Fix .gitignore to include the NGINX folder and its subdirs

.gitignore

@@ -0,0 +1,6 @@
+# Ignore everything
+*
+
+# But not NGINX
+!nginx
+!nginx/**/*

i2pd/i2pd.conf

@@ -1,287 +0,0 @@
-## Configuration file for a typical i2pd user
-## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
-## for more options you can use in this file.
-
-## Lines that begin with "## " try to explain what's going on. Lines
-## that begin with just "#" are disabled commands: you can enable them
-## by removing the "#" symbol.
-
-## Tunnels config file
-## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
-## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
-# tunconf = /var/lib/i2pd/tunnels.conf
-
-## Tunnels config files path
-## Use that path to store separated tunnels in different config files.
-## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
-## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
-# tunnelsdir = /var/lib/i2pd/tunnels.d
-
-## Path to certificates used for verifying .su3, families
-## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
-## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
-# certsdir = /var/lib/i2pd/certificates
-
-## Where to write pidfile (default: i2pd.pid, not used in Windows)
-# pidfile = /run/i2pd/i2pd.pid
-
-## Logging configuration section
-## By default logs go to stdout with level 'info' and higher
-## For Windows OS by default logs go to file with level 'warn' and higher
-##
-## Logs destination (valid values: stdout, file, syslog)
-##  * stdout - print log entries to stdout
-##  * file - log entries to a file
-##  * syslog - use syslog, see man 3 syslog
-# log = file
-## Path to logfile (default - autodetect)
-logfile = /var/log/i2pd/i2pd.log
-## Log messages above this level (debug, info, *warn, error, none)
-## If you set it to none, logging will be disabled
-# loglevel = warn
-## Write full CLF-formatted date and time to log (default: write only time)
-# logclftime = true
-
-## Daemon mode. Router will go to background after start. Ignored on Windows
-# daemon = true
-
-## Specify a family, router belongs to (default - none)
-# family =
-
-## Network interface to bind to
-## Updates address4/6 options if they are not set
-# ifname =
-## You can specify different interfaces for IPv4 and IPv6
-# ifname4 =
-# ifname6 =
-
-## Local address to bind transport sockets to
-## Overrides host option if:
-## For ipv4: if ipv4 = true and nat = false
-## For ipv6: if 'host' is not set or ipv4 = true
-# address4 =
-# address6 =
-
-## External IPv4 or IPv6 address to listen for connections
-## By default i2pd sets IP automatically
-## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
-## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
-# host = 1.2.3.4
-
-## Port to listen for connections
-## By default i2pd picks random port. You MUST pick a random number too,
-## don't just uncomment this
-port = 12999
-
-## Enable communication through ipv4
-ipv4 = true
-## Enable communication through ipv6
-ipv6 = false
-
-## Enable SSU transport
-ssu = false
-
-## Bandwidth configuration
-## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
-## X - unlimited
-## Default is L (regular node) and X if floodfill mode enabled. If you want to
-## share more bandwidth without floodfill mode, uncomment that line and adjust
-## value to your possibilities
-bandwidth = X
-## Max % of bandwidth limit for transit. 0-100. 100 by default
-share = 100
-
-## Router will not accept transit tunnels, disabling transit traffic completely
-## (default = false)
-# notransit = true
-
-## Router will be floodfill
-## Note: that mode uses much more network connections and CPU!
-# floodfill = true
-
-[ntcp2]
-## Enable NTCP2 transport (default = true)
-# enabled = true
-## Publish address in RouterInfo (default = true)
-# published = true
-## Port for incoming connections (default is global port option value)
-# port = 4567
-
-[ssu2]
-## Enable SSU2 transport
-# enabled = true
-## Publish address in RouterInfo
-# published = true
-## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
-# port = 4567
-
-[http]
-## Web Console settings
-## Uncomment and set to 'false' to disable Web Console
-# enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 7070
-## Path to web console, default "/"
-# webroot = /
-## Uncomment following lines to enable Web Console authentication
-## You should not use Web Console via public networks without additional encryption.
-## HTTP authentication is not encryption layer!
-# auth = true
-# user = i2pd
-# pass = changeme
-## Select webconsole language
-## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
-## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
-## and uzbek languages
-# lang = english
-
-[httpproxy]
-## Uncomment and set to 'false' to disable HTTP Proxy
-# enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 4444
-## Optional keys file for proxy local destination
-# keys = http-proxy-keys.dat
-## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
-## You should disable this feature if your i2pd HTTP Proxy is public,
-## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
-# addresshelper = true
-## Address of a proxy server inside I2P, which is used to visit regular Internet
-# outproxy = http://false.i2p
-## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
-
-[socksproxy]
-## Uncomment and set to 'false' to disable SOCKS Proxy
-# enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 4447
-## Optional keys file for proxy local destination
-# keys = socks-proxy-keys.dat
-## Socks outproxy. Example below is set to use Tor for all connections except i2p
-## Uncomment and set to 'true' to enable using of SOCKS outproxy
-# outproxy.enabled = false
-## Address and port of outproxy
-# outproxy = 127.0.0.1
-# outproxyport = 9050
-## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
-
-[sam]
-## Comment or set to 'false' to disable SAM Bridge
-enabled = true
-## Address and ports service will listen on
-# address = 127.0.0.1
-# port = 7656
-# portudp = 7655
-
-[bob]
-## Uncomment and set to 'true' to enable BOB command channel
-# enabled = false
-## Address and port service will listen on
-# address = 127.0.0.1
-# port = 2827
-
-[i2cp]
-## Uncomment and set to 'true' to enable I2CP protocol
-# enabled = false
-## Address and port service will listen on
-# address = 127.0.0.1
-# port = 7654
-
-[i2pcontrol]
-## Uncomment and set to 'true' to enable I2PControl protocol
-# enabled = false
-## Address and port service will listen on
-# address = 127.0.0.1
-# port = 7650
-## Authentication password. "itoopie" by default
-# password = itoopie
-
-[precomputation]
-## Enable or disable elgamal precomputation table
-## By default, enabled on i386 hosts
-# elgamal = true
-
-[upnp]
-## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
-# enabled = false
-## Name i2pd appears in UPnP forwardings list (default = I2Pd)
-# name = I2Pd
-
-[meshnets]
-## Enable connectivity over the Yggdrasil network
-# yggdrasil = false
-## You can bind address from your Yggdrasil subnet 300::/64
-## The address must first be added to the network interface
-# yggaddress =
-
-[reseed]
-## Options for bootstrapping into I2P network, aka reseeding
-## Enable or disable reseed data verification.
-verify = true
-## URLs to request reseed data from, separated by comma
-## Default: "mainline" I2P Network reseeds
-# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
-## Reseed URLs through the Yggdrasil, separated by comma
-# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
-## Path to local reseed data file (.su3) for manual reseeding
-# file = /path/to/i2pseeds.su3
-## or HTTPS URL to reseed from
-# file = https://legit-website.com/i2pseeds.su3
-## Path to local ZIP file or HTTPS URL to reseed from
-# zipfile = /path/to/netDb.zip
-## If you run i2pd behind a proxy server, set proxy server for reseeding here
-## Should be http://address:port or socks://address:port
-# proxy = http://127.0.0.1:8118
-## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
-# threshold = 25
-
-[addressbook]
-## AddressBook subscription URL for initial setup
-## Default: reg.i2p at "mainline" I2P Network
-# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
-## Optional subscriptions URLs, separated by comma
-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
-
-[limits]
-## Maximum active transit sessions (default: 5000)
-## This value is doubled if floodfill mode is enabled!
-# transittunnels = 5000
-## Limit number of open file descriptors (0 - use system limit)
-# openfiles = 0
-## Maximum size of corefile in Kb (0 - use system limit)
-# coresize = 0
-
-[trust]
-## Enable explicit trust options. false by default
-# enabled = true
-## Make direct I2P connections only to routers in specified Family.
-# family = MyFamily
-## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
-# routers =
-## Should we hide our router from other routers? false by default
-# hidden = true
-
-[exploratory]
-## Exploratory tunnels settings with default values
-# inbound.length = 2
-# inbound.quantity = 3
-# outbound.length = 2
-# outbound.quantity = 3
-
-[persist]
-## Save peer profiles on disk (default: true)
-# profiles = true
-## Save full addresses on disk (default: true)
-# addressbook = true
-
-[cpuext]
-## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
-# aesni = true
-## Use CPU AVX instructions set when work with cryptography when available (default: true)
-# avx = true
-## Force usage of CPU instructions set, even if they not found
-## DO NOT TOUCH that option if you really don't know what are you doing!
-# force = false

