Fijxu/etc-configs
1
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

nginx configs

Browse source
This commit is contained in:
root 2022-12-03 01:01:28 -03:00
commit c33be03583
31 changed files with 1071 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
nginx/nginx.conf Executable file
View file

@ -0,0 +1,81 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers off;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# HTTP2 Settings
http2_max_field_size 64k;
http2_max_header_size 512k;
# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Headers ,XSS protection and security
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "interest-cohort=()" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# DDOS Protection
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 65s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
}

33
nginx/sites-available/bapi.conf Executable file
View file

@ -0,0 +1,33 @@
server {
access_log /var/log/nginx/bapi.access.log combined;
server_name bapi.zzls.xyz;
location / {
proxy_pass http://localhost:40030;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bapi.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bapi.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = bapi.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name bapi.zzls.xyz;
return 404; # managed by Certbot
}

43
nginx/sites-available/boards.conf Executable file
View file

@ -0,0 +1,43 @@
server {
client_max_body_size 64M;
access_log /var/log/nginx/boards.access.log combined;
root /var/www/boards/;
index index.html index.htm index.nginx-debian.html;
server_name boards.zzls.xyz;
location /api/socket {
proxy_pass http://localhost:8000/api/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://localhost:8000/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/boards.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/boards.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = boards.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name boards.zzls.xyz;
return 404; # managed by Certbot
}

18
nginx/sites-available/booyahtv.conf Executable file
View file

@ -0,0 +1,18 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/booyahtv.access.log combined;
root /var/www/booyahtv/;
index index.html index.htm index.nginx-debian.html;
server_name booyahtv.zzls.xyz;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

91
nginx/sites-available/default Executable file
View file

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

86
nginx/sites-available/default.bak Executable file
View file

@ -0,0 +1,86 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
access_log /var/log/nginx/zzls.access.log combined;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
return 301 https://$host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
allow all;
}
}
server {
access_log /var/log/nginx/zzls.access.log combined;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name zzls.xyz www.zzls.xyz; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
allow all;
}
location /files {
alias /mnt/blockstorage/wwwfiles;
autoindex on;
autoindex_format xml;
autoindex_exact_size off;
autoindex_localtime on;
xslt_stylesheet /var/www/html/assets/superbindex.xslt;
xslt_string_param color-base00 '#18191A';
}
location /filess {
alias /mnt/blockstorage/wwwfiles;
autoindex on;
autoindex_format xml;
autoindex_exact_size off;
autoindex_localtime on;
}
# listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/www.zzls.xyz/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/www.zzls.xyz/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name zzls.xyz www.zzls.xyz;
return 404; # managed by Certbot
}

41
nginx/sites-available/donate.zzls.xyz.conf Executable file
View file

@ -0,0 +1,41 @@
server {
access_log /var/log/nginx/donate.access.log combined;
root /var/www/donate;
index index.html index.htm index.nginx-debian.html;
server_name donate.zzls.xyz;
location / {
try_files $uri $uri/ =404;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/donate.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/donate.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = donate.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name donate.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

96
nginx/sites-available/files.zzls.xyz.conf Executable file
View file

@ -0,0 +1,96 @@
server {
access_log /var/log/nginx/files.access.log combined;
server_name files.zzls.xyz;
#root /var/www/files;
#index index.php /_h5ai/public/index.php;
if ($http_user_agent ~* (google) ) {
return 404;
}
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/wwwfiles;
index index.html index.php /_h5ai/public/index.php;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:r group:r all:r;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
# location / {
# root /mnt/blockstorage/wwwfiles;
# autoindex on;
# autoindex_format xml;
# autoindex_exact_size off;
# autoindex_localtime on;
# xslt_stylesheet /var/www/html/assets/superbindex.xslt;
# xslt_string_param color-base00 '#18191A';
#
# }
# location /vods {
# alias /mnt/blockstorage/Auto-Stream-Recording-Twitch/vods;
# autoindex on;
# autoindex_format xml;
# autoindex_exact_size on;
# autoindex_localtime on;
# #xslt_stylesheet /var/www/html/assets/superbindex.xslt;
# #xslt_string_param color-base00 '#18191A';
# # #WebDAV
# # auth_basic realm_name;
# # auth_basic_user_file /etc/nginx/.passwords.list;
# # dav_methods PUT DELETE MKCOL COPY MOVE;
# # dav_ext_methods PROPFIND OPTIONS;
# # dav_access user:rw group:rw all:r;
# }
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/files.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/files.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

