ASDASD

i2pd/i2pd.conf

@@ -0,0 +1,284 @@
+## Configuration file for a typical i2pd user
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+
+## Tunnels config file
+## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+# tunconf = /var/lib/i2pd/tunnels.conf
+
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+# tunnelsdir = /var/lib/i2pd/tunnels.d
+
+## Path to certificates used for verifying .su3, families
+## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+# certsdir = /var/lib/i2pd/certificates
+
+## Where to write pidfile (default: i2pd.pid, not used in Windows)
+# pidfile = /run/i2pd.pid
+
+## Logging configuration section
+## By default logs go to stdout with level 'info' and higher
+## For Windows OS by default logs go to file with level 'warn' and higher
+##
+## Logs destination (valid values: stdout, file, syslog)
+##  * stdout - print log entries to stdout
+##  * file - log entries to a file
+##  * syslog - use syslog, see man 3 syslog
+# log = file
+## Path to logfile (default - autodetect)
+# logfile = /var/log/i2pd/i2pd.log
+## Log messages above this level (debug, info, *warn, error, none)
+## If you set it to none, logging will be disabled
+loglevel = none
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
+
+## Daemon mode. Router will go to background after start. Ignored on Windows
+# daemon = true
+
+## Specify a family, router belongs to (default - none)
+# family =
+
+## Network interface to bind to
+## Updates address4/6 options if they are not set
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 =
+# ifname6 =
+
+## Local address to bind transport sockets to
+## Overrides host option if:
+## For ipv4: if ipv4 = true and nat = false
+## For ipv6: if 'host' is not set or ipv4 = true
+# address4 =
+# address6 =
+
+## External IPv4 or IPv6 address to listen for connections
+## By default i2pd sets IP automatically
+## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
+## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
+# host = 1.2.3.4
+
+## Port to listen for connections
+## By default i2pd picks random port. You MUST pick a random number too,
+## don't just uncomment this
+port = 12999
+
+## Enable communication through ipv4
+ipv4 = true
+## Enable communication through ipv6
+ipv6 = false
+
+## Enable SSU transport
+ssu = false
+
+## Bandwidth configuration
+## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
+## X - unlimited
+## Default is L (regular node) and X if floodfill mode enabled. If you want to
+## share more bandwidth without floodfill mode, uncomment that line and adjust
+## value to your possibilities
+bandwidth = O
+## Max % of bandwidth limit for transit. 0-100. 100 by default
+share = 20
+
+## Router will not accept transit tunnels, disabling transit traffic completely
+## (default = false)
+# notransit = true
+
+## Router will be floodfill
+## Note: that mode uses much more network connections and CPU!
+# floodfill = true
+
+[ntcp2]
+## Enable NTCP2 transport (default = true)
+# enabled = true
+## Publish address in RouterInfo (default = true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport
+# enabled = true
+## Publish address in RouterInfo
+# published = true
+## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
+# port = 4567
+
+[http]
+## Web Console settings
+## Uncomment and set to 'false' to disable Web Console
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 7070
+## Path to web console, default "/"
+# webroot = /
+## Uncomment following lines to enable Web Console authentication
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
+# auth = true
+# user = i2pd
+# pass = changeme
+## Select webconsole language
+## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
+## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
+## and uzbek languages
+# lang = english
+
+[httpproxy]
+## Uncomment and set to 'false' to disable HTTP Proxy
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 4444
+## Optional keys file for proxy local destination
+# keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[socksproxy]
+## Uncomment and set to 'false' to disable SOCKS Proxy
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 4447
+## Optional keys file for proxy local destination
+# keys = socks-proxy-keys.dat
+## Socks outproxy. Example below is set to use Tor for all connections except i2p
+## Uncomment and set to 'true' to enable using of SOCKS outproxy
+# outproxy.enabled = false
+## Address and port of outproxy
+# outproxy = 127.0.0.1
+# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[sam]
+## Comment or set to 'false' to disable SAM Bridge
+enabled = true
+## Address and ports service will listen on
+# address = 127.0.0.1
+# port = 7656
+# portudp = 7655
+
+[bob]
+## Uncomment and set to 'true' to enable BOB command channel
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 2827
+
+[i2cp]
+## Uncomment and set to 'true' to enable I2CP protocol
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 7654
+
+[i2pcontrol]
+## Uncomment and set to 'true' to enable I2PControl protocol
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 7650
+## Authentication password. "itoopie" by default
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default = I2Pd)
+# name = I2Pd
+
+[meshnets]
+## Enable connectivity over the Yggdrasil network
+# yggdrasil = false
+## You can bind address from your Yggdrasil subnet 300::/64
+## The address must first be added to the network interface
+# yggaddress =
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable or disable reseed data verification.
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Reseed URLs through the Yggdrasil, separated by comma
+# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: reg.i2p at "mainline" I2P Network
+# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default: 5000)
+## This value is doubled if floodfill mode is enabled!
+# transittunnels = 5000
+## Limit number of open file descriptors (0 - use system limit)
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit)
+# coresize = 0
+
+[trust]
+## Enable explicit trust options. false by default
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers =
+## Should we hide our router from other routers? false by default
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true
+## Save full addresses on disk (default: true)
+# addressbook = true
+
+[cpuext]
+## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
+# aesni = true
+## Use CPU AVX instructions set when work with cryptography when available (default: true)
+# avx = true
+## Force usage of CPU instructions set, even if they not found
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false

