Reformat nginx configs and shit shit shit shit shi

nginx/nginx.conf

@@ -13,7 +13,6 @@ load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for servi
 
 # Include external config
 #include /etc/nginx/conf.d/*.conf;
-
 events {
     multi_accept on;
     worker_connections 65535;
@@ -33,7 +32,7 @@ http {
     log_not_found off;
     types_hash_max_size 4096;
     types_hash_bucket_size 64;
-    client_max_body_size   16M;
+    client_max_body_size 16M;
 
 
     # MIME
@@ -57,31 +56,28 @@ http {
     #ssl_stapling_verify on;
 
     # Logging
-    access_log             /var/log/nginx/access.log;
-    error_log              /var/log/nginx/error.log warn;
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log warn;
 
     # General configs, include in every sites-enabled site
     #include configs/general.conf;
 
-
-
-
-        # Connection header for WebSocket reverse proxy
+    # Connection header for WebSocket reverse proxy
     map $http_upgrade $connection_upgrade {
         default upgrade;
-        ""      close;
+        "" close;
     }
 
     map $remote_addr $proxy_forwarded_elem {
 
         # IPv4 addresses can be sent as-is
-        ~^[0-9.]+$        "for=$remote_addr";
+        ~^[0-9.]+$ "for=$remote_addr";
 
         # IPv6 addresses need to be bracketed and quoted
         ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
 
         # Unix domain socket names cannot be represented in RFC 7239 syntax
-        default           "for=unknown";
+        default "for=unknown";
     }
 
     map $http_forwarded $proxy_add_forwarded {

nginx/sites-available/archive.zzls.xyz.conf

@@ -12,7 +12,7 @@ server {
     }
 
 
-	listen 443 http3;
+    listen 443 http3;
     listen 443 http2 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/archive.zzls.xyz/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/archive.zzls.xyz/privkey.pem; # managed by Certbot
@@ -23,13 +23,12 @@ server {
 server {
     if ($host = archive.zzls.xyz) {
         return 301 https://$host$request_uri;
-    } # managed by Certbot
+        } # managed by Certbot
 
 
-	listen 80;
-
-    server_name archive.zzls.xyz;
-    return 404; # managed by Certbot
+        listen 80;
+        server_name archive.zzls.xyz;
+        return 404; # managed by Certbot
 
 
-}
+    }

nginx/sites-available/mpd.ayaya.beauty.conf

@@ -9,20 +9,20 @@ server {
     location / {
         proxy_pass http://192.168.1.2:40420;
         #include configs/proxyheaders.conf;
-	proxy_connect_timeout 1;
-	proxy_send_timeout      1;
-	proxy_read_timeout      1;
+        proxy_connect_timeout 1;
+        proxy_send_timeout 1;
+        proxy_read_timeout 1;
     }
     location /status {
         # Turn on stats
         stub_status on;
-        access_log   off;
+        access_log off;
         # only allow access from 192.168.1.5 #
         allow 192.168.1.2;
         deny all;
-   }
+    }
 
-	listen 443 http3;
+    listen 443 http3;
     listen 443 http2 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/mpd.ayaya.beauty/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/mpd.ayaya.beauty/privkey.pem; # managed by Certbot
@@ -33,14 +33,13 @@ server {
 server {
     if ($host = mpd.ayaya.beauty) {
         return 301 https://$host$request_uri;
-    } # managed by Certbot
+        } # managed by Certbot
 
 
+        server_name mpd.ayaya.beauty;
 
-    server_name mpd.ayaya.beauty;
-
-    listen 80;
-    return 404; # managed by Certbot
+        listen 80;
+        return 404; # managed by Certbot
 
 
-}
+    }

nginx/sites-available/search2.zzls.xyz.conf

@@ -0,0 +1,68 @@
+server {
+    access_log /var/log/nginx/searx.log;
+    error_log /dev/null;
+
+    server_name search2.zzls.xyz;
+
+
+    if ($server_protocol ~* "HTTP/1.0") {
+        return 444;
+    }
+    if ($http_user_agent ~* (python) ) {
+        return 403;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8888/;
+
+        #
+        proxy_http_version 1.1;
+        proxy_cache_bypass $http_upgrade;
+
+        # Proxy headers for the Limiter
+        proxy_set_header Host $host;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+
+    }
+
+    location /searx/static/ {
+        alias /usr/local/searxng/searxng-src/searx/static/;
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    quic_retry on;
+    quic_gso on;
+    ssl_early_data on;
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/search2.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/search2.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = search2.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name search2.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }

nginx/sites-available/searxng.conf

@@ -1,68 +0,0 @@
-server {
-    access_log /var/log/nginx/searx.log;
-    error_log /dev/null;
-
-    server_name search2.zzls.xyz;
-
-
-if ($server_protocol ~* "HTTP/1.0") {
-	return 444;
-}
-if ($http_user_agent ~* (python) ) {
-    return 403;
-}
-
-    location / {
-        proxy_pass http://127.0.0.1:8888/;
-
-        #
-        proxy_http_version                 1.1;
-        proxy_cache_bypass                 $http_upgrade;
-
-        # Proxy headers for the Limiter
-        proxy_set_header Host $host;
-        proxy_set_header Connection $http_connection;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Scheme $scheme;
-
-    }
-
-    location /searx/static/ {
-        alias /usr/local/searxng/searxng-src/searx/static/;
-    }
-
-        # security headers
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
-        add_header Permissions-Policy "interest-cohort=()" always;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-Frame-Options "SAMEORIGIN";
-
-        # QUIC
-        add_header Alt-Svc 'h3=":443"; ma=86400';
-
-    quic_retry on;
-    quic_gso on;
-    ssl_early_data on;
-
-    listen 443 http3;
-    listen 443 http2 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/search2.zzls.xyz/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/search2.zzls.xyz/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
-}
-server {
-    if ($host = search2.zzls.xyz) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-	listen 80;
-
-    server_name search2.zzls.xyz;
-    return 404; # managed by Certbot
-
-
-}

nginx/sites-available/yt.conf

@@ -1,45 +0,0 @@
-server {
-        access_log /var/log/nginx/yt.access.log combined;
-
-        server_name yt.zzls.xyz;
-
-        location / {
-                proxy_pass http://localhost:40003;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header Host $host;    # so Invidious knows domain
-		proxy_http_version 1.1;         # to keep alive
-		proxy_set_header Connection ""; # to keep alive
-        }
-
-	# security headers
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
-        add_header Permissions-Policy "interest-cohort=()" always;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-Frame-Options "SAMEORIGIN";
-
-        # QUIC
-        add_header Alt-Svc 'h3=":443"; ma=86400';
-
-
-    listen 443 http3;
-    listen 443 http2 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/yt.zzls.xyz/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/yt.zzls.xyz/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
-}
-server {
-    if ($host = yt.zzls.xyz) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-	listen 80;
-
-        server_name yt.zzls.xyz;
-    return 404; # managed by Certbot
-
-
-}

nginx/sites-available/yt.zzls.xyz.conf

@@ -0,0 +1,45 @@
+server {
+    access_log /var/log/nginx/yt.access.log combined;
+
+    server_name yt.zzls.xyz;
+
+    location / {
+        proxy_pass http://localhost:40003;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host; # so Invidious knows domain
+        proxy_http_version 1.1; # to keep alive
+        proxy_set_header Connection ""; # to keep alive
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/yt.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/yt.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = yt.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name yt.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }