diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
| commit | 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch) | |
| tree | 9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/nginx/nginx-T.txt | |
| parent | 6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff) | |
| download | bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip | |
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/nginx/nginx-T.txt')
| -rw-r--r-- | straper/db/public/nginx/nginx-T.txt | 621 |
1 files changed, 621 insertions, 0 deletions
diff --git a/straper/db/public/nginx/nginx-T.txt b/straper/db/public/nginx/nginx-T.txt new file mode 100644 index 0000000..cbe06ce --- /dev/null +++ b/straper/db/public/nginx/nginx-T.txt @@ -0,0 +1,621 @@ +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok +nginx: configuration file /etc/nginx/nginx.conf test is successful +# configuration file /etc/nginx/nginx.conf: +user www-data; +worker_processes auto; +worker_cpu_affinity auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s; + limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m; + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; # Recommended practice is to turn this off + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1 + ssl_prefer_server_ciphers off; # Don't force server cipher order. + + ## + # Logging Settings + ## + log_format vhost '$host $remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/vhost.access.log vhost; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} + +# configuration file /etc/nginx/mime.types: +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xslt+xml xsl xslt; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/ogg ogv; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-matroska mkv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} + +# configuration file /etc/nginx/conf.d/connection-upgrade-map.conf: +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + + +# configuration file /etc/nginx/sites-enabled/bin.labunix.xyz-9443.conf: +server { + listen 443 ssl; + http2 on; + server_name bin.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + client_max_body_size 50m; + + location / { + proxy_pass http://127.0.0.1:8081; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} + + +# configuration file /etc/nginx/sites-enabled/cloud-wg.conf: +server { + listen 443 ssl; + http2 on; + server_name cloud.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + client_max_body_size 2G; + + location / { + proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + + +# configuration file /etc/nginx/sites-enabled/etherpad: +server { + listen 443 ssl; + http2 on; + server_name ether.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + limit_req zone=etherpad_req burst=60 nodelay; + limit_conn etherpad_conn 20; + client_max_body_size 1m; +# Admin only (protect both /admin and /admin/) + location = /admin { + auth_basic "Etherpad Admin"; + auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; + + proxy_pass http://127.0.0.1:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } + + location ^~ /admin/ { + auth_basic "Etherpad Admin"; + auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; + + proxy_pass http://127.0.0.1:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } + location / { + proxy_pass http://127.0.0.1:9001; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } +} + +# configuration file /etc/nginx/sites-enabled/labunix-i2p.conf: +server { + listen 127.0.0.1:8089; + listen [::1]:8089; + server_name _; + + root /srv/www/labunix/public; + index index.html; + + access_log /var/log/nginx/labunix-i2p.access.log; + error_log /var/log/nginx/labunix-i2p.error.log; + + location / { + try_files $uri $uri/ =404; + } +} + +# configuration file /etc/nginx/sites-enabled/labunix-onion.conf: +server { + listen 127.0.0.1:8088; + server_name _; + + root /srv/www/labunix/public; + index index.html; + + access_log /var/log/nginx/labunix-onion.access.log; + error_log /var/log/nginx/labunix-onion.error.log; + + location / { + try_files $uri $uri/ =404; + } + + location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } +} + +# configuration file /etc/nginx/sites-enabled/labunix.conf: +# HTTP on :9080 (optional: redirect to HTTPS :9443) +server { + listen 9080; + server_name labunix.xyz www.labunix.xyz 10.50.0.1; + + # If you want redirect to HTTPS on :9443: + return 301 https://$host:443$request_uri; + + # If you prefer serving plain HTTP instead, comment the return above + # and uncomment this: + # root /srv/www/labunix/public; + # index index.html; + # location / { try_files $uri $uri/ =404; } +} + +# HTTPS on :9443 +server { + listen 443 ssl; + http2 on; + server_name labunix.xyz www.labunix.xyz 10.50.0.1; + + root /srv/www/labunix/public; + index index.html; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always; + + location / { + try_files $uri $uri/ =404; + } + location /stats/ { + alias /srv/stats/; + index goaccess.html; + allow 127.0.0.1; + allow 10.50.0.0/24; + allow 192.168.33.0/24; + deny all; + } + + location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } +} + +# configuration file /etc/nginx/sites-enabled/lufi.conf: +server { + listen 443 ssl; + http2 on; + server_name lufi.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/lufi.htpasswd; + + access_log /var/log/nginx/vhost.access.log vhost; + error_log /var/log/nginx/lufi.error.log; + + location / { + proxy_pass http://127.0.0.1:8090; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options nosniff always; + client_max_body_size 2G; + proxy_read_timeout 3600s; + } +} + + +# configuration file /etc/nginx/sites-enabled/pad.labunix.xyz-9443.conf: +# pad.labunix.xyz (main) → HTTP:3101, WS:3103 +server { + listen 443 ssl; + http2 on; + server_name pad.labunix.xyz; + access_log /var/log/nginx/vhost.access.log vhost; + ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; + client_max_body_size 100m; + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/htpasswd-cryptpad; + + location /cryptpad_websocket { + proxy_pass http://127.0.0.1:3103; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://127.0.0.1:3101; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103 +server { + listen 443 ssl; + http2 on; + server_name pad-sandbox.labunix.xyz; + access_log /var/log/nginx/vhost.access.log vhost; + ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; + client_max_body_size 100m; + + location /cryptpad_websocket { + proxy_pass http://127.0.0.1:3103; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://127.0.0.1:3101; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +# configuration file /etc/nginx/sites-enabled/pdf.labunix.xyz.conf: +server { + listen 443 ssl; + server_name pdf.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 100m; + auth_basic "Stirling PDF"; + auth_basic_user_file /etc/nginx/.htpasswd; + location / { + proxy_pass http://127.0.0.1:9092; + } +} + +# configuration file /etc/nginx/sites-enabled/search.labunix.xyz.conf: +limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m; + +server { + listen 443 ssl; + http2 on; + server_name search.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + location / { + limit_req zone=searxng burst=50 nodelay; + limit_req_status 429; + + proxy_pass http://10.50.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} + +# configuration file /etc/nginx/sites-enabled/upload.labunix.xyz-9443.conf: +server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + server_name upload.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + client_max_body_size 21m; + + location / { + proxy_pass http://127.0.0.1:5280; + + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_request_buffering off; + proxy_buffering off; + } +} + + +# configuration file /etc/nginx/sites-enabled/vault.labunix.xyz-9443.conf: +server { + listen 443 ssl; + server_name vault.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_max_body_size 100m; + + location / { + proxy_pass http://127.0.0.1:9081; + } + + # keep only if you publish 127.0.0.1:3012:3012 + location /notifications/hub { + proxy_pass http://127.0.0.1:3012; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /notifications/hub/negotiate { + proxy_pass http://127.0.0.1:9081; + } +} + + +# configuration file /etc/nginx/sites-enabled/wiki.labunix.xyz.conf: +server { + listen 443 ssl; + server_name wiki.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 100m; + location / { + proxy_pass http://127.0.0.1:9093; + } +} + |
