Initial nginx run 01/05
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
parent
4b1683d4ed
commit
89f7cffd73
15
nginx/01/adminer.conf
Normal file
15
nginx/01/adminer.conf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#include php-fpm;
|
||||||
|
server {
|
||||||
|
listen 192.168.0.110:8084 ssl;
|
||||||
|
server_name adminer-local.one.secure.squirrelcube.xyz;
|
||||||
|
root /mnt/gluster01/web/adminer1;
|
||||||
|
index adminer.php;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
}
|
||||||
|
|
||||||
|
include php;
|
||||||
|
}
|
41
nginx/01/dnsui.conf
Normal file
41
nginx/01/dnsui.conf
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
server {
|
||||||
|
listen 192.168.0.110:8084 ssl;
|
||||||
|
server_name dnsui-local.one.secure.squirrelcube.xyz;
|
||||||
|
root /mnt/gluster01/web/dnsui1/public_html;
|
||||||
|
index init.php;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
# auth_basic "NS1 Intranet";
|
||||||
|
# auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ @php;
|
||||||
|
auth_basic "NS1 Intranet";
|
||||||
|
auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
|
||||||
|
}
|
||||||
|
location @php {
|
||||||
|
rewrite ^/(.*)$ /init.php/$1 last;
|
||||||
|
auth_basic "NS1 Intranet";
|
||||||
|
auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
|
||||||
|
}
|
||||||
|
location /init.php {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
|
auth_basic "NS1 Intranet";
|
||||||
|
auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /info.php {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
|
auth_basic "NS1 Intranet";
|
||||||
|
auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
error_log /var/log/nginx/dnsui1.log;
|
||||||
|
}
|
123
nginx/01/hidden.conf
Normal file
123
nginx/01/hidden.conf
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
server {
|
||||||
|
# server_name localhost;
|
||||||
|
listen 127.0.0.1:9191;
|
||||||
|
root /mnt/gluster01/web/liberta.casa;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
server_name qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion;
|
||||||
|
listen 127.0.0.1:9191;
|
||||||
|
|
||||||
|
autoindex off;
|
||||||
|
port_in_redirect off;
|
||||||
|
|
||||||
|
location /kiwi/static/config.json {
|
||||||
|
root /mnt/gluster01/web/liberta.casa;
|
||||||
|
rewrite ^/kiwi/static/config.json$ /kiwi_onion/static/config.json;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /kiwi {
|
||||||
|
root /mnt/gluster01/web/liberta.casa;
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /srv/www/liberta.casa/static/website;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /register {
|
||||||
|
proxy_pass http://127.0.0.1:8965;
|
||||||
|
add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /libcasa {
|
||||||
|
root /srv/www/superseriousstats/libertacasa;
|
||||||
|
index index.html;
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /libcasa.info {
|
||||||
|
root /srv/www/superseriousstats/libertacasa;
|
||||||
|
index index.html;
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /gamja {
|
||||||
|
root /srv/www/gamja;
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /socket {
|
||||||
|
proxy_pass http://192.168.0.110:8068;
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /convos {
|
||||||
|
rewrite ^/convos/?(.*)$ /$1 break;
|
||||||
|
proxy_pass http://[::1]:8089;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Request-Base "$scheme://$host/convos";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /candy {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
index index.html;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
location /candy-source {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
error_log /var/log/nginx/liberta.casa.err;
|
||||||
|
|
||||||
|
|
||||||
|
#location / {
|
||||||
|
# root /srv/www/liberta.casa;
|
||||||
|
# try_files $uri $uri/ =404;
|
||||||
|
#}
|
||||||
|
|
||||||
|
location /webirc {
|
||||||
|
proxy_pass http://127.0.0.2:6669;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
#server {
|
||||||
|
# server_name cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion;
|
||||||
|
# listen 9191;
|
||||||
|
#
|
||||||
|
# location /webirc {
|
||||||
|
# proxy_pass http://127.0.0.2:6668;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "Upgrade";
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# }
|
||||||
|
#}
|
11
nginx/01/http.conf
Normal file
11
nginx/01/http.conf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#server {
|
||||||
|
# listen 81.16.19.64:80 default_server;
|
||||||
|
# listen 45.129.182.13:80 default_server;
|
||||||
|
# listen [2a03:4000:47:58a::]:80 default_server;
|
||||||
|
# return 302 https://$host$request_uri;
|
||||||
|
#}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
79
nginx/01/keycloak.conf
Normal file
79
nginx/01/keycloak.conf
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
server {
|
||||||
|
listen 127.0.0.1:443 ssl http2;
|
||||||
|
server_name wildfly-keycloak-prod-theia.two.secure.squirrelcube.xyz;
|
||||||
|
ssl_certificate /etc/ssl/tp/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.5:10090;
|
||||||
|
proxy_set_header Host $host:10090;
|
||||||
|
proxy_set_header Origin http://$host:10090;
|
||||||
|
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 127.0.0.1:443 ssl http2;
|
||||||
|
|
||||||
|
server_name keycloak-prod-theia.two.secure.squirrelcube.xyz;
|
||||||
|
