From 634f367c69d7e3698fe3bc06d51a361f5a03625c Mon Sep 17 00:00:00 2001 From: Fijxu Date: Thu, 21 Dec 2023 15:17:35 -0300 Subject: [PATCH] asdjknjkdas --- nginx/conf.d/4get.zzls.xyz.fallback.conf | 21 ++++++ nginx/conf.d/4getus.zzls.xyz.conf | 95 ++++++++++++++++++++++++ nginx/conf.d/blog.zzls.xyz.conf | 22 ++++++ nginx/conf.d/cgit.zzls.xyz.conf | 41 ++++++++++ nginx/conf.d/files.zzls.xyz.conf | 51 +++++++++++++ nginx/conf.d/inv.zzls.xyz.fallback.conf | 17 +++++ nginx/conf.d/logs.spanix.team.conf | 33 ++++++++ nginx/conf.d/logs.zzls.xyz.conf | 49 ++++++++++++ nginx/conf.d/lol.zzls.xyz.conf | 34 +++++++++ nginx/conf.d/lsf.spanix.team.conf | 34 +++++++++ nginx/conf.d/mail.zzls.xyz.conf | 63 ++++++++++++++++ nginx/conf.d/posts.zzls.xyz.conf | 22 ++++++ nginx/conf.d/status.zzls.xyz.conf | 24 ++++++ nginx/conf.d/stream.zzls.xyz.conf | 61 +++++++++++++++ nginx/conf.d/twitch.zzls.xyz.conf | 41 ++++++++++ nginx/conf.d/zzls.xyz.conf | 64 ++++++++++++++++ nginx/configs/http3.conf | 4 + nginx/mime.types | 0 nginx/nginx.conf | 90 +++++++++++----------- 19 files changed, 719 insertions(+), 47 deletions(-) create mode 100644 nginx/conf.d/4get.zzls.xyz.fallback.conf create mode 100644 nginx/conf.d/4getus.zzls.xyz.conf create mode 100644 nginx/conf.d/blog.zzls.xyz.conf create mode 100644 nginx/conf.d/cgit.zzls.xyz.conf create mode 100644 nginx/conf.d/files.zzls.xyz.conf create mode 100644 nginx/conf.d/inv.zzls.xyz.fallback.conf create mode 100644 nginx/conf.d/logs.spanix.team.conf create mode 100644 nginx/conf.d/logs.zzls.xyz.conf create mode 100644 nginx/conf.d/lol.zzls.xyz.conf create mode 100644 nginx/conf.d/lsf.spanix.team.conf create mode 100644 nginx/conf.d/mail.zzls.xyz.conf create mode 100644 nginx/conf.d/posts.zzls.xyz.conf create mode 100644 nginx/conf.d/status.zzls.xyz.conf create mode 100644 nginx/conf.d/stream.zzls.xyz.conf create mode 100644 nginx/conf.d/twitch.zzls.xyz.conf create mode 100644 nginx/conf.d/zzls.xyz.conf create mode 100644 nginx/configs/http3.conf mode change 100755 => 100644 nginx/mime.types mode change 100755 => 100644 nginx/nginx.conf diff --git a/nginx/conf.d/4get.zzls.xyz.fallback.conf b/nginx/conf.d/4get.zzls.xyz.fallback.conf new file mode 100644 index 0000000..f1b95d0 --- /dev/null +++ b/nginx/conf.d/4get.zzls.xyz.fallback.conf @@ -0,0 +1,21 @@ +# CLEARNET +server { + server_name 4get.zzls.xyz; + include configs/general.conf; + include configs/ssl.conf; + include configs/security.conf; + + location / { + return 301 https://4getus.zzls.xyz$request_uri; + } + + +} + +server { + if ($host = 4get.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name 4get.zzls.xyz; +} diff --git a/nginx/conf.d/4getus.zzls.xyz.conf b/nginx/conf.d/4getus.zzls.xyz.conf new file mode 100644 index 0000000..abb10bf --- /dev/null +++ b/nginx/conf.d/4getus.zzls.xyz.conf @@ -0,0 +1,95 @@ +# FUCK BOTS +limit_req_zone $binary_remote_addr zone=4get:10m rate=2r/s; + +# CLEARNET +server { + access_log /var/log/nginx/4getus.access.log; + error_log /var/log/nginx/4getus.error.log; + server_name 4getus.zzls.xyz; + include configs/general.conf; + root /var/www/4get-zzls/; + + location @upstream { + try_files $uri.php $uri/index.php =404; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @upstream; + } + location /web { + try_files $uri @upstream; + limit_req zone=4get; + limit_req_status 444; + include snippets/torblacklist.conf; + include snippets/spys.me.proxies.blacklist.conf; + error_page 403 =302 /torisblocked; + } + location /torisblocked { + access_log /var/log/nginx/4getus.torblocked.access.log; + add_header Content-Type text/plain; + return 200 " + Tor and Proxies are not allowed in this