server { server_name libertacasa.xyz libertacasa.info libcasa.info www.libertacasa.xyz www.libertacasa.info www.libcasa.info www.lib.casa www.liberta.casa; listen 81.16.19.64:443 ssl http2; listen [2a03:4000:47:58a::]:443 ssl http2; #listen [::]:443 ssl http2; root /srv/www/liberta.casa/static/website; ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt; ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/ca-bundle.pem; resolver 127.0.0.4; return 302 https://liberta.casa; } server { server_name libertacasa.net libsh.net libsh.com libsso.net libsso.com; listen 81.16.19.64:443 ssl http2; root /srv/www/liberta.casa/static/website; ssl_certificate /etc/ssl/lego/certificates/libertacasa.net.crt; ssl_certificate_key /etc/ssl/lego/certificates/libertacasa.net.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/ca-bundle.pem; resolver 127.0.0.4; return 302 https://liberta.casa; } server { server_name liberta.casa lib.casa; listen 81.16.19.64:443 ssl http2; listen [2a03:4000:47:58a::]:443 ssl http2; #listen [::]:443 ssl http2; root /srv/www/liberta.casa/static/website; ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt; ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/ca-bundle.pem; resolver 127.0.0.4; location / { root /srv/www/liberta.casa/static/website; index index.html; add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri; } location /kiwi { root /mnt/gluster01/web/liberta.casa; index index.html; try_files $uri $uri/ =404; } location /register { proxy_pass http://127.0.0.1:8965; add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri; } location /webirc { proxy_pass http://192.168.0.110:8068; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } location /libcasa { root /srv/www/superseriousstats/libertacasa; index index.html; location ~ \.php$ { fastcgi_pass 172.168.100.1:9100; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; } } location /libcasa.info { root /srv/www/superseriousstats/libertacasa; index index.html; location ~ \.php$ { fastcgi_pass 172.168.100.1:9100; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; } } location /gamja { root /srv/www/gamja; index index.html; } location /socket { proxy_pass http://192.168.0.110:8068; proxy_read_timeout 600s; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } # location /convos { # proxy_pass http://[::1]:8089; # proxy_read_timeout 600s; # proxy_http_version 1.1; # proxy_set_header X-Forwarded-For $remote_addr; # proxy_set_header X-Forwarded-Proto $scheme; # } # # location ~ ^/(asset|convos-api.yaml|emoji|font|images|themes) { # root /srv/www/convos/convos/public; # } location /convos { rewrite ^/convos/?(.*)$ /$1 break; proxy_pass http://[::1]:8089; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Request-Base "$scheme://$host/convos"; } location /candy { root /srv/www/candy/; index index.html; add_header Access-Control-Allow-Origin *; } location /candy-source { root /srv/www/candy/; } ## https://xmpp.org/extensions/xep-0156.html#http ## Provides an alternative to SRV lookups, needed for compliance location /.well-known/host-meta { root /srv/www/xmpp; default_type 'application/xrd+xml'; add_header Access-Control-Allow-Origin '*' always; } location /.well-known/host-meta.json { root /srv/www/xmpp; default_type 'application/jrd+json'; add_header Access-Control-Allow-Origin '*' always; } error_log /var/log/nginx/liberta.casa.err; } server { server_name katyusha.liberta.casa; listen 81.16.19.64:443 ssl http2; ssl_certificate /etc/ssl/lego/certificates/irc.casa.crt; ssl_certificate_key /etc/ssl/lego/certificates/irc.casa.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_stapling on; ssl_stapling_verify on; #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; resolver 127.0.0.4; location / { proxy_pass http://[::1]:8086; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } access_log syslog:server=192.168.0.115:5014,tag=nginx_access_katyusha graylog_old; error_log syslog:server=192.168.0.115:5014,tag=nginx_error_katyusha debug; }