forked from exozyme/nginx
Compare commits
7 commits
fa70231eac
...
06ac5c8eea
Author | SHA1 | Date | |
---|---|---|---|
06ac5c8eea | |||
84c65e5506 | |||
057107d9c5 | |||
|
b2348b9646 | ||
8c2b0854b9 | |||
|
42fb81a97a | ||
45ccf9e51c |
4 changed files with 53 additions and 15 deletions
30
iacore.conf
30
iacore.conf
|
@ -1,16 +1,40 @@
|
||||||
|
log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name www.1a-insec.net;
|
server_name www.1a-insec.net;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.1a-insec.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.1a-insec.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
|
||||||
|
|
||||||
root /srv/http/iacore;
|
root /srv/http/iacore;
|
||||||
|
|
||||||
access_log /var/log/nginx/www.1a-insec.net.access.log;
|
access_log /var/log/nginx/www.1a-insec.net.access.log 1a-simple;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri.html $uri/ =404;
|
try_files $uri $uri.html $uri/ =404;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
server_name bean.1a-insec.net;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://unix:/srv/http/bean-doze;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Proxy WebSockets
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
22
nginx.conf
Normal file
22
nginx.conf
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# SSL
|
||||||
|
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
|
||||||
|
|
||||||
|
# Log to system journal
|
||||||
|
access_log syslog:server=unix:/dev/log;
|
||||||
|
error_log syslog:server=unix:/dev/log;
|
||||||
|
|
||||||
|
# Disable symlinks so users can't make nginx follow symlinks to sensitive files
|
||||||
|
disable_symlinks if_not_owner;
|
||||||
|
|
||||||
|
# Force UTF-8 because why not
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
# Yay HTTP/2!
|
||||||
|
http2 on;
|
|
@ -1,12 +0,0 @@
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name safetwitch.exozy.me;
|
|
||||||
|
|
||||||
root /srv/http/safetwitch;
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.html;
|
|
||||||
}
|
|
||||||
}
|
|
4
x.conf
4
x.conf
|
@ -31,6 +31,10 @@ server {
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name reddit.exozy.me;
|
server_name reddit.exozy.me;
|
||||||
|
|
||||||
|
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
||||||
|
return 444;
|
||||||
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://localhost:7633;
|
proxy_pass http://localhost:7633;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
Loading…
Reference in a new issue