aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/nginx
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
commit39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch)
tree9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/nginx
parent6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff)
downloadbin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz
bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/nginx')
-rw-r--r--straper/db/public/nginx/etc-nginx/conf.d/connection-upgrade-map.conf5
-rw-r--r--straper/db/public/nginx/etc-nginx/conf.d/logformat-vhost.conf.disabled3
-rw-r--r--straper/db/public/nginx/etc-nginx/fastcgi.conf27
-rw-r--r--straper/db/public/nginx/etc-nginx/fastcgi_params26
-rw-r--r--straper/db/public/nginx/etc-nginx/koi-utf109
-rw-r--r--straper/db/public/nginx/etc-nginx/koi-win103
-rw-r--r--straper/db/public/nginx/etc-nginx/mime.types101
-rw-r--r--straper/db/public/nginx/etc-nginx/nginx.conf88
-rw-r--r--straper/db/public/nginx/etc-nginx/proxy_params4
-rw-r--r--straper/db/public/nginx/etc-nginx/scgi_params17
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf23
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf17
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/default91
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/etherpad63
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf15
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf20
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix.conf47
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz9
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/lufi.conf34
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf67
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf22
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf24
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz2
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf31
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/bin.labunix.xyz-9443.conf23
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/cloud-wg.conf17
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/etherpad63
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/labunix-i2p.conf15
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/labunix-onion.conf20
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/labunix.conf47
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/lufi.conf34
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/pad.labunix.xyz-9443.conf67
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/pdf.labunix.xyz.conf16
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/search.labunix.xyz.conf22
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/upload.labunix.xyz-9443.conf24
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/vault.labunix.xyz-9443.conf31
-rw-r--r--straper/db/public/nginx/etc-nginx/sites-enabled/wiki.labunix.xyz.conf14
-rw-r--r--straper/db/public/nginx/etc-nginx/snippets/fastcgi-php.conf13
-rw-r--r--straper/db/public/nginx/etc-nginx/snippets/snakeoil.conf5
-rw-r--r--straper/db/public/nginx/etc-nginx/uwsgi_params17
-rw-r--r--straper/db/public/nginx/etc-nginx/win-utf125
-rw-r--r--straper/db/public/nginx/nginx-T.txt621
-rw-r--r--straper/db/public/nginx/nginx-t.txt2
-rw-r--r--straper/db/public/nginx/nginx-version.txt1
44 files changed, 2125 insertions, 0 deletions
diff --git a/straper/db/public/nginx/etc-nginx/conf.d/connection-upgrade-map.conf b/straper/db/public/nginx/etc-nginx/conf.d/connection-upgrade-map.conf
new file mode 100644
index 0000000..22ff033
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/conf.d/connection-upgrade-map.conf
@@ -0,0 +1,5 @@
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/conf.d/logformat-vhost.conf.disabled b/straper/db/public/nginx/etc-nginx/conf.d/logformat-vhost.conf.disabled
new file mode 100644
index 0000000..58e78d1
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/conf.d/logformat-vhost.conf.disabled
@@ -0,0 +1,3 @@
+log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
diff --git a/straper/db/public/nginx/etc-nginx/fastcgi.conf b/straper/db/public/nginx/etc-nginx/fastcgi.conf
new file mode 100644
index 0000000..d53a628
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/fastcgi.conf
@@ -0,0 +1,27 @@
+
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param REMOTE_USER $remote_user;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/straper/db/public/nginx/etc-nginx/fastcgi_params b/straper/db/public/nginx/etc-nginx/fastcgi_params
new file mode 100644
index 0000000..69c4387
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/fastcgi_params
@@ -0,0 +1,26 @@
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param REMOTE_USER $remote_user;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/straper/db/public/nginx/etc-nginx/koi-utf b/straper/db/public/nginx/etc-nginx/koi-utf
new file mode 100644
index 0000000..e7974ff
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/koi-utf
@@ -0,0 +1,109 @@
+
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC ; # euro
+
+ 95 E280A2 ; # bullet
+
+ 9A C2A0 ; # &nbsp;
+
+ 9E C2B7 ; # &middot;
+
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+
+ B0 C2B0 ; # &deg;
+
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+
+ B9 E28496 ; # numero sign
+
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+
+ BF C2A9 ; # (C)
+
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
+}
diff --git a/straper/db/public/nginx/etc-nginx/koi-win b/straper/db/public/nginx/etc-nginx/koi-win
new file mode 100644
index 0000000..72afabe
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/koi-win
@@ -0,0 +1,103 @@
+
+charset_map koi8-r windows-1251 {
+
+ 80 88 ; # euro
+
+ 95 95 ; # bullet
+
+ 9A A0 ; # &nbsp;
+
+ 9E B7 ; # &middot;
+
+ A3 B8 ; # small yo
+ A4 BA ; # small Ukrainian ye
+
+ A6 B3 ; # small Ukrainian i
+ A7 BF ; # small Ukrainian yi
+
+ AD B4 ; # small Ukrainian soft g
+ AE A2 ; # small Byelorussian short u
+
+ B0 B0 ; # &deg;
+
+ B3 A8 ; # capital YO
+ B4 AA ; # capital Ukrainian YE
+
+ B6 B2 ; # capital Ukrainian I
+ B7 AF ; # capital Ukrainian YI
+
+ B9 B9 ; # numero sign
+
+ BD A5 ; # capital Ukrainian soft G
+ BE A1 ; # capital Byelorussian short U
+
+ BF A9 ; # (C)
+
+ C0 FE ; # small yu
+ C1 E0 ; # small a
+ C2 E1 ; # small b
+ C3 F6 ; # small ts
+ C4 E4 ; # small d
+ C5 E5 ; # small ye
+ C6 F4 ; # small f
+ C7 E3 ; # small g
+ C8 F5 ; # small kh
+ C9 E8 ; # small i
+ CA E9 ; # small j
+ CB EA ; # small k
+ CC EB ; # small l
+ CD EC ; # small m
+ CE ED ; # small n
+ CF EE ; # small o
+
+ D0 EF ; # small p
+ D1 FF ; # small ya
+ D2 F0 ; # small r
+ D3 F1 ; # small s
+ D4 F2 ; # small t
+ D5 F3 ; # small u
+ D6 E6 ; # small zh
+ D7 E2 ; # small v
+ D8 FC ; # small soft sign
+ D9 FB ; # small y
+ DA E7 ; # small z
+ DB F8 ; # small sh
+ DC FD ; # small e
+ DD F9 ; # small shch
+ DE F7 ; # small ch
+ DF FA ; # small hard sign
+
+ E0 DE ; # capital YU
+ E1 C0 ; # capital A
+ E2 C1 ; # capital B
+ E3 D6 ; # capital TS
+ E4 C4 ; # capital D
+ E5 C5 ; # capital YE
+ E6 D4 ; # capital F
+ E7 C3 ; # capital G
+ E8 D5 ; # capital KH
+ E9 C8 ; # capital I
+ EA C9 ; # capital J
+ EB CA ; # capital K
+ EC CB ; # capital L
+ ED CC ; # capital M
+ EE CD ; # capital N
+ EF CE ; # capital O
+
+ F0 CF ; # capital P
+ F1 DF ; # capital YA
+ F2 D0 ; # capital R
+ F3 D1 ; # capital S
+ F4 D2 ; # capital T
+ F5 D3 ; # capital U
+ F6 C6 ; # capital ZH
+ F7 C2 ; # capital V
+ F8 DC ; # capital soft sign
+ F9 DB ; # capital Y
+ FA C7 ; # capital Z
+ FB D8 ; # capital SH
+ FC DD ; # capital E
+ FD D9 ; # capital SHCH
+ FE D7 ; # capital CH
+ FF DA ; # capital hard sign
+}
diff --git a/straper/db/public/nginx/etc-nginx/mime.types b/straper/db/public/nginx/etc-nginx/mime.types
new file mode 100644
index 0000000..cf968c0
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/mime.types
@@ -0,0 +1,101 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/avif avif;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/wasm wasm;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xslt+xml xsl xslt;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/ogg ogv;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-matroska mkv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
diff --git a/straper/db/public/nginx/etc-nginx/nginx.conf b/straper/db/public/nginx/etc-nginx/nginx.conf
new file mode 100644
index 0000000..8842189
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/nginx.conf
@@ -0,0 +1,88 @@
+user www-data;
+worker_processes auto;
+worker_cpu_affinity auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+ limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s;
+ limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m;
+
+ sendfile on;
+ tcp_nopush on;
+ types_hash_max_size 2048;
+ server_tokens off; # Recommended practice is to turn this off
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
+ ssl_prefer_server_ciphers off; # Don't force server cipher order.