40
nginx/sites-available/i.zzls.xyz.conf Executable file
View file

@ -0,0 +1,40 @@
server {
access_log /var/log/nginx/i.access.log combined;
#root /mnt/blockstorage/i/files/;
index index.html index.htm index.nginx-debian.html;
server_name i.zzls.xyz;
location / {
client_max_body_size 51M;
proxy_pass http://127.0.0.1:40007/;
}
#location /upload {
# client_max_body_size 2048M;
# auth_basic "Restricted Content";
# auth_basic_user_file /etc/fileupload.htpasswd;
# proxy_pass http://127.0.0.1:40002;
# }
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/i.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/i.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = i.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name i.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

22
nginx/sites-available/i2.conf Executable file
View file

@ -0,0 +1,22 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/i.access.log combined;
# root /mnt/blockstorage/i/files/;
index index.html index.htm index.nginx-debian.html;
server_name i.zzls.xyz;
location / {
proxy_pass http://localhost:7494;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/i2.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/i2.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

38
nginx/sites-available/ii.conf Executable file
View file

@ -0,0 +1,38 @@
server {
access_log /var/log/nginx/ii.access.log combined;
root /mnt/blockstorage/ifiles/;
index index.html index.htm index.nginx-debian.html;
server_name ii.zzls.xyz;
location /upload {
client_max_body_size 4096M;
auth_basic "Restricted Content";
auth_basic_user_file /etc/fileupload.htpasswd;
proxy_pass http://localhost:40002;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ii.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ii.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

31
nginx/sites-available/logs.spanix.xyz.conf Executable file
View file

@ -0,0 +1,31 @@
server {
access_log /var/log/nginx/logs.spanix.access.log combined;
server_name logs.spanix.xyz;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:40004;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.spanix.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.spanix.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = logs.spanix.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name logs.spanix.xyz;
return 404; # managed by Certbot
}

95
nginx/sites-available/logs.zzls.xyz.conf Executable file
View file

@ -0,0 +1,95 @@
server {
access_log /var/log/nginx/logs.access.log combined;
server_name logs.zzls.xyz;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
proxy_pass http://127.0.0.1:40003;
# location ~ ^/(channel/rubius|channelid/39276140)/ {
# return 401 "Los logs de Rubius han sido deshabilitados";
# }
# location ~ ^/(channel/ibai|channelid/83232866)/ {
# return 401 "Los logs de Ibai han sido deshabilitados";
# }
location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053)/ {
return 401 "XD";
}
location ~ ^/(channel/notfijxu|channelid/664947434)/ {
return 401 "lol";
}
error_page 502 = @fallback;
proxy_intercept_errors on;
}
location @fallback {
root /var/www/logs;
index index.html;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
access_log /var/log/nginx/notlogs.access.log combined;
server_name notlogs.zzls.xyz;
location / {
rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = notlogs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name notlogs.zzls.xyz;
return 404; # managed by Certbot
}
server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name logs.zzls.xyz;
return 404; # managed by Certbot
}

66
nginx/sites-available/logstemp.conf Executable file
View file

@ -0,0 +1,66 @@
server {
access_log /var/log/nginx/logs.access.log combined;
server_name logs.zzls.xyz;
root /var/www/logs;
index index.html;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
access_log /var/log/nginx/notlogs.access.log combined;
server_name notlogs.zzls.xyz;
location / {
rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/notlogs.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/notlogs.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = logs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name logs.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = notlogs.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name notlogs.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

