aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/nginx/nginx-T.txt
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
commit83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch)
tree19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/nginx/nginx-T.txt
parent51d43498b07dc97d795947964534f0903cd05db5 (diff)
downloadbin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz
bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/nginx/nginx-T.txt')
-rw-r--r--straper/db/public/nginx/nginx-T.txt621
1 files changed, 0 insertions, 621 deletions
diff --git a/straper/db/public/nginx/nginx-T.txt b/straper/db/public/nginx/nginx-T.txt
deleted file mode 100644
index cbe06ce..0000000
--- a/straper/db/public/nginx/nginx-T.txt
+++ /dev/null
@@ -1,621 +0,0 @@
-nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-# configuration file /etc/nginx/nginx.conf:
-user www-data;
-worker_processes auto;
-worker_cpu_affinity auto;
-pid /run/nginx.pid;
-error_log /var/log/nginx/error.log;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
- worker_connections 768;
- # multi_accept on;
-}
-
-http {
-
- ##
- # Basic Settings
- ##
- limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s;
- limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m;
-
- sendfile on;
- tcp_nopush on;
- types_hash_max_size 2048;
- server_tokens off; # Recommended practice is to turn this off
-
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
-
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- ##
- # SSL Settings
- ##
-
- ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
- ssl_prefer_server_ciphers off; # Don't force server cipher order.
-
- ##
- # Logging Settings
- ##
- log_format vhost '$host $remote_addr - $remote_user [$time_local] '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
- access_log /var/log/nginx/vhost.access.log vhost;
-
- ##
- # Gzip Settings
- ##
-
- gzip on;
-
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
- ##
- # Virtual Host Configs
- ##
-
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-}
-
-
-#mail {
-# # See sample authentication script at:
-# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-#
-# # auth_http localhost/auth.php;
-# # pop3_capabilities "TOP" "USER";
-# # imap_capabilities "IMAP4rev1" "UIDPLUS";
-#
-# server {
-# listen localhost:110;
-# protocol pop3;
-# proxy on;
-# }
-#
-# server {
-# listen localhost:143;
-# protocol imap;
-# proxy on;
-# }
-#}
-
-# configuration file /etc/nginx/mime.types:
-types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
-
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
-
- image/avif avif;
- image/png png;
- image/svg+xml svg svgz;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/webp webp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
-
- font/woff woff;
- font/woff2 woff2;
-
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.oasis.opendocument.graphics odg;
- application/vnd.oasis.opendocument.presentation odp;
- application/vnd.oasis.opendocument.spreadsheet ods;
- application/vnd.oasis.opendocument.text odt;
- application/vnd.openxmlformats-officedocument.presentationml.presentation
- pptx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- xlsx;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
- docx;
- application/vnd.wap.wmlc wmlc;
- application/wasm wasm;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xslt+xml xsl xslt;
- application/xspf+xml xspf;
- application/zip zip;
-
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
-
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
-
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/ogg ogv;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-matroska mkv;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
-}
-
-# configuration file /etc/nginx/conf.d/connection-upgrade-map.conf:
-map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
-}
-
-
-# configuration file /etc/nginx/sites-enabled/bin.labunix.xyz-9443.conf:
-server {
- listen 443 ssl;
- http2 on;
- server_name bin.labunix.xyz;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- client_max_body_size 50m;
-
- location / {
- proxy_pass http://127.0.0.1:8081;
-
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- }
-}
-
-
-# configuration file /etc/nginx/sites-enabled/cloud-wg.conf:
-server {
- listen 443 ssl;
- http2 on;
- server_name cloud.labunix.xyz;
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
- client_max_body_size 2G;
-
- location / {
- proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
-}
-
-
-# configuration file /etc/nginx/sites-enabled/etherpad:
-server {
- listen 443 ssl;
- http2 on;
- server_name ether.labunix.xyz;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- limit_req zone=etherpad_req burst=60 nodelay;
- limit_conn etherpad_conn 20;
- client_max_body_size 1m;
-# Admin only (protect both /admin and /admin/)
- location = /admin {
- auth_basic "Etherpad Admin";
- auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
-
- proxy_pass http://127.0.0.1:9001;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 120s;
- proxy_send_timeout 120s;
- proxy_buffering off;
- }
-
- location ^~ /admin/ {
- auth_basic "Etherpad Admin";
- auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
-
- proxy_pass http://127.0.0.1:9001;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 120s;
- proxy_send_timeout 120s;
- proxy_buffering off;
- }
- location / {
- proxy_pass http://127.0.0.1:9001;
-
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 120s;
- proxy_send_timeout 120s;
- proxy_buffering off;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/labunix-i2p.conf:
-server {
- listen 127.0.0.1:8089;
- listen [::1]:8089;
- server_name _;
-