+
+ ##
+ # Logging Settings
+ ##
+ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+ access_log /var/log/nginx/vhost.access.log vhost;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
diff --git a/straper/db/public/nginx/etc-nginx/proxy_params b/straper/db/public/nginx/etc-nginx/proxy_params
new file mode 100644
index 0000000..df75bc5
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/proxy_params
@@ -0,0 +1,4 @@
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/straper/db/public/nginx/etc-nginx/scgi_params b/straper/db/public/nginx/etc-nginx/scgi_params
new file mode 100644
index 0000000..6d4ce4f
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/scgi_params
@@ -0,0 +1,17 @@
+
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param REQUEST_SCHEME $scheme;
+scgi_param HTTPS $https if_not_empty;
+
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf
new file mode 100644
index 0000000..399893f
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name bin.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 50m;
+
+ location / {
+ proxy_pass http://127.0.0.1:8081;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf
new file mode 100644
index 0000000..1209383
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf
@@ -0,0 +1,17 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name cloud.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ client_max_body_size 2G;
+
+ location / {
+ proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/default b/straper/db/public/nginx/etc-nginx/sites-available/default
new file mode 100644
index 0000000..c5af914
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/default
@@ -0,0 +1,91 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # SSL configuration
+ #
+ # listen 443 ssl default_server;
+ # listen [::]:443 ssl default_server;
+ #
+ # Note: You should disable gzip for SSL traffic.
+ # See: https://bugs.debian.org/773332
+ #
+ # Read up on ssl_ciphers to ensure a secure configuration.
+ # See: https://bugs.debian.org/765782
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ # include snippets/snakeoil.conf;
+
+ root /var/www/html;
+
+ # Add index.php to the list if you are using PHP
+ index index.html index.htm index.nginx-debian.html;
+
+ server_name _;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ # pass PHP scripts to FastCGI server
+ #
+ #location ~ \.php$ {
+ # include snippets/fastcgi-php.conf;
+ #
+ # # With php-fpm (or other unix sockets):
+ # fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+ # # With php-cgi (or other tcp sockets):
+ # fastcgi_pass 127.0.0.1:9000;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+# listen 80;
+# listen [::]:80;
+#
+# server_name example.com;
+#
+# root /var/www/example.com;
+# index index.html;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/etherpad b/straper/db/public/nginx/etc-nginx/sites-available/etherpad
new file mode 100644
index 0000000..e7adb82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/etherpad
@@ -0,0 +1,63 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name ether.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ limit_req zone=etherpad_req burst=60 nodelay;
+ limit_conn etherpad_conn 20;
+ client_max_body_size 1m;
+# Admin only (protect both /admin and /admin/)
+ location = /admin {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+
+ location ^~ /admin/ {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+ location / {
+ proxy_pass http://127.0.0.1:9001;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf
new file mode 100644
index 0000000..9c9ab7e
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf
@@ -0,0 +1,15 @@
+server {
+ listen 127.0.0.1:8089;
+ listen [::1]:8089;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-i2p.access.log;
+ error_log /var/log/nginx/labunix-i2p.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf
new file mode 100644
index 0000000..b451e66
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf
@@ -0,0 +1,20 @@
+server {
