diff options
Diffstat (limited to 'straper/db/public/nginx/nginx-T.txt')
| -rw-r--r-- | straper/db/public/nginx/nginx-T.txt | 621 |
1 files changed, 0 insertions, 621 deletions
diff --git a/straper/db/public/nginx/nginx-T.txt b/straper/db/public/nginx/nginx-T.txt deleted file mode 100644 index cbe06ce..0000000 --- a/straper/db/public/nginx/nginx-T.txt +++ /dev/null @@ -1,621 +0,0 @@ -nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -# configuration file /etc/nginx/nginx.conf: -user www-data; -worker_processes auto; -worker_cpu_affinity auto; -pid /run/nginx.pid; -error_log /var/log/nginx/error.log; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - limit_req_zone $binary_remote_addr zone=etherpad_req:10m rate=10r/s; - limit_conn_zone $binary_remote_addr zone=etherpad_conn:10m; - - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; # Recommended practice is to turn this off - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1 - ssl_prefer_server_ciphers off; # Don't force server cipher order. - - ## - # Logging Settings - ## - log_format vhost '$host $remote_addr - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/vhost.access.log vhost; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} - -# configuration file /etc/nginx/mime.types: -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xslt+xml xsl xslt; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-matroska mkv; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} - -# configuration file /etc/nginx/conf.d/connection-upgrade-map.conf: -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - - -# configuration file /etc/nginx/sites-enabled/bin.labunix.xyz-9443.conf: -server { - listen 443 ssl; - http2 on; - server_name bin.labunix.xyz; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - client_max_body_size 50m; - - location / { - proxy_pass http://127.0.0.1:8081; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - - proxy_http_version 1.1; - proxy_set_header Connection ""; - } -} - - -# configuration file /etc/nginx/sites-enabled/cloud-wg.conf: -server { - listen 443 ssl; - http2 on; - server_name cloud.labunix.xyz; - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - client_max_body_size 2G; - - location / { - proxy_pass http://127.0.0.1:9091; # adjust if your upstream differs - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} - - -# configuration file /etc/nginx/sites-enabled/etherpad: -server { - listen 443 ssl; - http2 on; - server_name ether.labunix.xyz; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - limit_req zone=etherpad_req burst=60 nodelay; - limit_conn etherpad_conn 20; - client_max_body_size 1m; -# Admin only (protect both /admin and /admin/) - location = /admin { - auth_basic "Etherpad Admin"; - auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; - - proxy_pass http://127.0.0.1:9001; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 120s; - proxy_send_timeout 120s; - proxy_buffering off; - } - - location ^~ /admin/ { - auth_basic "Etherpad Admin"; - auth_basic_user_file /etc/nginx/htpasswd-etherpad-admin; - - proxy_pass http://127.0.0.1:9001; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 120s; - proxy_send_timeout 120s; - proxy_buffering off; - } - location / { - proxy_pass http://127.0.0.1:9001; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 120s; - proxy_send_timeout 120s; - proxy_buffering off; - } -} - -# configuration file /etc/nginx/sites-enabled/labunix-i2p.conf: -server { - listen 127.0.0.1:8089; - listen [::1]:8089; - server_name _; - - root /srv/www/labunix/public; - index index.html; - - access_log /var/log/nginx/labunix-i2p.access.log; - error_log /var/log/nginx/labunix-i2p.error.log; - - location / { - try_files $uri $uri/ =404; - } -} - -# configuration file /etc/nginx/sites-enabled/labunix-onion.conf: -server { - listen 127.0.0.1:8088; - server_name _; - - root /srv/www/labunix/public; - index index.html; - - access_log /var/log/nginx/labunix-onion.access.log; - error_log /var/log/nginx/labunix-onion.error.log; - - location / { - try_files $uri $uri/ =404; - } - - location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { - expires 30d; - add_header Cache-Control "public, max-age=2592000, immutable"; - try_files $uri =404; - } -} - -# configuration file /etc/nginx/sites-enabled/labunix.conf: -# HTTP on :9080 (optional: redirect to HTTPS :9443) -server { - listen 9080; - server_name labunix.xyz www.labunix.xyz 10.50.0.1; - - # If you want redirect to HTTPS on :9443: - return 301 https://$host:443$request_uri; - - # If you prefer serving plain HTTP instead, comment the return above - # and uncomment this: - # root /srv/www/labunix/public; - # index index.html; - # location / { try_files $uri $uri/ =404; } -} - -# HTTPS on :9443 -server { - listen 443 ssl; - http2 on; - server_name labunix.xyz www.labunix.xyz 10.50.0.1; - - root /srv/www/labunix/public; - index index.html; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - add_header Onion-Location "http://l6xtdi33ubszm2gswstchrb6o4d6aw3ewj2irexlsbzk6pvesky7p2ad.onion$request_uri" always; - - location / { - try_files $uri $uri/ =404; - } - location /stats/ { - alias /srv/stats/; - index goaccess.html; - allow 127.0.0.1; - allow 10.50.0.0/24; - allow 192.168.33.0/24; - deny all; - } - - location ~* \.