i2pd/i2pd.conf.pacnew

@@ -1,288 +0,0 @@
-## Configuration file for a typical i2pd user
-## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
-## for more options you can use in this file.
-
-## Lines that begin with "## " try to explain what's going on. Lines
-## that begin with just "#" are disabled commands: you can enable them
-## by removing the "#" symbol.
-
-## Tunnels config file
-## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
-## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
-# tunconf = /var/lib/i2pd/tunnels.conf
-
-## Tunnels config files path
-## Use that path to store separated tunnels in different config files.
-## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
-## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
-# tunnelsdir = /var/lib/i2pd/tunnels.d
-
-## Path to certificates used for verifying .su3, families
-## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
-## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
-# certsdir = /var/lib/i2pd/certificates
-
-## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
-# pidfile = /run/i2pd/i2pd.pid
-
-## Logging configuration section
-## By default logs go to stdout with level 'info' and higher
-## For Windows OS by default logs go to file with level 'warn' and higher
-##
-## Logs destination (valid values: stdout, file, syslog)
-##  * stdout - print log entries to stdout
-##  * file - log entries to a file
-##  * syslog - use syslog, see man 3 syslog
-# log = file
-## Path to logfile (default: autodetect)
-logfile = /var/log/i2pd/i2pd.log
-## Log messages above this level (debug, info, *warn, error, critical, none)
-## If you set it to none, logging will be disabled
-# loglevel = warn
-## Write full CLF-formatted date and time to log (default: write only time)
-# logclftime = true
-
-## Daemon mode. Router will go to background after start. Ignored on Windows
-## (default: true)
-# daemon = true
-
-## Specify a family, router belongs to (default - none)
-# family =
-
-## Network interface to bind to
-## Updates address4/6 options if they are not set
-# ifname =
-## You can specify different interfaces for IPv4 and IPv6
-# ifname4 =
-# ifname6 =
-
-## Local address to bind transport sockets to
-## Overrides host option if:
-## For ipv4: if ipv4 = true and nat = false
-## For ipv6: if 'host' is not set or ipv4 = true
-# address4 =
-# address6 =
-
-## External IPv4 or IPv6 address to listen for connections
-## By default i2pd sets IP automatically
-## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
-## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
-# host = 1.2.3.4
-
-## Port to listen for connections
-## By default i2pd picks random port. You MUST pick a random number too,
-## don't just uncomment this
-# port = 4567
-
-## Enable communication through ipv4 (default: true)
-ipv4 = true
-## Enable communication through ipv6 (default: false)
-ipv6 = false
-
-## Bandwidth configuration
-## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
-## X - unlimited
-## Default is L (regular node) and X if floodfill mode enabled.
-## If you want to share more bandwidth without floodfill mode, uncomment
-## that line and adjust value to your possibilities. Value can be set to
-## integer in kilobytes, it will apply that limit and flag will be used
-## from next upper limit (example: if you set 4096 flag will be X, but real
-## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
-## but keep in mind that low values may be negatively evaluated by Java
-## router algorithms.
-# bandwidth = L
-## Max % of bandwidth limit for transit. 0-100 (default: 100)
-# share = 100
-
-## Router will not accept transit tunnels, disabling transit traffic completely
-## (default: false)
-# notransit = true
-
-## Router will be floodfill (default: false)
-## Note: that mode uses much more network connections and CPU!
-# floodfill = true
-
-[ntcp2]
-## Enable NTCP2 transport (default: true)
-# enabled = true
-## Publish address in RouterInfo (default: true)
-# published = true
-## Port for incoming connections (default is global port option value)
-# port = 4567
-
-[ssu2]
-## Enable SSU2 transport (default: true)
-# enabled = true
-## Publish address in RouterInfo (default: true)
-# published = true
-## Port for incoming connections (default is global port option value)
-# port = 4567
-
-[http]
-## Web Console settings
-## Enable the Web Console (default: true)
-# enabled = true
-## Address and port service will listen on (default: 127.0.0.1:7070)
-# address = 127.0.0.1
-# port = 7070
-## Path to web console (default: /)
-# webroot = /
-## Enable Web Console authentication (default: false)
-## You should not use Web Console via public networks without additional encryption.
-## HTTP authentication is not encryption layer!
-# auth = true
-# user = i2pd
-# pass = changeme
-## Select webconsole language
-## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
-## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
-## and uzbek languages
