summaryrefslogtreecommitdiffstats
path: root/nginx
diff options
context:
space:
mode:
authorGeorg2021-08-30 20:57:05 +0200
committerGeorg2021-08-30 20:57:05 +0200
commit247dc78649d524fb70c1ec5c7da69262ad4d1486 (patch)
tree51ba1cef132e059ab6ef4e3362e66df6303465a9 /nginx
parentc9e34fd1e126731be67c430c0f182a69fbbfcc8d (diff)
downloadsystem-247dc78649d524fb70c1ec5c7da69262ad4d1486.tar.gz
system-247dc78649d524fb70c1ec5c7da69262ad4d1486.tar.bz2
system-247dc78649d524fb70c1ec5c7da69262ad4d1486.zip
Initial nginx run 03/05
Signed-off-by: Georg <georg@lysergic.dev>
Diffstat (limited to 'nginx')
-rw-r--r--nginx/03/3gy.conf31
-rw-r--r--nginx/03/beauties.conf34
-rw-r--r--nginx/03/cytube.conf31
-rw-r--r--nginx/03/default.conf16
-rw-r--r--nginx/03/deploy.conf15
-rw-r--r--nginx/03/dnsui.conf27
-rw-r--r--nginx/03/http.conf6
-rw-r--r--nginx/03/keycloak.conf43
-rw-r--r--nginx/03/local.conf4
-rw-r--r--nginx/03/mail.conf124
-rw-r--r--nginx/03/matterbridge.conf71
-rw-r--r--nginx/03/mirror.conf15
-rw-r--r--nginx/03/parking.conf32
-rw-r--r--nginx/03/psy.conf26
-rw-r--r--nginx/03/pub.conf11
-rw-r--r--nginx/03/radio.conf59
-rw-r--r--nginx/03/redirects.conf173
-rw-r--r--nginx/03/tp.3gy.de.conf27
-rw-r--r--nginx/03/vdi.conf44
-rw-r--r--nginx/03/vizzare.conf30
-rw-r--r--nginx/03/znc.conf18
21 files changed, 837 insertions, 0 deletions
diff --git a/nginx/03/3gy.conf b/nginx/03/3gy.conf
new file mode 100644
index 0000000..e7ddc11
--- /dev/null
+++ b/nginx/03/3gy.conf
@@ -0,0 +1,31 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+
+ server_name 3gy.de;
+
+ ssl_certificate /etc/ssl/mail/fullchain.pem;
+ ssl_certificate_key /etc/ssl/mail/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1.3;
+ ssl_prefer_server_ciphers off;
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+
+ resolver 172.168.100.2;
+
+ location / {
+ root /srv/www/htdocs/3gy/;
+ index index.html;
+ }
+
+}
diff --git a/nginx/03/beauties.conf b/nginx/03/beauties.conf
new file mode 100644
index 0000000..dd4bd20
--- /dev/null
+++ b/nginx/03/beauties.conf
@@ -0,0 +1,34 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+
+ server_name hugz.io up.hugz.io www.hugz.io;
+
+ ssl_certificate /etc/ssl/hugz/fullchain.pem;
+ ssl_certificate_key /etc/ssl/hugz/private/privkey.pem;
+
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_prefer_server_ciphers off;
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ error_page 403 /beauties-ip.html;
+ location = /beauties-ip.html {
+ root /srv/www/error;
+ allow all;
+ }
+
+ location / {
+ proxy_pass http://192.168.0.120:8922;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host:$server_port;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ client_max_body_size 200M;
+ types {} default_type "text/plain; charset=utf-8";
+ deny 2a01:7e00::f03c:91ff:feae:d55;
+ deny 176.58.107.169;
+ }
+
+}
diff --git a/nginx/03/cytube.conf b/nginx/03/cytube.conf
new file mode 100644
index 0000000..082689c
--- /dev/null
+++ b/nginx/03/cytube.conf
@@ -0,0 +1,31 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+ listen 192.168.0.120:443 ssl http2;