ssl_certificate /etc/ssl/tp/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://192.168.0.110:8180;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## PRODUCTION CONFIG
|
||||||
|
## Keycloak Frontend Load Balancer
|
||||||
|
## Instance: theia
|
||||||
|
##
|
||||||
|
proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m;
|
||||||
|
|
||||||
|
upstream jboss {
|
||||||
|
ip_hash;
|
||||||
|
server 192.168.0.110:8843;
|
||||||
|
server 192.168.0.115:8843;
|
||||||
|
server 192.168.0.120:8843;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
server_name sso.casa;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/libertacasa.net.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/libertacasa.net.key;
|
||||||
|
ssl_session_cache shared:SSL:1m;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
#location = / {
|
||||||
|
# return 302 /auth/;
|
||||||
|
#}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass https://jboss;
|
||||||
|
proxy_cache backcache;
|
||||||
|
proxy_ssl_verify off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
}
|
||||||
|
proxy_buffer_size 256k;
|
||||||
|
proxy_buffers 4 512k;
|
||||||
|
proxy_busy_buffers_size 512k;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
5
nginx/01/lan.conf
Normal file
5
nginx/01/lan.conf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
server {
|
||||||
|
listen 127.0.0.2:80;
|
||||||
|
server_name theia.local;
|
||||||
|
root /srv/www/lan;
|
||||||
|
}
|
209
nginx/01/liberta.casa.conf
Normal file
209
nginx/01/liberta.casa.conf
Normal file
@ -0,0 +1,209 @@
|
|||||||
|
server {
|
||||||
|
server_name libertacasa.xyz libertacasa.info libcasa.info www.libertacasa.xyz www.libertacasa.info www.libcasa.info www.lib.casa www.liberta.casa;
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
#listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
root /srv/www/liberta.casa/static/website;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
return 302 https://liberta.casa;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
server_name libertacasa.net libsh.net libsh.com libsso.net libsso.com;
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
|
||||||
|
root /srv/www/liberta.casa/static/website;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/libertacasa.net.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/libertacasa.net.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
return 302 https://liberta.casa;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
server_name liberta.casa lib.casa;
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
#listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
root /srv/www/liberta.casa/static/website;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /srv/www/liberta.casa/static/website;
|
||||||
|
index index.html;
|
||||||
|
add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /kiwi {
|
||||||
|
root /mnt/gluster01/web/liberta.casa;
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /register {
|
||||||
|
proxy_pass http://127.0.0.1:8965;
|
||||||
|
add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /webirc {
|
||||||
|
proxy_pass http://192.168.0.110:8068;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /libcasa {
|
||||||
|
root /srv/www/superseriousstats/libertacasa;
|
||||||
|
index index.html;
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /libcasa.info {
|
||||||
|
root /srv/www/superseriousstats/libertacasa;
|
||||||
|
index index.html;
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass 172.168.100.1:9100;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /gamja {
|
||||||
|
root /srv/www/gamja;
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /socket {
|
||||||
|
proxy_pass http://192.168.0.110:8068;
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
# location /convos {
|
||||||
|
# proxy_pass http://[::1]:8089;
|
||||||
|
# proxy_read_timeout 600s;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# location ~ ^/(asset|convos-api.yaml|emoji|font|images|themes) {
|
||||||
|
# root /srv/www/convos/convos/public;
|
||||||
|
# }
|
||||||
|
|
||||||
|
location /convos {
|
||||||
|
rewrite ^/convos/?(.*)$ /$1 break;
|
||||||
|
proxy_pass http://[::1]:8089;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Request-Base "$scheme://$host/convos";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /candy {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
index index.html;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
location /candy-source {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
}
|
||||||
|
|
||||||
|
## https://xmpp.org/extensions/xep-0156.html#http
|
||||||
|
## Provides an alternative to SRV lookups, needed for compliance
|
||||||
|
location /.well-known/host-meta {
|
||||||
|
root /srv/www/xmpp;
|
||||||
|
default_type 'application/xrd+xml';
|
||||||
|
add_header Access-Control-Allow-Origin '*' always;
|
||||||
|
}
|
||||||
|
location /.well-known/host-meta.json {
|
||||||
|
root /srv/www/xmpp;
|
||||||
|
default_type 'application/jrd+json';
|
||||||
|
add_header Access-Control-Allow-Origin '*' always;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_log /var/log/nginx/liberta.casa.err;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name katyusha.liberta.casa;
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/irc.casa.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/irc.casa.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://[::1]:8086;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5014,tag=nginx_access_katyusha graylog_old;
