210 lines
6.4 KiB
Plaintext
210 lines
6.4 KiB
Plaintext
server {
|
|
server_name libertacasa.xyz libertacasa.info libcasa.info www.libertacasa.xyz www.libertacasa.info www.libcasa.info www.lib.casa www.liberta.casa;
|
|
listen 81.16.19.64:443 ssl http2;
|
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
|
#listen [::]:443 ssl http2;
|
|
|
|
root /srv/www/liberta.casa/static/website;
|
|
|
|
ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt;
|
|
ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2;
|
|
ssl_prefer_server_ciphers off;
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
|
resolver 127.0.0.4;
|
|
|
|
return 302 https://liberta.casa;
|
|
}
|
|
server {
|
|
server_name libertacasa.net libsh.net libsh.com libsso.net libsso.com;
|
|
listen 81.16.19.64:443 ssl http2;
|
|
|
|
root /srv/www/liberta.casa/static/website;
|
|
|
|
ssl_certificate /etc/ssl/lego/certificates/libertacasa.net.crt;
|
|
ssl_certificate_key /etc/ssl/lego/certificates/libertacasa.net.key;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2;
|
|
ssl_prefer_server_ciphers off;
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
|
resolver 127.0.0.4;
|
|
|
|
return 302 https://liberta.casa;
|
|
}
|
|
server {
|
|
server_name liberta.casa lib.casa;
|
|
listen 81.16.19.64:443 ssl http2;
|
|
listen [2a03:4000:47:58a::]:443 ssl http2;
|
|
#listen [::]:443 ssl http2;
|
|
|
|
root /srv/www/liberta.casa/static/website;
|
|
|
|
ssl_certificate /etc/ssl/lego/certificates/liberta.casa.crt;
|
|
ssl_certificate_key /etc/ssl/lego/certificates/liberta.casa.key;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2;
|
|
ssl_prefer_server_ciphers off;
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
|
|
resolver 127.0.0.4;
|
|
|
|
location / {
|
|
root /srv/www/liberta.casa/static/website;
|
|
index index.html;
|
|
add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri;
|
|
}
|
|
|
|
location /kiwi {
|
|
root /mnt/gluster01/web/liberta.casa;
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
location /register {
|
|
proxy_pass http://127.0.0.1:8965;
|
|
add_header Onion-Location http://qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion$request_uri;
|
|
}
|
|
|
|
location /webirc {
|
|
proxy_pass http://192.168.0.110:8068;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location /libcasa {
|
|
root /srv/www/superseriousstats/libertacasa;
|
|
index index.html;
|
|
location ~ \.php$ {
|
|
fastcgi_pass 172.168.100.1:9100;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
}
|
|
|
|
}
|
|
|
|
location /libcasa.info {
|
|
root /srv/www/superseriousstats/libertacasa;
|
|
index index.html;
|
|
location ~ \.php$ {
|
|
fastcgi_pass 172.168.100.1:9100;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
}
|
|
}
|
|
|
|
location /gamja {
|
|
root /srv/www/gamja;
|
|
index index.html;
|
|
}
|
|
|
|
location /socket {
|
|
proxy_pass http://192.168.0.110:8068;
|
|
proxy_read_timeout 600s;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# location /convos {
|
|
# proxy_pass http://[::1]:8089;
|
|
# proxy_read_timeout 600s;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# }
|
|
#
|
|
# location ~ ^/(asset|convos-api.yaml|emoji|font|images|themes) {
|
|
# root /srv/www/convos/convos/public;
|
|
# }
|
|
|
|
location /convos {
|
|
rewrite ^/convos/?(.*)$ /$1 break;
|
|
proxy_pass http://[::1]:8089;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Request-Base "$scheme://$host/convos";
|
|
}
|
|
|
|
location /candy {
|
|
root /srv/www/candy/;
|
|
index index.html;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
location /candy-source {
|
|
root /srv/www/candy/;
|
|
}
|
|
|
|
## https://xmpp.org/extensions/xep-0156.html#http
|
|
## Provides an alternative to SRV lookups, needed for compliance
|
|
location /.well-known/host-meta {
|
|
root /srv/www/xmpp;
|
|
default_type 'application/xrd+xml';
|
|
add_header Access-Control-Allow-Origin '*' always;
|
|
}
|
|
location /.well-known/host-meta.json {
|
|
root /srv/www/xmpp;
|
|
default_type 'application/jrd+json';
|
|
add_header Access-Control-Allow-Origin '*' always;
|
|
}
|
|
|
|
error_log /var/log/nginx/liberta.casa.err;
|
|
|
|
}
|
|
|
|
server {
|
|
server_name katyusha.liberta.casa;
|
|
listen 81.16.19.64:443 ssl http2;
|
|
|
|
ssl_certificate /etc/ssl/lego/certificates/irc.casa.crt;
|
|
ssl_certificate_key /etc/ssl/lego/certificates/irc.casa.key;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2;
|
|
ssl_prefer_server_ciphers off;
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
|
resolver 127.0.0.4;
|
|
|
|
location / {
|
|
proxy_pass http://[::1]:8086;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
access_log syslog:server=192.168.0.115:5014,tag=nginx_access_katyusha graylog_old;
|
|
error_log syslog:server=192.168.0.115:5014,tag=nginx_error_katyusha debug;
|
|
}
|