+
+ server_name party.lysergic.dev;
+
+ ssl_certificate /etc/ssl/lysergic/fullchain.pem;
+ ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+ resolver 127.0.0.4;
+
+
+ location / {
+ proxy_pass http://127.0.0.1:8250;
+ proxy_set_header X-Forwarded-Host $host:$server_port;
+ }
+
+ location /jsxc {
+ root /srv/www/jsxc.party;
+ }
+}
diff --git a/nginx/03/default.conf b/nginx/03/default.conf
new file mode 100644
index 0000000..e58384c
--- /dev/null
+++ b/nginx/03/default.conf
@@ -0,0 +1,16 @@
+#server {
+# listen 202.61.255.100:80 default_server;
+#
+# root /srv/www/htdocs/default;
+# index index.html;
+#}
+server {
+ listen 202.61.255.100:443 ssl http2 default_server;
+ listen [2a03:4000:55:d1d::]:443 ssl http2 default_server;
+
+ root /srv/www/htdocs/default;
+ index index.html;
+
+ ssl_certificate /etc/ssl/parking/fullchain.pem;
+ ssl_certificate_key /etc/ssl/parking/private/privkey.pem;
+}
diff --git a/nginx/03/deploy.conf b/nginx/03/deploy.conf
new file mode 100644
index 0000000..af22340
--- /dev/null
+++ b/nginx/03/deploy.conf
@@ -0,0 +1,15 @@
+server {
+ listen 202.61.255.100:80;
+ listen 192.168.0.120:80;
+ server_name deploy.squirrelcube.xyz;
+ root /srv/www/deploy;
+
+ location / {
+ autoindex on;
+ }
+
+ location /secret {
+ auth_basic "Lysergic Deployment Services";
+ auth_basic_user_file /etc/nginx/auth/deployment;
+ }
+}
diff --git a/nginx/03/dnsui.conf b/nginx/03/dnsui.conf
new file mode 100644
index 0000000..6bf54a2
--- /dev/null
+++ b/nginx/03/dnsui.conf
@@ -0,0 +1,27 @@
+server {
+ listen 192.168.0.120:8084 ssl;
+ server_name dnsui-local.secure.squirrelcube.xyz;
+ root /mnt/gluster01/web/dnsui3/public_html;
+ index init.php;
+
+ ssl_certificate /etc/ssl/tp/fullchain.pem;
+ ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
+
+ location / {
+ try_files $uri $uri/ @php;
+ auth_basic "NS1 Intranet";
+ auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
+ }
+ location @php {
+ rewrite ^/(.*)$ /init.php/$1 last;
+ auth_basic "NS1 Intranet";
+ auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
+ }
+ location /init.php {
+ fastcgi_pass 172.168.100.3:9100;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+ auth_basic "NS1 Intranet";
+ auth_basic_user_file /mnt/gluster01/web/auth/dnsui;
+ }
+}
diff --git a/nginx/03/http.conf b/nginx/03/http.conf
new file mode 100644
index 0000000..68b8389
--- /dev/null
+++ b/nginx/03/http.conf
@@ -0,0 +1,6 @@
+server {
+ listen 202.61.255.100:80 default_server;
+ listen [2a03:4000:55:d1d::]:80 default_server;
+ listen 81.16.18.137:80 default_server;
+ return 302 https://$host$request_uri;
+}
diff --git a/nginx/03/keycloak.conf b/nginx/03/keycloak.conf
new file mode 100644
index 0000000..186f773
--- /dev/null
+++ b/nginx/03/keycloak.conf
@@ -0,0 +1,43 @@
+##
+## PRODUCTION CONFIG
+## Keycloak Frontend Load Balancer
+## Instance: selene
+##
+proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m;
+
+upstream jboss {
+ ip_hash;
+ server 192.168.0.110:8843;
+ server 192.168.0.115:8843;