i2pd/i2pd.conf.dpkg-dist

@@ -0,0 +1,285 @@
+## Configuration file for a typical i2pd user
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+
+## Tunnels config file
+## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+# tunconf = /var/lib/i2pd/tunnels.conf
+
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+# tunnelsdir = /var/lib/i2pd/tunnels.d
+
+## Path to certificates used for verifying .su3, families
+## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+# certsdir = /var/lib/i2pd/certificates
+
+## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
+# pidfile = /run/i2pd.pid
+
+## Logging configuration section
+## By default logs go to stdout with level 'info' and higher
+## For Windows OS by default logs go to file with level 'warn' and higher
+##
+## Logs destination (valid values: stdout, file, syslog)
+##  * stdout - print log entries to stdout
+##  * file - log entries to a file
+##  * syslog - use syslog, see man 3 syslog
+# log = file
+## Path to logfile (default: autodetect)
+# logfile = /var/log/i2pd/i2pd.log
+## Log messages above this level (debug, info, *warn, error, critical, none)
+## If you set it to none, logging will be disabled
+# loglevel = warn
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
+
+## Daemon mode. Router will go to background after start. Ignored on Windows
+## (default: true)
+# daemon = true
+
+## Specify a family, router belongs to (default - none)
+# family =
+
+## Network interface to bind to
+## Updates address4/6 options if they are not set
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 =
+# ifname6 =
+
+## Local address to bind transport sockets to
+## Overrides host option if:
+## For ipv4: if ipv4 = true and nat = false
+## For ipv6: if 'host' is not set or ipv4 = true
+# address4 =
+# address6 =
+
+## External IPv4 or IPv6 address to listen for connections
+## By default i2pd sets IP automatically
+## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
+## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
+# host = 1.2.3.4
+
+## Port to listen for connections
+## By default i2pd picks random port. You MUST pick a random number too,
+## don't just uncomment this
+# port = 4567
+
+## Enable communication through ipv4 (default: true)
+ipv4 = true
+## Enable communication through ipv6 (default: false)
+ipv6 = false
+
+## Bandwidth configuration
+## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
+## X - unlimited
+## Default is L (regular node) and X if floodfill mode enabled.
+## If you want to share more bandwidth without floodfill mode, uncomment
+## that line and adjust value to your possibilities. Value can be set to
+## integer in kilobytes, it will apply that limit and flag will be used
+## from next upper limit (example: if you set 4096 flag will be X, but real
+## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
+## but keep in mind that low values may be negatively evaluated by Java
+## router algorithms.
+# bandwidth = L
+## Max % of bandwidth limit for transit. 0-100 (default: 100)
+# share = 100
+
+## Router will not accept transit tunnels, disabling transit traffic completely
+## (default: false)
+# notransit = true
+
+## Router will be floodfill (default: false)
+## Note: that mode uses much more network connections and CPU!
+# floodfill = true
+
+[ntcp2]
+## Enable NTCP2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[http]
+## Web Console settings
+## Enable the Web Console (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:7070)
+# address = 127.0.0.1
+# port = 7070
+## Path to web console (default: /)
+# webroot = /
+## Enable Web Console authentication (default: false)
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
+# auth = true
+# user = i2pd
+# pass = changeme
+## Select webconsole language
+## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
+## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
+## and uzbek languages
+# lang = english
+
+[httpproxy]
+## Enable the HTTP proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4444)
+# address = 127.0.0.1
+# port = 4444
+## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
+# keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[socksproxy]
+## Enable the SOCKS proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4447)
+# address = 127.0.0.1
+# port = 4447
+## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
+# keys = socks-proxy-keys.dat
+## Socks outproxy. Example below is set to use Tor for all connections except i2p
+## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
+# outproxy.enabled = false
+## Address and port of outproxy
+# outproxy = 127.0.0.1
+# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[sam]
+## Enable the SAM bridge (default: true)
+# enabled = false
+## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
+# address = 127.0.0.1
+# port = 7656
+# portudp = 7655
+
+[bob]
+## Enable the BOB command channel (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:2827)
+# address = 127.0.0.1
+# port = 2827
+
+[i2cp]
+## Enable the I2CP protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7654)
+# address = 127.0.0.1
+# port = 7654
+
+[i2pcontrol]
+## Enable the I2PControl protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7650)
+# address = 127.0.0.1
+# port = 7650
+## Authentication password (default: itoopie)
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default: I2Pd)
+# name = I2Pd
+
+[meshnets]
+## Enable connectivity over the Yggdrasil network  (default: false)
+# yggdrasil = false
+## You can bind address from your Yggdrasil subnet 300::/64
+## The address must first be added to the network interface
+# yggaddress =
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable reseed data verification (default: true)
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Reseed URLs through the Yggdrasil, separated by comma
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: reg.i2p at "mainline" I2P Network
+# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default: 5000)
+## This value is doubled if floodfill mode is enabled!
+# transittunnels = 5000
+## Limit number of open file descriptors (0 - use system limit)
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit)
+# coresize = 0
+
+[trust]
+## Enable explicit trust options. (default: false)
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers =
+## Should we hide our router from other routers? (default: false)
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true
+## Save full addresses on disk (default: true)
+# addressbook = true
+
+[cpuext]
+## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
+# aesni = true
+## Force usage of CPU instructions set, even if they not found (default: false)
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false