43
nginx/sites-available/mail.zzls.xyz.conf Executable file
View file

@ -0,0 +1,43 @@
server {
access_log /var/log/nginx/mail.access.log combined;
root /var/www/mail;
index index.html index.htm index.nginx-debian.html;
server_name mail.zzls.xyz;
location / {
try_files $uri $uri/ =404;
}
location /radicale/ {
proxy_pass http://127.0.0.1:40001/; # The / is important!
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Authorization;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mail.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name mail.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

11
nginx/sites-available/nossl.zzls.xyz.conf Executable file
View file

@ -0,0 +1,11 @@
server {
access_log /var/log/nginx/nossl.access.log combined;
root /var/www/nossl;
index index.html index.htm index.nginx-debian.html;
server_name nossl.zzls.xyz;
}

30
nginx/sites-available/paste.zzls.xyz.conf Executable file
View file

@ -0,0 +1,30 @@
server {
access_log /var/log/nginx/paste.access.log combined;
server_name paste.zzls.xyz;
location / {
proxy_pass http://127.0.0.1:40005/;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = paste.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name paste.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

29
nginx/sites-available/posts.zzls.xyz.conf Executable file
View file

@ -0,0 +1,29 @@
server {
access_log /var/log/nginx/posts.access.log combined;
root /var/www/posts;
index index.html index.htm index.nginx-debian.html;
server_name posts.zzls.xyz;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/posts.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/posts.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = posts.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name posts.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

22
nginx/sites-available/shorturl.conf Executable file
View file

@ -0,0 +1,22 @@
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/s.access.log combined;
root /var/www/s/;
index index.html index.htm index.nginx-debian.html;
server_name s.zzls.xyz;
location / {
proxy_pass http://localhost:40006/;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/s.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/s.zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

84
nginx/sites-available/vanced.conf Executable file
View file

@ -0,0 +1,84 @@
server {
access_log /var/log/nginx/vanced.access.log combined;
server_name vanced.zzls.xyz;
#root /var/www/vanced;
#index index.php /_h5ai/public/index.php;
if ($http_user_agent ~* (google) ) {
return 404;
}
location / {
if ($http_user_agent ~* (google) ) {
return 404;
}
root /mnt/blockstorage/Vanced;
index index.html index.php /_h5ai/public/index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location /_h5ai/private {
return 403;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vanced.zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vanced.zzls.xyz/privkey.pem; # managed by Certbot
}
server {
if ($host = vanced.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name vanced.zzls.xyz;
return 404; # managed by Certbot
}

61
nginx/sites-available/zzls.xyz.conf Executable file
View file

@ -0,0 +1,61 @@
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name zzls.xyz www.zzls.xyz;
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.zzls.xyz:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location / {
try_files $uri $uri/ =404;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = zzls.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name zzls.xyz www.zzls.xyz;
listen 80;
return 404; # managed by Certbot
}

1
nginx/sites-enabled/donate.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/donate.zzls.xyz.conf

1
nginx/sites-enabled/files.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/files.zzls.xyz.conf

1
nginx/sites-enabled/i.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/i.zzls.xyz.conf

1
nginx/sites-enabled/logs.spanix.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/logs.spanix.xyz.conf

1
nginx/sites-enabled/logs.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/logs.zzls.xyz.conf

1
nginx/sites-enabled/mail.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/mail.zzls.xyz.conf

1
nginx/sites-enabled/nossl.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/nossl.zzls.xyz.conf

1
nginx/sites-enabled/paste.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/paste.zzls.xyz.conf

1
nginx/sites-enabled/posts.zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/posts.zzls.xyz.conf

1
nginx/sites-enabled/zzls.xyz.conf Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/zzls.xyz.conf