+ server 192.168.0.120:8843;
+}
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+ server_name sso.casa;
+
+ ssl_certificate /etc/ssl/libertacasa.net/fullchain.pem;
+ ssl_certificate_key /etc/ssl/libertacasa.net/private/privkey.pem;
+ ssl_session_cache shared:SSL:1m;
+ ssl_prefer_server_ciphers on;
+
+ #location = / {
+ # return 302 /auth/;
+ #}
+
+ location / {
+ proxy_pass https://jboss;
+ proxy_cache backcache;
+ proxy_ssl_verify off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ }
+ proxy_buffer_size 256k;
+ proxy_buffers 4 512k;
+ proxy_busy_buffers_size 512k;
+
+}
+
+
diff --git a/nginx/03/local.conf b/nginx/03/local.conf
new file mode 100644
index 0000000..db26c7d
--- /dev/null
+++ b/nginx/03/local.conf
@@ -0,0 +1,4 @@
+server {
+ listen 192.168.0.120:80;
+ root /srv/www/local;
+}
diff --git a/nginx/03/mail.conf b/nginx/03/mail.conf
new file mode 100644
index 0000000..551656d
--- /dev/null
+++ b/nginx/03/mail.conf
@@ -0,0 +1,124 @@
+server {
+ listen 192.168.0.120:443 ssl http2;
+
+ server_name zz0.email;
+
+ ssl_certificate /etc/ssl/mail/fullchain.pem;
+ ssl_certificate_key /etc/ssl/mail/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1.3;
+ ssl_prefer_server_ciphers off;
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+
+ resolver 172.168.100.2;
+
+ location /Microsoft-Server-ActiveSync {
+ proxy_pass http://127.0.0.2:8080/Microsoft-Server-ActiveSync;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_connect_timeout 75;
+ proxy_send_timeout 3650;
+ proxy_read_timeout 3650;
+ proxy_buffers 64 256k;
+ client_body_buffer_size 512k;
+ client_max_body_size 0;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.2:8080/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 0;
+ }
+}
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+
+ server_name sogo.zz0.email zz0.email;
+
+ ssl_certificate /etc/ssl/mail/fullchain.pem;
+ ssl_certificate_key /etc/ssl/mail/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1.3;
+ ssl_prefer_server_ciphers off;
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+
+ resolver 172.168.100.2;
+
+ location / {
+ return 302 /SOGo;
+ }
+
+ location /SOGo {
+ proxy_pass http://127.0.0.2:20000;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+ proxy_set_header x-webobjects-remote-host $remote_addr;
+ proxy_set_header x-webobjects-server-name $server_name;
+ proxy_set_header x-webobjects-server-url https://$http_host;
+ proxy_set_header x-webobjects-server-port $server_port;
+ proxy_send_timeout 3600;
+ proxy_read_timeout 3600;
+ client_body_buffer_size 128k;
+ client_max_body_size 0;
+ break;
+
+ }
+
+
+ location /SOGo.woa/WebServerResources/ {
+ alias /opt/GNUstep/SOGo/WebServerResources/;
+ }
+
+ location /.woa/WebServerResources/ {
+ alias /opt/GNUstep/SOGo/WebServerResources/;
+ }
+
+ location /SOGo/WebServerResources/ {
+ alias /opt/GNUstep/SOGo/WebServerResources/;
+ }
+
+ location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
+ alias /opt/GNUstep/SOGo/$1.SOGo/Resources/$2;
+ }
+
+ #trying to make / serve SOGo with no fuzz....