-# lang = english
-
-[httpproxy]
-## Enable the HTTP proxy (default: true)
-# enabled = true
-## Address and port service will listen on (default: 127.0.0.1:4444)
-# address = 127.0.0.1
-# port = 4444
-## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
-# keys = http-proxy-keys.dat
-## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
-## You should disable this feature if your i2pd HTTP Proxy is public,
-## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
-# addresshelper = true
-## Address of a proxy server inside I2P, which is used to visit regular Internet
-# outproxy = http://false.i2p
-## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
-
-[socksproxy]
-## Enable the SOCKS proxy (default: true)
-# enabled = true
-## Address and port service will listen on (default: 127.0.0.1:4447)
-# address = 127.0.0.1
-# port = 4447
-## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
-# keys = socks-proxy-keys.dat
-## Socks outproxy. Example below is set to use Tor for all connections except i2p
-## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
-# outproxy.enabled = false
-## Address and port of outproxy
-# outproxy = 127.0.0.1
-# outproxyport = 9050
-## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
-
-[sam]
-## Enable the SAM bridge (default: true)
-# enabled = false
-## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
-# address = 127.0.0.1
-# port = 7656
-# portudp = 7655
-
-[bob]
-## Enable the BOB command channel (default: false)
-# enabled = false
-## Address and port service will listen on (default: 127.0.0.1:2827)
-# address = 127.0.0.1
-# port = 2827
-
-[i2cp]
-## Enable the I2CP protocol (default: false)
-# enabled = false
-## Address and port service will listen on (default: 127.0.0.1:7654)
-# address = 127.0.0.1
-# port = 7654
-
-[i2pcontrol]
-## Enable the I2PControl protocol (default: false)
-# enabled = false
-## Address and port service will listen on (default: 127.0.0.1:7650)
-# address = 127.0.0.1
-# port = 7650
-## Authentication password (default: itoopie)
-# password = itoopie
-
-[precomputation]
-## Enable or disable elgamal precomputation table
-## By default, enabled on i386 hosts
-# elgamal = true
-
-[upnp]
-## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
-# enabled = false
-## Name i2pd appears in UPnP forwardings list (default: I2Pd)
-# name = I2Pd
-
-[meshnets]
-## Enable connectivity over the Yggdrasil network  (default: false)
-# yggdrasil = false
-## You can bind address from your Yggdrasil subnet 300::/64
-## The address must first be added to the network interface
-# yggaddress =
-
-[reseed]
-## Options for bootstrapping into I2P network, aka reseeding
-## Enable reseed data verification (default: true)
-verify = true
-## URLs to request reseed data from, separated by comma
-## Default: "mainline" I2P Network reseeds
-# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
-## Reseed URLs through the Yggdrasil, separated by comma
-# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
-## Path to local reseed data file (.su3) for manual reseeding
-# file = /path/to/i2pseeds.su3
-## or HTTPS URL to reseed from
-# file = https://legit-website.com/i2pseeds.su3
-## Path to local ZIP file or HTTPS URL to reseed from
-# zipfile = /path/to/netDb.zip
-## If you run i2pd behind a proxy server, set proxy server for reseeding here
-## Should be http://address:port or socks://address:port
-# proxy = http://127.0.0.1:8118
-## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
-# threshold = 25
-
-[addressbook]
-## AddressBook subscription URL for initial setup
-## Default: reg.i2p at "mainline" I2P Network
-# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
-## Optional subscriptions URLs, separated by comma
-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
-
-[limits]
-## Maximum active transit sessions (default: 5000)
-## This value is doubled if floodfill mode is enabled!
-# transittunnels = 5000
-## Limit number of open file descriptors (0 - use system limit)
-# openfiles = 0
-## Maximum size of corefile in Kb (0 - use system limit)
-# coresize = 0
-
-[trust]
-## Enable explicit trust options. (default: false)
-# enabled = true
-## Make direct I2P connections only to routers in specified Family.
-# family = MyFamily
-## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
-# routers =
-## Should we hide our router from other routers? (default: false)
-# hidden = true
-
-[exploratory]
-## Exploratory tunnels settings with default values
-# inbound.length = 2
-# inbound.quantity = 3
-# outbound.length = 2
-# outbound.quantity = 3
-
-[persist]
-## Save peer profiles on disk (default: true)
-# profiles = true
-## Save full addresses on disk (default: true)
-# addressbook = true
-
-[cpuext]
-## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
-# aesni = true
-## Force usage of CPU instructions set, even if they not found (default: false)
-## DO NOT TOUCH that option if you really don't know what are you doing!
-# force = false

