Reformat nginx configs and shit shit shit shit shi

2022-12-03 02:23:41 -03:00 · 2022-12-03 02:23:41 -03:00 · dcd361095d
commit dcd361095d
parent 9b9945d7f7
11 changed files with 137 additions and 143 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -13,7 +13,6 @@ load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for servi

 # Include external config
 #include /etc/nginx/conf.d/*.conf;
-
 events {
    multi_accept on;
    worker_connections 65535;
@ -63,9 +62,6 @@ http {
    # General configs, include in every sites-enabled site
    #include configs/general.conf;

-
-
-
    # Connection header for WebSocket reverse proxy
    map $http_upgrade $connection_upgrade {
        default upgrade;
--- a/nginx/sites-available/archive.zzls.xyz.conf
+++ b/nginx/sites-available/archive.zzls.xyz.conf
@ -27,9 +27,8 @@ server {


        listen 80;
-
        server_name archive.zzls.xyz;
        return 404; # managed by Certbot


-}
+    }
--- a/nginx/sites-available/gitea.zzls.xyz.conf
+++ b/nginx/sites-available/gitea.zzls.xyz.conf
--- a/nginx/sites-available/mpd.ayaya.beauty.conf
+++ b/nginx/sites-available/mpd.ayaya.beauty.conf
@ -36,11 +36,10 @@ server {
        } # managed by Certbot


-
        server_name mpd.ayaya.beauty;

        listen 80;
        return 404; # managed by Certbot


-}
+    }
--- a/nginx/sites-available/pbin.zzls.xyz.conf
+++ b/nginx/sites-available/pbin.zzls.xyz.conf
--- a/nginx/sites-available/ri.zzls.xyz.conf
+++ b/nginx/sites-available/ri.zzls.xyz.conf
--- a/nginx/sites-available/search2.zzls.xyz.conf
+++ b/nginx/sites-available/search2.zzls.xyz.conf
@ -0,0 +1,68 @@
+server {
+    access_log /var/log/nginx/searx.log;
+    error_log /dev/null;
+
+    server_name search2.zzls.xyz;
+
+
+    if ($server_protocol ~* "HTTP/1.0") {
+        return 444;
+    }
+    if ($http_user_agent ~* (python) ) {
+        return 403;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8888/;
+
+        #
+        proxy_http_version 1.1;
+        proxy_cache_bypass $http_upgrade;
+
+        # Proxy headers for the Limiter
+        proxy_set_header Host $host;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+
+    }
+
+    location /searx/static/ {
+        alias /usr/local/searxng/searxng-src/searx/static/;
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    quic_retry on;
+    quic_gso on;
+    ssl_early_data on;
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/search2.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/search2.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = search2.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name search2.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }
--- a/nginx/sites-available/searxng.conf
+++ b/nginx/sites-available/searxng.conf
@ -1,68 +0,0 @@
-server {
-    access_log /var/log/nginx/searx.log;
-    error_log /dev/null;
-
-    server_name search2.zzls.xyz;
-
-
-if ($server_protocol ~* "HTTP/1.0") {
-	return 444;
-}
-if ($http_user_agent ~* (python) ) {
-    return 403;
-}
-
-    location / {
-        proxy_pass http://127.0.0.1:8888/;
-
-        #
-        proxy_http_version                 1.1;
-        proxy_cache_bypass                 $http_upgrade;
-
-        # Proxy headers for the Limiter
-        proxy_set_header Host $host;
-        proxy_set_header Connection $http_connection;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Scheme $scheme;
-
-    }
-
-    location /searx/static/ {
-        alias /usr/local/searxng/searxng-src/searx/static/;
-    }
-
-        # security headers
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
-        add_header Permissions-Policy "interest-cohort=()" always;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-Frame-Options "SAMEORIGIN";
-
-        # QUIC
-        add_header Alt-Svc 'h3=":443"; ma=86400';
-
-    quic_retry on;
-    quic_gso on;
-    ssl_early_data on;
-
-    listen 443 http3;
-    listen 443 http2 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/search2.zzls.xyz/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/search2.zzls.xyz/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
-}
-server {
-    if ($host = search2.zzls.xyz) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-	listen 80;
-
-    server_name search2.zzls.xyz;
-    return 404; # managed by Certbot
-
-
-}
--- a/nginx/sites-available/selfhost.zzls.xyz.conf
+++ b/nginx/sites-available/selfhost.zzls.xyz.conf
--- a/nginx/sites-available/yt.conf
+++ b/nginx/sites-available/yt.conf
@ -1,45 +0,0 @@
-server {
-        access_log /var/log/nginx/yt.access.log combined;
-
-        server_name yt.zzls.xyz;
-
-        location / {
-                proxy_pass http://localhost:40003;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header Host $host;    # so Invidious knows domain
-		proxy_http_version 1.1;         # to keep alive
-		proxy_set_header Connection ""; # to keep alive
-        }
-
-	# security headers
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
-        add_header Permissions-Policy "interest-cohort=()" always;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-Frame-Options "SAMEORIGIN";
-
-        # QUIC
-        add_header Alt-Svc 'h3=":443"; ma=86400';
-
-
-    listen 443 http3;
-    listen 443 http2 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/yt.zzls.xyz/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/yt.zzls.xyz/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
-}
-server {
-    if ($host = yt.zzls.xyz) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-	listen 80;
-
-        server_name yt.zzls.xyz;
-    return 404; # managed by Certbot
-
-
-}
--- a/nginx/sites-available/yt.zzls.xyz.conf
+++ b/nginx/sites-available/yt.zzls.xyz.conf
@ -0,0 +1,45 @@
+server {
+    access_log /var/log/nginx/yt.access.log combined;
+
+    server_name yt.zzls.xyz;
+
+    location / {
+        proxy_pass http://localhost:40003;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host; # so Invidious knows domain
+        proxy_http_version 1.1; # to keep alive
+        proxy_set_header Connection ""; # to keep alive
+    }
+
+    # security headers
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
+    add_header Permissions-Policy "interest-cohort=()" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # QUIC
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+
+    listen 443 http3;
+    listen 443 http2 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/yt.zzls.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/yt.zzls.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = yt.zzls.xyz) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+
+
+        listen 80;
+
+        server_name yt.zzls.xyz;
+        return 404; # managed by Certbot
+
+
+    }