+ listen 127.0.0.1:8088;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-onion.access.log;
+ error_log /var/log/nginx/labunix-onion.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf
new file mode 100644
index 0000000..01043ff
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf
@@ -0,0 +1,47 @@
+# HTTP on :9080 (optional: redirect to HTTPS :9443)
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ # If you want redirect to HTTPS on :9443:
+ return 301 https://$host:443$request_uri;
+
+ # If you prefer serving plain HTTP instead, comment the return above
+ # and uncomment this:
+ # root /srv/www/labunix/public;
+ # index index.html;
+ # location / { try_files $uri $uri/ =404; }
+}
+
+# HTTPS on :9443
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location /stats/ {
+ alias /srv/stats/;
+ index goaccess.html;
+ allow 127.0.0.1;
+ allow 10.50.0.0/24;
+ allow 192.168.33.0/24;
+ deny all;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz
new file mode 100644
index 0000000..a6267a4
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz
@@ -0,0 +1,9 @@
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz cloud.labunix.xyz vpn.labunix.xyz;
+
+ root /var/www/labunix;
+ index index.html;
+}
+
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf
new file mode 100644
index 0000000..0051841
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf
@@ -0,0 +1,34 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name lufi.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/lufi.htpasswd;
+
+ access_log /var/log/nginx/vhost.access.log vhost;
+ error_log /var/log/nginx/lufi.error.log;
+
+ location / {
+ proxy_pass http://127.0.0.1:8090;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Port 443;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options nosniff always;
+ client_max_body_size 2G;
+ proxy_read_timeout 3600s;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf
new file mode 100644
index 0000000..b0b47df
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf
@@ -0,0 +1,67 @@
+# pad.labunix.xyz (main) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad-sandbox.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf
new file mode 100644
index 0000000..64c151d
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf
@@ -0,0 +1,22 @@
+limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
+
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name search.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ location / {
+ limit_req zone=searxng burst=50 nodelay;
+ limit_req_status 429;
+
+ proxy_pass http://10.50.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf
new file mode 100644
index 0000000..11d7c82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf
@@ -0,0 +1,24 @@
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name upload.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 21m;
+
+ location / {
+ proxy_pass http://127.0.0.1:5280;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_request_buffering off;
+ proxy_buffering off;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz
new file mode 100644
index 0000000..5b1d7de
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz
@@ -0,0 +1,2 @@
+# disabled: vault.labunix.xyz config moved elsewhere
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf
new file mode 100644
index 0000000..022539a
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf
@@ -0,0 +1,31 @@
+server {
+ listen 443 ssl;
+ server_name vault.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ client_max_body_size 100m;
+
+ location / {
+ proxy_pass http://127.0.0.1:9081;
+ }
+
+ # keep only if you publish 127.0.0.1:3012:3012
+ location /notifications/hub {
+ proxy_pass http://127.0.0.1:3012;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /notifications/hub/negotiate {
+ proxy_pass http://127.0.0.1:9081;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/bin.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/bin.labunix.xyz-9443.conf
new file mode 100644