|
||||||
|
error_log syslog:server=192.168.0.115:5014,tag=nginx_error_katyusha debug;
|
||||||
|
}
|
240
nginx/01/matrix.conf
Normal file
240
nginx/01/matrix.conf
Normal file
@ -0,0 +1,240 @@
|
|||||||
|
##WEBSERVER DEFINITIONS FOR ALL MATRIX SERVICES ON LIBERTA.CASA
|
||||||
|
|
||||||
|
##SYNAPSE
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
|
||||||
|
# For the federation port
|
||||||
|
listen 81.16.19.64:8448 ssl default_server;
|
||||||
|
listen 192.168.0.110:8448 ssl;
|
||||||
|
|
||||||
|
# For bridge
|
||||||
|
listen 127.0.0.2:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
server_name matrix.liberta.casa;
|
||||||
|
|
||||||
|
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||||
|
proxy_pass http://[::1]:8077;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
return 200 '{"m.server": "matrix.liberta.casa:8448"}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://[::1]:8077/;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
# Nginx by default only allows file uploads up to 1M in size
|
||||||
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
||||||
|
client_max_body_size 50M;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_synapse graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_synapse debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#ELEMENT
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
server_name element.liberta.casa;
|
||||||
|
|
||||||
|
root /mnt/gluster01/web/matrix/element-libertacasa;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
server_name m.liberta.casa;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
return 301 https://element.liberta.casa$request_uri;
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_element graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_element debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#SYDENT
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
server_name ident.matrix.liberta.casa;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.4:8074/;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# Nginx by default only allows file uploads up to 1M in size
|
||||||
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
||||||
|
client_max_body_size 20M;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_sydent graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_sydent debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#DIMENSION
|
||||||
|
server {
|
||||||
|
server_name integrations.matrix.liberta.casa;
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_pass http://127.0.0.1:8184;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_dimension graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_dimension debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#KEYS
|
||||||
|
server {
|
||||||
|
server_name keys.matrix.liberta.casa;
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_pass http://127.0.0.2:8076;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "https://keys.matrix.liberta.casa"}, "m.identity_server": {"base_url": "https://ident.matrix.liberta.casa"}}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
return 200 '{"m.server": "keys.matrix.liberta.casa:443"}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_keys graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_keys debug;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#MAUBOT
|
||||||
|
server {
|
||||||
|
server_name maubot.matrix.liberta.casa;
|
||||||
|
listen 81.16.19.64:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/liberta.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/liberta.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
# location /_matrix/maubot/v1/logs {
|
||||||
|
# proxy_pass http://127.0.0.2:29419;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "Upgrade";
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# }
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.2:29419;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log syslog:server=192.168.0.115:5013,tag=nginx_access_lc_matrix_maubot graylog;
|
||||||
|
error_log syslog:server=192.168.0.115:5013,tag=nginx_error_lc_matrix_maubot debug;
|
||||||
|
|
||||||
|
}
|
74
nginx/01/mattermost.conf
Normal file
74
nginx/01/mattermost.conf
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
upstream mattermost {
|
||||||
|
server 127.0.0.2:8065;
|
||||||
|
keepalive 32;
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen 192.168.0.110:443 ssl http2;
|
||||||
|
server_name mattermost.casa;
|
||||||
|
|
||||||
|
http2_push_preload on;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/mattermost.casa/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/mattermost.casa/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_early_data on;
|
||||||
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
#ssl_session_cache shared:SSL:50m;
|
||||||
|
add_header Strict-Transport-Security max-age=15768000;
|
||||||
|
#add_header X-Early-Data $tls1_3_early_data;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location /libcasa/channels/town-square {
|
||||||
|
return https://mattermost.casa/libcasa/channels/libcasa;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /api/v[0-9]+/(users/)?websocket$ {
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_buffers 256 16k;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
client_body_timeout 60;
|
||||||
|
send_timeout 300;
|
||||||
|
lingering_timeout 5;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 300;
|
||||||
|
proxy_read_timeout 90s;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass http://mattermost;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_buffers 256 16k;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
proxy_cache mattermost_cache;
|
||||||
|
proxy_cache_revalidate on;
|
||||||
|
proxy_cache_min_uses 2;
|
||||||
|
proxy_cache_use_stale timeout;
|
||||||
|
proxy_cache_lock on;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass http://mattermost;
|
||||||
|
}
|
||||||
|
}
|
18
nginx/01/mirror.conf
Normal file
18
nginx/01/mirror.conf
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
server {
|
||||||
|
listen 45.129.182.13:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name 3zy.de;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/3zy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/3zy.de/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /mnt/gluster01/mirror;
|
||||||
|
# fancyindex on;
|
||||||
|
# fancyindex_exact_size on;
|
||||||
|
autoindex on;
|
||||||
|
autoindex_exact_size on;
|
||||||
|
autoindex_localtime on;
|
||||||
|
}
|
||||||
|
}
|
16
nginx/01/nsedit.conf
Normal file
16
nginx/01/nsedit.conf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
include php-fpm;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 192.168.0.110:8083 ssl;
|
||||||
|
server_name nsedit1-local.secure.squirrelcube.xyz;
|
||||||
|
root /mnt/gluster01/web/nsedit1;
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
}
|
||||||
|
|
||||||
|
include php;
|
||||||
|
}
|
41
nginx/01/omnidb.conf
Normal file
41
nginx/01/omnidb.conf
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
server {
|
||||||
|
listen 127.0.0.2:8085 ssl;
|
||||||
|
server_name omnidb-local.one.secure.squirrelcube.xyz;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass https://omnidb-backend.one.secure.squirrelcube.xyz:8086;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Ssl https;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header X-Forwarded-Port 443;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 45.129.182.13:25483 ssl;
|
||||||
|
listen [2a03:4000:47:58a::]:25483 ssl;
|
||||||
|
server_name omnidb1.one.secure.squirrelcube.xyz;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass https://omnidb-backend.one.secure.squirrelcube.xyz:25482;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Ssl https;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header X-Forwarded-Port 25483;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
}
|
28
nginx/01/tp.3gy.de.conf
Normal file
28
nginx/01/tp.3gy.de.conf
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
server {
|
||||||
|
server_name tp.3gy.de one.tp.3gy.de *.one.secure.squirrelcube.xyz;
|
||||||
|
listen 45.129.182.13:443 ssl;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tp.3gy.de/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tp.3gy.de/privkey.pem;
|
||||||
|
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
#ssl_ciphers
|
||||||
|
#ssl_prefer_server_ciphers
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass https://[::1]:3080/;
|
||||||
|
proxy_ssl_verify off;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_read_timeout 3600;
|
||||||
|
}
|
||||||
|
}
|
301
nginx/01/xmpp.conf
Normal file
301
nginx/01/xmpp.conf
Normal file
@ -0,0 +1,301 @@
|
|||||||
|
#Prosody (DEPRECATED!)
|
||||||
|
#server {
|
||||||
|
# listen 81.16.19.64:443 ssl http2;
|
||||||
|
# listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
# server_name xmpp.liberta.casa;
|
||||||
|
#
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
|
||||||
|
# ssl_session_timeout 1d;
|
||||||
|
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
# ssl_session_tickets off;
|
||||||
|
#
|
||||||
|
# ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
# ssl_prefer_server_ciphers off;
|
||||||
|
# add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
# ssl_stapling on;
|
||||||
|
# ssl_stapling_verify on;
|
||||||
|
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
# resolver 127.0.0.4;
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# proxy_pass http://[::1]:5280;
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
#
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# location /xmpp-websocket {
|
||||||
|
# proxy_pass http://[::1]:5280/xmpp-websocket;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "Upgrade";
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_read_timeout 900s;
|
||||||
|
# }
|
||||||
|
# location /candy/http-bind {
|
||||||
|
# proxy_pass https://127.0.0.2:5443/http-bind;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "Upgrade";
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_read_timeout 900s;
|
||||||
|
# }
|
||||||
|
# location /candy {
|
||||||
|
# root /srv/www/candy/;
|
||||||
|
# index index.html;
|
||||||
|
# }
|
||||||
|
# location /candy-source {
|
||||||
|
# root /srv/www/candy/;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
#mod_http_upload_external
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# listen 81.16.19.64:443 ssl http2;
|
||||||
|
# listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
#
|
||||||
|
# server_name up.xmpp.liberta.casa;
|
||||||
|
#
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
|
||||||
|