i2pd/tunnels.conf

@@ -1,33 +0,0 @@
-[IRC-ILITA]
-type = client
-address = 127.0.0.1
-port = 6668
-destination = irc.ilita.i2p
-destinationport = 6667
-keys = irc-keys.dat
-
-#[IRC-IRC2P]
-#type = client
-#address = 127.0.0.1
-#port = 6669
-#destination = irc.postman.i2p
-#destinationport = 6667
-#keys = irc-keys.dat
-
-#[SMTP]
-#type = client
-#address = 127.0.0.1
-#port = 7659
-#destination = smtp.postman.i2p
-#destinationport = 25
-#keys = smtp-keys.dat
-
-#[POP3]
-#type = client
-#address = 127.0.0.1
-#port = 7660
-#destination = pop.postman.i2p
-#destinationport = 110
-#keys = pop3-keys.dat
-
-# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

i2pd/tunnels.d/inv.zzls.i2p.conf

@@ -1,5 +0,0 @@
-[librex]
-type=http
-host=127.0.0.1
-port=10051
-keys=inv.dat

i2pd/tunnels.d/librex.zzls.i2p.conf

@@ -1,5 +0,0 @@
-[librex]
-type=http
-host=127.0.0.1
-port=30002
-keys=librex.dat

i2pd/tunnels.d/rimgo.zzls.i2p.conf

@@ -1,5 +0,0 @@
-[rimgo]
-type=http
-host=127.0.0.1
-port=10050
-keys=rimgo-real.dat

logrotate.d/nginx

@@ -1,12 +0,0 @@
-/var/log/nginx/*log {
-	daily
-	missingok
-	notifempty
-	maxage 1
-	create 640 http root
-	sharedscripts
-	compress
-	postrotate
-		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
-	endscript
-}

nginx/conf.d/4get.conf

@@ -1,24 +1,13 @@
-limit_req_zone $binary_remote_addr zone=4get:10m rate=4r/s;
-
 # CLEARNET
 server {
   error_log /var/log/nginx/4get.error.log;
-  server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
-  root /var/www/4get-zzls;
+  server_name 4get.nadeko.net;
   include configs/general.conf;
   include configs/robotsNone.conf;
   include configs/security.conf;
 
   location @upstream {
-    try_files $uri.php $uri/index.php =404;
-    fastcgi_pass php-fpm-8.1;
-    fastcgi_index index.php;
-    include fastcgi.conf;
-    fastcgi_intercept_errors on;
-  }
-
-  location ~* ^(.*)\.php$ {
-    return 301 $1;
+	  proxy_pass http://127.0.0.1:10031;
   }
 
   location / {
@@ -53,7 +42,7 @@ server {
   add_header Onion-Location http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
 