+# location /WebServerResources/ {
+# alias /opt/GNUstep/SOGo/WebServerResources/;
+# }
+
+# location (^/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
+# alias /opt/GNUstep/SOGo/$1.SOGo/Resources/$2;
+# }
+
+
+}
+
diff --git a/nginx/03/matterbridge.conf b/nginx/03/matterbridge.conf
new file mode 100644
index 0000000..921dc9e
--- /dev/null
+++ b/nginx/03/matterbridge.conf
@@ -0,0 +1,71 @@
+server {
+ server_name ts.lsd25.xyz;
+ listen 202.61.255.100:443 ssl;
+ listen [2a03:4000:55:d1d::]:443 ssl;
+
+ root /opt/matterbridge/tripsit/bridgemedia;
+
+ ssl_certificate /etc/ssl/lysergic/fullchain.pem;
+ ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
+ #ssl_ciphers
+ #ssl_prefer_server_ciphers
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ #ssl_stapling on;
+ #ssl_stapling_verify on;
+
+ location / {
+ }
+}
+server {
+ server_name lc.lsd25.xyz;
+ listen 202.61.255.100:443 ssl;
+ listen [2a03:4000:55:d1d::]:443 ssl;
+
+ root /opt/matterbridge/libertacasa/bridgemedia;
+
+ ssl_certificate /etc/ssl/lysergic/fullchain.pem;
+ ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
+ #ssl_ciphers
+ #ssl_prefer_server_ciphers
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ #ssl_stapling on;
+ #ssl_stapling_verify on;
+
+ location / {
+ }
+}
+
+server {
+ server_name lsd.airforce;
+ listen 202.61.255.100:443 ssl;
+ listen [2a03:4000:55:d1d::]:443 ssl;
+
+ root /opt/matterbridge/tripsit/bridgemedia2;
+
+ ssl_certificate /etc/ssl/parking/fullchain.pem;
+ ssl_certificate_key /etc/ssl/parking/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
+ #ssl_ciphers
+ #ssl_prefer_server_ciphers
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ #ssl_stapling on;
+ #ssl_stapling_verify on;
+
+ location / {
+ }
+}
+
diff --git a/nginx/03/mirror.conf b/nginx/03/mirror.conf
new file mode 100644
index 0000000..06c2aab
--- /dev/null
+++ b/nginx/03/mirror.conf
@@ -0,0 +1,15 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+
+ server_name 3zy.de;
+
+ ssl_certificate /etc/ssl/3zy.de/fullchain.pem;
+ ssl_certificate_key /etc/ssl/3zy.de/private/privkey.pem;
+
+ location / {
+ root /mnt/gluster01/mirror;
+ fancyindex on;
+ fancyindex_exact_size on;
+ }
+}
diff --git a/nginx/03/parking.conf b/nginx/03/parking.conf
new file mode 100644
index 0000000..f92a2b3
--- /dev/null
+++ b/nginx/03/parking.conf
@@ -0,0 +1,32 @@
+server {
+ include listen01_80;
+ include listen01_443;
+ server_name armed.airforce drugs.airforce official.airforce *.armed.airforce *.drugs.airforce *.official.airforce;
+
+ root /srv/www/parking;
+ index index.html;
+}
+server {
+ include listen01_443;
+ ssl_certificate /etc/ssl/parking/fullchain.pem;
+ ssl_certificate_key /etc/ssl/parking/private/privkey.pem;
+ server_name libera.airforce libera.fail libera.wtf libera.fun libera.run *.libera.airforce *.libera.fail *.libera.wtf *.libera.fun *.libera.run zware.net *.zware.net wien.lol *.wien.lol freunde.eu *.freunde.eu schrak.com *.schrak.com angelamerkl.de dachundfa.ch multimillionai.re lsd.monster lsd-25.monster lsd25.monster naked.monster drugged.monster l0ve.io casey-neistat.com casey-neistat.xyz caseyneistat.us siemens.health clouded-cloud.com broadband-cloud.com fuckdress.fashion fuckdress.com amex.rest americanexpress.rest americanexpress.fun strong-chemicals.com mcdonalds.pw fantastrip.de *.fantastrip.de *.naked.monster *.drugged.monster *.dachundfa.ch *.l0ve.io *.casey-neistat.com *.casey-neistat.xyz *.caseyneistat.us *.siemens.health *.clouded-cloud.com *.broadband-cloud.com *.fuckdress.fashion *.fuckdress.com *.amex.rest *.americanexpress.fun;
+ root /srv/www/parking;
+ index index.html;
+}
+server {
+ include listen01_80;
+ server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt tripsit.yoga *.tripsit.yoga lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo chat.lsd.ooo tripsit.wiki www.tripsit.wiki tripsit.info www.tripsit.info tripsit.app *.tripsit.app;
