exozyme/nginx
6
3
Fork 7
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: exozyme:main
Branches Tags
exozyme:main
exozyme:patch-3
iacore:patch-2
iacore:iacore-patch-1
iacore:main
..
compare: iacore:main
Branches Tags
iacore:patch-2
iacore:iacore-patch-1
iacore:main
exozyme:main
exozyme:patch-3

No commits in common. "main" and "main" have entirely different histories.
main ... main

21 changed files with 200 additions and 411 deletions
Show stats Expand all files Collapse all files

14
calibre-web.conf
View file

@ -1,14 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name library.exozy.me;
location / {
proxy_pass http://unix:/srv/http/library;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 200M;
}
}

6
cockpit.conf
View file

@ -1,8 +1,10 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name portal.exozy.me;
include conf.d/ssl;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://localhost:9090;

8
exozyme.conf
View file

@ -8,11 +8,13 @@ server {
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name exozy.me;
root /srv/http/www;
include conf.d/ssl;
root /srv/http/exozyme;
index index.html;
location /.well-known/matrix/server {

8
forgejo.conf
View file

@ -1,11 +1,9 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.exozy.me;
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
return 444;
}
include conf.d/ssl;
location / {
proxy_pass http://unix:/run/forgejo/forgejo.sock;

6
guacamole.conf
View file

@ -1,8 +1,10 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name desk.exozy.me;
include conf.d/ssl;
location / {
proxy_pass http://localhost:4080/guacamole/;
proxy_buffering off;

37
iacore.conf
View file

@ -1,40 +1,15 @@
log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.1a-insec.net;
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
ssl_certificate /etc/letsencrypt/live/www.1a-insec.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.1a-insec.net/privkey.pem;
root /srv/http/iacore;
access_log /var/log/nginx/www.1a-insec.net.access.log 1a-simple;
root /srv/http/pages/iacore;
index index.html;
location / {
try_files $uri $uri.html $uri/ =404;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bean.1a-insec.net;
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
location / {
proxy_pass http://unix:/srv/http/bean-doze;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

7
jupyterhub.conf
View file

@ -1,8 +1,11 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hub.exozy.me;
include conf.d/ssl;
location ~ ^/user/(.*)/desk/(.*)$ {
return 301 /hub/desk/$2;
}

137
mastodon.conf
View file

@ -3,32 +3,26 @@ map $http_upgrade $connection_upgrade {
'' close;
}
upstream web {
server unix:/run/mastodon-web/mastodon-web.sock fail_timeout=0;
upstream backend {
server unix:/run/mastodon/mastodon-web.sock fail_timeout=0;
}
upstream streaming {
# Instruct nginx to send connections to the server with the least number of connections
# to ensure load is distributed evenly.
least_conn;
server unix:/run/mastodon-streaming/mastodon-streaming.sock fail_timeout=0;
# Uncomment these lines for load-balancing multiple instances of streaming for scaling,
# this assumes your running the streaming server on ports 4000, 4001, and 4002:
# server 127.0.0.1:4001 fail_timeout=0;
# server 127.0.0.1:4002 fail_timeout=0;
server unix:/run/mastodon/mastodon-streaming.sock fail_timeout=0;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name social.exozy.me;
include conf.d/ssl;
keepalive_timeout 70;
sendfile on;
client_max_body_size 99m;
client_max_body_size 80m;
root /var/lib/mastodon/public;
@ -39,71 +33,50 @@ server {
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri @proxy;
}
# If Docker is used for deployment and Rails serves static files,
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
location = /sw.js {
add_header Cache-Control "public, max-age=604800, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location ~ ^/assets/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location ~ ^/avatars/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000";
tcp_nodelay on;
}
location ~ ^/emoji/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/headers/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/packs/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/shortcuts/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/sounds/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/system/ {
add_header Cache-Control "public, max-age=2419200, immutable";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
try_files $uri =404;
}
location ^~ /api/v1/streaming {
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -117,34 +90,8 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
tcp_nodelay on;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://web;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
tcp_nodelay on;
}
error_page 404 500 501 502 503 504 /500.html;
error_page 500 501 502 503 504 /500.html;
}

50
mdwalters.conf
View file

@ -1,50 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.max.is-probably.gay;
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
location / {
proxy_pass http://localhost:1351;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name fedi.max.is-probably.gay;
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
location / {
proxy_pass http://localhost:1350;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name phanpy.max.is-probably.gay;
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
location / {
proxy_pass http://localhost:5173;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

30
nextcloud.conf
View file

@ -10,18 +10,16 @@ map $arg_v $asset_immutable {
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.exozy.me;
# Enable symlinks
disable_symlinks off;
# Path to the root of your installation
root /usr/share/webapps/nextcloud;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
include conf.d/ssl;
# HSTS settings
# WARNING: Only add the preload option once you read about
@ -29,7 +27,7 @@ server {
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 16G;
@ -42,20 +40,21 @@ server {
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwidth.
# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
# for tunning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
@ -70,7 +69,7 @@ server {
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
application/javascript js mjs;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
@ -80,7 +79,7 @@ server {
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocs-provider`), and thus
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
@ -139,7 +138,7 @@ server {
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
@ -161,8 +160,7 @@ server {
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets

22
nginx.conf
View file

@ -1,22 +0,0 @@
# SSL
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
# Log to system journal
access_log syslog:server=unix:/dev/log;
error_log syslog:server=unix:/dev/log;
# Disable symlinks so users can't make nginx follow symlinks to sensitive files
disable_symlinks if_not_owner;
# Force UTF-8 because why not
charset utf-8;
# Yay HTTP/2!
http2 on;

