commit c33be03583558b7f2fd3e5fbe73b29463aa237c0 Author: root Date: Sat Dec 3 01:01:28 2022 -0300 nginx configs diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100755 index 0000000..f3f0b2e --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,81 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + # Basic Settings + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # SSL Settings + + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers off; + + # Logging Settings + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + # Gzip Settings + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + # HTTP2 Settings + http2_max_field_size 64k; + http2_max_header_size 512k; + + # Virtual Host Configs + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Headers ,XSS protection and security + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Permissions-Policy "interest-cohort=()" always; + #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # DDOS Protection + limit_conn_zone $binary_remote_addr zone=perip:10m; + limit_conn perip 100; + + limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s; + limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s; + + # reset timed out connections freeing ram + reset_timedout_connection on; + # maximum time between packets the client can pause when sending nginx any data + client_body_timeout 10s; + # maximum time the client has to send the entire header to nginx + client_header_timeout 10s; + # timeout which a single keep-alive client connection will stay open + keepalive_timeout 65s; + # maximum time between packets nginx is allowed to pause when sending the client data + send_timeout 10s; +} diff --git a/nginx/sites-available/bapi.conf b/nginx/sites-available/bapi.conf new file mode 100755 index 0000000..6addf2e --- /dev/null +++ b/nginx/sites-available/bapi.conf @@ -0,0 +1,33 @@ +server { + + access_log /var/log/nginx/bapi.access.log combined; + + server_name bapi.zzls.xyz; + + location / { + proxy_pass http://localhost:40030; + } + + + listen [::]:443 ssl http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/bapi.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/bapi.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = bapi.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name bapi.zzls.xyz; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/nginx/sites-available/boards.conf b/nginx/sites-available/boards.conf new file mode 100755 index 0000000..b53d323 --- /dev/null +++ b/nginx/sites-available/boards.conf @@ -0,0 +1,43 @@ +server { + client_max_body_size 64M; + access_log /var/log/nginx/boards.access.log combined; + + root /var/www/boards/; + index index.html index.htm index.nginx-debian.html; + + server_name boards.zzls.xyz; + + location /api/socket { + proxy_pass http://localhost:8000/api/socket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; +} + + location / { + proxy_pass http://localhost:8000/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/boards.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/boards.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} +server { + if ($host = boards.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name boards.zzls.xyz; + return 404; # managed by Certbot + + +} diff --git a/nginx/sites-available/booyahtv.conf b/nginx/sites-available/booyahtv.conf new file mode 100755 index 0000000..a06b177 --- /dev/null +++ b/nginx/sites-available/booyahtv.conf @@ -0,0 +1,18 @@ +server { + listen 80; + listen [::]:80; + + access_log /var/log/nginx/booyahtv.access.log combined; + + root /var/www/booyahtv/; + index index.html index.htm index.nginx-debian.html; + + server_name booyahtv.zzls.xyz; + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} diff --git a/nginx/sites-available/default b/nginx/sites-available/default new file mode 100755 index 0000000..c5af914 --- /dev/null +++ b/nginx/sites-available/default @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/sites-available/default.bak b/nginx/sites-available/default.bak new file mode 100755 index 0000000..706719f --- /dev/null +++ b/nginx/sites-available/default.bak @@ -0,0 +1,86 @@ + +server { + listen 80 default_server; + listen [::]:80 default_server; + + access_log /var/log/nginx/zzls.access.log combined; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + return 301 https://$host$request_uri; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + allow all; + } + + +} + + +server { + + access_log /var/log/nginx/zzls.access.log combined; + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + server_name zzls.xyz www.zzls.xyz; # managed by Certbot + + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + allow all; + } + + location /files { + alias /mnt/blockstorage/wwwfiles; + autoindex on; + autoindex_format xml; + autoindex_exact_size off; + autoindex_localtime on; + xslt_stylesheet /var/www/html/assets/superbindex.xslt; + xslt_string_param color-base00 '#18191A'; + } + +location /filess { + alias /mnt/blockstorage/wwwfiles; + autoindex on; + autoindex_format xml; + autoindex_exact_size off; + autoindex_localtime on; + } + + # listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/www.zzls.xyz/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/www.zzls.xyz/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + + +server { + if ($host = zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 ; + listen [::]:80 ; + server_name zzls.xyz www.zzls.xyz; + return 404; # managed by Certbot + + + } diff --git a/nginx/sites-available/donate.zzls.xyz.conf b/nginx/sites-available/donate.zzls.xyz.conf new file mode 100755 index 0000000..bb05310 --- /dev/null +++ b/nginx/sites-available/donate.zzls.xyz.conf @@ -0,0 +1,41 @@ +server { + + access_log /var/log/nginx/donate.access.log combined; + + root /var/www/donate; + index index.html index.htm index.nginx-debian.html; + + server_name donate.zzls.xyz; + + location / { + + try_files $uri $uri/ =404; + } + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header X-Frame-Options "sameorigin" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/donate.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/donate.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = donate.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name donate.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + + } diff --git a/nginx/sites-available/files.zzls.xyz.conf b/nginx/sites-available/files.zzls.xyz.conf new file mode 100755 index 0000000..5c677ac --- /dev/null +++ b/nginx/sites-available/files.zzls.xyz.conf @@ -0,0 +1,96 @@ +server { + + access_log /var/log/nginx/files.access.log combined; + + server_name files.zzls.xyz; + #root /var/www/files; + #index index.php /_h5ai/public/index.php; + if ($http_user_agent ~* (google) ) { + return 404; + } + + + location / { + if ($http_user_agent ~* (google) ) { + return 404; + } + + root /mnt/blockstorage/wwwfiles; + index index.html index.php /_h5ai/public/index.php; + + dav_ext_methods PROPFIND OPTIONS; + dav_access user:r group:r all:r; + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location /_h5ai/private { + return 403; + } + + } + + # location / { + # root /mnt/blockstorage/wwwfiles; + # autoindex on; + # autoindex_format xml; + # autoindex_exact_size off; + # autoindex_localtime on; + # xslt_stylesheet /var/www/html/assets/superbindex.xslt; + # xslt_string_param color-base00 '#18191A'; + # + # } + + # location /vods { + # alias /mnt/blockstorage/Auto-Stream-Recording-Twitch/vods; + # autoindex on; + # autoindex_format xml; + # autoindex_exact_size on; + # autoindex_localtime on; + # #xslt_stylesheet /var/www/html/assets/superbindex.xslt; + # #xslt_string_param color-base00 '#18191A'; + # # #WebDAV + # # auth_basic realm_name; + # # auth_basic_user_file /etc/nginx/.passwords.list; + # # dav_methods PUT DELETE MKCOL COPY MOVE; + # # dav_ext_methods PROPFIND OPTIONS; + # # dav_access user:rw group:rw all:r; + # } + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/files.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/files.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} diff --git a/nginx/sites-available/i.zzls.xyz.conf b/nginx/sites-available/i.zzls.xyz.conf new file mode 100755 index 0000000..a3b44d3 --- /dev/null +++ b/nginx/sites-available/i.zzls.xyz.conf @@ -0,0 +1,40 @@ +server { + + access_log /var/log/nginx/i.access.log combined; + + #root /mnt/blockstorage/i/files/; + index index.html index.htm index.nginx-debian.html; + + server_name i.zzls.xyz; + + location / { + client_max_body_size 51M; + proxy_pass http://127.0.0.1:40007/; + } + + #location /upload { + # client_max_body_size 2048M; + # auth_basic "Restricted Content"; + # auth_basic_user_file /etc/fileupload.htpasswd; + # proxy_pass http://127.0.0.1:40002; + # } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/i.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/i.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = i.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name i.