diff --git a/i2pd/i2pd.conf b/i2pd/i2pd.conf new file mode 100644 index 0000000..f3e3682 --- /dev/null +++ b/i2pd/i2pd.conf @@ -0,0 +1,284 @@ +## Configuration file for a typical i2pd user +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ +## for more options you can use in this file. + +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. + +## Tunnels config file +## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +# tunconf = /var/lib/i2pd/tunnels.conf + +## Tunnels config files path +## Use that path to store separated tunnels in different config files. +## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +# tunnelsdir = /var/lib/i2pd/tunnels.d + +## Path to certificates used for verifying .su3, families +## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +# certsdir = /var/lib/i2pd/certificates + +## Where to write pidfile (default: i2pd.pid, not used in Windows) +# pidfile = /run/i2pd.pid + +## Logging configuration section +## By default logs go to stdout with level 'info' and higher +## For Windows OS by default logs go to file with level 'warn' and higher +## +## Logs destination (valid values: stdout, file, syslog) +## * stdout - print log entries to stdout +## * file - log entries to a file +## * syslog - use syslog, see man 3 syslog +# log = file +## Path to logfile (default - autodetect) +# logfile = /var/log/i2pd/i2pd.log +## Log messages above this level (debug, info, *warn, error, none) +## If you set it to none, logging will be disabled +loglevel = none +## Write full CLF-formatted date and time to log (default: write only time) +# logclftime = true + +## Daemon mode. Router will go to background after start. Ignored on Windows +# daemon = true + +## Specify a family, router belongs to (default - none) +# family = + +## Network interface to bind to +## Updates address4/6 options if they are not set +# ifname = +## You can specify different interfaces for IPv4 and IPv6 +# ifname4 = +# ifname6 = + +## Local address to bind transport sockets to +## Overrides host option if: +## For ipv4: if ipv4 = true and nat = false +## For ipv6: if 'host' is not set or ipv4 = true +# address4 = +# address6 = + +## External IPv4 or IPv6 address to listen for connections +## By default i2pd sets IP automatically +## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true +## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false +# host = 1.2.3.4 + +## Port to listen for connections +## By default i2pd picks random port. You MUST pick a random number too, +## don't just uncomment this +port = 12999 + +## Enable communication through ipv4 +ipv4 = true +## Enable communication through ipv6 +ipv6 = false + +## Enable SSU transport +ssu = false + +## Bandwidth configuration +## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec, +## X - unlimited +## Default is L (regular node) and X if floodfill mode enabled. If you want to +## share more bandwidth without floodfill mode, uncomment that line and adjust +## value to your possibilities +bandwidth = O +## Max % of bandwidth limit for transit. 0-100. 100 by default +share = 20 + +## Router will not accept transit tunnels, disabling transit traffic completely +## (default = false) +# notransit = true + +## Router will be floodfill +## Note: that mode uses much more network connections and CPU! +# floodfill = true + +[ntcp2] +## Enable NTCP2 transport (default = true) +# enabled = true +## Publish address in RouterInfo (default = true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[ssu2] +## Enable SSU2 transport +# enabled = true +## Publish address in RouterInfo +# published = true +## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled) +# port = 4567 + +[http] +## Web Console settings +## Uncomment and set to 'false' to disable Web Console +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 7070 +## Path to web console, default "/" +# webroot = / +## Uncomment following lines to enable Web Console authentication +## You should not use Web Console via public networks without additional encryption. +## HTTP authentication is not encryption layer! +# auth = true +# user = i2pd +# pass = changeme +## Select webconsole language +## Currently supported english (default), afrikaans, armenian, chinese, czech, french, +## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian +## and uzbek languages +# lang = english + +[httpproxy] +## Uncomment and set to 'false' to disable HTTP Proxy +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 4444 +## Optional keys file for proxy local destination +# keys = http-proxy-keys.dat +## Enable address helper for adding .i2p domains with "jump URLs" (default: true) +## You should disable this feature if your i2pd HTTP Proxy is public, +## because anyone could spoof the short domain via addresshelper and forward other users to phishing links +# addresshelper = true +## Address of a proxy server inside I2P, which is used to visit regular Internet +# outproxy = http://false.i2p +## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[socksproxy] +## Uncomment and set to 'false' to disable SOCKS Proxy +# enabled = true +## Address and port service will listen on +address = 127.0.0.1 +port = 4447 +## Optional keys file for proxy local destination +# keys = socks-proxy-keys.dat +## Socks outproxy. Example below is set to use Tor for all connections except i2p +## Uncomment and set to 'true' to enable using of SOCKS outproxy +# outproxy.enabled = false +## Address and port of outproxy +# outproxy = 127.0.0.1 +# outproxyport = 9050 +## socksproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[sam] +## Comment or set to 'false' to disable SAM Bridge +enabled = true +## Address and ports service will listen on +# address = 127.0.0.1 +# port = 7656 +# portudp = 7655 + +[bob] +## Uncomment and set to 'true' to enable BOB command channel +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 2827 + +[i2cp] +## Uncomment and set to 'true' to enable I2CP protocol +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 7654 + +[i2pcontrol] +## Uncomment and set to 'true' to enable I2PControl protocol +# enabled = false +## Address and port service will listen on +# address = 127.0.0.1 +# port = 7650 +## Authentication password. "itoopie" by default +# password = itoopie + +[precomputation] +## Enable or disable elgamal precomputation table +## By default, enabled on i386 hosts +# elgamal = true + +[upnp] +## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID) +# enabled = false +## Name i2pd appears in UPnP forwardings list (default = I2Pd) +# name = I2Pd + +[meshnets] +## Enable connectivity over the Yggdrasil network +# yggdrasil = false +## You can bind address from your Yggdrasil subnet 300::/64 +## The address must first be added to the network interface +# yggaddress = + +[reseed] +## Options for bootstrapping into I2P network, aka reseeding +## Enable or disable reseed data verification. +verify = true +## URLs to request reseed data from, separated by comma +## Default: "mainline" I2P Network reseeds +# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/ +## Reseed URLs through the Yggdrasil, separated by comma +# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/ +## Path to local reseed data file (.su3) for manual reseeding +# file = /path/to/i2pseeds.su3 +## or HTTPS URL to reseed from +# file = https://legit-website.com/i2pseeds.su3 +## Path to local ZIP file or HTTPS URL to reseed from +# zipfile = /path/to/netDb.zip +## If you run i2pd behind a proxy server, set proxy server for reseeding here +## Should be http://address:port or socks://address:port +# proxy = http://127.0.0.1:8118 +## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default +# threshold = 25 + +[addressbook] +## AddressBook subscription URL for initial setup +## Default: reg.i2p at "mainline" I2P Network +# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt +## Optional subscriptions URLs, separated by comma +# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt + +[limits] +## Maximum active transit sessions (default: 5000) +## This value is doubled if floodfill mode is enabled! +# transittunnels = 5000 +## Limit number of open file descriptors (0 - use system limit) +# openfiles = 0 +## Maximum size of corefile in Kb (0 - use system limit) +# coresize = 0 + +[trust] +## Enable explicit trust options. false by default +# enabled = true +## Make direct I2P connections only to routers in