From 247dc78649d524fb70c1ec5c7da69262ad4d1486 Mon Sep 17 00:00:00 2001 From: Georg Date: Mon, 30 Aug 2021 20:57:05 +0200 Subject: Initial nginx run 03/05 Signed-off-by: Georg --- nginx/03/3gy.conf | 31 ++++++++ nginx/03/beauties.conf | 34 +++++++++ nginx/03/cytube.conf | 31 ++++++++ nginx/03/default.conf | 16 +++++ nginx/03/deploy.conf | 15 ++++ nginx/03/dnsui.conf | 27 +++++++ nginx/03/http.conf | 6 ++ nginx/03/keycloak.conf | 43 +++++++++++ nginx/03/local.conf | 4 ++ nginx/03/mail.conf | 124 ++++++++++++++++++++++++++++++++ nginx/03/matterbridge.conf | 71 +++++++++++++++++++ nginx/03/mirror.conf | 15 ++++ nginx/03/parking.conf | 32 +++++++++ nginx/03/psy.conf | 26 +++++++ nginx/03/pub.conf | 11 +++ nginx/03/radio.conf | 59 ++++++++++++++++ nginx/03/redirects.conf | 173 +++++++++++++++++++++++++++++++++++++++++++++ nginx/03/tp.3gy.de.conf | 27 +++++++ nginx/03/vdi.conf | 44 ++++++++++++ nginx/03/vizzare.conf | 30 ++++++++ nginx/03/znc.conf | 18 +++++ 21 files changed, 837 insertions(+) create mode 100644 nginx/03/3gy.conf create mode 100644 nginx/03/beauties.conf create mode 100644 nginx/03/cytube.conf create mode 100644 nginx/03/default.conf create mode 100644 nginx/03/deploy.conf create mode 100644 nginx/03/dnsui.conf create mode 100644 nginx/03/http.conf create mode 100644 nginx/03/keycloak.conf create mode 100644 nginx/03/local.conf create mode 100644 nginx/03/mail.conf create mode 100644 nginx/03/matterbridge.conf create mode 100644 nginx/03/mirror.conf create mode 100644 nginx/03/parking.conf create mode 100644 nginx/03/psy.conf create mode 100644 nginx/03/pub.conf create mode 100644 nginx/03/radio.conf create mode 100644 nginx/03/redirects.conf create mode 100644 nginx/03/tp.3gy.de.conf create mode 100644 nginx/03/vdi.conf create mode 100644 nginx/03/vizzare.conf create mode 100644 nginx/03/znc.conf (limited to 'nginx') diff --git a/nginx/03/3gy.conf b/nginx/03/3gy.conf new file mode 100644 index 0000000..e7ddc11 --- /dev/null +++ b/nginx/03/3gy.conf @@ -0,0 +1,31 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + + server_name 3gy.de; + + ssl_certificate /etc/ssl/mail/fullchain.pem; + ssl_certificate_key /etc/ssl/mail/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + add_header Strict-Transport-Security "max-age=63072000" always; + + ssl_stapling on; + ssl_stapling_verify on; + + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + + resolver 172.168.100.2; + + location / { + root /srv/www/htdocs/3gy/; + index index.html; + } + +} diff --git a/nginx/03/beauties.conf b/nginx/03/beauties.conf new file mode 100644 index 0000000..dd4bd20 --- /dev/null +++ b/nginx/03/beauties.conf @@ -0,0 +1,34 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + + server_name hugz.io up.hugz.io www.hugz.io; + + ssl_certificate /etc/ssl/hugz/fullchain.pem; + ssl_certificate_key /etc/ssl/hugz/private/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + add_header Strict-Transport-Security "max-age=63072000" always; + + error_page 403 /beauties-ip.html; + location = /beauties-ip.html { + root /srv/www/error; + allow all; + } + + location / { + proxy_pass http://192.168.0.120:8922; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + client_max_body_size 200M; + types {} default_type "text/plain; charset=utf-8"; + deny 2a01:7e00::f03c:91ff:feae:d55; + deny 176.58.107.169; + } + +} diff --git a/nginx/03/cytube.conf b/nginx/03/cytube.conf new file mode 100644 index 0000000..082689c --- /dev/null +++ b/nginx/03/cytube.conf @@ -0,0 +1,31 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + listen 192.168.0.120:443 ssl http2; + + server_name