginx/conf.d/mail.zzls.xyz.conf Normal file
View file

@ -0,0 +1,63 @@
server {
access_log /var/log/nginx/mail.zzls.xyz.log combined;
error_log /var/log/nginx/mail.zzls.xyz.error;
root /var/www/mail;
index index.html index.php;
server_name mail.zzls.xyz;
include configs/general.conf;
location ^~ /baikal {
root /opt/baikal/html;
index index.php;
if (!-e $request_filename) { rewrite ^ /baikal/index.php last; }
rewrite ^/.well-known/caldav /dav.php redirect;
rewrite ^/.well-known/carddav /dav.php redirect;
location ~ /(\.ht|Core|Specific|config) {
deny all;
return 404;
}
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# location @baikal {
# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last;
# }
location /radicale/ {
proxy_pass http://127.0.0.1:40001/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header Host $http_host;
}
listen 443 ssl http2;
include configs/ssl.conf;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "sameorigin" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}
server {
if ($host = mail.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

22
nginx/conf.d/posts.zzls.xyz.conf Normal file
View file

@ -0,0 +1,22 @@
server {
access_log /var/log/nginx/posts.zzls.xyz.log combined;
root /var/www/posts;
index index.html;
server_name posts.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name posts.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

24
nginx/conf.d/status.zzls.xyz.conf Normal file
View file

@ -0,0 +1,24 @@
server {
access_log /var/log/nginx/status.zzls.xyz.log combined;
server_name status.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location / {
proxy_pass http://127.0.0.1:8080;
include configs/proxy.conf;
}
listen 443 ssl;
include configs/ssl.conf;
}
server {
if ($host = status.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name status.zzls.xyz;
return 404; # managed by Certbot
}

61
nginx/conf.d/stream.zzls.xyz.conf Normal file
View file

@ -0,0 +1,61 @@
# CLEARNET
server {
access_log /var/log/nginx/stream.access.log;
error_log /var/log/nginx/stream.error.log;
server_name stream.zzls.xyz;
include configs/general.conf;
location /hls/ {
types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; }
root /tmp/;
}
location /dash/ {
types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; }
root /tmp/;
}
location = /streams {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /stat.xsl {
root /var/www/stream/public/;
}
location /viewers/ {
default_type text/plain;
add_header Content-Type "text/plain";
add_header Refresh "30; $request_uri";
root /var/www/stream/public/;
try_files $uri /viewers.txt =404;
}
location /posters/ {
root /var/www/stream/public/;
try_files $uri /offline.png =404;
}
location / {
root /var/www/stream/public/;
try_files $uri $uri/hls.html =404;
}
# CSP + Security Headers
include configs/security.conf;
include configs/ssl.conf;
listen 443 ssl;
listen 443 quic;
http2 on;
}
server {
if ($host = stream.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name stream.zzls.xyz;
}

41
nginx/conf.d/twitch.zzls.xyz.conf Normal file
View file

@ -0,0 +1,41 @@
server {
access_log /var/log/nginx/twitch.zzls.xyz.access.log;
server_name twitch.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
include configs/robotsNone.conf;
location / {
add_header Content-Type text/plain;
return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol.
If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options.
If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument.
This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency.
Enjoy :3";
}
location ~ ^/(?!$) {
proxy_pass http://127.0.0.1:9595;
include configs/proxy.conf;
}
# QUIC
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 ssl;
listen 443 quic;
http2 on;
include configs/ssl.conf;
}
server {
if ($host = twitch.zzls.xyz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name twitch.zzls.xyz;
}

64
nginx/conf.d/zzls.xyz.conf Normal file
View file

@ -0,0 +1,64 @@
server {
access_log /var/log/nginx/zzls.xyz.log;
root /var/www/website;
index index.html;
server_name zzls.xyz www.zzls.xyz;
include configs/general.conf;
include configs/security.conf;
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:8448"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
try_files $uri $uri/ =404;
add_header Access-Control-Allow-Origin *;
expires 24h;
}
location /transparency {
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
listen 443 ssl http2;
include configs/ssl.conf;
}
server {
access_log /var/log/nginx/zzls.i2p.log;
listen 30001;
server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p;
root /var/www/website;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
}
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
}
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

4
nginx/configs/http3.conf Normal file
View file

@ -0,0 +1,4 @@
# Disable HTTP/3 for now.
#add_header Alt-Svc: h2=":443"; ma=2592000;
#listen 443 quic;

0
nginx/mime.types Executable file → Normal file
View file

90
nginx/nginx.conf Executable file → Normal file
View file

@ -1,14 +1,13 @@
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
# Include modules
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/lib/nginx/modules/ngx_rtmp_module.so;
include /etc/nginx/conf.d/*.conf;
events {
worker_connections 65535;
multi_accept on;
worker_connections 65535;
multi_accept off;
}
rtmp_auto_push on;
@ -25,10 +24,10 @@ rtmp {
chunk_size 4096;
application live {
sync 100ms;
# play_restart on;
# play_restart on;
interleave on;
# wait_key on;
# wait_video on;
# wait_key on;
# wait_video on;
drop_idle_publisher 10s;
#dash
dash on;
@ -52,58 +51,55 @@ rtmp {
http {
log_format limited '$remote_addr - $remote_user [$time_local] '
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
'"-" "Bogus/66.6"';
log_format limited '$remote_addr - $remote_user [$time_local] '
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
'"-" "Bogus/66.6"';
access_log off;
error_log /dev/null;
# Basic Settings
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 1024;
types_hash_bucket_size 64;
# Basic Settings
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 1024;
types_hash_bucket_size 64;
server_names_hash_bucket_size 128;
# MIME
include mime.types;
default_type application/octet-stream;
# MIME
include mime.types;
#default_type application/octet-stream;
# SSL
# SSL
include configs/sslConfig.conf;
# DDOS Protection
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 60s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 60s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# QUIC AND HTTP3 SHIT
http3 on;
quic_retry on;
quic_gso on;
http3 on;
quic_retry on;
quic_gso on;
# PERFORMANCE / ASYNC I/O
aio threads=default;
aio_write on;
directio 2m;
# PERFORMANCE / ASYNC I/O
aio threads=default;
aio_write on;
directio 2m;
# Maps
include /etc/nginx/snippets/maps.conf;
include /etc/nginx/snippets/maps.conf;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
}