   # QUIC
-  include configs/http3.conf;
+  # include configs/http3.conf;
 
   listen 443 ssl;
   http2 on;
@@ -81,18 +70,3 @@ server {
     return 301 $1;
   }
 }
-
-server {
-  listen 80;
-  server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
-
-  # If ([4get|4getus].zzls.xyz) domains are matched to $host, redirect them to the respective (.nadeko.net) domains.
-  # If not, redirect as normal.
-  map $host $domain {
-    default         $host;
-    4get.zzls.xyz   4get.nadeko.net;
-    4getus.zzls.xyz 4getus.nadeko.net;
-  }
-
-  return 301 https://$domain$request_uri;
-}

nginx/conf.d/datamining.conf

@@ -17,10 +17,3 @@ server {
   listen 443 ssl;
   http2 on;
 }
-
-server {
-  listen 80;
-  server_name datamining.nadeko.net;
-
-  return 301 https://$host$request_uri;
-}

nginx/conf.d/git.conf

@@ -19,10 +19,3 @@ server {
   http2 on;
 
 }
-
-server {
-  listen 80;
-  server_name git.zzls.xyz git.nadeko.net;
-
-  return 301 https://git.nadeko.net$request_uri;
-}

nginx/conf.d/inv.conf

@@ -1,16 +1,19 @@
 # CLEARNET
 server {
+	# Enabled due to Fail2Ban
 	error_log /var/log/nginx/inv.nadeko.net.error.log;
 	#access_log /var/log/nginx/inv.nadeko.net.access.log;
 	server_name inv.nadeko.net;
 	include configs/general.conf;
 	include configs/robotsNone.conf;
+	# MAINTENANCE MODE
+	# include configs/maintenance-mode.conf;
 
 	# The messed up invidious configuration
 	include conf.d/inv.conf.locations;
 
 	# QUIC
-	include configs/http3.conf;
+	#include configs/http3.conf;
 
 	listen 443 ssl;
 	http2 on;
@@ -35,10 +38,3 @@ server {
 
 	include conf.d/inv.conf.locations;
 }
-
-server {
-  listen 80;
-  server_name inv.zzls.xyz inv.nadeko.net;
-
-  return 301 https://inv.nadeko.net$request_uri;
-}

nginx/conf.d/inv.conf.locations

@@ -1,20 +1,20 @@
 location @upstream {
-	proxy_pass http://inv;
-	include configs/proxy.conf;
-	limit_rate 1000k;
-	# Disable buffering and cache so i don't kill my
-	# SSD and bandwidth usage
-	proxy_buffering off;
-	proxy_request_buffering off;
-	proxy_cache off;
-	proxy_intercept_errors on;
-	proxy_connect_timeout 10s;
-	proxy_read_timeout 20s;
-	#error_page 502 = @fallback;
+  proxy_pass http://inv;
+  include configs/proxy.conf;
+  limit_rate 1000k;
+  # Disable buffering and cache so i don't kill my
+  # SSD and bandwidth usage
+  proxy_buffering off;
+  proxy_request_buffering off;
+  proxy_cache off;
+  proxy_intercept_errors on;
+  proxy_connect_timeout 10s;
+  proxy_read_timeout 20s;
+  #error_page 502 = @fallback;
 
-	if ($request_method = OPTIONS) {
-		return 204;
-	}
+  if ($request_method = OPTIONS) {
+    return 204;
+  }
 
 	proxy_hide_header Access-Control-Allow-Origin;
 	add_header Access-Control-Allow-Credentials true;
@@ -26,51 +26,78 @@ location @upstream {
 	add_header Onion-Location http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
 }
 
-location ~ (^/videoplayback|^/vi/) {
-	# Woops! Sorry. I don't want to kill my SSD lol!
-	proxy_buffering off;
-	#proxy_buffers 1024 16k;
-	proxy_set_header X-Forwarded-For "";
-	proxy_hide_header "alt-svc";
-	sendfile_max_chunk 512k;
-	proxy_hide_header Cache-Control;
-	proxy_hide_header etag;
-	proxy_http_version 1.1;
-	proxy_intercept_errors on;
-	proxy_set_header Connection keep-alive;
-	#proxy_max_temp_file_size 32m;
-	proxy_pass http://http3-ytproxy;
-	add_header Cache-Control private always;
-	limit_rate 5000k;
+location ~ (^/videoplayback) {
+  # Woops! Sorry. I don't want to kill my SSD lol!
+  proxy_buffering off;
+  proxy_request_buffering off;
+  proxy_cache off;
+  #proxy_buffers 1024 16k;
+  proxy_set_header X-Forwarded-For "";
+  proxy_hide_header "alt-svc";
+  sendfile_max_chunk 512k;
+  proxy_hide_header Cache-Control;
+  proxy_hide_header etag;
+  proxy_http_version 1.1;
+  proxy_intercept_errors on;
+  proxy_set_header Connection keep-alive;
+  #proxy_max_temp_file_size 32m;
+  proxy_pass http://http3-ytproxy;
+  add_header Cache-Control private always;
+  limit_rate 8000k;
+  limit_req zone=invidious-videoplaybackrl nodelay burst=10;
+}
+
+location ~ (^/vi/) {
+  # Woops! Sorry. I don't want to kill my SSD lol!
+  proxy_buffering off;  
+  proxy_request_buffering off;
+  proxy_cache off;
+  #proxy_buffers 1024 16k;
+  proxy_set_header X-Forwarded-For "";
+  proxy_hide_header "alt-svc";
+  proxy_hide_header Cache-Control;
+  proxy_hide_header etag;
+  proxy_http_version 1.1;
+  proxy_intercept_errors on;
+  proxy_set_header Connection keep-alive;
+  #proxy_max_temp_file_size 32m;
+  proxy_pass http://http3-ytproxy;
+  add_header Cache-Control private always;
+  limit_rate 800k;
 }
 