index 0000000..399893f
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/bin.labunix.xyz-9443.conf
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name bin.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 50m;
+
+ location / {
+ proxy_pass http://127.0.0.1:8081;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/cloud-wg.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/cloud-wg.conf
new file mode 100644
index 0000000..1209383
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/cloud-wg.conf
@@ -0,0 +1,17 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name cloud.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ client_max_body_size 2G;
+
+ location / {
+ proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/etherpad b/straper/db/public/nginx/etc-nginx/sites-enabled/etherpad
new file mode 100644
index 0000000..e7adb82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/etherpad
@@ -0,0 +1,63 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name ether.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ limit_req zone=etherpad_req burst=60 nodelay;
+ limit_conn etherpad_conn 20;
+ client_max_body_size 1m;
+# Admin only (protect both /admin and /admin/)
+ location = /admin {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+
+ location ^~ /admin/ {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+ location / {
+ proxy_pass http://127.0.0.1:9001;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-i2p.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-i2p.conf
new file mode 100644
index 0000000..9c9ab7e
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-i2p.conf
@@ -0,0 +1,15 @@
+server {
+ listen 127.0.0.1:8089;
+ listen [::1]:8089;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-i2p.access.log;
+ error_log /var/log/nginx/labunix-i2p.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-onion.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-onion.conf
new file mode 100644
index 0000000..b451e66
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix-onion.conf
@@ -0,0 +1,20 @@
+server {
+ listen 127.0.0.1:8088;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-onion.access.log;
+ error_log /var/log/nginx/labunix-onion.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/labunix.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix.conf
new file mode 100644
index 0000000..01043ff
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/labunix.conf
@@ -0,0 +1,47 @@
+# HTTP on :9080 (optional: redirect to HTTPS :9443)
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ # If you want redirect to HTTPS on :9443:
+ return 301 https://$host:443$request_uri;
+
+ # If you prefer serving plain HTTP instead, comment the return above
+ # and uncomment this:
+ # root /srv/www/labunix/public;
+ # index index.html;
+ # location / { try_files $uri $uri/ =404; }
+}
+
+# HTTPS on :9443
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location /stats/ {
+ alias /srv/stats/;
+ index goaccess.html;
+ allow 127.0.0.1;
+ allow 10.50.0.0/24;
+ allow 192.168.33.0/24;
+ deny all;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/lufi.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/lufi.conf
new file mode 100644
index 0000000..0051841
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/lufi.conf
@@ -0,0 +1,34 @@
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name lufi.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/lufi.htpasswd;
+
+ access_log /var/log/nginx/vhost.access.log vhost;
+ error_log /var/log/nginx/lufi.error.log;
+
+ location / {
+ proxy_pass http://127.0.0.1:8090;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Port 443;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options nosniff always;
+ client_max_body_size 2G;
+ proxy_read_timeout 3600s;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/pad.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/pad.labunix.xyz-9443.conf
new file mode 100644
index 0000000..b0b47df
