aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/nginx/nginx-T.txt
diff options
context:
space:
mode:
Diffstat (limited to 'straper/db/public/nginx/nginx-T.txt')
-rw-r--r--straper/db/public/nginx/nginx-T.txt621
1 files changed, 621 insertions, 0 deletions
diff --git a/straper/db/public/nginx/nginx-T.txt b/straper/db/public/nginx/nginx-T.txt
new file mode 100644
index 0000000..cbe06ce
--- /dev/null
+++ b/straper/db/public/nginx/nginx-T.txt
@@ -0,0 +1,621 @@
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+# configuration file /etc/nginx/nginx.conf:
+user www-data;
+worker_processes auto;
+worker_cpu_affinity auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+ limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s;
+ limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m;
+
+ sendfile on;
+ tcp_nopush on;
+ types_hash_max_size 2048;
+ server_tokens off; # Recommended practice is to turn this off
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
+ ssl_prefer_server_ciphers off; # Don't force server cipher order.
+
+ ##
+ # Logging Settings
+ ##
+ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent"';
+ access_log /var/log/nginx/vhost.access.log vhost;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
+
+# configuration file /etc/nginx/mime.types:
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/avif avif;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/wasm wasm;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xslt+xml xsl xslt;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/ogg ogv;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-matroska mkv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
+
+# configuration file /etc/nginx/conf.d/connection-upgrade-map.conf:
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+
+# configuration file /etc/nginx/sites-enabled/bin.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name bin.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 50m;
+
+ location / {
+ proxy_pass http://127.0.0.1:8081;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/cloud-wg.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name cloud.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ client_max_body_size 2G;
+
+ location / {
+ proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/etherpad:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name ether.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ limit_req zone=etherpad_req burst=60 nodelay;
+ limit_conn etherpad_conn 20;
+ client_max_body_size 1m;
+# Admin only (protect both /admin and /admin/)
+ location = /admin {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+
+ location ^~ /admin/ {
+ auth_basic "Etherpad Admin";
+ auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin;
+
+ proxy_pass http://127.0.0.1:9001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+ location / {
+ proxy_pass http://127.0.0.1:9001;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 120s;
+ proxy_send_timeout 120s;
+ proxy_buffering off;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix-i2p.conf:
+server {
+ listen 127.0.0.1:8089;
+ listen [::1]:8089;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-i2p.access.log;
+ error_log /var/log/nginx/labunix-i2p.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix-onion.conf:
+server {
+ listen 127.0.0.1:8088;
+ server_name _;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ access_log /var/log/nginx/labunix-onion.access.log;
+ error_log /var/log/nginx/labunix-onion.error.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/labunix.conf:
+# HTTP on :9080 (optional: redirect to HTTPS :9443)
+server {
+ listen 9080;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ # If you want redirect to HTTPS on :9443:
+ return 301 https://$host:443$request_uri;
+
+ # If you prefer serving plain HTTP instead, comment the return above
+ # and uncomment this:
+ # root /srv/www/labunix/public;
+ # index index.html;
+ # location / { try_files $uri $uri/ =404; }
+}
+
+# HTTPS on :9443
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name labunix.xyz www.labunix.xyz 10.50.0.1;
+
+ root /srv/www/labunix/public;
+ index index.html;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location /stats/ {
+ alias /srv/stats/;
+ index goaccess.html;
+ allow 127.0.0.1;
+ allow 10.50.0.0/24;
+ allow 192.168.33.0/24;
+ deny all;
+ }
+
+ location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ {
+ expires 30d;
+ add_header Cache-Control "public, max-age=2592000, immutable";
+ try_files $uri =404;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/lufi.conf:
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name lufi.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/lufi.htpasswd;
+
+ access_log /var/log/nginx/vhost.access.log vhost;
+ error_log /var/log/nginx/lufi.error.log;
+
+ location / {
+ proxy_pass http://127.0.0.1:8090;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Port 443;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-Content-Type-Options nosniff always;
+ client_max_body_size 2G;
+ proxy_read_timeout 3600s;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/pad.labunix.xyz-9443.conf:
+# pad.labunix.xyz (main) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+ auth_basic "Restricted";
+ auth_basic_user_file /etc/nginx/htpasswd-cryptpad;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name pad-sandbox.labunix.xyz;
+ access_log /var/log/nginx/vhost.access.log vhost;
+ ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem;
+ client_max_body_size 100m;
+
+ location /cryptpad_websocket {
+ proxy_pass http://127.0.0.1:3103;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:3101;
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/pdf.labunix.xyz.conf:
+server {
+ listen 443 ssl;
+ server_name pdf.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ auth_basic "Stirling PDF";
+ auth_basic_user_file /etc/nginx/.htpasswd;
+ location / {
+ proxy_pass http://127.0.0.1:9092;
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/search.labunix.xyz.conf:
+limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m;
+
+server {
+ listen 443 ssl;
+ http2 on;
+ server_name search.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ location / {
+ limit_req zone=searxng burst=50 nodelay;
+ limit_req_status 429;
+
+ proxy_pass http://10.50.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ }
+}
+
+# configuration file /etc/nginx/sites-enabled/upload.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+ server_name upload.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ client_max_body_size 21m;
+
+ location / {
+ proxy_pass http://127.0.0.1:5280;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_request_buffering off;
+ proxy_buffering off;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/vault.labunix.xyz-9443.conf:
+server {
+ listen 443 ssl;
+ server_name vault.labunix.xyz;
+
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ client_max_body_size 100m;
+
+ location / {
+ proxy_pass http://127.0.0.1:9081;
+ }
+
+ # keep only if you publish 127.0.0.1:3012:3012
+ location /notifications/hub {
+ proxy_pass http://127.0.0.1:3012;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /notifications/hub/negotiate {
+ proxy_pass http://127.0.0.1:9081;
+ }
+}
+
+
+# configuration file /etc/nginx/sites-enabled/wiki.labunix.xyz.conf:
+server {
+ listen 443 ssl;
+ server_name wiki.labunix.xyz;
+ ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ client_max_body_size 100m;
+ location / {
+ proxy_pass http://127.0.0.1:9093;
+ }
+}
+