 location / {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
 }
 
 location /search {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
+}
+
+location /watch {
+  try_files $uri @upstream;
+  limit_req zone=invidious-watchrl nodelay burst=5;
 }
 
 location /api/v1 {
-	limit_req zone=invidious-apirl nodelay burst=10;
-	try_files $uri @upstream;
+  limit_req zone=invidious-apirl nodelay burst=10;
+  try_files $uri @upstream;
 }
 
 location /api/v1/storyboards {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
 }
 
 location /api/v1/captions {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
 }
 
 location /api/v1/comments {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
 }
 
 location ~ ^/api/v1/channels/(.+)/shorts {
-	try_files $uri @upstream;
+  try_files $uri @upstream;
 }
 
 #location @fallback {

nginx/conf.d/keygenmusic.conf

@@ -1,8 +1,8 @@
 server {
-	access_log /var/log/nginx/keygenmusic.zzls.xyz.access.log;
+	access_log /var/log/nginx/keygenmusic.access.log;
 	root /var/www/keygenmusic.tk-mirror;
 	index index.html;
-	server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
+	server_name keygenmusic.nadeko.net;
 	include configs/general.conf;
 	include configs/security.conf;
 
@@ -29,25 +29,3 @@ server {
 	http2 on;
 }
 
-server {
-	set $x "";
-	if ($host = keygenmusic.zzls.xyz) {
-		set $x 1;
-	}
-	if ($host = keygenmusic.nadeko.net) {
-		set $x 1;
-	}
-	if ($x = 1) {
-		return 301 https://$host$request_uri;
-	}
-	listen 80;
-	server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
-	return 404;
-}
-
-server {
-  listen 80;
-  server_name keygenmusic.nadeko.net;
-
-  return 301 https://$host$request_uri;
-}

nginx/conf.d/luna.conf

@@ -30,10 +30,3 @@ server {
   http2 on;
 
 }
-
-server {
-  listen 80;
-  server_name luna.zzls.xyz luna.nadeko.net;
-
-  return 301 https://luna.nadeko.net$request_uri;
-}

nginx/conf.d/materialious.conf

@@ -21,7 +21,7 @@ server {
 
 server {
   #error_log /var/log/nginx/materialious.nadeko.net.error.log;
-	#access_log /var/log/nginx/materialious.nadeko.net.access.log;
+  #access_log /var/log/nginx/materialious.nadeko.net.access.log;
   server_name syncious.nadeko.net;
   include configs/general.conf;
   include configs/robotsNone.conf;
@@ -70,10 +70,3 @@ server {
   listen 443 ssl;
   http2 on;
 }
-
-server {
-  listen 80;
-  server_name materialious.nadeko.net syncious.nadeko.net;
-
-  return 301 https://$host$request_uri;
-}

nginx/conf.d/matrix.conf

@@ -1,95 +0,0 @@
-server {
-	server_name matrix.zzls.xyz;
-	include configs/general.conf;
-	include configs/robotsNone.conf;
-	include configs/security.conf;
-
-	location /.well-known/matrix/server {
-		return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
-	}
-
-	location /.well-known/matrix/client {
-		default_type application/json;
-		add_header Access-Control-Allow-Origin '*';
-		return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
-	}
-
-	#location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
-	#	proxy_pass http://127.0.0.1:40022;
-	#	proxy_set_header X-Forwarded-For $remote_addr;
-	#	proxy_set_header X-Forwarded-Proto $scheme;
-	#		proxy_set_header Host $host;
-	#}
-
-	location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
-		proxy_pass http://matrix;
-		include configs/proxy.conf;
-		client_max_body_size 64M;
-	}
-
-	# QUIC
-	include configs/http3.conf;
-
-	listen 443 ssl;
-	listen 8448 ssl;
-	listen 8448 quic;
-	http2 on;
-}
-
-server {
-	server_name matrix.nadeko.net;
-	include configs/general.conf;
-	include configs/robotsNone.conf;
-	include configs/security.conf;
-
-	location /.well-known/matrix/support {
-		return 200 '{"contacts": [{"matrix_id": "@fijxu:nadeko.net","email_address": "fijxu@nadeko.net","role": "m.role.admin"},{"email_address": "fijxu@nadeko.net","role": "m.role.security"}],"support_page": "https://nadeko.net/contact" }';
-	}
-
-	location /.well-known/matrix/server {
-		return 200 '{ "m.server": "matrix.nadeko.net:8448" }';
-	}
-
-	location /.well-known/matrix/client {
-		default_type application/json;
-		add_header Access-Control-Allow-Origin '*';
-		return 200 '{ "m.homeserver": { "base_url": "https://matrix.nadeko.net" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.nadeko.net"}}';
-	}
-
-  location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
-    proxy_pass http://127.0.0.1:10024;
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $host;
-  }
-
-	location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
-		proxy_pass http://matrix-nadeko;
-		include configs/proxy.conf;
-		client_max_body_size 64M;
-	}
-
-	location / {
-		proxy_pass http://127.0.0.1:10023;
-		proxy_set_header X-Forwarded-For $remote_addr;
-		proxy_set_header X-Forwarded-Proto $scheme;
-		proxy_set_header Host $host;
-		client_max_body_size 64M;
-		proxy_http_version 1.1;
-	}
-
-	# QUIC
-	include configs/http3.conf;
-
-	listen 443 ssl reuseport;
-	listen 8448 ssl default_server reuseport;
-	listen 8448 quic default_server reuseport;
-	http2 on;
-}
-
-server {
-  listen 80;
-  server_name matrix.zzls.xyz matrix.nadeko.net;
-
-  return 301 https://matrix.nadeko.net$request_uri;
-}

