#Prosody (DEPRECATED!) #server { # listen 81.16.19.64:443 ssl http2; # listen [2a03:4000:47:58a::]:443 ssl http2; # server_name xmpp.liberta.casa; # # ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem; # ssl_session_timeout 1d; # ssl_session_cache shared:MozSSL:10m; # about 40000 sessions # ssl_session_tickets off; # # ssl_protocols TLSv1.3 TLSv1.2; # ssl_prefer_server_ciphers off; # add_header Strict-Transport-Security "max-age=63072000" always; # ssl_stapling on; # ssl_stapling_verify on; # #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; # resolver 127.0.0.4; # # location / { # proxy_pass http://[::1]:5280; # proxy_set_header X-Forwarded-For $remote_addr; # proxy_set_header Host $host; # # } # # location /xmpp-websocket { # proxy_pass http://[::1]:5280/xmpp-websocket; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_read_timeout 900s; # } # location /candy/http-bind { # proxy_pass https://127.0.0.2:5443/http-bind; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_read_timeout 900s; # } # location /candy { # root /srv/www/candy/; # index index.html; # } # location /candy-source { # root /srv/www/candy/; # } #} #mod_http_upload_external #server { # listen 81.16.19.64:443 ssl http2; # listen [2a03:4000:47:58a::]:443 ssl http2; # # server_name up.xmpp.liberta.casa; # # ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem; # ssl_session_timeout 1d; # ssl_session_cache shared:MozSSL:10m; # about 40000 sessions # ssl_session_tickets off; # # ssl_protocols TLSv1.3 TLSv1.2; # ssl_prefer_server_ciphers off; # add_header Strict-Transport-Security "max-age=63072000" always; # ssl_stapling on; # ssl_stapling_verify on; # #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; # resolver 127.0.0.4; # ## client_max_body_size 50m; # # location / { # if ( $request_method = OPTIONS ) { # add_header Access-Control-Allow-Origin '*'; # add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD'; # add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; # add_header Access-Control-Allow-Credentials 'true'; # add_header Content-Length 0; # add_header Content-Type text/plain; # return 200; # } # proxy_pass http://[::1]:5050/upload/; # proxy_request_buffering off; # } #} #server { # listen 81.16.19.64:443 ssl http2; # listen [2a03:4000:47:58a::]:443 ssl http2; # server_name xmpp.lib.casa; # # ssl_certificate /etc/letsencrypt/live/xmpp.liberta.casa/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/xmpp.liberta.casa/privkey.pem; # ssl_session_timeout 1d; # ssl_session_cache shared:MozSSL:10m; # about 40000 sessions # ssl_session_tickets off; # # ssl_protocols TLSv1.3 TLSv1.2; # ssl_prefer_server_ciphers off; # add_header Strict-Transport-Security "max-age=63072000" always; # ssl_stapling on; # ssl_stapling_verify on; # #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; # resolver 127.0.0.4; # # location / { # root /srv/www/jappix; # index index.php; # location ~ \.php$ { # fastcgi_pass 172.168.100.1:9100; # include fastcgi_params; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # } # } # # error_log /var/log/nginx/xmpp.lib.casa.err; #} #### ## ejabberd #### ## mod_http_upload perl_modules /usr/local/lib/perl; perl_require upload.pm; server { listen 81.16.19.64:443 ssl http2; listen [2a03:4000:47:58a::]:443 ssl http2; listen 127.0.0.2:443 ssl http2; server_name up.xmpp.lib.casa up.xmpp.liberta.casa; ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt; ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; resolver 127.0.0.4; root /opt/ejabberd/upload; location / { perl upload::handle; } client_max_body_size 40m; # location / { # if ( $request_method = OPTIONS ) { # add_header Access-Control-Allow-Origin '*'; # add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD'; # add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; # add_header Access-Control-Allow-Credentials 'true'; # add_header Content-Length 0; # add_header Content-Type text/plain; # return 200; # } # proxy_pass http://127.0.0.2:5443; # proxy_request_buffering off; # } error_log /var/log/nginx/up.xmpp.lib.casa.err; } ## Everything server { listen 81.16.19.64:443 ssl http2; listen [2a03:4000:47:58a::]:443 ssl http2; server_name xmpp.liberta.casa xmpp.lib.casa jabber.liberta.casa jabber.lib.casa; ssl_certificate /etc/ssl/lego/certificates/xmpp.liberta.casa.crt; ssl_certificate_key /etc/ssl/lego/certificates/xmpp.liberta.casa.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; resolver 127.0.0.4; #location / { # proxy_pass https://127.0.0.2:5443; # proxy_set_header X-Forwarded-For $remote_addr; # proxy_set_header Host $host; # #} location / { root /srv/www/xmpp; index index.html; } location /upload { return https://up.xmpp.lib.casa; } location /bosh { proxy_pass https://127.0.0.2:5443; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } location /ws { proxy_pass https://127.0.0.2:5443; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } # location /xmpp-websocket { # proxy_pass http://[::1]:5280/xmpp-websocket; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_read_timeout 900s; # } location /candy/http-bind { proxy_pass https://127.0.0.2:5443/http-bind; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_read_timeout 900s; } location /candy { root /srv/www/candy/; index index.html; } location /candy-source { root /srv/www/candy/; } error_log /var/log/nginx/xmpp.lib.casa.err; } ## ejabberd_web_admin server { listen 127.0.0.2:443 ssl http2; server_name ejabberd-local.one.secure.squirrelcube.xyz; ssl_certificate /etc/ssl/tp/fullchain.pem; ssl_certificate_key /etc/ssl/tp/private/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; resolver 127.0.0.4; location / { proxy_pass http://127.0.0.2:5280; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; } }