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/pad.labunix.xyz-9443.conf
@@ -0,0 +1,67 @@
+# pad.labunix.xyz (main) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad-sandbox.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/pdf.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/pdf.labunix.xyz.conf
new file mode 100644
index 0000000..ba98952
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/pdf.labunix.xyz.conf
@@ -0,0 +1,16 @@
+server {
+ listen 443 ssl;
+ server_name pdf.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ auth_basic "Stirling PDF";
+ auth_basic_user_file /etc/nginx/.htpasswd;
+ location / {
+ proxy_pass http://127.0.0.1:9092;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/search.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/search.labunix.xyz.conf
new file mode 100644
index 0000000..64c151d
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/search.labunix.xyz.conf
@@ -0,0 +1,22 @@
+limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
+
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name search.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ location / {
+ limit_req zone=searxng burst=50 nodelay;
+ limit_req_status 429;
+
+ proxy_pass http://10.50.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/upload.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/upload.labunix.xyz-9443.conf
new file mode 100644
index 0000000..11d7c82
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/upload.labunix.xyz-9443.conf
@@ -0,0 +1,24 @@
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name upload.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 21m;
+
+ location / {
+ proxy_pass http://127.0.0.1:5280;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_request_buffering off;
+ proxy_buffering off;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/vault.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/vault.labunix.xyz-9443.conf
new file mode 100644
index 0000000..022539a
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/vault.labunix.xyz-9443.conf
@@ -0,0 +1,31 @@
+server {
+ listen 443 ssl;
+ server_name vault.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ client_max_body_size 100m;
+
+ location / {
+ proxy_pass http://127.0.0.1:9081;
+ }
+
+ # keep only if you publish 127.0.0.1:3012:3012
+ location /notifications/hub {
+ proxy_pass http://127.0.0.1:3012;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /notifications/hub/negotiate {
+ proxy_pass http://127.0.0.1:9081;
+ }
+}
+
diff --git a/straper/db/public/nginx/etc-nginx/sites-enabled/wiki.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-enabled/wiki.labunix.xyz.conf
new file mode 100644
index 0000000..d596b3d
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/sites-enabled/wiki.labunix.xyz.conf
@@ -0,0 +1,14 @@
+server {
+ listen 443 ssl;
+ server_name wiki.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ location / {
+ proxy_pass http://127.0.0.1:9093;
+ }
+}
diff --git a/straper/db/public/nginx/etc-nginx/snippets/fastcgi-php.conf b/straper/db/public/nginx/etc-nginx/snippets/fastcgi-php.conf
new file mode 100644
index 0000000..467a9e7
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/snippets/fastcgi-php.conf
@@ -0,0 +1,13 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+# Check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+fastcgi_index index.php;
+include fastcgi.conf;
diff --git a/straper/db/public/nginx/etc-nginx/snippets/snakeoil.conf b/straper/db/public/nginx/etc-nginx/snippets/snakeoil.conf
new file mode 100644
index 0000000..ad26c3e
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/snippets/snakeoil.conf
@@ -0,0 +1,5 @@
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
diff --git a/straper/db/public/nginx/etc-nginx/uwsgi_params b/straper/db/public/nginx/etc-nginx/uwsgi_params
new file mode 100644
index 0000000..09c732c
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/uwsgi_params
@@ -0,0 +1,17 @@
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