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + + } \ No newline at end of file diff --git a/nginx/sites-available/i2.conf b/nginx/sites-available/i2.conf new file mode 100755 index 0000000..6d9ec1d --- /dev/null +++ b/nginx/sites-available/i2.conf @@ -0,0 +1,22 @@ +server { + listen 80; + listen [::]:80; + + access_log /var/log/nginx/i.access.log combined; + + # root /mnt/blockstorage/i/files/; + index index.html index.htm index.nginx-debian.html; + + server_name i.zzls.xyz; + + location / { + proxy_pass http://localhost:7494; + } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/i2.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/i2.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} diff --git a/nginx/sites-available/ii.conf b/nginx/sites-available/ii.conf new file mode 100755 index 0000000..f188142 --- /dev/null +++ b/nginx/sites-available/ii.conf @@ -0,0 +1,38 @@ +server { + + access_log /var/log/nginx/ii.access.log combined; + + root /mnt/blockstorage/ifiles/; + index index.html index.htm index.nginx-debian.html; + + server_name ii.zzls.xyz; + + location /upload { + client_max_body_size 4096M; + auth_basic "Restricted Content"; + auth_basic_user_file /etc/fileupload.htpasswd; + proxy_pass http://localhost:40002; + } + + + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ii.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ii.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +}server { + if ($host = ii.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name ii.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/nginx/sites-available/logs.spanix.xyz.conf b/nginx/sites-available/logs.spanix.xyz.conf new file mode 100755 index 0000000..591f882 --- /dev/null +++ b/nginx/sites-available/logs.spanix.xyz.conf @@ -0,0 +1,31 @@ +server { + access_log /var/log/nginx/logs.spanix.access.log combined; + + server_name logs.spanix.xyz; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:40004; + } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/logs.spanix.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/logs.spanix.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = logs.spanix.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + + server_name logs.spanix.xyz; + return 404; # managed by Certbot + + +} diff --git a/nginx/sites-available/logs.zzls.xyz.conf b/nginx/sites-available/logs.zzls.xyz.conf new file mode 100755 index 0000000..654707e --- /dev/null +++ b/nginx/sites-available/logs.zzls.xyz.conf @@ -0,0 +1,95 @@ +server { + + access_log /var/log/nginx/logs.access.log combined; + + server_name logs.zzls.xyz; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; # so Invidious knows domain + proxy_http_version 1.1; # to keep alive + proxy_set_header Connection ""; # to keep alive + proxy_pass http://127.0.0.1:40003; + + # location ~ ^/(channel/rubius|channelid/39276140)/ { + # return 401 "Los logs de Rubius han sido deshabilitados"; + # } + # location ~ ^/(channel/ibai|channelid/83232866)/ { + # return 401 "Los logs de Ibai han sido deshabilitados"; + # } + location ~ ^/(channel/*/user/zonianbot|channelid/*/user/zonianbot|channel/*/userid/670683053|channelid/*/userid/670683053)/ { + return 401 "XD"; + } + location ~ ^/(channel/notfijxu|channelid/664947434)/ { + return 401 "lol"; + } + + error_page 502 = @fallback; + proxy_intercept_errors on; + } + + + location @fallback { + root /var/www/logs; + index index.html; + + } + + listen [::]:443 ssl http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + + access_log /var/log/nginx/notlogs.access.log combined; + + server_name notlogs.zzls.xyz; + + location / { + rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect; + } + + + listen [::]:443 ssl http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + + +server { + if ($host = notlogs.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name notlogs.zzls.xyz; + return 404; # managed by Certbot + + + } + server { + if ($host = logs.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name logs.zzls.xyz; + return 404; # managed by Certbot + + + } diff --git a/nginx/sites-available/logstemp.conf b/nginx/sites-available/logstemp.conf new file mode 100755 index 0000000..c6a44c3 --- /dev/null +++ b/nginx/sites-available/logstemp.conf @@ -0,0 +1,66 @@ +server { + + access_log /var/log/nginx/logs.access.log combined; + + server_name logs.zzls.xyz; + + root /var/www/logs; + index index.html; + + + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/logs.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/logs.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + + access_log /var/log/nginx/notlogs.access.log combined; + + server_name notlogs.zzls.xyz; + + location / { + rewrite ^/(.