i2pd/tunnels.conf

@@ -0,0 +1,33 @@
+[IRC-ILITA]
+type = client
+address = 127.0.0.1
+port = 6668
+destination = irc.ilita.i2p
+destinationport = 6667
+keys = irc-keys.dat
+
+#[IRC-IRC2P]
+#type = client
+#address = 127.0.0.1
+#port = 6669
+#destination = irc.postman.i2p
+#destinationport = 6667
+#keys = irc-keys.dat
+
+#[SMTP]
+#type = client
+#address = 127.0.0.1
+#port = 7659
+#destination = smtp.postman.i2p
+#destinationport = 25
+#keys = smtp-keys.dat
+
+#[POP3]
+#type = client
+#address = 127.0.0.1
+#port = 7660
+#destination = pop.postman.i2p
+#destinationport = 110
+#keys = pop3-keys.dat
+
+# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

i2pd/tunnels.conf.d/README

@@ -0,0 +1,4 @@
+# In that directory you can store separated config files for every tunnel.
+# Please read documentation for more info.
+#
+# You can find examples in /usr/share/doc/i2pd/tunnels.d directory

i2pd/tunnels.conf.d/zzls.i2p.conf

@@ -0,0 +1,5 @@
+[zzls]
+type = http
+host = 127.0.0.1
+port = 30001
+keys = zzls.i2p

nginx/conf.d/logs.zzls.xyz.conf

@@ -1,6 +1,14 @@
+server {
+	server_name logs.zzls.xyz;
+	rewrite ^ https://logs.nadeko.net$request_uri? permanent;
+
+	include configs/ssl.conf;
+	listen 443 ssl;
+}
+
 server {
 	access_log /var/log/nginx/logs.zzls.xyz.log combined;
-	server_name logs.zzls.xyz logs.nadeko.net;
+	server_name logs.nadeko.net;
 	include configs/general.conf;
 	include configs/security.conf;
 

nginx/conf.d/mail.zzls.xyz.conf

@@ -1,33 +1,19 @@
 server {
 	access_log /var/log/nginx/mail.zzls.xyz.log combined;
 	error_log /var/log/nginx/mail.zzls.xyz.error;
-	root /var/www/mail;
-	index index.html;
-	server_name mail.zzls.xyz;
+	server_name mail.nadeko.net;
 	include configs/general.conf;
 	include configs/robotsNone.conf;
 	include configs/security.conf;
 