(css|js|png|jpg|jpeg|gif|svg|webp|ico|woff2?)$ { - expires 30d; - add_header Cache-Control "public, max-age=2592000, immutable"; - try_files $uri =404; - } -} - -# configuration file /etc/nginx/sites-enabled/lufi.conf: -server { - listen 443 ssl; - http2 on; - server_name lufi.labunix.xyz; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/lufi.htpasswd; - - access_log /var/log/nginx/vhost.access.log vhost; - error_log /var/log/nginx/lufi.error.log; - - location / { - proxy_pass http://127.0.0.1:8090; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Port 443; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - add_header X-Frame-Options SAMEORIGIN always; - add_header X-Content-Type-Options nosniff always; - client_max_body_size 2G; - proxy_read_timeout 3600s; - } -} - - -# configuration file /etc/nginx/sites-enabled/pad.labunix.xyz-9443.conf: -# pad.labunix.xyz (main) → HTTP:3101, WS:3103 -server { - listen 443 ssl; - http2 on; - server_name pad.labunix.xyz; - access_log /var/log/nginx/vhost.access.log vhost; - ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; - client_max_body_size 100m; - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/htpasswd-cryptpad; - - location /cryptpad_websocket { - proxy_pass http://127.0.0.1:3103; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location / { - proxy_pass http://127.0.0.1:3101; - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -# pad-sandbox.labunix.xyz (sandbox) → HTTP:3101, WS:3103 -server { - listen 443 ssl; - http2 on; - server_name pad-sandbox.labunix.xyz; - access_log /var/log/nginx/vhost.access.log vhost; - ssl_certificate /etc/letsencrypt/live/pad.labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/pad.labunix.xyz/privkey.pem; - client_max_body_size 100m; - - location /cryptpad_websocket { - proxy_pass http://127.0.0.1:3103; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location / { - proxy_pass http://127.0.0.1:3101; - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -# configuration file /etc/nginx/sites-enabled/pdf.labunix.xyz.conf: -server { - listen 443 ssl; - server_name pdf.labunix.xyz; - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 100m; - auth_basic "Stirling PDF"; - auth_basic_user_file /etc/nginx/.htpasswd; - location / { - proxy_pass http://127.0.0.1:9092; - } -} - -# configuration file /etc/nginx/sites-enabled/search.labunix.xyz.conf: -limit_req_zone $binary_remote_addr zone=searxng:10m rate=30r/m; - -server { - listen 443 ssl; - http2 on; - server_name search.labunix.xyz; - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - location / { - limit_req zone=searxng burst=50 nodelay; - limit_req_status 429; - - proxy_pass http://10.50.0.1:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_http_version 1.1; - proxy_set_header Connection ""; - } -} - -# configuration file /etc/nginx/sites-enabled/upload.labunix.xyz-9443.conf: -server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; - server_name upload.labunix.xyz; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - client_max_body_size 21m; - - location / { - proxy_pass http://127.0.0.1:5280; - - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_request_buffering off; - proxy_buffering off; - } -} - - -# configuration file /etc/nginx/sites-enabled/vault.labunix.xyz-9443.conf: -server { - listen 443 ssl; - server_name vault.labunix.xyz; - - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - client_max_body_size 100m; - - location / { - proxy_pass http://127.0.0.1:9081; - } - - # keep only if you publish 127.0.0.1:3012:3012 - location /notifications/hub { - proxy_pass http://127.0.0.1:3012; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location /notifications/hub/negotiate { - proxy_pass http://127.0.0.1:9081; - } -} - - -# configuration file /etc/nginx/sites-enabled/wiki.labunix.xyz.conf: -server { - listen 443 ssl; - server_name wiki.labunix.xyz; - ssl_certificate /etc/letsencrypt/live/labunix.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/labunix.xyz/privkey.pem; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 100m; - location / { - proxy_pass http://127.0.0.1:9093; - } -} - |