+ root /srv/www/parking;
+ index index.html;
+}
+server {
+ include listen01_443;
+ server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt tripsit.yoga *.tripsit.yoga lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo chat.lsd.ooo tripsit.wiki www.tripsit.wiki tripsit.info www.tripsit.info tripsit.app *.tripsit.app;
+
+ ssl_certificate /etc/ssl/drugs/fullchain.pem;
+ ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+
+ root /srv/www/parking;
+ index index.html;
+}
diff --git a/nginx/03/psy.conf b/nginx/03/psy.conf
new file mode 100644
index 0000000..be6c51c
--- /dev/null
+++ b/nginx/03/psy.conf
@@ -0,0 +1,26 @@
+server {
+ include listen01_80;
+ server_name psy.wiki www.psy.wiki;
+ root /srv/www/parking/psy;
+ index index.html;
+}
+server {
+ include listen01_80;
+ server_name ~^(?<subdomain>[\w-]+)\.psy\.wiki$;
+ return 302 'https://psychonautwiki.org/wiki/?search=$subdomain';
+}
+server {
+ include listen01_443;
+ server_name psy.wiki www.psy.wiki;
+ ssl_certificate /etc/ssl/drugs/fullchain.pem;
+ ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+ root /srv/www/parking/psy;
+ index index.html;
+}
+server {
+ include listen01_443;
+ server_name ~^(?<subdomain>[\w-]+)\.psy\.wiki$;
+ ssl_certificate /etc/ssl/drugs/fullchain.pem;
+ ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+ return 302 'https://psychonautwiki.org/wiki/?search=$subdomain';
+}
diff --git a/nginx/03/pub.conf b/nginx/03/pub.conf
new file mode 100644
index 0000000..89f30e3
--- /dev/null
+++ b/nginx/03/pub.conf
@@ -0,0 +1,11 @@
+server {
+ include listen01_443;
+ ssl_certificate /etc/ssl/parking/fullchain.pem;
+ ssl_certificate_key /etc/ssl/parking/private/privkey.pem;
+ server_name pub.libera.fun;
+ root /srv/www/pub;
+# index index.html;
+ location / {
+ autoindex on;
+ }
+}
diff --git a/nginx/03/radio.conf b/nginx/03/radio.conf
new file mode 100644
index 0000000..0bc5ed0
--- /dev/null
+++ b/nginx/03/radio.conf
@@ -0,0 +1,59 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+
+ server_name web.lib.radio.fm www.lib.radio.fm;
+
+ ssl_certificate /etc/ssl/radio/crt.crt;
+ ssl_certificate_key /etc/ssl/radio/private/key.key;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+ resolver 127.0.0.4;
+
+ location / {
+ root /srv/www/radio;
+ index index.php;
+ }
+
+ location ~ [^/]\.php(/|$) {
+ root /srv/www/radio;
+ index index.php;
+ fastcgi_pass 172.168.100.3:9100;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /srv/www/radio/$fastcgi_script_name;
+ fastcgi_index index.php;
+ }
+}
+server {
+ listen 202.61.255.100:443 ssl http2;
+
+ server_name lib.radio.am web.lib.radio.am www.lib.radio.am;
+
+ ssl_certificate /etc/ssl/radio/crt.crt;
+ ssl_certificate_key /etc/ssl/radio/private/key.key;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+ resolver 127.0.0.4;
+
+ location / {
+ root /srv/www/icedrop-master;
+ index index.html;
+ add_header Access-Control-Allow-Origin '*' always;
+ }
+}
+
diff --git a/nginx/03/redirects.conf b/nginx/03/redirects.conf
new file mode 100644
index 0000000..a9da3a3
--- /dev/null
+++ b/nginx/03/redirects.conf
@@ -0,0 +1,173 @@
+#TRIPSIT
+#server {
+# include listen01_80;
+# server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips;
+# return 302 https://tripsit.me/;
+#}
+#server {
+# include listen01_80;
+# server_name drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips;
+# return 302 https://chat.tripsit.me/;
+#}
+#server {
+# include listen01_80;
+# server_name tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt;
+# return 302 'https://chat.tripsit.me/chat/##LGBT';
+#}
+#server {
+# include listen01_80;
+# server_name tripsit.yoga *.tripsit.yoga;
+# return 302 'https://chat.tripsit.me/chat/#meditation';