*)$ https://logs.zzls.xyz/$1 redirect; + } + + + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/notlogs.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/notlogs.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +}server { + if ($host = logs.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name logs.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + +} + +server { + if ($host = notlogs.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name notlogs.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/nginx/sites-available/mail.zzls.xyz.conf b/nginx/sites-available/mail.zzls.xyz.conf new file mode 100755 index 0000000..8c2b52a --- /dev/null +++ b/nginx/sites-available/mail.zzls.xyz.conf @@ -0,0 +1,43 @@ +server { + + access_log /var/log/nginx/mail.access.log combined; + root /var/www/mail; + + index index.html index.htm index.nginx-debian.html; + + server_name mail.zzls.xyz; + + location / { + try_files $uri $uri/ =404; + } + + location /radicale/ { + proxy_pass http://127.0.0.1:40001/; # The / is important! + proxy_set_header X-Script-Name /radicale; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_pass_header Authorization; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/mail.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mail.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = mail.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name mail.zzls.xyz; + + + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/nginx/sites-available/nossl.zzls.xyz.conf b/nginx/sites-available/nossl.zzls.xyz.conf new file mode 100755 index 0000000..13b61c8 --- /dev/null +++ b/nginx/sites-available/nossl.zzls.xyz.conf @@ -0,0 +1,11 @@ +server { + + access_log /var/log/nginx/nossl.access.log combined; + + root /var/www/nossl; + index index.html index.htm index.nginx-debian.html; + + server_name nossl.zzls.xyz; + + +} \ No newline at end of file diff --git a/nginx/sites-available/paste.zzls.xyz.conf b/nginx/sites-available/paste.zzls.xyz.conf new file mode 100755 index 0000000..b652bac --- /dev/null +++ b/nginx/sites-available/paste.zzls.xyz.conf @@ -0,0 +1,30 @@ +server { + + access_log /var/log/nginx/paste.access.log combined; + + server_name paste.zzls.xyz; + + location / { + proxy_pass http://127.0.0.1:40005/; + } + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/paste.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/paste.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = paste.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name paste.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + + } \ No newline at end of file diff --git a/nginx/sites-available/posts.zzls.xyz.conf b/nginx/sites-available/posts.zzls.xyz.conf new file mode 100755 index 0000000..dac49fa --- /dev/null +++ b/nginx/sites-available/posts.zzls.xyz.conf @@ -0,0 +1,29 @@ +server { + + access_log /var/log/nginx/posts.access.log combined; + + root /var/www/posts; + index index.html index.htm index.nginx-debian.html; + + server_name posts.zzls.xyz; + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/posts.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/posts.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = posts.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name posts.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + + } \ No newline at end of file diff --git a/nginx/sites-available/shorturl.conf b/nginx/sites-available/shorturl.conf new file mode 100755 index 0000000..18bc61f --- /dev/null +++ b/nginx/sites-available/shorturl.conf @@ -0,0 +1,22 @@ +server { + listen 80; + listen [::]:80; + + access_log /var/log/nginx/s.access.log combined; + + root /var/www/s/; + index index.html index.htm index.nginx-debian.html; + + server_name s.zzls.xyz; + + location / { + proxy_pass http://localhost:40006/; + } + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/s.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/s.zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} diff --git a/nginx/sites-available/vanced.conf b/nginx/sites-available/vanced.conf new file mode 100755 index 0000000..1244c0a --- /dev/null +++ b/nginx/sites-available/vanced.conf @@ -0,0 +1,84 @@ +server { + + access_log /var/log/nginx/vanced.access.log combined; + + server_name vanced.zzls.xyz; + #root /var/www/vanced; + #index index.php /_h5ai/public/index.php; + if ($http_user_agent ~* (google) ) { + return 404; + } + + + location / { + if ($http_user_agent ~* (google) ) { + return 404; + } + + root /mnt/blockstorage/Vanced; + index index.html index.php /_h5ai/public/index.php; + + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location /_h5ai/private { + return 403; + } + +} + + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + listen [::]:443 ssl http2; # managed by Certbot + listen 443 ssl http2; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vanced.zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vanced.zzls.xyz/privkey.pem; # managed by Certbot + +} +server { + if ($host = vanced.