service, sorry. + Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service. + + Tor y Proxies no estan permitidos en este servicio, lo siento. + Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio."; + } + + location /data { + return 444; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } + + # Tor Header + add_header Onion-Location http://4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion$request_uri; + + # CSP + Security Headers + include configs/security.conf; + include configs/ssl.conf; + listen 443 ssl; + listen 443 quic; + http2 on; + +} + +# TOR +server { + access_log /var/log/nginx/4getus.tor.access.log; + listen 80; + server_name 4getus.zzls2vhse6jeahgdz5snle37dnngmbeh4jgug5xvsdpmlchaw3ieonid.onion; + root /var/www/4get-zzls/; + + location @upstream { + try_files $uri.php $uri/index.php =404; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @upstream; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } + +} + +server { + if ($host = 4getus.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name 4getus.zzls.xyz; +} diff --git a/nginx/conf.d/blog.zzls.xyz.conf b/nginx/conf.d/blog.zzls.xyz.conf new file mode 100644 index 0000000..c5e815d --- /dev/null +++ b/nginx/conf.d/blog.zzls.xyz.conf @@ -0,0 +1,22 @@ +server { + access_log /var/log/nginx/blog.zzls.xyz.log combined; + + root /var/www/blog; + index index.html; + + server_name blog.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + listen 443 ssl http2; + include configs/ssl.conf; + +} +server { + if ($host = blog.zzls.xyz) { + return 301 https://$host$request_uri; + } + server_name blog.zzls.xyz; + listen 80; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/cgit.zzls.xyz.conf b/nginx/conf.d/cgit.zzls.xyz.conf new file mode 100644 index 0000000..a61ba79 --- /dev/null +++ b/nginx/conf.d/cgit.zzls.xyz.conf @@ -0,0 +1,41 @@ +# CLEARNET +server { + access_log /var/log/nginx/cgit.access.log; + server_name cgit.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + root /usr/share/cgit; + try_files $uri @cgit; + + # Configure HTTP transport + #location ~ /.+/(info/refs|git-upload-pack) { +# include fastcgi_params; +# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; +# fastcgi_param PATH_INFO $uri; +# fastcgi_param GIT_HTTP_EXPORT_ALL 1; +# fastcgi_param GIT_PROJECT_ROOT /srv/git; +# fastcgi_param HOME /srv/git; +# fastcgi_pass unix:/run/fcgiwrap.socket; +# } + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap.socket; + } + + listen 443 ssl; + http2 on; + include configs/ssl.conf; +} + +server { + if ($host = cgit.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name cgit.zzls.xyz; +} diff --git a/nginx/conf.d/files.zzls.xyz.conf b/nginx/conf.d/files.zzls.xyz.conf new file mode 100644 index 0000000..fabae7b --- /dev/null +++ b/nginx/conf.d/files.zzls.xyz.conf @@ -0,0 +1,51 @@ +server { + access_log /var/log/nginx/files.zzls.xyz.log combined; + + server_name files.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + location / { + if ($http_user_agent ~* (google) ) { + return 404; + } + + root /mnt/blockstorage/files.zzls.xyz; + index index.html index.php /_h5ai/public/index.php; + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_index index.php; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location /_h5ai/private { + return 403; + } + + } + + listen 443 ssl; + http2 on; + include configs/ssl.conf; + +} +server { + if ($host = files.