+#}
+#server {
+# include listen01_443;
+# server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 https://tripsit.me/;
+#}
+#server {
+# include listen01_443;
+# server_name drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 https://chat.tripsit.me/;
+#}
+#server {
+# include listen01_443;
+#
+# server_name tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt;
+#
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+#
+# return 302 'https://chat.tripsit.me/chat/##LGBT';
+#}
+#server {
+# include listen01_443;
+# server_name tripsit.yoga *.tripsit.yoga;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 'https://chat.tripsit.me/chat/#meditation';
+#}
+#
+#server {
+# include listen01_80;
+# server_name lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo;
+# return 302 https://drugs.tripsit.me/lsd;
+#}
+#server {
+# include listen01_80;
+# server_name chat.lsd.ooo;
+# return 302 'https://chat.tripsit.me/chat/#sanctuary';
+#}
+#server {
+# include listen01_443;
+# server_name chat.lsd.ooo;
+# return 302 'https://chat.tripsit.me/chat/#sanctuary';
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+#}
+#server {
+# include listen01_443;
+# server_name lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 https://drugs.tripsit.me/lsd;
+#}
+#server {
+# include listen01_80;
+# server_name tripsit.wiki www.tripsit.wiki;
+# return 302 https://wiki.tripsit.me/;
+#}
+#server {
+# include listen01_80;
+# server_name ~^(?<subdomain>[\w-]+)\.tripsit\.wiki$;
+# return 302 'https://wiki.tripsit.me/wiki/?search=$subdomain';
+#}
+#server {
+# include listen01_443;
+# server_name tripsit.wiki www.tripsit.wiki;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 https://wiki.tripsit.me/;
+#}
+#server {
+# include listen01_443;
+# server_name ~^(?<subdomain>[\w-]+)\.tripsit\.wiki$;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 'https://wiki.tripsit.me/wiki/?search=$subdomain';
+#}
+#server {
+# include listen01_80;
+# server_name tripsit.info www.tripsit.info;
+# return 302 https://drugs.tripsit.me/;
+#}
+#server {
+# include listen01_80;
+# server_name ~^(?<subdomain>[\w-]+)\.tripsit\.info$;
+# return 302 'https://drugs.tripsit.me/$subdomain';
+#}
+#server {
+# include listen01_443;
+# server_name tripsit.info www.tripsit.info;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 https://drugs.tripsit.me/;
+#}
+#server {
+# include listen01_443;
+# server_name ~^(?<subdomain>[\w-]+)\.tripsit\.info$;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 'https://drugs.tripsit.me/$subdomain';
+#}
+#server {
+# include listen01_80;
+# server_name tripsit.app *.tripsit.app;
+# return 302 'https://play.google.com/store/apps/details?id=me.tripsit.tripmobile';
+#}
+#server {
+# include listen01_443;
+# server_name tripsit.app *.tripsit.app;
+# ssl_certificate /etc/ssl/drugs/fullchain.pem;
+# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+# return 302 'https://play.google.com/store/apps/details?id=me.tripsit.tripmobile';
+#}
+server {
+ include listen01_80;
+ server_name tripsit.email;
+ root /srv/www/error;
+ index beauties-ip.html;
+# return 302 https://mail.tripsit.dev/SOGo/;
+}
+server {
+ include listen01_443;
+ server_name tripsit.email;
+ ssl_certificate /etc/ssl/drugs/fullchain.pem;
+ ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+ root /srv/www/error;
+ index beauties-ip.html;
+# return 302 https://mail.tripsit.dev/SOGo/;
+}
+
+
+#LIBERTACASA
+server {
+ include listen01_80;
+
+ server_name liberta.network libera.network libera.wiki libera.gay libera.casa *.liberta.network *.libera.network *.libera.wiki *.libera.gay *.libera.casa libera.world libera.love libera.lol libera.guru *.libera.world *.libera.love *.libera.lol *.libera.guru libera.monster *.libera.monster;
+
+ return 302 https://liberta.casa/;