diff --git a/straper/db/public/nginx/etc-nginx/win-utf b/straper/db/public/nginx/etc-nginx/win-utf
new file mode 100644
index 0000000..774fd9f
--- /dev/null
+++ b/straper/db/public/nginx/etc-nginx/win-utf
@@ -0,0 +1,125 @@
+# This map is not a full windows-1251 <> utf8 map: it does not
+# contain Serbian and Macedonian letters. If you need a full map,
+# use contrib/unicode2nginx/win-utf map instead.
+
+charset_map windows-1251 utf-8 {
+
+ 82 E2809A; # single low-9 quotation mark
+
+ 84 E2809E; # double low-9 quotation mark
+ 85 E280A6; # ellipsis
+ 86 E280A0; # dagger
+ 87 E280A1; # double dagger
+ 88 E282AC; # euro
+ 89 E280B0; # per mille
+
+ 91 E28098; # left single quotation mark
+ 92 E28099; # right single quotation mark
+ 93 E2809C; # left double quotation mark
+ 94 E2809D; # right double quotation mark
+ 95 E280A2; # bullet
+ 96 E28093; # en dash
+ 97 E28094; # em dash
+
+ 99 E284A2; # trade mark sign
+
+ A0 C2A0; # &nbsp;
+ A1 D18E; # capital Byelorussian short U
+ A2 D19E; # small Byelorussian short u
+
+ A4 C2A4; # currency sign
+ A5 D290; # capital Ukrainian soft G
+ A6 C2A6; # borken bar
+ A7 C2A7; # section sign
+ A8 D081; # capital YO
+ A9 C2A9; # (C)
+ AA D084; # capital Ukrainian YE
+ AB C2AB; # left-pointing double angle quotation mark
+ AC C2AC; # not sign
+ AD C2AD; # soft hypen
+ AE C2AE; # (R)
+ AF D087; # capital Ukrainian YI
+
+ B0 C2B0; # &deg;
+ B1 C2B1; # plus-minus sign
+ B2 D086; # capital Ukrainian I
+ B3 D196; # small Ukrainian i
+ B4 D291; # small Ukrainian soft g
+ B5 C2B5; # micro sign
+ B6 C2B6; # pilcrow sign
+ B7 C2B7; # &middot;
+ B8 D191; # small yo
+ B9 E28496; # numero sign
+ BA D194; # small Ukrainian ye
+ BB C2BB; # right-pointing double angle quotation mark
+
+ BF D197; # small Ukrainian yi
+
+ C0 D090; # capital A
+ C1 D091; # capital B
+ C2 D092; # capital V
+ C3 D093; # capital G
+ C4 D094; # capital D
+ C5 D095; # capital YE
+ C6 D096; # capital ZH
+ C7 D097; # capital Z
+ C8 D098; # capital I
+ C9 D099; # capital J
+ CA D09A; # capital K
+ CB D09B; # capital L
+ CC D09C; # capital M
+ CD D09D; # capital N
+ CE D09E; # capital O
+ CF D09F; # capital P
+
+ D0 D0A0; # capital R
+ D1 D0A1; # capital S
+ D2 D0A2; # capital T
+ D3 D0A3; # capital U
+ D4 D0A4; # capital F
+ D5 D0A5; # capital KH
+ D6 D0A6; # capital TS
+ D7 D0A7; # capital CH
+ D8 D0A8; # capital SH
+ D9 D0A9; # capital SHCH
+ DA D0AA; # capital hard sign
+ DB D0AB; # capital Y
+ DC D0AC; # capital soft sign
+ DD D0AD; # capital E
+ DE D0AE; # capital YU
+ DF D0AF; # capital YA
+
+ E0 D0B0; # small a
+ E1 D0B1; # small b
+ E2 D0B2; # small v
+ E3 D0B3; # small g
+ E4 D0B4; # small d
+ E5 D0B5; # small ye
+ E6 D0B6; # small zh
+ E7 D0B7; # small z
+ E8 D0B8; # small i
+ E9 D0B9; # small j
+ EA D0BA; # small k
+ EB D0BB; # small l
+ EC D0BC; # small m
+ ED D0BD; # small n
+ EE D0BE; # small o
+ EF D0BF; # small p
+
+ F0 D180; # small r
+ F1 D181; # small s
+ F2 D182; # small t
+ F3 D183; # small u
+ F4 D184; # small f
+ F5 D185; # small kh
+ F6 D186; # small ts
+ F7 D187; # small ch
+ F8 D188; # small sh
+ F9 D189; # small shch
+ FA D18A; # small hard sign
+ FB D18B; # small y
+ FC D18C; # small soft sign
+ FD D18D; # small e
+ FE D18E; # small yu
+ FF D18F; # small ya
+}
diff --git a/straper/db/public/nginx/nginx-T.txt b/straper/db/public/nginx/nginx-T.txt
new file mode 100644
index 0000000..cbe06ce
--- /dev/null
+++ b/straper/db/public/nginx/nginx-T.txt
@@ -0,0 +1,621 @@
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+# configuration file /etc/nginx/nginx.conf:
+user www-data;
+worker_processes auto;
+worker_cpu_affinity auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+ limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s;
+ limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m;
+
+ sendfile on;
+ tcp_nopush on;
+ types_hash_max_size 2048;
+ server_tokens off; # Recommended practice is to turn this off
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
+ ssl_prefer_server_ciphers off; # Don't force server cipher order.