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name files.zzls.xyz; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/inv.zzls.xyz.fallback.conf b/nginx/conf.d/inv.zzls.xyz.fallback.conf new file mode 100644 index 0000000..9732d29 --- /dev/null +++ b/nginx/conf.d/inv.zzls.xyz.fallback.conf @@ -0,0 +1,17 @@ +server { + listen 80; + include configs/general.conf; + include configs/robotsNone.conf; + server_name inv.zzls.xyz; + root /var/www/website/invidious; + access_log /var/log/nginx/inv.zzls.xyz.fallback.conf.access.log; + + # QUIC + add_header Alt-Svc 'h3=":443"; ma=86400'; + + listen 443 ssl; + listen 443 quic; + http2 on; + include configs/ssl.conf; + +} diff --git a/nginx/conf.d/logs.spanix.team.conf b/nginx/conf.d/logs.spanix.team.conf new file mode 100644 index 0000000..96f33f2 --- /dev/null +++ b/nginx/conf.d/logs.spanix.team.conf @@ -0,0 +1,33 @@ +server { + access_log /var/log/nginx/logs.spanix.team.log combined; + + server_name logs.spanix.team; + include configs/general.conf; + include configs/security.conf; + + location / { + proxy_pass http://127.0.0.1:40004; + include configs/proxy.conf; + } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/logs.spanix.team/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/logs.spanix.team/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = logs.spanix.team) { + return 301 https://$host$request_uri; + } + # managed by Certbot + + + listen 80; + + server_name logs.spanix.team; + return 404; # managed by Certbot + + +} diff --git a/nginx/conf.d/logs.zzls.xyz.conf b/nginx/conf.d/logs.zzls.xyz.conf new file mode 100644 index 0000000..2066f15 --- /dev/null +++ b/nginx/conf.d/logs.zzls.xyz.conf @@ -0,0 +1,49 @@ +server { + access_log /var/log/nginx/logs.zzls.xyz.log combined; + + server_name logs.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + location / { + proxy_pass http://127.0.0.1:40003; + include configs/proxy.conf; + + location ~ ^/(channel/rubius|channelid/39276140)/ { + return 401 "Los logs de Rubius han sido deshabilitados"; + } + location ~ ^/(channel/ibai|channelid/83232866)/ { + return 401 "Los logs de Ibai han sido deshabilitados"; + } + + #location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053|channel/*/user/skybluecold|channelid/*/user/skybluecold|channel/*/userid/130372054|channelid/*/user/skybluecold)/ { + # return 401 "XD"; + # } + location ~* ^/(channel/.*/user/skybluecold|channelid/.*/user/skybluecold|channel/.*/userid/130372054|channelid/.*/userid/130372054){ + return 401 "lol"; +} + location ~ ^/(channel/notfijxu|channelid/664947434)/ { + return 401 "lol"; + } + + error_page 501 502 503 /50x.html; + proxy_intercept_errors on; + } + + location = /50x.html { + root /var/www/logs; + index 50x.html; + } + + listen 443 ssl; + include configs/ssl.conf; + +} +server { + if ($host = logs.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name logs.zzls.xyz; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/lol.zzls.xyz.conf b/nginx/conf.d/lol.zzls.xyz.conf new file mode 100644 index 0000000..366d191 --- /dev/null +++ b/nginx/conf.d/lol.zzls.xyz.conf @@ -0,0 +1,34 @@ +server { + access_log /var/log/nginx/lol.zzls.xyz.access.log; + server_name lol.zzls.xyz; + include configs/general.conf; + include configs/robotsNone.conf; + # security headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; +#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + + location / { + proxy_pass http://127.0.0.1:40010; + include configs/proxy.conf; + } + + # QUIC + add_header Alt-Svc 'h3=":443"; ma=86400'; + + listen 443 ssl; + listen 443 quic; + http2 on; + include configs/ssl.conf; + +} +server { + if ($host = lol.