system/nginx/01/xmpp.conf

302 lines
9.3 KiB
Plaintext
Raw Normal View History

#Prosody (DEPRECATED!)
#server {
# listen 81.16.19.64:443 ssl http2;
# listen [2a03:4000:47:58a::]:443 ssl http2;
# server_name xmpp.liberta.casa;
#
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
# ssl_session_timeout 1d;
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# ssl_session_tickets off;
#
# ssl_protocols TLSv1.3 TLSv1.2;
# ssl_prefer_server_ciphers off;
# add_header Strict-Transport-Security "max-age=63072000" always;
# ssl_stapling on;
# ssl_stapling_verify on;
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# resolver 127.0.0.4;
#
# location / {
# proxy_pass http://[::1]:5280;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header Host $host;
#
# }
#
# location /xmpp-websocket {
# proxy_pass http://[::1]:5280/xmpp-websocket;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_read_timeout 900s;
# }
# location /candy/http-bind {
# proxy_pass https://127.0.0.2:5443/http-bind;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_read_timeout 900s;
# }
# location /candy {
# root /srv/www/candy/;
# index index.html;
# }
# location /candy-source {
# root /srv/www/candy/;
# }
#}
#mod_http_upload_external
#server {
# listen 81.16.19.64:443 ssl http2;
# listen [2a03:4000:47:58a::]:443 ssl http2;
#
# server_name up.xmpp.liberta.casa;
#
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
# ssl_session_timeout 1d;
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# ssl_session_tickets off;
#
# ssl_protocols TLSv1.3 TLSv1.2;
# ssl_prefer_server_ciphers off;
# add_header Strict-Transport-Security "max-age=63072000" always;
# ssl_stapling on;
# ssl_stapling_verify on;
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# resolver 127.0.0.4;
#
## client_max_body_size 50m;
#
# location / {
# if ( $request_method = OPTIONS ) {
# add_header Access-Control-Allow-Origin '*';
# add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD';
# add_header Access-Control-Allow-Headers 'Authorization, Content-Type';
# add_header Access-Control-Allow-Credentials 'true';
# add_header Content-Length 0;
# add_header Content-Type text/plain;
# return 200;
# }
# proxy_pass http://[::1]:5050/upload/;
# proxy_request_buffering off;
# }
#}
#server {
# listen 81.16.19.64:443 ssl http2;
# listen [2a03:4000:47:58a::]:443 ssl http2;
# server_name xmpp.lib.casa;
#
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
# ssl_session_timeout 1d;
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# ssl_session_tickets off;
#
# ssl_protocols TLSv1.3 TLSv1.2;
# ssl_prefer_server_ciphers off;
# add_header Strict-Transport-Security "max-age=63072000" always;
# ssl_stapling on;
# ssl_stapling_verify on;
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# resolver 127.0.0.4;
#
# location / {
# root /srv/www/jappix;
# index index.php;
# location ~ \.php$ {
# fastcgi_pass 172.168.100.1:9100;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# }
# }
#
# error_log /var/log/nginx/xmpp.lib.casa.err;
#}
####
## ejabberd
####
## mod_http_upload
perl_modules /usr/local/lib/perl;
perl_require upload.pm;
server {
listen 81.16.19.64:443 ssl http2;
listen [2a03:4000:47:58a::]:443 ssl http2;
listen 127.0.0.2:443 ssl http2;
server_name up.xmpp.lib.casa up.xmpp.liberta.casa;
ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt;
ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver 127.0.0.4;
root /opt/ejabberd/upload;
location / {
perl upload::handle;
}
client_max_body_size 40m;
# location / {
# if ( $request_method = OPTIONS ) {
# add_header Access-Control-Allow-Origin '*';
# add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD';
# add_header Access-Control-Allow-Headers 'Authorization, Content-Type';
# add_header Access-Control-Allow-Credentials 'true';
# add_header Content-Length 0;
# add_header Content-Type text/plain;
# return 200;
# }
# proxy_pass http://127.0.0.2:5443;
# proxy_request_buffering off;
# }
error_log /var/log/nginx/up.xmpp.lib.casa.err;
}
## Everything
server {
listen 81.16.19.64:443 ssl http2;
listen [2a03:4000:47:58a::]:443 ssl http2;
server_name xmpp.liberta.casa xmpp.lib.casa jabber.liberta.casa jabber.lib.casa;
ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt;
ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver 127.0.0.4;
#location / {
# proxy_pass https://127.0.0.2:5443;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header Host $host;
#
#}
location / {
root /srv/www/xmpp;
index index.html;
}
location /upload {
return https://up.xmpp.lib.casa;
}
location /bosh {
proxy_pass https://127.0.0.2:5443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location /ws {
proxy_pass https://127.0.0.2:5443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
# location /xmpp-websocket {
# proxy_pass http://[::1]:5280/xmpp-websocket;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_read_timeout 900s;
# }
location /candy/http-bind {
proxy_pass https://127.0.0.2:5443/http-bind;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_read_timeout 900s;
}
location /candy {
root /srv/www/candy/;
index index.html;
}
location /candy-source {
root /srv/www/candy/;
}
error_log /var/log/nginx/xmpp.lib.casa.err;
}
## ejabberd_web_admin
server {
listen 127.0.0.2:443 ssl http2;
server_name ejabberd-local.one.secure.squirrelcube.xyz;
ssl_certificate /etc/ssl/tp/fullchain.pem;
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver 127.0.0.4;
location / {
proxy_pass http://127.0.0.2:5280;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}