specified Family. +# family = MyFamily +## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. +# routers = +## Should we hide our router from other routers? false by default +# hidden = true + +[exploratory] +## Exploratory tunnels settings with default values +# inbound.length = 2 +# inbound.quantity = 3 +# outbound.length = 2 +# outbound.quantity = 3 + +[persist] +## Save peer profiles on disk (default: true) +# profiles = true +## Save full addresses on disk (default: true) +# addressbook = true + +[cpuext] +## Use CPU AES-NI instructions set when work with cryptography when available (default: true) +# aesni = true +## Use CPU AVX instructions set when work with cryptography when available (default: true) +# avx = true +## Force usage of CPU instructions set, even if they not found +## DO NOT TOUCH that option if you really don't know what are you doing! +# force = false diff --git a/i2pd/i2pd.conf.dpkg-dist b/i2pd/i2pd.conf.dpkg-dist new file mode 100644 index 0000000..be4a671 --- /dev/null +++ b/i2pd/i2pd.conf.dpkg-dist @@ -0,0 +1,285 @@ +## Configuration file for a typical i2pd user +## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ +## for more options you can use in this file. + +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. + +## Tunnels config file +## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +# tunconf = /var/lib/i2pd/tunnels.conf + +## Tunnels config files path +## Use that path to store separated tunnels in different config files. +## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +# tunnelsdir = /var/lib/i2pd/tunnels.d + +## Path to certificates used for verifying .su3, families +## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +# certsdir = /var/lib/i2pd/certificates + +## Where to write pidfile (default: /run/i2pd.pid, not used in Windows) +# pidfile = /run/i2pd.pid + +## Logging configuration section +## By default logs go to stdout with level 'info' and higher +## For Windows OS by default logs go to file with level 'warn' and higher +## +## Logs destination (valid values: stdout, file, syslog) +## * stdout - print log entries to stdout +## * file - log entries to a file +## * syslog - use syslog, see man 3 syslog +# log = file +## Path to logfile (default: autodetect) +# logfile = /var/log/i2pd/i2pd.log +## Log messages above this level (debug, info, *warn, error, critical, none) +## If you set it to none, logging will be disabled +# loglevel = warn +## Write full CLF-formatted date and time to log (default: write only time) +# logclftime = true + +## Daemon mode. Router will go to background after start. Ignored on Windows +## (default: true) +# daemon = true + +## Specify a family, router belongs to (default - none) +# family = + +## Network interface to bind to +## Updates address4/6 options if they are not set +# ifname = +## You can specify different interfaces for IPv4 and IPv6 +# ifname4 = +# ifname6 = + +## Local address to bind transport sockets to +## Overrides host option if: +## For ipv4: if ipv4 = true and nat = false +## For ipv6: if 'host' is not set or ipv4 = true +# address4 = +# address6 = + +## External IPv4 or IPv6 address to listen for connections +## By default i2pd sets IP automatically +## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true +## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false +# host = 1.2.3.4 + +## Port to listen for connections +## By default i2pd picks random port. You MUST pick a random number too, +## don't just uncomment this +# port = 4567 + +## Enable communication through ipv4 (default: true) +ipv4 = true +## Enable communication through ipv6 (default: false) +ipv6 = false + +## Bandwidth configuration +## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec, +## X - unlimited +## Default is L (regular node) and X if floodfill mode enabled. +## If you want to share more bandwidth without floodfill mode, uncomment +## that line and adjust value to your possibilities. Value can be set to +## integer in kilobytes, it will apply that limit and flag will be used +## from next upper limit (example: if you set 4096 flag will be X, but real +## limit will be 4096 KB/s). Same can be done when floodfill mode is used, +## but keep in mind that low values may be negatively evaluated by Java +## router algorithms. +# bandwidth = L +## Max % of bandwidth limit for transit. 