From f9748b3ec716aae3afa05ca361cb472637ddb312 Mon Sep 17 00:00:00 2001 From: Anthony Wang Date: Sat, 20 Jan 2024 15:56:03 +0000 Subject: [PATCH] Change /srv/http/pages to /srv/http, don't automatically forward ports 4200-9 The first change doesn't require any manual intervention since /srv/http/pages is now symlinked to /srv/http. The purpose of it is just to make paths shorter, that's all. I have several reasons for the second change, even though it may have been a useful feature: - Security: Some programs use those ports by default and you don't want to accidentally expose them to the internet. If you want to run a program on exozyme and view it on your own computer, use SSH port forwarding instead. - There was some weird DNS resolution problem with that config so I made it only listen to IPv4, which can cause problems since some programs only bind to IPv6. - If you want to expose a program to the internet, you must use a Unix socket or socat. This feature was useful as a quick-and-dirty option, but socat is also just one command and doesn't require much more effort. --- calibre-web.conf | 2 +- exozyme.conf | 2 +- iacore.conf | 2 +- nvpie.conf | 2 +- pages.conf | 26 ++------------------------ pranav.conf | 2 +- safetwitch.conf | 2 +- xtex.conf | 4 ++-- 8 files changed, 10 insertions(+), 32 deletions(-) diff --git a/calibre-web.conf b/calibre-web.conf index c56675d..d41de1d 100644 --- a/calibre-web.conf +++ b/calibre-web.conf @@ -4,7 +4,7 @@ server { server_name library.exozy.me; location / { - proxy_pass http://unix:/srv/http/pages/library; + proxy_pass http://unix:/srv/http/library; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/exozyme.conf b/exozyme.conf index 90e9ef0..dc3ac98 100644 --- a/exozyme.conf +++ b/exozyme.conf @@ -12,7 +12,7 @@ server { listen [::]:443 ssl default_server; server_name exozy.me; - root /srv/http/exozyme; + root /srv/http/www; index index.html; location /.well-known/matrix/server { diff --git a/iacore.conf b/iacore.conf index ebfd1ca..bf16d06 100644 --- a/iacore.conf +++ b/iacore.conf @@ -7,7 +7,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/www2.1a-insec.net/privkey.pem; location / { - proxy_pass http://unix:/srv/http/pages/xrablnhmov; + proxy_pass http://unix:/srv/http/xrablnhmov; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nvpie.conf b/nvpie.conf index a9b4005..bf973c9 100644 --- a/nvpie.conf +++ b/nvpie.conf @@ -7,7 +7,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/neovoid.is-cool.dev/privkey.pem; location / { - proxy_pass http://unix:/srv/http/pages/nvpie; + proxy_pass http://unix:/srv/http/nvpie; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/pages.conf b/pages.conf index 98aea5d..933e670 100644 --- a/pages.conf +++ b/pages.conf @@ -1,31 +1,9 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name ~^(\d)\.exozy\.me; - - index index.html; - - location / { - # https://serverfault.com/questions/638505/nginx-dynamic-proxy-pass-doesnt-resolve-properly - proxy_pass http://127.0.0.1:420$1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Proxy WebSockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } -} - server { listen 443 ssl; listen [::]:443 ssl; server_name ~^(?.+)\.exozy\.me; - root /srv/http/pages/$page; + root /srv/http/$page; index index.html; error_page 502 404 /404.html; @@ -38,7 +16,7 @@ server { } location @fallback { - proxy_pass http://unix:/srv/http/pages/$page; + proxy_pass http://unix:/srv/http/$page; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/pranav.conf b/pranav.conf index 3150f4d..2778e45 100644 --- a/pranav.conf +++ b/pranav.conf @@ -7,7 +7,7 @@ server { ssl_certificate_key /home/pranav/.local/share/cert/karawale.in/key.pem; location / { - proxy_pass http://unix:/srv/http/pages/pranav; + proxy_pass http://unix:/srv/http/pranav; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/safetwitch.conf b/safetwitch.conf index 8366dc8..1e728c3 100644 --- a/safetwitch.conf +++ b/safetwitch.conf @@ -3,7 +3,7 @@ server { listen [::]:443 ssl; server_name safetwitch.exozy.me; - root /srv/http/pages/safetwitch; + root /srv/http/safetwitch; index index.html; location / { diff --git a/xtex.conf b/xtex.conf index 163fe36..d1fbf70 100644 --- a/xtex.conf +++ b/xtex.conf @@ -9,7 +9,7 @@ server { add_header Server exozyme; location / { - proxy_pass http://unix:/srv/http/pages/xtexhome; + proxy_pass http://unix:/srv/http/xtexhome; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -33,7 +33,7 @@ server { add_header Server exozyme; location / { - proxy_pass http://unix:/srv/http/pages/xtexblog; + proxy_pass http://unix:/srv/http/xtexblog; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;