# ssl_session_timeout 1d;
|
||||||
|
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
# ssl_session_tickets off;
|
||||||
|
#
|
||||||
|
# ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
# ssl_prefer_server_ciphers off;
|
||||||
|
# add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
# ssl_stapling on;
|
||||||
|
# ssl_stapling_verify on;
|
||||||
|
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
# resolver 127.0.0.4;
|
||||||
|
#
|
||||||
|
## client_max_body_size 50m;
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# if ( $request_method = OPTIONS ) {
|
||||||
|
# add_header Access-Control-Allow-Origin '*';
|
||||||
|
# add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD';
|
||||||
|
# add_header Access-Control-Allow-Headers 'Authorization, Content-Type';
|
||||||
|
# add_header Access-Control-Allow-Credentials 'true';
|
||||||
|
# add_header Content-Length 0;
|
||||||
|
# add_header Content-Type text/plain;
|
||||||
|
# return 200;
|
||||||
|
# }
|
||||||
|
# proxy_pass http://[::1]:5050/upload/;
|
||||||
|
# proxy_request_buffering off;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# listen 81.16.19.64:443 ssl http2;
|
||||||
|
# listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
# server_name xmpp.lib.casa;
|
||||||
|
#
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem;
|
||||||
|
# ssl_session_timeout 1d;
|
||||||
|
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
# ssl_session_tickets off;
|
||||||
|
#
|
||||||
|
# ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
# ssl_prefer_server_ciphers off;
|
||||||
|
# add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
# ssl_stapling on;
|
||||||
|
# ssl_stapling_verify on;
|
||||||
|
# #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
# resolver 127.0.0.4;
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# root /srv/www/jappix;
|
||||||
|
# index index.php;
|
||||||
|
# location ~ \.php$ {
|
||||||
|
# fastcgi_pass 172.168.100.1:9100;
|
||||||
|
# include fastcgi_params;
|
||||||
|
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# error_log /var/log/nginx/xmpp.lib.casa.err;
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
####
|
||||||
|
## ejabberd
|
||||||
|
####
|
||||||
|
|
||||||
|
## mod_http_upload
|
||||||
|
|
||||||
|
perl_modules /usr/local/lib/perl;
|
||||||
|
perl_require upload.pm;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
listen 127.0.0.2:443 ssl http2;
|
||||||
|
server_name up.xmpp.lib.casa up.xmpp.liberta.casa;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
root /opt/ejabberd/upload;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
perl upload::handle;
|
||||||
|
}
|
||||||
|
|
||||||
|
client_max_body_size 40m;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# if ( $request_method = OPTIONS ) {
|
||||||
|
# add_header Access-Control-Allow-Origin '*';
|
||||||
|
# add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD';
|
||||||
|
# add_header Access-Control-Allow-Headers 'Authorization, Content-Type';
|
||||||
|
# add_header Access-Control-Allow-Credentials 'true';
|
||||||
|
# add_header Content-Length 0;
|
||||||
|
# add_header Content-Type text/plain;
|
||||||
|
# return 200;
|
||||||
|
# }
|
||||||
|
# proxy_pass http://127.0.0.2:5443;
|
||||||
|
# proxy_request_buffering off;
|
||||||
|
# }
|
||||||
|
|
||||||
|
error_log /var/log/nginx/up.xmpp.lib.casa.err;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
## Everything
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 81.16.19.64:443 ssl http2;
|
||||||
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
||||||
|
server_name xmpp.liberta.casa xmpp.lib.casa jabber.liberta.casa jabber.lib.casa;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
#location / {
|
||||||
|
# proxy_pass https://127.0.0.2:5443;
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
#
|
||||||
|
#}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /srv/www/xmpp;
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /upload {
|
||||||
|
return https://up.xmpp.lib.casa;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /bosh {
|
||||||
|
proxy_pass https://127.0.0.2:5443;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /ws {
|
||||||
|
proxy_pass https://127.0.0.2:5443;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
# location /xmpp-websocket {
|
||||||
|
# proxy_pass http://[::1]:5280/xmpp-websocket;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "Upgrade";
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_read_timeout 900s;
|
||||||
|
# }
|
||||||
|
location /candy/http-bind {
|
||||||
|
proxy_pass https://127.0.0.2:5443/http-bind;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_read_timeout 900s;
|
||||||
|
}
|
||||||
|
location /candy {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
location /candy-source {
|
||||||
|
root /srv/www/candy/;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_log /var/log/nginx/xmpp.lib.casa.err;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
## ejabberd_web_admin
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 127.0.0.2:443 ssl http2;
|
||||||
|
server_name ejabberd-local.one.secure.squirrelcube.xyz;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/tp/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||||
|
resolver 127.0.0.4;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.2:5280;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user