forked from exozyme/nginx
Compare commits
107 commits
| Author | SHA1 | Date | |
|---|---|---|---|
5e8ad9b7da
|
|||
|
f216e37a42
|
|||
| 40f25073bb | |||
| 140c771c32 | |||
|
06ac5c8eea
|
|||
|
84c65e5506
|
|||
|
057107d9c5
|
|||
|
b2348b9646
|
||
|
8c2b0854b9
|
|||
|
|
42fb81a97a
|
||
45ccf9e51c
|
|||
|
fa70231eac
|
|||
|
8fe7a105cb
|
|||
|
|
a2c5b4ab7c
|
||
|
|
6908e562b3
|
||
|
e451c5e807
|
|||
|
2e503d808b
|
|||
| f36d28dae4 | |||
| d6324c8098 | |||
|
850b51b2ed
|
|||
| 132a20839d | |||
| 02e7c1ff99 | |||
| 3cc1f4e85e | |||
|
0f98fb86ef
|
|||
|
06d2e7c208
|
|||
|
e541b39644
|
|||
|
|
6d15c0efae
|
||
|
5e683f3f90
|
|||
|
014aa68ba5
|
|||
|
1ca4e9c17a
|
|||
|
f9748b3ec7
|
|||
|
25b463ada1
|
|||
|
d6172c33c2
|
|||
| 4267f0ef03 | |||
|
0c08f30f8f
|
|||
|
baf40d7694
|
|||
|
1c88742815
|
|||
|
7c95638d93
|
|||
|
e6731d996e
|
|||
|
21303cfea0
|
|||
|
1b30fed65f
|
|||
|
f6322e183d
|
|||
|
bfce841044
|
|||
|
af75fb68a7
|
|||
|
e5ba1ce1df
|
|||
|
eb1da632fb
|
|||
|
4cce3721b2
|
|||
| 184b931fd0 | |||
|
05126f565b
|
|||
|
c71ee472ae
|
||
|
8383e4eb10
|
|||
|
|
c82031450c
|
||
|
8712f423cb
|
|||
|
d798a49551
|
|||
| c2fb98cd29 | |||
| 66ee1ba697 | |||
|
e1ae9e4a8a
|
|||
|
63914e5d7f
|
|||
|
cba3cc387f
|
|||
|
47967fd747
|
|||
| 1652642e12 | |||
|
60014a661f
|
|||
|
127c8f5ecb
|
|||
|
02f764b5a5
|
|||
| e66063fae3 | |||
| c5a78986ac | |||
|
866325e088
|
|||
| b5cd8cfd6d | |||
| d1c2e9470d | |||
| f4075ccb1a | |||
| ce158df2da | |||
| f2442f0a08 | |||
| f4438b09a8 | |||
|
23732b339a
|
|||
|
00fc2e086f
|
|||
|
93c6f888dc
|
|||
956cb33b26
|
|||
|
ce94ff3f6b
|
|||
|
96ed6d7bdf
|
|||
|
94a223180f
|
|||
|
62870b2f0a
|
|||
|
27d2e328ed
|
|||
|
14cccfb385
|
|||
|
6e2381b74c
|
|||
|
482db51233
|
|||
|
d7e4151476
|
|||
|
fab570ee50
|
|||
|
216daf7a23
|
|||
|
e58c22e34a
|
|||
|
caadf1c3eb
|
|||
| cfe3c09e5c | |||
|
0f29483002
|
|||
|
6aa9ddf371
|
|||
|
b0941d271f
|
|||
|
52fc0762e8
|
|||
|
cff9ad23b0
|
|||
| 262a9eda64 | |||
| 43b6be1eeb | |||
| 23ecefb89b | |||
| 2f48a822ae | |||
| 6e66d8d5cc | |||
|
|
67c8eed118
|
||
| 85af427d7e | |||
|
|
c090dd6ad2
|
||
|
e07b0dd49d
|
|||
| 613e03be26 | |||
| 65ea204f75 |
14
calibre-web.conf
Normal file
14
calibre-web.conf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name library.exozy.me;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/library;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
client_max_body_size 200M;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,10 +1,8 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name portal.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location / {
|
||||
# Required to proxy the connection to Cockpit
|
||||
proxy_pass https://localhost:9090;
|
||||
|
|
|
|||
|
|
@ -8,13 +8,11 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
server_name exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
root /srv/http/exozyme;
|
||||
root /srv/http/www;
|
||||
index index.html;
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
|
|
|
|||
|
|
@ -1,9 +1,11 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name git.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.sock;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name desk.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:4080/guacamole/;
|
||||
proxy_buffering off;
|
||||
|
|
|
|||
37
iacore.conf
37
iacore.conf
|
|
@ -1,15 +1,40 @@
|
|||
log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.1a-insec.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/www.1a-insec.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.1a-insec.net/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
|
||||
|
||||
root /srv/http/pages/iacore;
|
||||
index index.html;
|
||||
root /srv/http/iacore;
|
||||
|
||||
access_log /var/log/nginx/www.1a-insec.net.access.log 1a-simple;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name bean.1a-insec.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/bean-doze;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Proxy WebSockets
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,8 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name hub.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location ~ ^/user/(.*)/desk/(.*)$ {
|
||||
return 301 /hub/desk/$2;
|
||||
}
|
||||
|
|
|
|||
137
mastodon.conf
137
mastodon.conf
|
|
@ -3,26 +3,32 @@ map $http_upgrade $connection_upgrade {
|
|||
'' close;
|
||||
}
|
||||
|
||||
upstream backend {
|
||||
server unix:/run/mastodon/mastodon-web.sock fail_timeout=0;
|
||||
upstream web {
|
||||
server unix:/run/mastodon-web/mastodon-web.sock fail_timeout=0;
|
||||
}
|
||||
|
||||
upstream streaming {
|
||||
server unix:/run/mastodon/mastodon-streaming.sock fail_timeout=0;