nginx/conf.d/pbin.conf

@@ -4,6 +4,7 @@ server {
   include configs/general.conf;
   include configs/security.conf;
   include configs/robotsNone.conf;
+  client_max_body_size 128M;
 
   location / {
     proxy_pass http://privatebin;
@@ -17,10 +18,3 @@ server {
   http2 on;
 
 }
-
-server {
-  listen 80;
-  server_name pbin.zzls.xyz pbin.nadeko.net;
-
-  return 301 https://pbin.nadeko.net$request_uri;
-}

nginx/conf.d/peertube.conf

@@ -5,7 +5,12 @@ server {
   server_name peertube.nadeko.net;
   include configs/general.conf;
   include configs/robotsNone.conf;
-  include configs/security.conf;
+  #include configs/security.conf;
+  # security headers
+  add_header X-Content-Type-Options    "nosniff" always;
+  add_header Referrer-Policy           "same-origin" always;
+  add_header Permissions-Policy        "interest-cohort=()" always;
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 
   location / {
     proxy_pass http://peertube;
@@ -19,10 +24,3 @@ server {
   listen 443 ssl;
   http2 on;
 }
-
-server {
-  listen 80;
-  server_name peertube.nadeko.net;
-
-  return 301 https://$host$request_uri;
-}

nginx/conf.d/redirector.conf

@@ -0,0 +1,14 @@
+# https://stackoverflow.com/a/39563133
+server {
+    server_name ~^(?<name>\w+)\.zzls\.xyz$;
+    rewrite ^ https://$name.nadeko.net$request_uri? permanent;
+    listen 443 ssl;
+    listen 80;
+}
+
+# HTTPS Redirector
+server {
+    listen 80;
+
+    return 301 https://$host$request_uri;
+}

nginx/conf.d/ri.conf

@@ -1,53 +0,0 @@
-# CLEARNET
-server {
-  server_name ri.zzls.xyz ri.nadeko.net;
-  include configs/general.conf;
-  include configs/robotsNone.conf;
-
-  location / {
-    proxy_pass http://rimgo;
-    include configs/proxy.conf;
-  }
-
-  # QUIC
-  include configs/http3.conf;
-
-  # TOR
-  add_header Onion-Location http://rimgo.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
-
-  listen 443 ssl;
-  http2 on;
-}
-
-# TOR
-server {
-  listen 10040;
-  server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
-  include configs/general.conf;
-  include configs/robotsNone.conf;
-
-  location / {
-    proxy_pass http://rimgo;
-    include configs/proxy.conf;
-  }
-}
-
-# I2P
-server {
-  listen 30001;
-  server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
-  include configs/general.conf;
-  include configs/robotsNone.conf;
-
-  location / {
-    proxy_pass http://rimgo;
-    include configs/proxy.conf;
-  }
-}
-
-server {
-  listen 80;
-  server_name ri.zzls.xyz ri.nadeko.net;
-
-  return 301 https://ri.nadeko.net$request_uri;
-}

nginx/configs/limits.conf

@@ -1,6 +0,0 @@
-# Rustlog
-limit_req_zone $binary_remote_addr zone=rustlog-api-limit:1m rate=20r/s;
-
-# Invidious
-limit_req_zone $binary_remote_addr zone=invidious-apirl:4m rate=20r/s;
-limit_req_zone $binary_remote_addr zone=invidious-front:10m rate=20r/s;

nginx/nginx.conf

@@ -64,7 +64,6 @@ http {
 	include /etc/nginx/snippets/maps.conf;
 	include /etc/nginx/snippets/poop.conf;
 