- root /srv/www/labunix/public;
- index index.html;
-
- access_log /var/log/nginx/labunix-i2p.access.log;
- error_log /var/log/nginx/labunix-i2p.error.log;
-
- location / {
- try_files $uri $uri/ =404;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/labunix-onion.conf:
-server {
- listen 127.0.0.1:8088;
- server_name _;
-
- root /srv/www/labunix/public;
- index index.html;
-
- access_log /var/log/nginx/labunix-onion.access.log;
- error_log /var/log/nginx/labunix-onion.error.log;
-
- location / {
- try_files $uri $uri/ =404;
- }
-
- location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
- expires 30d;
- add_header Cache-Control "public, max-age=2592000, immutable";
- try_files $uri =404;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/labunix.conf:
-# HTTP on :9080 (optional: redirect to HTTPS :9443)
-server {
- listen 9080;
- server_name labunix.xyz www.labunix.xyz 10.50.0.1;
-
- # If you want redirect to HTTPS on :9443:
- return 301 https://$host:443$request_uri;
-
- # If you prefer serving plain HTTP instead, comment the return above
- # and uncomment this:
- # root /srv/www/labunix/public;
- # index index.html;
- # location / { try_files $uri $uri/ =404; }
-}
-
-# HTTPS on :9443
-server {
- listen 443 ssl;
- http2 on;
- server_name labunix.xyz www.labunix.xyz 10.50.0.1;
-
- root /srv/www/labunix/public;
- index index.html;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
-
- location / {
- try_files $uri $uri/ =404;
- }
- location /stats/ {
- alias /srv/stats/;
- index goaccess.html;
- allow 127.0.0.1;
- allow 10.50.0.0/24;
- allow 192.168.33.0/24;
- deny all;
- }
-
- location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
- expires 30d;
- add_header Cache-Control "public, max-age=2592000, immutable";
- try_files $uri =404;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/lufi.conf:
-server {
- listen 443 ssl;
- http2 on;
- server_name lufi.labunix.xyz;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- auth_basic "Restricted";
- auth_basic_user_file /etc/nginx/lufi.htpasswd;
-
- access_log /var/log/nginx/vhost.access.log vhost;
- error_log /var/log/nginx/lufi.error.log;
-
- location / {
- proxy_pass http://127.0.0.1:8090;
-
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Forwarded-Port 443;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- add_header X-Frame-Options SAMEORIGIN always;
- add_header X-Content-Type-Options nosniff always;
- client_max_body_size 2G;
- proxy_read_timeout 3600s;
- }
-}
-
-
-# configuration file /etc/nginx/sites-enabled/pad.labunix.xyz-9443.conf:
-# pad.labunix.xyz (main) → HTTP:3101, WS:3103
-server {
- listen 443 ssl;
- http2 on;
- server_name pad.labunix.xyz;
- access_log /var/log/nginx/vhost.access.log vhost;
- ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
- client_max_body_size 100m;
- auth_basic "Restricted";
- auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
-
- location /cryptpad_websocket {
- proxy_pass http://127.0.0.1:3103;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- location / {
- proxy_pass http://127.0.0.1:3101;
- proxy_http_version 1.1;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-}
-
-# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
-server {
- listen 443 ssl;
- http2 on;
- server_name pad-sandbox.labunix.xyz;
- access_log /var/log/nginx/vhost.access.log vhost;
- ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
- client_max_body_size 100m;
-
- location /cryptpad_websocket {
- proxy_pass http://127.0.0.1:3103;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- location / {
- proxy_pass http://127.0.0.1:3101;
- proxy_http_version 1.1;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/pdf.labunix.xyz.conf:
-server {
- listen 443 ssl;
- server_name pdf.labunix.xyz;
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- client_max_body_size 100m;
- auth_basic "Stirling PDF";
- auth_basic_user_file /etc/nginx/.htpasswd;
- location / {
- proxy_pass http://127.0.0.1:9092;
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/search.labunix.xyz.conf:
-limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
-
-server {
- listen 443 ssl;
- http2 on;
- server_name search.labunix.xyz;
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- location / {
- limit_req zone=searxng burst=50 nodelay;
- limit_req_status 429;
-
- proxy_pass http://10.50.0.1:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- }
-}
-
-# configuration file /etc/nginx/sites-enabled/upload.labunix.xyz-9443.conf:
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
- server_name upload.labunix.xyz;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- client_max_body_size 21m;
-
- location / {
- proxy_pass http://127.0.0.1:5280;
-
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_request_buffering off;
- proxy_buffering off;
- }
-}
-
-
-# configuration file /etc/nginx/sites-enabled/vault.labunix.xyz-9443.conf:
-server {
- listen 443 ssl;
- server_name vault.labunix.xyz;
-
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
-
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- client_max_body_size 100m;
-
- location / {
- proxy_pass http://127.0.0.1:9081;
- }
-
- # keep only if you publish 127.0.0.1:3012:3012
- location /notifications/hub {
- proxy_pass http://127.0.0.1:3012;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- }
-
- location /notifications/hub/negotiate {
- proxy_pass http://127.0.0.1:9081;
- }
-}
-
-
-# configuration file /etc/nginx/sites-enabled/wiki.labunix.xyz.conf:
-server {
- listen 443 ssl;
- server_name wiki.labunix.xyz;
- ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- client_max_body_size 100m;
- location / {
- proxy_pass http://127.0.0.1:9093;
- }
-}
-