|
||||
# Instruct nginx to send connections to the server with the least number of connections
|
||||
# to ensure load is distributed evenly.
|
||||
least_conn;
|
||||
|
||||
server unix:/run/mastodon-streaming/mastodon-streaming.sock fail_timeout=0;
|
||||
# Uncomment these lines for load-balancing multiple instances of streaming for scaling,
|
||||
# this assumes your running the streaming server on ports 4000, 4001, and 4002:
|
||||
# server 127.0.0.1:4001 fail_timeout=0;
|
||||
# server 127.0.0.1:4002 fail_timeout=0;
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name social.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 80m;
|
||||
client_max_body_size 99m;
|
||||
|
||||
root /var/lib/mastodon/public;
|
||||
|
||||
|
|
@ -33,50 +39,71 @@ server {
|
|||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
try_files $uri @proxy;
|
||||
# If Docker is used for deployment and Rails serves static files,
|
||||
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
|
||||
location = /sw.js {
|
||||
add_header Cache-Control "public, max-age=604800, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location /sw.js {
|
||||
add_header Cache-Control "public, max-age=0";
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
try_files $uri @proxy;
|
||||
location ~ ^/assets/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://backend;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_cache CACHE;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_cache_valid 410 24h;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
tcp_nodelay on;
|
||||
location ~ ^/avatars/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location /api/v1/streaming {
|
||||
location ~ ^/emoji/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/headers/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/packs/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/shortcuts/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/sounds/ {
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/system/ {
|
||||
add_header Cache-Control "public, max-age=2419200, immutable";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ^~ /api/v1/streaming {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
@ -90,8 +117,34 @@ server {
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
error_page 500 501 502 503 504 /500.html;
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://web;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_cache CACHE;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_cache_valid 410 24h;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
error_page 404 500 501 502 503 504 /500.html;
|
||||
}
|
||||
|
|
|
|||
50
mdwalters.conf
Normal file
50
mdwalters.conf
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name git.max.is-probably.gay;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:1351;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name fedi.max.is-probably.gay;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:1350;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name phanpy.max.is-probably.gay;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/max.is-probably.gay/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/max.is-probably.gay/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5173;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
|
@ -10,16 +10,18 @@ map $arg_v $asset_immutable {
|
|||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name cloud.exozy.me;
|
||||
|
||||
# Enable symlinks
|
||||
disable_symlinks off;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /usr/share/webapps/nextcloud;
|
||||
|
||||
# Use Mozilla's guidelines for SSL/TLS settings
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
include conf.d/ssl;
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
|
|
@ -27,7 +29,7 @@ server {
|
|||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 16G;
|
||||
|
|
@ -40,21 +42,20 @@ server {
|
|||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwitdth.
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tunning hints
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
|
|
@ -69,7 +70,7 @@ server {
|
|||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
application/javascript js mjs;
|
||||
text/javascript js mjs;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
|
|
@ -79,7 +80,7 @@ server {
|
|||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
|
@ -138,7 +139,7 @@ server {
|
|||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
|
@ -160,7 +161,8 @@ server {
|
|||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
|
|
|
|||
22
nginx.conf
Normal file
22
nginx.conf
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# SSL
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
|
||||
|
||||
# Log to system journal
|
||||
access_log syslog:server=unix:/dev/log;
|
||||
error_log syslog:server=unix:/dev/log;
|
||||
|
||||
# Disable symlinks so users can't make nginx follow symlinks to sensitive files
|
||||
disable_symlinks if_not_owner;
|
||||
|
||||
# Force UTF-8 because why not
|
||||
charset utf-8;