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name lol.zzls.xyz; +} diff --git a/nginx/conf.d/lsf.spanix.team.conf b/nginx/conf.d/lsf.spanix.team.conf new file mode 100644 index 0000000..5b3f452 --- /dev/null +++ b/nginx/conf.d/lsf.spanix.team.conf @@ -0,0 +1,34 @@ +server { + access_log /var/log/nginx/lsf.spanix.team.log combined; + + server_name lsf.spanix.team; + include configs/general.conf; + include configs/security.conf; + + location / { + proxy_pass http://127.0.0.1:40050; + include configs/proxy.conf; + } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/lsf.spanix.team/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/lsf.spanix.team/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = lsf.spanix.team) { + return 301 https://$host$request_uri; + } + # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name lsf.spanix.team; + return 404; # managed by Certbot + + +} diff --git a/nginx/conf.d/mail.zzls.xyz.conf b/nginx/conf.d/mail.zzls.xyz.conf new file mode 100644 index 0000000..103df11 --- /dev/null +++ b/nginx/conf.d/mail.zzls.xyz.conf @@ -0,0 +1,63 @@ +server { + access_log /var/log/nginx/mail.zzls.xyz.log combined; + error_log /var/log/nginx/mail.zzls.xyz.error; + + root /var/www/mail; + index index.html index.php; + + server_name mail.zzls.xyz; + include configs/general.conf; + + location ^~ /baikal { + root /opt/baikal/html; + index index.php; + if (!-e $request_filename) { rewrite ^ /baikal/index.php last; } + rewrite ^/.well-known/caldav /dav.php redirect; + rewrite ^/.well-known/carddav /dav.php redirect; + + location ~ /(\.ht|Core|Specific|config) { + deny all; + return 404; + } + + location ~ \.php$ { + if (!-f $request_filename) { return 404; } + try_files $uri =404; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + } + +# location @baikal { +# rewrite /baikal/(.*)$ /baikal/index.php?/$1 last; +# } + location /radicale/ { + proxy_pass http://127.0.0.1:40001/; + proxy_set_header X-Script-Name /radicale; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Remote-User $remote_user; + proxy_set_header Host $http_host; + } + + listen 443 ssl http2; + include configs/ssl.conf; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "sameorigin" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; +#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + +} +server { + if ($host = mail.zzls.xyz) { + return 301 https://$host$request_uri; + } + server_name mail.zzls.xyz; + listen 80; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/posts.zzls.xyz.conf b/nginx/conf.d/posts.zzls.xyz.conf new file mode 100644 index 0000000..f1ff751 --- /dev/null +++ b/nginx/conf.d/posts.zzls.xyz.conf @@ -0,0 +1,22 @@ +server { + access_log /var/log/nginx/posts.zzls.xyz.log combined; + + root /var/www/posts; + index index.html; + + server_name posts.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + listen 443 ssl http2; + include configs/ssl.conf; + +} +server { + if ($host = posts.zzls.xyz) { + return 301 https://$host$request_uri; + } + server_name posts.zzls.xyz; + listen 80; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/status.zzls.xyz.conf b/nginx/conf.d/status.zzls.xyz.conf new file mode 100644 index 0000000..5a86aa1 --- /dev/null +++ b/nginx/conf.d/status.zzls.xyz.conf @@ -0,0 +1,24 @@ +server { + access_log /var/log/nginx/status.zzls.xyz.log combined; + + server_name status.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + location / { + proxy_pass http://127.0.0.1:8080; + include configs/proxy.conf; + } + + listen 443 ssl; + include configs/ssl.conf; + +} +server { + if ($host = status.