aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/nginx/etc-nginx/sites-available
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
commit39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch)
tree9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/nginx/etc-nginx/sites-available
parent6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff)
downloadbin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz
bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/nginx/etc-nginx/sites-available')
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf23
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf17
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/default91
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/etherpad63
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf15
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf20
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix.conf47
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz9
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/lufi.conf34
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf67
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf22
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf24
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz2
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf31
14 files changed, 465 insertions, 0 deletions
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf
new file mode 100644
index 0000000..399893f
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name bin.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 50m;
+
+ location / {
+ proxy_pass http://127.0.0.1:8081;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf
new file mode 100644
index 0000000..1209383
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf
@@ -0,0 +1,17 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name cloud.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ client_max_body_size 2G;
+
+ location / {
+ proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/default b/straper/db/public/nginx/etc-nginx/sites-available/default
new file mode 100644
index 0000000..c5af914
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/default
@@ -0,0 +1,91 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # SSL configuration
+ #
+ # listen 443 ssl default_server;
+ # listen [::]:443 ssl default_server;
+ #
+ # Note: You should disable gzip for SSL traffic.
+ # See: https://bugs.debian.org/773332
+ #
+ # Read up on ssl_ciphers to ensure a secure configuration.
+ # See: https://bugs.debian.org/765782
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ # include snippets/snakeoil.conf;
+
+ root /var/www/html;
+
+ # Add index.php to the list if you are using PHP
+ index index.html index.htm index.nginx-debian.html;
+
+ server_name _;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ # pass PHP scripts to FastCGI server
+ #
+ #location ~ \.php$ {
+ # include snippets/fastcgi-php.conf;
+ #
+ # # With php-fpm (or other unix sockets):
+ # fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+ # # With php-cgi (or other tcp sockets):
+ # fastcgi_pass 127.0.0.1:9000;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+# listen 80;
+# listen [::]:80;
+#
+# server_name example.com;
+#
+# root /var/www/example.com;
+# index index.html;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/etherpad b/straper/db/public/nginx/etc-nginx/sites-available/etherpad
new file mode 100644
index 0000000..e7adb82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/etherpad
@@ -0,0 +1,63 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name ether.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ limit_req zone=etherpad_req burst=60 nodelay;
+ limit_conn etherpad_conn 20;
+ client_max_body_size 1m;
+# Admin only (protect both /admin and /admin/)
+ location = /admin {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+
+ location ^~ /admin/ {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+ location / {
+ proxy_pass http://127.0.0.1:9001;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf
new file mode 100644
index 0000000..9c9ab7e
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf
@@ -0,0 +1,15 @@
+server {
+ listen 127.0.0.1:8089;
+ listen [::1]:8089;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-i2p.access.log;
+ error_log /var/log/nginx/labunix-i2p.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf
new file mode 100644
index 0000000..b451e66
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf
@@ -0,0 +1,20 @@
+server {
+ listen 127.0.0.1:8088;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-onion.access.log;
+ error_log /var/log/nginx/labunix-onion.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf
new file mode 100644
index 0000000..01043ff
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf
@@ -0,0 +1,47 @@
+# HTTP on :9080 (optional: redirect to HTTPS :9443)
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ # If you want redirect to HTTPS on :9443:
+ return 301 https://$host:443$request_uri;
+
+ # If you prefer serving plain HTTP instead, comment the return above
+ # and uncomment this:
+ # root /srv/www/labunix/public;
+ # index index.html;
+ # location / { try_files $uri $uri/ =404; }
+}
+
+# HTTPS on :9443
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location /stats/ {
+ alias /srv/stats/;
+ index goaccess.html;
+ allow 127.0.0.1;
+ allow 10.50.0.0/24;
+ allow 192.168.33.0/24;
+ deny all;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz
new file mode 100644
index 0000000..a6267a4
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz
@@ -0,0 +1,9 @@
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz cloud.labunix.xyz vpn.labunix.xyz;
+
+ root /var/www/labunix;
+ index index.html;
+}
+
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf
new file mode 100644
index 0000000..0051841
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf
@@ -0,0 +1,34 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name lufi.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/lufi.htpasswd;
+
+ access_log /var/log/nginx/vhost.access.log vhost;
+ error_log /var/log/nginx/lufi.error.log;
+
+ location / {
+ proxy_pass http://127.0.0.1:8090;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Port 443;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options nosniff always;
+ client_max_body_size 2G;
+ proxy_read_timeout 3600s;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf
new file mode 100644
index 0000000..b0b47df
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf
@@ -0,0 +1,67 @@
+# pad.labunix.xyz (main) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad-sandbox.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf
new file mode 100644
index 0000000..64c151d
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf
@@ -0,0 +1,22 @@
+limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
+
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name search.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ location / {
+ limit_req zone=searxng burst=50 nodelay;
+ limit_req_status 429;
+
+ proxy_pass http://10.50.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf
new file mode 100644
index 0000000..11d7c82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf
@@ -0,0 +1,24 @@
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name upload.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 21m;
+
+ location / {
+ proxy_pass http://127.0.0.1:5280;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_request_buffering off;
+ proxy_buffering off;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz
new file mode 100644
index 0000000..5b1d7de
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz
@@ -0,0 +1,2 @@
+# disabled: vault.labunix.xyz config moved elsewhere
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf
new file mode 100644
index 0000000..022539a
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf
@@ -0,0 +1,31 @@
+server {
+ listen 443 ssl;
+ server_name vault.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ client_max_body_size 100m;
+
+ location / {
+ proxy_pass http://127.0.0.1:9081;
+ }
+
+ # keep only if you publish 127.0.0.1:3012:3012
+ location /notifications/hub {
+ proxy_pass http://127.0.0.1:3012;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /notifications/hub/negotiate {
+ proxy_pass http://127.0.0.1:9081;
+ }
+}
+