|
||||
|
||||
# Yay HTTP/2!
|
||||
http2 on;
|
||||
16
nvpie.conf
Normal file
16
nvpie.conf
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name neovoid.is-cool.dev;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/neovoid.is-cool.dev/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/neovoid.is-cool.dev/privkey.pem;
|
||||
|
||||
root /srv/http/nvpie;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
|
||||
}
|
||||
}
|
||||
36
pages.conf
36
pages.conf
|
|
@ -1,36 +1,10 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name ~^(\d)\.exozy\.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
# https://serverfault.com/questions/638505/nginx-dynamic-proxy-pass-doesnt-resolve-properly
|
||||
proxy_pass http://127.0.0.1:420$1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Proxy WebSockets
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name ~^(?<page>.+)\.exozy\.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
root /srv/http/pages/$page;
|
||||
index index.html;
|
||||
root /srv/http/$page;
|
||||
index index.html index.txt;
|
||||
|
||||
error_page 502 404 /404.html;
|
||||
location = /404.html {
|
||||
|
|
@ -42,7 +16,7 @@ server {
|
|||
}
|
||||
|
||||
location @fallback {
|
||||
proxy_pass http://unix:/srv/http/pages/$page;
|
||||
proxy_pass http://unix:/srv/http/$page;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
|||
|
|
@ -3,16 +3,14 @@
|
|||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name tube.exozy.me;
|
||||
upstream backend {
|
||||
server [::1]:9000; # https://framacolibri.org/t/listen-to-unix-socket-instead-of-localhost-9000/5348
|
||||
}
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
include conf.d/ssl;
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name tube.exozy.me;
|
||||
|
||||
##
|
||||
# Application
|
||||
|
|
@ -30,14 +28,21 @@ server {
|
|||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://localhost:9000;
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload-resumable {
|
||||
location ~ ^/api/v1/videos/(upload-resumable|([^/]+/source/replace-resumable))$ {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/users/[^/]+/imports/import-resumable$ {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
|
|
@ -59,6 +64,13 @@ server {
|
|||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/runners/jobs/[^/]+/(update|success)$ {
|
||||
client_max_body_size 12G; # default is 1M
|
||||
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
||||
client_max_body_size 6M; # default is 1M
|
||||
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
|
@ -78,7 +90,7 @@ server {
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://localhost:9000;
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
|
|
@ -134,10 +146,10 @@ server {
|
|||
|
||||
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
|
||||
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
|
||||
#client_body_temp_path /var/lib/peertube/storage/nginx/;
|
||||
#client_body_temp_path /var/www/peertube/storage/nginx/;
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
|
||||
# Should be consistent with client-overrides assets list in client.ts server controller
|
||||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
|
|
@ -153,29 +165,7 @@ server {
|
|||
alias /usr/share/webapps/peertube/client/dist/$1;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(thumbnails|avatars)/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
|
||||
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
|
||||
location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
|
||||
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
|
||||
# We can't rate limit a try_files directive, so we need to duplicate @api
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
@ -184,20 +174,14 @@ server {
|
|||
|
||||
proxy_limit_rate 5M;
|
||||
|
||||
proxy_pass http://localhost:9000;
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
||||
location ~ ^/static/(webseed|web-videos|redundancy|streaming-playlists)/ {
|
||||
limit_rate_after 5M;
|
||||
|
||||
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
|
||||
set $peertube_limit_rate 800k;
|
||||
|
||||
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
|
||||
if ($request_uri ~ -fragmented.mp4$) {
|
||||
set $peertube_limit_rate 5M;
|
||||
}
|
||||
set $peertube_limit_rate 5M;
|
||||
|
||||
# Use this line with nginx >= 1.17.0
|
||||
limit_rate $peertube_limit_rate;
|
||||
|
|
@ -229,7 +213,8 @@ server {
|
|||
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
|
||||
aio threads;
|
||||
|
||||
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
|
||||
# web-videos is the name of the directory mapped to the `storage.web_videos` key in your PeerTube configuration
|
||||
rewrite ^/static/webseed/(.*)$ /web-videos/$1 break;
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name karawale.in *.karawale.in;
|
||||
|
||||
ssl_certificate /home/pranav/.local/share/cert/karawale.in/fullchain.pem;
|
||||
ssl_certificate_key /home/pranav/.local/share/cert/karawale.in/key.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/pages/pranav;
|
||||
proxy_pass http://unix:/srv/http/pranav;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name ta180m.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location / {
|
||||
return 301 https://a.exozy.me$request_uri;
|
||||
}
|
||||
}
|
||||
8
ssl
8
ssl
|
|
@ -1,8 +0,0 @@
|
|||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
|
@ -1,11 +1,8 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name chat.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name ci.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
|
|
|||
59
x.conf
Normal file
59
x.conf
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name pb.exozy.me;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7631;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name memos.exozy.me;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7632;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name reddit.exozy.me;
|
||||
|
||||
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7633;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name rssbridge.exozy.me;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7634;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
42
xtex.conf
Normal file
42
xtex.conf
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name xtexx.eu.org;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
|
||||
|
||||
add_header Server exozyme;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/xtexhome;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Proxy WebSockets
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name blog.xtexx.eu.org;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
|
||||
|
||||
add_header Server exozyme;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/xtexblog;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue