diff options
Diffstat (limited to 'straper/db/public/nginx/etc-nginx/sites-available')
14 files changed, 465 insertions, 0 deletions
diff --git a/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf new file mode 100644 index 0000000..399893f --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/bin.labunix.xyz-9443.conf @@ -0,0 +1,23 @@ +server { + listen 443 ssl; + http2 on; + server_name bin.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + client_max_body_size 50m; + + location / { + proxy_pass http://127.0.0.1:8081; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf new file mode 100644 index 0000000..1209383 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/cloud-wg.conf @@ -0,0 +1,17 @@ +server { + listen 443 ssl; + http2 on; + server_name cloud.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + client_max_body_size 2G; + + location / { + proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/default b/straper/db/public/nginx/etc-nginx/sites-available/default new file mode 100644 index 0000000..c5af914 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/default @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/etherpad b/straper/db/public/nginx/etc-nginx/sites-available/etherpad new file mode 100644 index 0000000..e7adb82 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/etherpad @@ -0,0 +1,63 @@ +server { + listen 443 ssl; + http2 on; + server_name ether.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + limit_req zone=etherpad_req burst=60 nodelay; + limit_conn etherpad_conn 20; + client_max_body_size 1m; +# Admin only (protect both /admin and /admin/) + location = /admin { + auth_basic "Etherpad Admin"; + auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; + + proxy_pass http://127.0.0.1:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } + + location ^~ /admin/ { + auth_basic "Etherpad Admin"; + auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; + + proxy_pass http://127.0.0.1:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } + location / { + proxy_pass http://127.0.0.1:9001; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + proxy_send_timeout 120s; + proxy_buffering off; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf new file mode 100644 index 0000000..9c9ab7e --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-i2p.conf @@ -0,0 +1,15 @@ +server { + listen 127.0.0.1:8089; + listen [::1]:8089; + server_name _; + + root /srv/www/labunix/public; + index index.html; + + access_log /var/log/nginx/labunix-i2p.access.log; + error_log /var/log/nginx/labunix-i2p.error.log; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf new file mode 100644 index 0000000..b451e66 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix-onion.conf @@ -0,0 +1,20 @@ +server { + listen 127.0.0.1:8088; + server_name _; + + root /srv/www/labunix/public; + index index.html; + + access_log /var/log/nginx/labunix-onion.access.log; + error_log /var/log/nginx/labunix-onion.error.log; + + location / { + try_files $uri $uri/ =404; + } + + location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf new file mode 100644 index 0000000..01043ff --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.conf @@ -0,0 +1,47 @@ +# HTTP on :9080 (optional: redirect to HTTPS :9443) +server { + listen 9080; + server_name labunix.xyz www.labunix.xyz 10.50.0.1; + + # If you want redirect to HTTPS on :9443: + return 301 https://$host:443$request_uri; + + # If you prefer serving plain HTTP instead, comment the return above + # and uncomment this: + # root /srv/www/labunix/public; + # index index.html; + # location / { try_files $uri $uri/ =404; } +} + +# HTTPS on :9443 +server { + listen 443 ssl; + http2 on; + server_name labunix.xyz www.labunix.xyz 10.50.0.1; + + root /srv/www/labunix/public; + index index.html; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always; + + location / { + try_files $uri $uri/ =404; + } + location /stats/ { + alias /srv/stats/; + index goaccess.html; + allow 127.0.0.1; + allow 10.50.0.0/24; + allow 192.168.33.0/24; + deny all; + } + + location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz new file mode 100644 index 0000000..a6267a4 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/labunix.xyz @@ -0,0 +1,9 @@ +server { + listen 9080; + server_name labunix.xyz www.labunix.xyz cloud.labunix.xyz vpn.labunix.xyz; + + root /var/www/labunix; + index index.html; +} + + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf new file mode 100644 index 0000000..0051841 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/lufi.conf @@ -0,0 +1,34 @@ +server { + listen 443 ssl; + http2 on; + server_name lufi.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/lufi.htpasswd; + + access_log /var/log/nginx/vhost.access.log vhost; + error_log /var/log/nginx/lufi.error.log; + + location / { + proxy_pass http://127.0.0.1:8090; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options nosniff always; + client_max_body_size 2G; + proxy_read_timeout 3600s; + } +} + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf new file mode 100644 index 0000000..b0b47df --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/pad.labunix.xyz-9443.conf @@ -0,0 +1,67 @@ +# pad.labunix.xyz (main) → HTTP:3101, WS:3103 +server { + listen 443 ssl; + http2 on; + server_name pad.labunix.xyz; + access_log /var/log/nginx/vhost.access.log vhost; + ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; + client_max_body_size 100m; + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/htpasswd-cryptpad; + + location /cryptpad_websocket { + proxy_pass http://127.0.0.1:3103; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://127.0.0.1:3101; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103 +server { + listen 443 ssl; + http2 on; + server_name pad-sandbox.labunix.xyz; + access_log /var/log/nginx/vhost.access.log vhost; + ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; + client_max_body_size 100m; + + location /cryptpad_websocket { + proxy_pass http://127.0.0.1:3103; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://127.0.0.1:3101; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf new file mode 100644 index 0000000..64c151d --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/search.labunix.xyz.conf @@ -0,0 +1,22 @@ +limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m; + +server { + listen 443 ssl; + http2 on; + server_name search.labunix.xyz; + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + location / { + limit_req zone=searxng burst=50 nodelay; + limit_req_status 429; + + proxy_pass http://10.50.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} diff --git a/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf new file mode 100644 index 0000000..11d7c82 --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/upload.labunix.xyz-9443.conf @@ -0,0 +1,24 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + server_name upload.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + client_max_body_size 21m; + + location / { + proxy_pass http://127.0.0.1:5280; + + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_request_buffering off; + proxy_buffering off; + } +} + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz new file mode 100644 index 0000000..5b1d7de --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz @@ -0,0 +1,2 @@ +# disabled: vault.labunix.xyz config moved elsewhere + diff --git a/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf new file mode 100644 index 0000000..022539a --- /dev/null +++ b/straper/db/public/nginx/etc-nginx/sites-available/vault.labunix.xyz-9443.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + server_name vault.labunix.xyz; + + ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_max_body_size 100m; + + location / { + proxy_pass http://127.0.0.1:9081; + } + + # keep only if you publish 127.0.0.1:3012:3012 + location /notifications/hub { + proxy_pass http://127.0.0.1:3012; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /notifications/hub/negotiate { + proxy_pass http://127.0.0.1:9081; + } +} + |