party.lysergic.dev; + + ssl_certificate /etc/ssl/lysergic/fullchain.pem; + ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + add_header Strict-Transport-Security "max-age=63072000" always; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + resolver 127.0.0.4; + + + location / { + proxy_pass http://127.0.0.1:8250; + proxy_set_header X-Forwarded-Host $host:$server_port; + } + + location /jsxc { + root /srv/www/jsxc.party; + } +} diff --git a/nginx/03/default.conf b/nginx/03/default.conf new file mode 100644 index 0000000..e58384c --- /dev/null +++ b/nginx/03/default.conf @@ -0,0 +1,16 @@ +#server { +# listen 202.61.255.100:80 default_server; +# +# root /srv/www/htdocs/default; +# index index.html; +#} +server { + listen 202.61.255.100:443 ssl http2 default_server; + listen [2a03:4000:55:d1d::]:443 ssl http2 default_server; + + root /srv/www/htdocs/default; + index index.html; + + ssl_certificate /etc/ssl/parking/fullchain.pem; + ssl_certificate_key /etc/ssl/parking/private/privkey.pem; +} diff --git a/nginx/03/deploy.conf b/nginx/03/deploy.conf new file mode 100644 index 0000000..af22340 --- /dev/null +++ b/nginx/03/deploy.conf @@ -0,0 +1,15 @@ +server { + listen 202.61.255.100:80; + listen 192.168.0.120:80; + server_name deploy.squirrelcube.xyz; + root /srv/www/deploy; + + location / { + autoindex on; + } + + location /secret { + auth_basic "Lysergic Deployment Services"; + auth_basic_user_file /etc/nginx/auth/deployment; + } +} diff --git a/nginx/03/dnsui.conf b/nginx/03/dnsui.conf new file mode 100644 index 0000000..6bf54a2 --- /dev/null +++ b/nginx/03/dnsui.conf @@ -0,0 +1,27 @@ +server { + listen 192.168.0.120:8084 ssl; + server_name dnsui-local.secure.squirrelcube.xyz; + root /mnt/gluster01/web/dnsui3/public_html; + index init.php; + + ssl_certificate /etc/ssl/tp/fullchain.pem; + ssl_certificate_key /etc/ssl/tp/private/privkey.pem; + + location / { + try_files $uri $uri/ @php; + auth_basic "NS1 Intranet"; + auth_basic_user_file /mnt/gluster01/web/auth/dnsui; + } + location @php { + rewrite ^/(.*)$ /init.php/$1 last; + auth_basic "NS1 Intranet"; + auth_basic_user_file /mnt/gluster01/web/auth/dnsui; + } + location /init.php { + fastcgi_pass 172.168.100.3:9100; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + auth_basic "NS1 Intranet"; + auth_basic_user_file /mnt/gluster01/web/auth/dnsui; + } +} diff --git a/nginx/03/http.conf b/nginx/03/http.conf new file mode 100644 index 0000000..68b8389 --- /dev/null +++ b/nginx/03/http.conf @@ -0,0 +1,6 @@ +server { + listen 202.61.255.100:80 default_server; + listen [2a03:4000:55:d1d::]:80 default_server; + listen 81.16.18.137:80 default_server; + return 302 https://$host$request_uri; +} diff --git a/nginx/03/keycloak.conf b/nginx/03/keycloak.conf new file mode 100644 index 0000000..186f773 --- /dev/null +++ b/nginx/03/keycloak.conf @@ -0,0 +1,43 @@ +## +## PRODUCTION CONFIG +## Keycloak Frontend Load Balancer +## Instance: selene +## +proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; + +upstream jboss { + ip_hash; + server 192.168.0.110:8843; + server 192.168.0.115:8843; + server 192.168.0.120:8843; +} +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + server_name sso.casa; + + ssl_certificate /etc/ssl/libertacasa.net/fullchain.pem; + ssl_certificate_key /etc/ssl/libertacasa.net/private/privkey.pem; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + + #location = / { + # return 302 /auth/; + #} + + location / { + proxy_pass https://jboss; + proxy_cache backcache; + proxy_ssl_verify off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + proxy_buffer_size 256k; + proxy_buffers 4 512k; + proxy_busy_buffers_size 