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name status.zzls.xyz; + return 404; # managed by Certbot +} diff --git a/nginx/conf.d/stream.zzls.xyz.conf b/nginx/conf.d/stream.zzls.xyz.conf new file mode 100644 index 0000000..8118dc9 --- /dev/null +++ b/nginx/conf.d/stream.zzls.xyz.conf @@ -0,0 +1,61 @@ +# CLEARNET +server { + access_log /var/log/nginx/stream.access.log; + error_log /var/log/nginx/stream.error.log; + server_name stream.zzls.xyz; + include configs/general.conf; + + location /hls/ { + types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } + root /tmp/; + } + + location /dash/ { + types { application/dash+xml mpd; audio/mp4 m4a; video/mp4 m4v; } + root /tmp/; + } + + location = /streams { + rtmp_stat all; + rtmp_stat_stylesheet /stat.xsl; + } + + location /stat.xsl { + root /var/www/stream/public/; + } + + location /viewers/ { + default_type text/plain; + add_header Content-Type "text/plain"; + add_header Refresh "30; $request_uri"; + root /var/www/stream/public/; + try_files $uri /viewers.txt =404; + } + + location /posters/ { + root /var/www/stream/public/; + try_files $uri /offline.png =404; + } + + location / { + root /var/www/stream/public/; + try_files $uri $uri/hls.html =404; + } + + + # CSP + Security Headers + include configs/security.conf; + include configs/ssl.conf; + listen 443 ssl; + listen 443 quic; + http2 on; + +} + +server { + if ($host = stream.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name stream.zzls.xyz; +} diff --git a/nginx/conf.d/twitch.zzls.xyz.conf b/nginx/conf.d/twitch.zzls.xyz.conf new file mode 100644 index 0000000..5f8cf2e --- /dev/null +++ b/nginx/conf.d/twitch.zzls.xyz.conf @@ -0,0 +1,41 @@ +server { + access_log /var/log/nginx/twitch.zzls.xyz.access.log; + server_name twitch.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + include configs/robotsNone.conf; + + location / { + add_header Content-Type text/plain; + return 200 "Twitch Russia proxy for TTVLOL PRO and streamlink-ttvlol. + + If you use TTVLOL PRO add `https://twitch.zzls.xyz` (without the ` chars) to the proxies list in the TTVLOL PRO Options. + If you use streamlink-ttvlol use `--twitch-proxy-playlist=https://twitch.zzls.xyz` as argument. + + This proxy is located in the US but it returns an ad free RU Playlist. This doesn't affects your playback speed or latency. + + Enjoy :3"; + + } + + location ~ ^/(?!$) { + proxy_pass http://127.0.0.1:9595; + include configs/proxy.conf; + } + + # QUIC + add_header Alt-Svc 'h3=":443"; ma=86400'; + + listen 443 ssl; + listen 443 quic; + http2 on; + include configs/ssl.conf; + +} +server { + if ($host = twitch.zzls.xyz) { + return 301 https://$host$request_uri; + } + listen 80; + server_name twitch.zzls.xyz; +} diff --git a/nginx/conf.d/zzls.xyz.conf b/nginx/conf.d/zzls.xyz.conf new file mode 100644 index 0000000..916d354 --- /dev/null +++ b/nginx/conf.d/zzls.xyz.conf @@ -0,0 +1,64 @@ +server { + access_log /var/log/nginx/zzls.xyz.log; + root /var/www/website; + index index.html; + server_name zzls.xyz www.zzls.xyz; + include configs/general.conf; + include configs/security.conf; + + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.zzls.xyz:8448"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } + + location / { + try_files $uri $uri/ =404; + add_header Access-Control-Allow-Origin *; + expires 24h; + } + + location /transparency { + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + } + + listen 443 ssl http2; + include configs/ssl.conf; + + +} + +server { + access_log /var/log/nginx/zzls.i2p.log; + listen 30001; + server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p; + + root /var/www/website; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + +} + +server { + if ($host = www.zzls.xyz) { + return 301 https://$host$request_uri; + } + if ($host = zzls.xyz) { + return 301 https://$host$request_uri; + } + server_name zzls.xyz www.zzls.xyz; + listen 80; + return 404; # managed by Certbot +} diff --git a/nginx/configs/http3.conf b/nginx/configs/http3.conf new file mode 100644 index 0000000..7f0b485 --- /dev/null +++ b/nginx/configs/http3.conf @@ -0,0 +1,4 @@ +# Disable HTTP/3 for now. + +#add_header Alt-Svc: h2=":443"; ma=2592000; +#listen 443 quic; diff --git a/nginx/mime.types b/nginx/mime.types old mode 100755 new mode 100644 diff --git a/nginx/nginx.conf b/nginx/nginx.conf old mode 100755 new mode 100644 index 6d538a0..03b005f --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,14 +1,13 @@ -user www-data; worker_processes auto; worker_rlimit_nofile 65535; -pid /run/nginx.pid; + +# Include modules include /etc/nginx/modules-enabled/*.conf; load_module /usr/lib/nginx/modules/ngx_rtmp_module.so; -include /etc/nginx/conf.d/*.conf; events { - worker_connections 65535; - multi_accept on; + worker_connections 65535; + multi_accept off; } rtmp_auto_push on; @@ -25,10 +24,10 @@ rtmp { chunk_size 4096; application live { sync 100ms; -# play_restart on; + # play_restart on; interleave on; -# wait_key on; -# wait_video on; + # wait_key on; + # wait_video on; drop_idle_publisher 10s; #dash dash on; @@ -52,58 +51,55 @@ rtmp { http { - log_format limited '$remote_addr - $remote_user [$time_local] ' - '"$request_method /bogus $server_protocol" $status $body_bytes_sent ' - '"-" "Bogus/66.6"'; + log_format limited '$remote_addr - $remote_user [$time_local] ' + '"$request_method /bogus $server_protocol" $status $body_bytes_sent ' + '"-" "Bogus/66.6"'; access_log off; error_log /dev/null; - # Basic Settings - charset utf-8; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - server_tokens off; - log_not_found off; - types_hash_max_size 1024; - types_hash_bucket_size 64; + # Basic Settings + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + log_not_found off; + types_hash_max_size 1024; + types_hash_bucket_size 64; server_names_hash_bucket_size 128; - # MIME - include mime.types; - default_type application/octet-stream; + # MIME + include mime.types; + #default_type application/octet-stream; - # SSL + # SSL include configs/sslConfig.conf; - # DDOS Protection - limit_conn_zone $binary_remote_addr zone=perip:10m; - limit_conn perip 100; + # reset timed out connections freeing ram + reset_timedout_connection on; + # maximum time between packets the client can pause when sending nginx any data + client_body_timeout 10s; + # maximum time the client has to send the entire header to nginx + client_header_timeout 10s; + # timeout which a single keep-alive client connection will stay open + keepalive_timeout 60s; + # maximum time between packets nginx is allowed to pause when sending the client data + send_timeout 10s; - # reset timed out connections freeing ram - reset_timedout_connection on; - # maximum time between packets the client can pause when sending nginx any data - client_body_timeout 10s; - # maximum time the client has to send the entire header to nginx - client_header_timeout 10s; - # timeout which a single keep-alive client connection will stay open - keepalive_timeout 60s; - # maximum time between packets nginx is allowed to pause when sending the client data - send_timeout 10s; # QUIC AND HTTP3 SHIT - http3 on; - quic_retry on; - quic_gso on; + http3 on; + quic_retry on; + quic_gso on; - # PERFORMANCE / ASYNC I/O - aio threads=default; - aio_write on; - directio 2m; + # PERFORMANCE / ASYNC I/O + aio threads=default; + aio_write on; + directio 2m; # Maps - include /etc/nginx/snippets/maps.conf; + include /etc/nginx/snippets/maps.conf; - # Virtual Host Configs - include /etc/nginx/sites-enabled/*.conf; + # Virtual Host Configs + include /etc/nginx/sites-enabled/*.conf; }