-  #limit_conn_zone $binary_remote_addr zone=addr:10m;
 	include /etc/nginx/configs/upstreams.conf;
 	include /etc/nginx/configs/limits.conf;
 	include /etc/nginx/conf.d/*.conf;

systemd/system/http3-ytproxy.service

@@ -1,39 +0,0 @@
-[Unit]
-Description=Http3 YTProxy for Invidious
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=http
-Group=http
-Environment="DISABLE_WEBP=1"
-Environment="DISABLE_IPV6=1"
-WorkingDirectory=/opt/http3-ytproxy
-ExecStart=/opt/http3-ytproxy/http3-ytproxy
-Restart=on-failure
-RestartSec=5s
-
-ReadWritePaths=/opt/http3-ytproxy/socket
-NoNewPrivileges=yes
-MemoryDenyWriteExecute=true
-PrivateDevices=yes
-PrivateTmp=yes
-ProtectHome=yes
-ProtectSystem=strict
-ProtectControlGroups=true
-RestrictSUIDSGID=true
-RestrictRealtime=true
-LockPersonality=true
-ProtectKernelLogs=true
-ProtectKernelTunables=true
-ProtectHostname=true
-ProtectKernelModules=true
-PrivateUsers=true
-ProtectClock=true
-SystemCallArchitectures=native
-SystemCallErrorNumber=EPERM
-SystemCallFilter=@system-service
-
-[Install]
-WantedBy=multi-user.target

systemd/system/invidious-debug.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Invidious (An alternative YouTube front-end) DEBUG
-After=syslog.target
-After=network.target
-
-[Service]
-RestartSec=2s
-Type=simple
-User=invidious
-Group=invidious
-WorkingDirectory=/opt/invidious/invidious-debug
-ExecStart=/opt/invidious/invidious-debug/invidious
-Restart=always
-RuntimeMaxSec=1h
-
-[Install]
-WantedBy=multi-user.target

systemd/system/invidious@.service

@@ -1,35 +0,0 @@
-[Unit]
-Description=Invidious (An alternative YouTube front-end)
-After=syslog.target
-After=network.target
-
-[Service]
-RestartSec=10s
-Type=simple
-User=invidious
-Group=invidious
-WorkingDirectory=/opt/invidious/invidious
-ExecStart=/opt/invidious/invidious/invidious -o invidious%i.log -p %i
-StandardOutput=null
-#StandardError=null
-Restart=always
-#RuntimeMaxSec=1h
-LimitNOFILE=16384
-
-# Security
-#PrivateTmp=yes
-#NoNewPrivileges=true
-#ProtectSystem=yes
-#ProtectDevices=yes
-#DevicePolicy=closed
-#ProtectKernelTunables=yes
-#ProtectControlGroups=yes
-#ProtectHostname=yes
-#ProtectKernelLogs=true
-#PrivateUsers=yes
-#ReadWriteDirectories=/home/invidious/invidious
-#ProtectControlGroups=yes
-#RestrictNamespaces=net uts ipc pid user cgroup
-
-[Install]
-WantedBy=multi-user.target

systemd/system/matrix-sliding-sync.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=Matrix sliding sync proxy (MSC3575)
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-Environment=LANG=en_US.UTF-8
-WorkingDirectory=/opt/sliding-sync
-ExecStart=/opt/sliding-sync/syncv3
-ExecReload=/usr/bin/kill -HUP $MAINPID
-EnvironmentFile=/opt/sliding-sync/.env
-Restart=always
-RestartSec=3
-
-[Install]
-WantedBy=multi-user.target

systemd/system/minecraft.service

@@ -1,28 +0,0 @@
-[Unit]
-Description=Minecraft Serber
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=forking
-User=mc
-Group=mc
-Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk
-WorkingDirectory=/opt/mc/server/
-ExecStart=/usr/bin/tmux new-session -s minecraft -d '/usr/lib/jvm/java-8-openjdk/bin/java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
-ExecStop=/usr/bin/tmux send -t minecraft.0 stop ENTER
-#ExecRestart=/usr/bin/tmux send -t minecraft.0 stop ENTER; sleep 10; /usr/bin/tmux new-session -s minecraft -d 'java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
-TimeoutStopSec=10
-TimeoutStartSec=10
-StandardOutput=null
-StandardError=null
-RemainAfterExit=yes
-KillMode=none
-RestartMode=direct
-#KillSignal=SIGINT
-#RestartKillSignal=SIGINT
-Restart=always
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target

systemd/system/rimgo.service

@@ -1,37 +0,0 @@
-[Unit]
-Description=Rimgo - An Imgur Proxy
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=rimgo
-Group=rimgo
-WorkingDirectory=/opt/rimgo
-ExecStart=/opt/rimgo/rimgo
-Restart=on-failure
-RestartSec=3s
-
-ReadWritePaths=/opt/rimgo
-NoNewPrivileges=yes
-MemoryDenyWriteExecute=true
-PrivateDevices=yes
-PrivateTmp=yes
-ProtectHome=yes
-ProtectSystem=strict
-ProtectControlGroups=true
-RestrictSUIDSGID=true
-RestrictRealtime=true
-LockPersonality=true
-ProtectKernelLogs=true
-ProtectKernelTunables=true
-ProtectHostname=true
-ProtectKernelModules=true
-PrivateUsers=true
-ProtectClock=true
-SystemCallArchitectures=native
-SystemCallErrorNumber=EPERM
-SystemCallFilter=@system-service
-
-[Install]
-WantedBy=multi-user.target