0-100 (default: 100) +# share = 100 + +## Router will not accept transit tunnels, disabling transit traffic completely +## (default: false) +# notransit = true + +## Router will be floodfill (default: false) +## Note: that mode uses much more network connections and CPU! +# floodfill = true + +[ntcp2] +## Enable NTCP2 transport (default: true) +# enabled = true +## Publish address in RouterInfo (default: true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[ssu2] +## Enable SSU2 transport (default: true) +# enabled = true +## Publish address in RouterInfo (default: true) +# published = true +## Port for incoming connections (default is global port option value) +# port = 4567 + +[http] +## Web Console settings +## Enable the Web Console (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:7070) +# address = 127.0.0.1 +# port = 7070 +## Path to web console (default: /) +# webroot = / +## Enable Web Console authentication (default: false) +## You should not use Web Console via public networks without additional encryption. +## HTTP authentication is not encryption layer! +# auth = true +# user = i2pd +# pass = changeme +## Select webconsole language +## Currently supported english (default), afrikaans, armenian, chinese, czech, french, +## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian +## and uzbek languages +# lang = english + +[httpproxy] +## Enable the HTTP proxy (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:4444) +# address = 127.0.0.1 +# port = 4444 +## Optional keys file for proxy local destination (default: http-proxy-keys.dat) +# keys = http-proxy-keys.dat +## Enable address helper for adding .i2p domains with "jump URLs" (default: true) +## You should disable this feature if your i2pd HTTP Proxy is public, +## because anyone could spoof the short domain via addresshelper and forward other users to phishing links +# addresshelper = true +## Address of a proxy server inside I2P, which is used to visit regular Internet +# outproxy = http://false.i2p +## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[socksproxy] +## Enable the SOCKS proxy (default: true) +# enabled = true +## Address and port service will listen on (default: 127.0.0.1:4447) +# address = 127.0.0.1 +# port = 4447 +## Optional keys file for proxy local destination (default: socks-proxy-keys.dat) +# keys = socks-proxy-keys.dat +## Socks outproxy. Example below is set to use Tor for all connections except i2p +## Enable using of SOCKS outproxy (works only with SOCKS4, default: false) +# outproxy.enabled = false +## Address and port of outproxy +# outproxy = 127.0.0.1 +# outproxyport = 9050 +## socksproxy section also accepts I2CP parameters, like "inbound.length" etc. + +[sam] +## Enable the SAM bridge (default: true) +# enabled = false +## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655) +# address = 127.0.0.1 +# port = 7656 +# portudp = 7655 + +[bob] +## Enable the BOB command channel (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:2827) +# address = 127.0.0.1 +# port = 2827 + +[i2cp] +## Enable the I2CP protocol (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:7654) +# address = 127.0.0.1 +# port = 7654 + +[i2pcontrol] +## Enable the I2PControl protocol (default: false) +# enabled = false +## Address and port service will listen on (default: 127.0.0.1:7650) +# address = 127.0.0.1 +# port = 7650 +## Authentication password (default: itoopie) +# password = itoopie + +[precomputation] +## Enable or disable elgamal precomputation table +## By default, enabled on i386 hosts +# elgamal = true + +[upnp] +## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID) +# enabled = false +## Name i2pd appears in UPnP forwardings list (default: I2Pd) +# name = I2Pd + +[meshnets] +## Enable connectivity over the Yggdrasil network (default: false) +# yggdrasil = false +## You can bind address from your Yggdrasil subnet 300::/64 +## The address must first be added to the network interface +# yggaddress = + +[reseed] +## Options for bootstrapping into I2P network, aka reseeding +## Enable reseed data verification (default: true) +verify = true +## URLs to request reseed data from, separated by comma +## Default: "mainline" I2P Network reseeds +# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/ +## Reseed URLs through the Yggdrasil, separated by comma +# yggurls = http://[324:71e:281a:9ed3::ace]:7070/ +## Path to local reseed data file (.su3) for manual reseeding +# file = /path/to/i2pseeds.su3 +## or HTTPS URL to reseed from +# file = https://legit-website.com/i2pseeds.su3 +## Path to local ZIP file or HTTPS URL to reseed from +# zipfile = /path/to/netDb.zip +## If you run i2pd behind a proxy server, set proxy server for reseeding here +## Should be http://address:port or socks://address:port +# proxy = http://127.0.0.1:8118 +## Minimum number of known routers, below which i2pd triggers reseeding (default: 25) +# threshold = 25 + +[addressbook] +## AddressBook subscription URL for initial setup +## Default: reg.i2p at "mainline" I2P Network +# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt +## Optional subscriptions URLs, separated by comma +# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt + +[limits] +## Maximum active transit sessions (default: 5000) +## This value is doubled if floodfill mode is enabled! +# transittunnels = 5000 +## Limit number of open file descriptors (0 - use system limit) +# openfiles = 0 +## Maximum size of corefile in Kb (0 - use system limit) +# coresize = 0 + +[trust] +## Enable explicit trust options. (default: false) +# enabled = true +## Make direct I2P connections only to routers in specified Family. +# family = MyFamily +## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. +# routers = +## Should we hide our router from other routers? (default: false) +# hidden = true + +[exploratory] +## Exploratory tunnels settings with default values +# inbound.length = 2 +# inbound.quantity = 3 +# outbound.length = 2 +# outbound.quantity = 3 + +[persist] +## Save peer profiles on disk (default: true) +# profiles = true +## Save full addresses on disk (default: true) +# addressbook = true + +[cpuext] +## Use CPU AES-NI instructions set when work with cryptography when available (default: true) +# aesni = true +## Force usage of CPU instructions set, even if they not found (default: false) +## DO NOT TOUCH that option if you really don't know what are you doing! +# force = false diff --git a/i2pd/tunnels.conf b/i2pd/tunnels.conf new file mode 100644 index 0000000..55723c4 --- /dev/null +++ b/i2pd/tunnels.conf @@ -0,0 +1,33 @@ +[IRC-ILITA] +type = client +address = 127.0.0.1 +port = 6668 +destination = irc.ilita.i2p +destinationport = 6667 +keys = irc-keys.dat + +#[IRC-IRC2P] +#type = client +#address = 127.0.0.1 +#port = 6669 +#destination = irc.postman.i2p +#destinationport = 6667 +#keys = irc-keys.dat + +#[SMTP] +#type = client +#address = 127.0.0.1 +#port = 7659 +#destination = smtp.postman.i2p +#destinationport = 25 +#keys = smtp-keys.dat + +#[POP3] +#type = client +#address = 127.0.0.1 +#port = 7660 +#destination = pop.postman.i2p +#destinationport = 110 +#keys = pop3-keys.dat + +# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/ diff --git a/i2pd/tunnels.conf.d/README b/i2pd/tunnels.conf.d/README new file mode 100644 index 0000000..7b07c4b --- /dev/null +++ b/i2pd/tunnels.conf.d/README @@ -0,0 +1,4 @@ +# In that directory you can store separated config files for every tunnel. +# Please read documentation for more info. +# +# You can find examples in /usr/share/doc/i2pd/tunnels.d directory diff --git a/i2pd/tunnels.conf.d/zzls.i2p.conf b/i2pd/tunnels.conf.d/zzls.i2p.conf new file mode 100644 index 0000000..14260d0 --- /dev/null +++ b/i2pd/tunnels.conf.d/zzls.i2p.conf @@ -0,0 +1,5 @@ +[zzls] +type = http +host = 127.0.0.1 +port = 30001 +keys = zzls.i2p diff --git a/nginx/conf.d/logs.zzls.xyz.conf b/nginx/conf.d/logs.zzls.xyz.conf index fc7ea2a..7ad53c2 100644 --- a/nginx/conf.d/logs.zzls.xyz.conf +++ b/nginx/conf.d/logs.zzls.xyz.conf @@ -1,6 +1,14 @@ +server { + server_name logs.zzls.xyz; + rewrite ^ https://logs.nadeko.net$request_uri? permanent; + + include configs/ssl.conf; + listen 443 ssl; +} + server { access_log /var/log/nginx/logs.zzls.xyz.log combined; - server_name logs.zzls.xyz logs.nadeko.net; + server_name