512k; + +} + + diff --git a/nginx/03/local.conf b/nginx/03/local.conf new file mode 100644 index 0000000..db26c7d --- /dev/null +++ b/nginx/03/local.conf @@ -0,0 +1,4 @@ +server { + listen 192.168.0.120:80; + root /srv/www/local; +} diff --git a/nginx/03/mail.conf b/nginx/03/mail.conf new file mode 100644 index 0000000..551656d --- /dev/null +++ b/nginx/03/mail.conf @@ -0,0 +1,124 @@ +server { + listen 192.168.0.120:443 ssl http2; + + server_name zz0.email; + + ssl_certificate /etc/ssl/mail/fullchain.pem; + ssl_certificate_key /etc/ssl/mail/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + add_header Strict-Transport-Security "max-age=63072000" always; + + ssl_stapling on; + ssl_stapling_verify on; + + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + + resolver 172.168.100.2; + + location /Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.2:8080/Microsoft-Server-ActiveSync; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 75; + proxy_send_timeout 3650; + proxy_read_timeout 3650; + proxy_buffers 64 256k; + client_body_buffer_size 512k; + client_max_body_size 0; + } + + location / { + proxy_pass http://127.0.0.2:8080/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 0; + } +} +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + + server_name sogo.zz0.email zz0.email; + + ssl_certificate /etc/ssl/mail/fullchain.pem; + ssl_certificate_key /etc/ssl/mail/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + add_header Strict-Transport-Security "max-age=63072000" always; + + ssl_stapling on; + ssl_stapling_verify on; + + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + + resolver 172.168.100.2; + + location / { + return 302 /SOGo; + } + + location /SOGo { + proxy_pass http://127.0.0.2:20000; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host $remote_addr; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url https://$http_host; + proxy_set_header x-webobjects-server-port $server_port; + proxy_send_timeout 3600; + proxy_read_timeout 3600; + client_body_buffer_size 128k; + client_max_body_size 0; + break; + + } + + + location /SOGo.woa/WebServerResources/ { + alias /opt/GNUstep/SOGo/WebServerResources/; + } + + location /.woa/WebServerResources/ { + alias /opt/GNUstep/SOGo/WebServerResources/; + } + + location /SOGo/WebServerResources/ { + alias /opt/GNUstep/SOGo/WebServerResources/; + } + + location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) { + alias /opt/GNUstep/SOGo/$1.SOGo/Resources/$2; + } + + #trying to make / serve SOGo with no fuzz.... +# location /WebServerResources/ { +# alias /opt/GNUstep/SOGo/WebServerResources/; +# } + +# location (^/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) { +# alias /opt/GNUstep/SOGo/$1.SOGo/Resources/$2; +# } + + +} + diff --git a/nginx/03/matterbridge.conf b/nginx/03/matterbridge.conf new file mode 100644 index 0000000..921dc9e --- /dev/null +++ b/nginx/03/matterbridge.conf @@ -0,0 +1,71 @@ +server { + server_name ts.lsd25.xyz; + listen 202.61.255.100:443 ssl; + listen [2a03:4000:55:d1d::]:443 ssl; + + root /opt/matterbridge/tripsit/bridgemedia; + + ssl_certificate /etc/ssl/lysergic/fullchain.pem; + ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1; + #ssl_ciphers + #ssl_prefer_server_ciphers + add_header Strict-Transport-Security "max-age=63072000" always; + #ssl_stapling on; + #ssl_stapling_verify on; + + location / { + } +} +server { + server_name lc.lsd25.xyz; + listen 202.61.255.100:443 ssl; + listen [2a03:4000:55:d1d::]:443 ssl; + + root /opt/matterbridge/libertacasa/bridgemedia; + + ssl_certificate /etc/ssl/lysergic/fullchain.pem; + ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1; + #ssl_ciphers + #ssl_prefer_server_ciphers + add_header Strict-Transport-Security "max-age=63072000" always; + #ssl_stapling on; + #ssl_stapling_verify on; + + location / { + } +} + +server { + server_name lsd.airforce; + listen 202.61.255.100:443 ssl; + listen [2a03:4000:55:d1d::]:443 ssl; + + root /opt/matterbridge/tripsit/bridgemedia2; + + ssl_certificate /etc/ssl/parking/fullchain.pem; + ssl_certificate_key /etc/ssl/parking/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1; + #ssl_ciphers + #ssl_prefer_server_ciphers + add_header Strict-Transport-Security "max-age=63072000" always; + #ssl_stapling on; + #ssl_stapling_verify on; + + location / { + } +} + diff --git a/nginx/03/mirror.conf b/nginx/03/mirror.conf new file mode 100644 index 0000000..06c2aab --- /dev/null +++ b/nginx/03/mirror.conf @@ -0,0 +1,15 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + + server_name 3zy.de; + + ssl_certificate /etc/ssl/3zy.de/fullchain.pem; + ssl_certificate_key /etc/ssl/3zy.de/private/privkey.pem; + + location / { + root /mnt/gluster01/mirror; + fancyindex on; + fancyindex_exact_size on; + } +} diff --git a/nginx/03/parking.conf b/nginx/03/parking.conf new file mode 100644 index 0000000..f92a2b3 --- /dev/null +++ b/nginx/03/parking.conf @@ -0,0 +1,32 @@ +server { + include listen01_80; + include listen01_443; + server_name armed.airforce drugs.airforce official.airforce *.armed.airforce *.drugs.airforce *.official.airforce; + + root /srv/www/parking; + index index.html; +} +server { + include listen01_443; + ssl_certificate /etc/ssl/parking/fullchain.pem; + ssl_certificate_key /etc/ssl/parking/private/privkey.pem; + server_name libera.airforce libera.fail libera.wtf libera.fun libera.run *.libera.airforce *.libera.fail *.libera.wtf *.libera.fun *.libera.run zware.net *.zware.net wien.lol *.wien.lol freunde.eu *.freunde.eu schrak.com *.schrak.com angelamerkl.de dachundfa.ch multimillionai.re lsd.monster lsd-25.monster lsd25.monster naked.monster drugged.monster l0ve.io casey-neistat.com casey-neistat.xyz caseyneistat.us siemens.health clouded-cloud.com broadband-cloud.com fuckdress.fashion fuckdress.com amex.rest americanexpress.rest americanexpress.fun strong-chemicals.com mcdonalds.pw fantastrip.de *.fantastrip.de *.naked.monster *.drugged.monster *.dachundfa.ch *.l0ve.io *.casey-neistat.com *.casey-neistat.xyz *.caseyneistat.us *.siemens.health *.clouded-cloud.com *.broadband-cloud.com *.fuckdress.fashion *.fuckdress.com *.amex.rest *.americanexpress.fun; + root /srv/www/parking; + index index.html; +} +server { + include listen01_80; + server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt tripsit.yoga *.tripsit.yoga lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo chat.lsd.ooo tripsit.wiki www.tripsit.wiki tripsit.info www.tripsit.info tripsit.app *.tripsit.app; + root /srv/www/parking; + index index.html; +} +server { + include listen01_443; + server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt tripsit.yoga *.tripsit.yoga lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo chat.lsd.ooo tripsit.wiki www.tripsit.wiki tripsit.info www.tripsit.info tripsit.app *.tripsit.app; + + ssl_certificate /etc/ssl/drugs/fullchain.pem; + ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; + + root /srv/www/parking; + index index.html; +} diff --git a/nginx/03/psy.conf b/nginx/03/psy.conf new file mode 100644 index 0000000..be6c51c --- /dev/null +++ b/nginx/03/psy.conf @@ -0,0 +1,26 @@ +server { + include listen01_80; + server_name psy.wiki www.psy.wiki; + root /srv/www/parking/psy; + index index.html; +} +server { + include listen01_80; + server_name ~^(?