+}
+server {
+ include listen01_443;
+
+ server_name liberta.network libera.network libera.wiki libera.gay libera.casa *.liberta.network *.libera.network *.libera.wiki *.libera.gay *.libera.casa libera.world libera.love libera.lol libera.guru *.libera.world *.libera.love *.libera.lol *.libera.guru libera.monster *.libera.monster git.casa *.git.casa;
+
+ ssl_certificate /etc/ssl/parking/fullchain.pem;
+ ssl_certificate_key /etc/ssl/parking/private/privkey.pem;
+
+ return 302 https://liberta.casa/;
+}
diff --git a/nginx/03/tp.3gy.de.conf b/nginx/03/tp.3gy.de.conf
new file mode 100644
index 0000000..3aab05a
--- /dev/null
+++ b/nginx/03/tp.3gy.de.conf
@@ -0,0 +1,27 @@
+server {
+ server_name tp.3gy.de three.tp.3gy.de *.three.secure.squirrelcube.xyz;
+ listen 202.61.255.100:443 ssl;
+ listen [2a03:4000:55:d1d::]:443 ssl;
+
+ ssl_certificate /etc/ssl/tp/fullchain.pem;
+ ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.3;
+ #ssl_ciphers
+ #ssl_prefer_server_ciphers
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ location / {
+ proxy_pass https://[::1]:3080/;
+ proxy_ssl_verify off;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $host;
+ proxy_read_timeout 3600;
+ }
+}
diff --git a/nginx/03/vdi.conf b/nginx/03/vdi.conf
new file mode 100644
index 0000000..dffa8ff
--- /dev/null
+++ b/nginx/03/vdi.conf
@@ -0,0 +1,44 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+
+ server_name vdi.three.secure.squirrelcube.xyz;
+
+ ssl_certificate /etc/ssl/tp/fullchain.pem;
+ ssl_certificate_key /etc/ssl/tp/private/privkey.pem;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1.3;
+ ssl_prefer_server_ciphers off;
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
+
+ resolver 172.168.100.2;
+
+ location / {
+ proxy_pass https://127.0.0.1:4435;
+ proxy_ssl_verify off;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+ proxy_set_header x-webobjects-remote-host $remote_addr;
+ proxy_set_header x-webobjects-server-name $server_name;
+ proxy_set_header x-webobjects-server-url https://$http_host;
+ proxy_set_header x-webobjects-server-port $server_port;
+ proxy_send_timeout 3600;
+ proxy_read_timeout 3600;
+ client_body_buffer_size 128k;
+ client_max_body_size 0;
+ }
+}
+
diff --git a/nginx/03/vizzare.conf b/nginx/03/vizzare.conf
new file mode 100644
index 0000000..6184f1f
--- /dev/null
+++ b/nginx/03/vizzare.conf
@@ -0,0 +1,30 @@
+include php-fpm;
+
+server {
+ server_name vizzare.com www.vizzare.com;
+ listen 202.61.255.100:443 ssl;
+ listen [2a03:4000:55:d1d::]:443 ssl;
+ root /mnt/gluster01/web/vizzare;
+ index index.php;
+
+ ssl_certificate /etc/ssl/vizzare/fullchain.pem;
+ ssl_certificate_key /etc/ssl/vizzare/private/privkey.pem;
+
+ location / {
+ try_files $uri $uri/ /index.php?$args;
+ }
+
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include fastcgi_params;
+ fastcgi_intercept_errors on;
+ fastcgi_pass php-fpm;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
+
+ location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+ expires max;
+ log_not_found off;
+ }
+
+}
diff --git a/nginx/03/znc.conf b/nginx/03/znc.conf
new file mode 100644
index 0000000..1e5cf83
--- /dev/null
+++ b/nginx/03/znc.conf
@@ -0,0 +1,18 @@
+server {
+ listen 202.61.255.100:443 ssl http2;
+ listen [2a03:4000:55:d1d::]:443 ssl http2;
+ server_name znc.lsd.dog;
+ ssl_certificate /etc/ssl/drugs/fullchain.pem;
+ ssl_certificate_key /etc/ssl/drugs/private/privkey.pem;
+ ssl_protocols TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+# ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 1d;
+ large_client_header_buffers 4 32k;
+ location / {
+ proxy_pass http://[::1]:54658;
+ proxy_set_header X-Forwarded-Host \$host;
+ proxy_set_header X-Forwarded-Server \$host;
+ proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+ }
+}