+
+ ##
+ # Logging Settings
+ ##
+ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+ access_log /var/log/nginx/vhost.access.log vhost;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
+
+# configuration file /etc/nginx/mime.types:
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/avif avif;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/wasm wasm;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xslt+xml xsl xslt;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/ogg ogv;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-matroska mkv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
+
+# configuration file /etc/nginx/conf.d/connection-upgrade-map.conf:
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+
+# configuration file /etc/nginx/sites-enabled/bin.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name bin.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 50m;
+
+ location / {
+ proxy_pass http://127.0.0.1:8081;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/cloud-wg.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name cloud.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ client_max_body_size 2G;
+
+ location / {
+ proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/etherpad:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name ether.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ limit_req zone=etherpad_req burst=60 nodelay;
+ limit_conn etherpad_conn 20;
+ client_max_body_size 1m;
+# Admin only (protect both /admin and /admin/)
+ location = /admin {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+
+ location ^~ /admin/ {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+ location / {
+ proxy_pass http://127.0.0.1:9001;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix-i2p.conf:
+server {
+ listen 127.0.0.1:8089;
+ listen [::1]:8089;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-i2p.access.log;
+ error_log /var/log/nginx/labunix-i2p.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix-onion.conf:
+server {
+ listen 127.0.0.1:8088;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-onion.access.log;
+ error_log /var/log/nginx/labunix-onion.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix.conf:
+# HTTP on :9080 (optional: redirect to HTTPS :9443)
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ # If you want redirect to HTTPS on :9443:
+ return 301 https://$host:443$request_uri;
+
+ # If you prefer serving plain HTTP instead, comment the return above
+ # and uncomment this:
+ # root /srv/www/labunix/public;
+ # index index.html;
+ # location / { try_files $uri $uri/ =404; }
+}
+
+# HTTPS on :9443
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location /stats/ {
+ alias /srv/stats/;
+ index goaccess.html;
+ allow 127.0.0.1;
+ allow 10.50.0.0/24;
+ allow 192.168.33.0/24;
+ deny all;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/lufi.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name lufi.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/lufi.htpasswd;
+
+ access_log /var/log/nginx/vhost.access.log vhost;
+ error_log /var/log/nginx/lufi.error.log;
+
+ location / {
+ proxy_pass http://127.0.0.1:8090;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Port 443;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options nosniff always;
+ client_max_body_size 2G;
+ proxy_read_timeout 3600s;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/pad.labunix.xyz-9443.conf:
+# pad.labunix.xyz (main) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad-sandbox.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/pdf.labunix.xyz.conf:
+server {
+ listen 443 ssl;
+ server_name pdf.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ auth_basic "Stirling PDF";
+ auth_basic_user_file /etc/nginx/.htpasswd;
+ location / {
+ proxy_pass http://127.0.0.1:9092;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/search.labunix.xyz.conf:
+limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
+
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name search.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ location / {
+ limit_req zone=searxng burst=50 nodelay;
+ limit_req_status 429;
+
+ proxy_pass http://10.50.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/upload.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name upload.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 21m;
+
+ location / {
+ proxy_pass http://127.0.0.1:5280;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_request_buffering off;
+ proxy_buffering off;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/vault.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ server_name vault.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ client_max_body_size 100m;
+
+ location / {
+ proxy_pass http://127.0.0.1:9081;
+ }
+
+ # keep only if you publish 127.0.0.1:3012:3012
+ location /notifications/hub {
+ proxy_pass http://127.0.0.1:3012;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /notifications/hub/negotiate {
+ proxy_pass http://127.0.0.1:9081;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/wiki.labunix.xyz.conf:
+server {
+ listen 443 ssl;
+ server_name wiki.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ location / {
+ proxy_pass http://127.0.0.1:9093;
+ }
+}
+
diff --git a/straper/db/public/nginx/nginx-t.txt b/straper/db/public/nginx/nginx-t.txt
new file mode 100644
index 0000000..159c3ad
--- /dev/null
+++ b/straper/db/public/nginx/nginx-t.txt
@@ -0,0 +1,2 @@
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
diff --git a/straper/db/public/nginx/nginx-version.txt b/straper/db/public/nginx/nginx-version.txt
new file mode 100644
index 0000000..7b54066
--- /dev/null
+++ b/straper/db/public/nginx/nginx-version.txt
@@ -0,0 +1 @@
+nginx version: nginx/1.26.3