[\w-]+)\.psy\.wiki$; + return 302 'https://psychonautwiki.org/wiki/?search=$subdomain'; +} +server { + include listen01_443; + server_name psy.wiki www.psy.wiki; + ssl_certificate /etc/ssl/drugs/fullchain.pem; + ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; + root /srv/www/parking/psy; + index index.html; +} +server { + include listen01_443; + server_name ~^(?[\w-]+)\.psy\.wiki$; + ssl_certificate /etc/ssl/drugs/fullchain.pem; + ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; + return 302 'https://psychonautwiki.org/wiki/?search=$subdomain'; +} diff --git a/nginx/03/pub.conf b/nginx/03/pub.conf new file mode 100644 index 0000000..89f30e3 --- /dev/null +++ b/nginx/03/pub.conf @@ -0,0 +1,11 @@ +server { + include listen01_443; + ssl_certificate /etc/ssl/parking/fullchain.pem; + ssl_certificate_key /etc/ssl/parking/private/privkey.pem; + server_name pub.libera.fun; + root /srv/www/pub; +# index index.html; + location / { + autoindex on; + } +} diff --git a/nginx/03/radio.conf b/nginx/03/radio.conf new file mode 100644 index 0000000..0bc5ed0 --- /dev/null +++ b/nginx/03/radio.conf @@ -0,0 +1,59 @@ +server { + listen 202.61.255.100:443 ssl http2; + + server_name web.lib.radio.fm www.lib.radio.fm; + + ssl_certificate /etc/ssl/radio/crt.crt; + ssl_certificate_key /etc/ssl/radio/private/key.key; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + add_header Strict-Transport-Security "max-age=63072000" always; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + resolver 127.0.0.4; + + location / { + root /srv/www/radio; + index index.php; + } + + location ~ [^/]\.php(/|$) { + root /srv/www/radio; + index index.php; + fastcgi_pass 172.168.100.3:9100; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /srv/www/radio/$fastcgi_script_name; + fastcgi_index index.php; + } +} +server { + listen 202.61.255.100:443 ssl http2; + + server_name lib.radio.am web.lib.radio.am www.lib.radio.am; + + ssl_certificate /etc/ssl/radio/crt.crt; + ssl_certificate_key /etc/ssl/radio/private/key.key; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + add_header Strict-Transport-Security "max-age=63072000" always; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + resolver 127.0.0.4; + + location / { + root /srv/www/icedrop-master; + index index.html; + add_header Access-Control-Allow-Origin '*' always; + } +} + diff --git a/nginx/03/redirects.conf b/nginx/03/redirects.conf new file mode 100644 index 0000000..a9da3a3 --- /dev/null +++ b/nginx/03/redirects.conf @@ -0,0 +1,173 @@ +#TRIPSIT +#server { +# include listen01_80; +# server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips; +# return 302 https://tripsit.me/; +#} +#server { +# include listen01_80; +# server_name drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips; +# return 302 https://chat.tripsit.me/; +#} +#server { +# include listen01_80; +# server_name tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt; +# return 302 'https://chat.tripsit.me/chat/##LGBT'; +#} +#server { +# include listen01_80; +# server_name tripsit.yoga *.tripsit.yoga; +# return 302 'https://chat.tripsit.me/chat/#meditation'; +#} +#server { +# include listen01_443; +# server_name tripsit.at tripsit.eu tripsit.net *.tripsit.at *.tripsit.eu *.tripsit.net tripsit.pw *.tripsit.pw tripsit.biz *.tripsit.biz tripsit.army *.tripsit.army lsd.tips *.lsd.tips; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 https://tripsit.me/; +#} +#server { +# include listen01_443; +# server_name drugs.chat drug.chat lsd.chat lsd.help *.drugs.chat *.drug.chat *.lsd.chat *.lsd.help tripsit.chat *.tripsit.chat tripsit.buzz *.tripsit.buzz chat.lsd.tips; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 https://chat.tripsit.me/; +#} +#server { +# include listen01_443; +# +# server_name tripsit.gay *.tripsit.gay tripsit.lgbt *.tripsit.lgbt; +# +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# +# return 302 'https://chat.tripsit.me/chat/##LGBT'; +#} +#server { +# include listen01_443; +# server_name tripsit.yoga *.tripsit.yoga; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 'https://chat.tripsit.me/chat/#meditation'; +#} +# +#server { +# include listen01_80; +# server_name lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo; +# return 302 https://drugs.tripsit.me/lsd; +#} +#server { +# include listen01_80; +# server_name chat.lsd.ooo; +# return 302 'https://chat.tripsit.me/chat/#sanctuary'; +#} +#server { +# include listen01_443; +# server_name chat.lsd.ooo; +# return 302 'https://chat.tripsit.me/chat/#sanctuary'; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +#} +#server { +# include listen01_443; +# server_name lsd.fyi *.lsd.fyi lsd.dog *.lsd.dog lsd.ooo *.lsd.ooo; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 https://drugs.tripsit.me/lsd; +#} +#server { +# include listen01_80; +# server_name tripsit.wiki www.tripsit.wiki; +# return 302 https://wiki.tripsit.me/; +#} +#server { +# include listen01_80; +# server_name ~^(?[\w-]+)\.tripsit\.wiki$; +# return 302 'https://wiki.tripsit.me/wiki/?search=$subdomain'; +#} +#server { +# include listen01_443; +# server_name tripsit.wiki www.tripsit.wiki; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 https://wiki.tripsit.me/; +#} +#server { +# include listen01_443; +# server_name ~^(?[\w-]+)\.tripsit\.wiki$; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 'https://wiki.tripsit.me/wiki/?search=$subdomain'; +#} +#server { +# include listen01_80; +# server_name tripsit.info www.tripsit.info; +# return 302 https://drugs.tripsit.me/; +#} +#server { +# include listen01_80; +# server_name ~^(?[\w-]+)\.tripsit\.info$; +# return 302 'https://drugs.tripsit.me/$subdomain'; +#} +#server { +# include listen01_443; +# server_name tripsit.info www.tripsit.info; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 https://drugs.tripsit.me/; +#} +#server { +# include listen01_443; +# server_name ~^(?[\w-]+)\.tripsit\.info$; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 'https://drugs.tripsit.me/$subdomain'; +#} +#server { +# include listen01_80; +# server_name tripsit.app *.tripsit.app; +# return 302 'https://play.google.com/store/apps/details?id=me.tripsit.tripmobile'; +#} +#server { +# include listen01_443; +# server_name tripsit.app *.tripsit.app; +# ssl_certificate /etc/ssl/drugs/fullchain.pem; +# ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; +# return 302 'https://play.google.com/store/apps/details?id=me.tripsit.tripmobile'; +#} +server { + include listen01_80; + server_name tripsit.email; + root /srv/www/error; + index beauties-ip.html; +# return 302 https://mail.tripsit.dev/SOGo/; +} +server { + include listen01_443; + server_name tripsit.email; + ssl_certificate /etc/ssl/drugs/fullchain.pem; + ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; + root /srv/www/error; + index beauties-ip.html; +# return 302 https://mail.tripsit.dev/SOGo/; +} + + +#LIBERTACASA +server { + include listen01_80; + + server_name liberta.network libera.network libera.wiki libera.gay libera.casa *.liberta.network *.libera.network *.libera.wiki *.libera.gay *.libera.casa libera.world libera.love libera.lol libera.guru *.libera.world *.libera.love *.libera.lol *.libera.guru libera.monster *.libera.monster; + + return 302 https://liberta.casa/; +} +server { + include listen01_443; + + server_name liberta.network libera.network libera.wiki libera.gay libera.casa *.liberta.network *.libera.network *.libera.wiki *.libera.gay *.libera.casa libera.world libera.love libera.lol libera.guru *.libera.world *.libera.love *.libera.lol *.libera.guru libera.monster *.libera.monster git.casa *.git.casa; + + ssl_certificate /etc/ssl/parking/fullchain.pem; + ssl_certificate_key /etc/ssl/parking/private/privkey.pem; + + return 302 https://liberta.casa/; +} diff --git a/nginx/03/tp.3gy.de.conf b/nginx/03/tp.3gy.de.conf new file mode 100644 index 0000000..3aab05a --- /dev/null +++ b/nginx/03/tp.3gy.de.conf @@ -0,0 +1,27 @@ +server { + server_name tp.3gy.de three.tp.3gy.de *.three.secure.squirrelcube.xyz; + listen 202.61.255.100:443 ssl; + listen [2a03:4000:55:d1d::]:443 ssl; + + ssl_certificate /etc/ssl/tp/fullchain.pem; + ssl_certificate_key /etc/ssl/tp/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.3; + #ssl_ciphers + #ssl_prefer_server_ciphers + add_header Strict-Transport-Security "max-age=63072000" always; + ssl_stapling on; + ssl_stapling_verify on; + + location / { + proxy_pass https://[::1]:3080/; + proxy_ssl_verify off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 3600; + } +} diff --git a/nginx/03/vdi.conf b/nginx/03/vdi.conf new file mode 100644 index 0000000..dffa8ff --- /dev/null +++ b/nginx/03/vdi.conf @@ -0,0 +1,44 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + + server_name vdi.three.secure.squirrelcube.xyz; + + ssl_certificate /etc/ssl/tp/fullchain.pem; + ssl_certificate_key /etc/ssl/tp/private/privkey.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + add_header Strict-Transport-Security "max-age=63072000" always; + + ssl_stapling on; + ssl_stapling_verify on; + + ssl_trusted_certificate /etc/ssl/ca-bundle.pem; + + resolver 172.168.100.2; + + location / { + proxy_pass https://127.0.0.1:4435; + proxy_ssl_verify off; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host $remote_addr; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url https://$http_host; + proxy_set_header x-webobjects-server-port $server_port; + proxy_send_timeout 3600; + proxy_read_timeout 3600; + client_body_buffer_size 128k; + client_max_body_size 0; + } +} + diff --git a/nginx/03/vizzare.conf b/nginx/03/vizzare.conf new file mode 100644 index 0000000..6184f1f --- /dev/null +++ b/nginx/03/vizzare.conf @@ -0,0 +1,30 @@ +include php-fpm; + +server { + server_name vizzare.com www.vizzare.com; + listen 202.61.255.100:443 ssl; + listen [2a03:4000:55:d1d::]:443 ssl; + root /mnt/gluster01/web/vizzare; + index index.php; + + ssl_certificate /etc/ssl/vizzare/fullchain.pem; + ssl_certificate_key /etc/ssl/vizzare/private/privkey.pem; + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_intercept_errors on; + fastcgi_pass php-fpm; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + +} diff --git a/nginx/03/znc.conf b/nginx/03/znc.conf new file mode 100644 index 0000000..1e5cf83 --- /dev/null +++ b/nginx/03/znc.conf @@ -0,0 +1,18 @@ +server { + listen 202.61.255.100:443 ssl http2; + listen [2a03:4000:55:d1d::]:443 ssl http2; + server_name znc.lsd.dog; + ssl_certificate /etc/ssl/drugs/fullchain.pem; + ssl_certificate_key /etc/ssl/drugs/private/privkey.pem; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +# ssl_session_cache shared:SSL:10m; + ssl_session_timeout 1d; + large_client_header_buffers 4 32k; + location / { + proxy_pass http://[::1]:54658; + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } +} -- cgit v1.2.3