-	location ^~ /baikal {
-		root /opt/baikal/html;
-		index index.php;
-		if (!-e $request_filename) { rewrite ^ /baikal/index.php last; }
-		rewrite ^/.well-known/caldav /dav.php redirect;
-		rewrite ^/.well-known/carddav /dav.php redirect;
+	location / {
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_pass https://127.0.0.1:30443;
+	}
 
-		location ~ /(\.ht|Core|Specific|config) {
-			deny all;
-			return 404;
-		}
-
-		location ~ \.php$ {
-			if (!-f $request_filename) { return 404; }
-			try_files $uri =404;
-			include fastcgi.conf;
-			fastcgi_pass unix:/run/php/php8.2-fpm.sock;
-			fastcgi_split_path_info  ^(.+\.php)(.*)$;
-			fastcgi_param  PATH_INFO        $fastcgi_path_info;
-		}
+	location /favicon.ico {
+		alias /var/www/mail/favicon.png;
 	}
 
 	# QUIC
@@ -38,9 +24,14 @@ server {
 	include configs/ssl.conf;
 }
 server {
-	if ($host = mail.zzls.xyz) {
+	set $x "";
+	if ($host = mail.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
 		return 301 https://$host$request_uri;
 	}
-	server_name mail.zzls.xyz;
+	server_name mail.nadeko.net;
 	listen 80;
+	return 404;
 }

nginx/conf.d/stream.zzls.xyz.conf

@@ -16,8 +16,8 @@ server {
 	}
 
 	location = /streams {
-		rtmp_stat all;
-		rtmp_stat_stylesheet /stat.xsl;
+	#	rtmp_stat all;
+	#	rtmp_stat_stylesheet /stat.xsl;
 	}
 
 	location /stat.xsl {

nginx/dhparam.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
+/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
+56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
+kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
+EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
+dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
+buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
+hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
++lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
+OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
+guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
+-----END DH PARAMETERS-----

nginx/fastcgi.conf

@@ -0,0 +1,27 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  REMOTE_USER        $remote_user;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

nginx/fastcgi_params

@@ -0,0 +1,25 @@
+
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

nginx/nginx.conf

@@ -5,53 +5,12 @@ pid /run/nginx.pid;
 
 # Include modules
 include /etc/nginx/modules-enabled/*.conf;
-load_module /usr/lib/nginx/modules/ngx_rtmp_module.so;
 
 events {
 	worker_connections 2048;
 	multi_accept off;
 }
 
-rtmp_auto_push on;
-rtmp_auto_push_reconnect 10s;
-
-rtmp {
-
-	max_connections 1000;
-
-	server {
-		listen 1935;
-		allow publish 0.0.0.0;
-		deny play all;
-		chunk_size 4096;
-		application live {
-			sync 100ms;
-			#			play_restart on;
-			interleave on;
-			#			wait_key on;
-			#			wait_video on;
-			drop_idle_publisher 10s;
-			#dash
-			dash on;
-			dash_path /tmp/dash;
-			dash_fragment 1;
-			dash_playlist_length 10;
-			#hls
-			hls on;
-			hls_fragment_naming system;
-			hls_path /tmp/hls;
-			hls_fragment 1;
-			hls_playlist_length 10;
-			hls_continuous on;
-			#rtmp
-			#on_publish http://127.0.0.1:7069/forms/stream;
-			live on;
-			record off;
-		}
-	}
-}
-
-
 http {
 	log_format limited '$remote_addr - $remote_user [$time_local] '
 		'"$request_method /bogus $server_protocol" $status $body_bytes_sent '