logs.nadeko.net; include configs/general.conf; include configs/security.conf; diff --git a/nginx/conf.d/mail.zzls.xyz.conf b/nginx/conf.d/mail.zzls.xyz.conf index 8f75502..b2bcb2d 100644 --- a/nginx/conf.d/mail.zzls.xyz.conf +++ b/nginx/conf.d/mail.zzls.xyz.conf @@ -1,33 +1,19 @@ server { access_log /var/log/nginx/mail.zzls.xyz.log combined; error_log /var/log/nginx/mail.zzls.xyz.error; - root /var/www/mail; - index index.html; - server_name mail.zzls.xyz; + server_name mail.nadeko.net; include configs/general.conf; include configs/robotsNone.conf; include configs/security.conf; - location ^~ /baikal { - root /opt/baikal/html; - index index.php; - if (!-e $request_filename) { rewrite ^ /baikal/index.php last; } - rewrite ^/.well-known/caldav /dav.php redirect; - rewrite ^/.well-known/carddav /dav.php redirect; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass https://127.0.0.1:30443; + } - location ~ /(\.ht|Core|Specific|config) { - deny all; - return 404; - } - - location ~ \.php$ { - if (!-f $request_filename) { return 404; } - try_files $uri =404; - include fastcgi.conf; - fastcgi_pass unix:/run/php/php8.2-fpm.sock; - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - } + location /favicon.ico { + alias /var/www/mail/favicon.png; } # QUIC @@ -38,9 +24,14 @@ server { include configs/ssl.conf; } server { - if ($host = mail.zzls.xyz) { + set $x ""; + if ($host = mail.nadeko.net) { + set $x 1; + } + if ($x = 1) { return 301 https://$host$request_uri; } - server_name mail.zzls.xyz; + server_name mail.nadeko.net; listen 80; + return 404; } diff --git a/nginx/conf.d/stream.zzls.xyz.conf b/nginx/conf.d/stream.zzls.xyz.conf index 6234be3..8759280 100644 --- a/nginx/conf.d/stream.zzls.xyz.conf +++ b/nginx/conf.d/stream.zzls.xyz.conf @@ -16,8 +16,8 @@ server { } location = /streams { - rtmp_stat all; - rtmp_stat_stylesheet /stat.xsl; + # rtmp_stat all; + # rtmp_stat_stylesheet /stat.xsl; } location /stat.xsl { diff --git a/nginx/dhparam.pem b/nginx/dhparam.pem new file mode 100644 index 0000000..a168b47 --- /dev/null +++ b/nginx/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes +/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6 +56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t +kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9 +EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi +dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS +buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8 +hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4 ++lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe +OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS +guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF +-----END DH PARAMETERS----- diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf new file mode 100755 index 0000000..d53a628 --- /dev/null +++ b/nginx/fastcgi.conf @@ -0,0 +1,27 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param REMOTE_USER $remote_user; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params new file mode 100755 index 0000000..28decb9 --- /dev/null +++ b/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.conf b/nginx/nginx.conf index e924dfa..dc49787 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -5,53 +5,12 @@ pid /run/nginx.pid; # Include modules include /etc/nginx/modules-enabled/*.conf; -load_module /usr/lib/nginx/modules/ngx_rtmp_module.so; events { worker_connections 2048; multi_accept off; } -rtmp_auto_push on; -rtmp_auto_push_reconnect 10s; - -rtmp { - - max_connections 1000; - - server { - listen 1935; - allow publish 0.0.0.0; - deny play all; - chunk_size 4096; - application live { - sync 100ms; - # play_restart on; - interleave on; - # wait_key on; - # wait_video on; - drop_idle_publisher 10s; - #dash - dash on; - dash_path /tmp/dash; - dash_fragment 1; - dash_playlist_length 10; - #hls - hls on; - hls_fragment_naming system; - hls_path /tmp/hls; - hls_fragment 1; - hls_playlist_length 10; - hls_continuous on; - #rtmp - #on_publish http://127.0.0.1:7069/forms/stream; - live on; - record off; - } - } -} - - http { log_format limited '$remote_addr - $remote_user [$time_local] ' '"$request_method /bogus $server_protocol" $status $body_bytes_sent '