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + + server_name vanced.zzls.xyz; + return 404; # managed by Certbot + + +} diff --git a/nginx/sites-available/zzls.xyz.conf b/nginx/sites-available/zzls.xyz.conf new file mode 100755 index 0000000..b497fd5 --- /dev/null +++ b/nginx/sites-available/zzls.xyz.conf @@ -0,0 +1,61 @@ +server { + + root /var/www/html; + index index.html index.htm index.nginx-debian.html; + + server_name zzls.xyz www.zzls.xyz; + + + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.zzls.xyz"}}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; +} + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.zzls.xyz:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; +} + + location / { + + try_files $uri $uri/ =404; + } + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header X-Frame-Options "sameorigin" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + + listen 443 ssl http2; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/zzls.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/zzls.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} +server { + if ($host = www.zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = zzls.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name zzls.xyz www.zzls.xyz; + listen 80; + return 404; # managed by Certbot + + + + +} diff --git a/nginx/sites-enabled/donate.zzls.xyz.conf b/nginx/sites-enabled/donate.zzls.xyz.conf new file mode 120000 index 0000000..6a4ae90 --- /dev/null +++ b/nginx/sites-enabled/donate.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/donate.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/files.zzls.xyz.conf b/nginx/sites-enabled/files.zzls.xyz.conf new file mode 120000 index 0000000..2e4c7b4 --- /dev/null +++ b/nginx/sites-enabled/files.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/files.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/i.zzls.xyz.conf b/nginx/sites-enabled/i.zzls.xyz.conf new file mode 120000 index 0000000..a5933b8 --- /dev/null +++ b/nginx/sites-enabled/i.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/i.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/logs.spanix.xyz.conf b/nginx/sites-enabled/logs.spanix.xyz.conf new file mode 120000 index 0000000..91afd0c --- /dev/null +++ b/nginx/sites-enabled/logs.spanix.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/logs.spanix.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/logs.zzls.xyz.conf b/nginx/sites-enabled/logs.zzls.xyz.conf new file mode 120000 index 0000000..bd7d55a --- /dev/null +++ b/nginx/sites-enabled/logs.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/logs.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/mail.zzls.xyz.conf b/nginx/sites-enabled/mail.zzls.xyz.conf new file mode 120000 index 0000000..b57c391 --- /dev/null +++ b/nginx/sites-enabled/mail.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/mail.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/nossl.zzls.xyz.conf b/nginx/sites-enabled/nossl.zzls.xyz.conf new file mode 120000 index 0000000..e81f2f5 --- /dev/null +++ b/nginx/sites-enabled/nossl.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/nossl.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/paste.zzls.xyz.conf b/nginx/sites-enabled/paste.zzls.xyz.conf new file mode 120000 index 0000000..97f90bd --- /dev/null +++ b/nginx/sites-enabled/paste.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/paste.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/posts.zzls.xyz.conf b/nginx/sites-enabled/posts.zzls.xyz.conf new file mode 120000 index 0000000..a59237c --- /dev/null +++ b/nginx/sites-enabled/posts.zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/posts.zzls.xyz.conf \ No newline at end of file diff --git a/nginx/sites-enabled/zzls.xyz.conf b/nginx/sites-enabled/zzls.xyz.conf new file mode 120000 index 0000000..a198d6b --- /dev/null +++ b/nginx/sites-enabled/zzls.xyz.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/zzls.xyz.conf \ No newline at end of file