16
nvpie.conf
View file

@ -1,16 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name neovoid.is-cool.dev;
ssl_certificate /etc/letsencrypt/live/neovoid.is-cool.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/neovoid.is-cool.dev/privkey.pem;
root /srv/http/nvpie;
index index.html;
location / {
try_files $uri $uri.html $uri/ =404;
}
}

54
pages.conf
View file

@ -1,22 +1,48 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ~^(?<page>.+)\.exozy\.me;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^(\d)\.exozy\.me;
root /srv/http/$page;
index index.html index.txt;
include conf.d/ssl;
error_page 502 404 /404.html;
location = /404.html {
internal;
}
index index.html;
location / {
try_files $uri $uri.html $uri/ = @fallback;
}
location @fallback {
proxy_pass http://unix:/srv/http/$page;
# https://serverfault.com/questions/638505/nginx-dynamic-proxy-pass-doesnt-resolve-properly
proxy_pass http://127.0.0.1:420$1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^(?<page>.+)\.exozy\.me;
include conf.d/ssl;
root /srv/http/pages/$page;
index index.html;
error_page 502 404 /404.html;
location = /404.html {
internal;
}
location / {
try_files $uri $uri.html $uri/ = @fallback;
}
location @fallback {
proxy_pass http://unix:/srv/http/pages/$page;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

77
peertube.conf
View file

@ -3,15 +3,17 @@
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
# THIRD PARTY MODULES: None.
upstream backend {
server [::1]:9000; # https://framacolibri.org/t/listen-to-unix-socket-instead-of-localhost-9000/5348
}
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tube.exozy.me;
##
# Certificates
# you need a certificate to run in production. see https://letsencrypt.org/
##
include conf.d/ssl;
##
# Application
##
@ -28,21 +30,14 @@ server {
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://backend;
proxy_pass http://localhost:9000;
}
location / {
try_files /dev/null @api;
}
location ~ ^/api/v1/videos/(upload-resumable|([^/]+/source/replace-resumable))$ {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
}
location ~ ^/api/v1/users/[^/]+/imports/import-resumable$ {
location = /api/v1/videos/upload-resumable {
client_max_body_size 0;
proxy_request_buffering off;
@ -64,13 +59,6 @@ server {
try_files /dev/null @api;
}
location ~ ^/api/v1/runners/jobs/[^/]+/(update|success)$ {
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
@ -90,7 +78,7 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://backend;
proxy_pass http://localhost:9000;
}
location /socket.io {
@ -146,10 +134,10 @@ server {
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
#client_body_temp_path /var/www/peertube/storage/nginx/;
#client_body_temp_path /var/lib/peertube/storage/nginx/;
# Bypass PeerTube for performance reasons. Optional.
# Should be consistent with client-overrides assets list in client.ts server controller
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
@ -165,7 +153,29 @@ server {
alias /usr/share/webapps/peertube/client/dist/$1;
}
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(thumbnails|avatars)/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
}
location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
# We can't rate limit a try_files directive, so we need to duplicate @api
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -174,14 +184,20 @@ server {
proxy_limit_rate 5M;
proxy_pass http://backend;
proxy_pass http://localhost:9000;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(webseed|web-videos|redundancy|streaming-playlists)/ {
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
limit_rate_after 5M;
set $peertube_limit_rate 5M;
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
set $peertube_limit_rate 800k;
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
if ($request_uri ~ -fragmented.mp4$) {
set $peertube_limit_rate 5M;
}
# Use this line with nginx >= 1.17.0
limit_rate $peertube_limit_rate;
@ -213,8 +229,7 @@ server {
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
aio threads;
# web-videos is the name of the directory mapped to the `storage.web_videos` key in your PeerTube configuration
rewrite ^/static/webseed/(.*)$ /web-videos/$1 break;
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;

6
pranav.conf
View file

@ -1,13 +1,13 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name karawale.in *.karawale.in;
ssl_certificate /home/pranav/.local/share/cert/karawale.in/fullchain.pem;
ssl_certificate_key /home/pranav/.local/share/cert/karawale.in/key.pem;
location / {
proxy_pass http://unix:/srv/http/pranav;
proxy_pass http://unix:/srv/http/pages/pranav;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

11
redirect.conf Normal file
View file

@ -0,0 +1,11 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ta180m.exozy.me;
include conf.d/ssl;
location / {
return 301 https://a.exozy.me$request_uri;
}
}

8
ssl Normal file
View file

@ -0,0 +1,8 @@
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;

7
synapse.conf
View file

@ -1,8 +1,11 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.exozy.me;
include conf.d/ssl;
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;

6
woodpecker.conf
View file

@ -1,8 +1,10 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ci.exozy.me;
include conf.d/ssl;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;

59
x.conf
View file

@ -1,59 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pb.exozy.me;
location / {
proxy_pass http://localhost:7631;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name memos.exozy.me;
location / {
proxy_pass http://localhost:7632;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name reddit.exozy.me;
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
return 444;
}
location / {
proxy_pass http://localhost:7633;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name rssbridge.exozy.me;
location / {
proxy_pass http://localhost:7634;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

42
xtex.conf
View file

@ -1,42 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name xtexx.eu.org;
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
add_header Server exozyme;
location / {
proxy_pass http://unix:/srv/http/xtexhome;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name blog.xtexx.eu.org;
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
add_header Server exozyme;
location / {
proxy_pass http://unix:/srv/http/xtexblog;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}