forked from Fijxu/etc-configs
Compare commits
No commits in common. "oracle" and "main" have entirely different histories.
17 changed files with 16 additions and 442 deletions
16
README.md
Normal file
16
README.md
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
You can find my server configs in this repo, they are split in different branches.
|
||||
|
||||
- [🌑 Selfhost Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost)
|
||||
|
||||
- [🇺🇸 VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/vpsus)
|
||||
|
||||
- [🌌 Veil Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/veil) (**New**)
|
||||
|
||||
- [🇨🇱 Oracle VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/oracle)
|
||||
|
||||
|
||||
#### Suggestions or Issues?
|
||||
|
||||
If you got any suggestions to the nginx configs or something that is not to your liking within the privacy-focused services I provide; Open an issue or a pull request in any config. You can either create an account with your real E-mail or with a throw away one (But probably you will be considered as a bad actor for me if you don't provide any real identity like GitHub, GitLab, Codeberg or anything like that, so make sure to link any of those).
|
||||
|
||||
*Contact*: [https://nadeko.net/contact](https://nadeko.net/contact)
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
server {
|
||||
server_name count.ayaya.beauty count.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/security.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://counter;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = count.ayaya.beauty) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = count.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server_name count.ayaya.beauty count.nadeko.net;
|
||||
listen 80;
|
||||
return 404;
|
||||
}
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
server {
|
||||
server_name ri.zzls.xyz ri.nadeko.net;
|
||||
include configs/general.conf;
|
||||
include configs/robotsNone.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://rimgo;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
# TOR
|
||||
server {
|
||||
listen 10040;
|
||||
server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion;
|
||||
|
||||
location / {
|
||||
proxy_pass http://rimgo;
|
||||
include configs/proxy.conf;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = ri.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = ri.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name ri.zzls.xyz ri.nadeko.net;
|
||||
}
|
||||
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
server {
|
||||
server_name search.zzls.xyz search.nadeko.net;
|
||||
include configs/general.conf;
|
||||
|
||||
location @socket {
|
||||
uwsgi_pass searxng;
|
||||
include uwsgi_params;
|
||||
uwsgi_param HTTP_HOST $host;
|
||||
uwsgi_param HTTP_CONNECTION $http_connection;
|
||||
# see flaskfix.py
|
||||
uwsgi_param HTTP_X_SCHEME $scheme;
|
||||
#uwsgi_param HTTP_X_SCRIPT_NAME /searxng;
|
||||
# see limiter.py
|
||||
uwsgi_param HTTP_X_REAL_IP $remote_addr;
|
||||
uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @socket;
|
||||
}
|
||||
|
||||
location /search {
|
||||
try_files $uri @socket;
|
||||
if ($server_protocol ~* "HTTP/1.1") {
|
||||
return 444;
|
||||
}
|
||||
}
|
||||
|
||||
# Onion Service Header
|
||||
add_header Onion-Location http://search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion$request_uri;
|
||||
|
||||
# QUIC
|
||||
include configs/http3.conf;
|
||||
|
||||
# CSP + Security Headers
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; preload" always;
|
||||
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
|
||||
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10040;
|
||||
server_name search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion;
|
||||
include configs/general.conf;
|
||||
|
||||
location @socket {
|
||||
uwsgi_pass searxng;
|
||||
include uwsgi_params;
|
||||
uwsgi_param HTTP_HOST $host;
|
||||
uwsgi_param HTTP_CONNECTION $http_connection;
|
||||
# see flaskfix.py
|
||||
uwsgi_param HTTP_X_SCHEME $scheme;
|
||||
#uwsgi_param HTTP_X_SCRIPT_NAME /searxng;
|
||||
# see limiter.py
|
||||
uwsgi_param HTTP_X_REAL_IP $remote_addr;
|
||||
uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @socket;
|
||||
}
|
||||
|
||||
# CSP + Security Headers
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; preload" always;
|
||||
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always;
|
||||
|
||||
}
|
||||
server {
|
||||
set $x "";
|
||||
if ($host = search.zzls.xyz) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($host = search.nadeko.net) {
|
||||
set $x 1;
|
||||
}
|
||||
if ($x = 1) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
listen 80;
|
||||
server_name search.zzls.xyz search.nadeko.net;
|
||||
return 404;
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
# gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
if ($poop) {
|
||||
return 444;
|
||||
}
|
||||
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
listen 443 quic;
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
|
||||
# Proxy SSL
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
# Proxy headers
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Forwarded $proxy_add_forwarded;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
# Proxy timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
location /robots.txt { return 200 "User-agent: *\nDisallow: /";}
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# security headers
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# ECDSA
|
||||
ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
|
||||
ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
|
||||
|
||||
include configs/sslConfig.conf;
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# SSL
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_early_data on;
|
||||
|
||||
# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
|
||||
# Changed to a custom one for trust purposes
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
upstream rimgo {
|
||||
server 127.0.0.1:10001;
|
||||
}
|
||||
|
||||
upstream counter {
|
||||
server 127.0.0.1:10002;
|
||||
}
|
||||
|
||||
upstream searxng {
|
||||
server unix:/usr/local/searxng/run/socket;
|
||||
}
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
|
||||
/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
|
||||
56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
|
||||
kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
|
||||
EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
|
||||
dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
|
||||
buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
|
||||
hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
|
||||
+lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
|
||||
OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
|
||||
guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
|
||||
-----END DH PARAMETERS-----
|
||||
|
|
@ -1,99 +0,0 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/avif avif;
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/webp webp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
pptx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
xlsx;
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/wasm wasm;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
||||
|
|
@ -1,59 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 65535;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 2048;
|
||||
multi_accept off;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format limited '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
|
||||
'"-" "Bogus/66.6"';
|
||||
access_log off;
|
||||
error_log /dev/null;
|
||||
|
||||
# Basic Settings
|
||||
charset utf-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 1024;
|
||||
types_hash_bucket_size 64;
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
|
||||
# SSL
|
||||
include configs/ssl.conf;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
client_body_timeout 10s;
|
||||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 65s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
# PERFORMANCE / ASYNC I/O
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 2m;
|
||||
|
||||
# Maps
|
||||
include /etc/nginx/snippets/maps.conf;
|
||||
include /etc/nginx/snippets/poop.conf;
|
||||
|
||||
include /etc/nginx/configs/upstreams.conf;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
# Connection header for WebSocket reverse proxy
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $remote_addr $proxy_forwarded_elem {
|
||||
|
||||
# IPv4 addresses can be sent as-is
|
||||
~^[0-9.]+$ "for=$remote_addr";
|
||||
|
||||
# IPv6 addresses need to be bracketed and quoted
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
||||
|
||||
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
||||
default "for=unknown";
|
||||
}
|
||||
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
|
||||
# If the incoming Forwarded header is syntactically valid, append to it
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
|
||||
# Otherwise, replace it
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
map $http_user_agent $poop {
|
||||
default 0;
|
||||
~*my-tiny-bot 1;
|
||||
~*thesis-research-bot 1;
|
||||
~*SemrushBot 1;
|
||||
~*Bytespider 1;
|
||||
~*PetalBot 1;
|
||||
~*Amazonbot 1;
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue