update nginx and firewall conf for dimension and jitsi

etc/init.d/S41firewall

@@ -259,6 +259,16 @@ if [ "$1" = "start" ]; then
 	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
 
+	# jitsi
+	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170
+	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 4443 -j DNAT --to-destination 192.168.1.19:4443
+	$IPT -w -A FORWARD -p tcp -d 192.168.1.19 --dport 4443 -j ACCEPT
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000
+	$IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT
+
+
 	# MASQUERADE.
 	#------------------------------------------------------------------------------
 

etc/nginx/sites-available/dimension.envs.net.conf

@@ -0,0 +1,27 @@
+### DIMENSION.ENVS.NET - lxc ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+	server_name dimension.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+	server_name dimension.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/dimension.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_pass https://dimension.envs.net;
+	}
+}

etc/nginx/sites-available/envs.net.conf

@@ -72,6 +72,12 @@ server {
 		return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
 	}
 
+	location /.well-known/matrix/integrations {
+		add_header Access-Control-Allow-Origin *;
+		add_header Content-Type application/json;
+		return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
+	}
+
 	location /_matrix {
 		include proxy_params;
 		proxy_ssl_name $http_host;

etc/nginx/sites-available/jitsi.envs.net.conf

@@ -0,0 +1,60 @@
+### JITSI.ENVS.NET - lxc ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_high.conf;
+	server_name jitsi.envs.net;
+
+	location / {
+		include proxy_params;
+		proxy_pass http://jitsi.envs.net;
+	}
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_high.conf;
+	server_name jitsi.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/jitsi.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+
+		proxy_pass https://jitsi.envs.net;
+		tcp_nodelay on;
+	}
+}
+
+#ALIAS
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_def.conf;
+	server_name talk.envs.net;
+
+	location / {
+		return 301 https://jitsi.envs.net/;
+	}
+}
+
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_def.conf;
+	server_name talk.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+	include snippets/local_ssl_header.conf;
+
+	location / {
+		return 301 https://jitsi.envs.net/;
+	}
+}

etc/nginx/sites-available/matrix.envs.net.conf

@@ -30,9 +30,11 @@ server {
 		include proxy_params;
 		proxy_ssl_name $http_host;
 		proxy_ssl_server_name on;
+
 		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "Upgrade";
+
 		proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
 	}
 }

etc/nginx/sites-available/pleroma.envs.net.conf

@@ -22,10 +22,11 @@ server {
 		include proxy_params;
 		proxy_ssl_name $http_host;
 		proxy_ssl_server_name on;
-		proxy_pass https://pleroma.envs.net;
-
+		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "Upgrade";
+
+		proxy_pass https://pleroma.envs.net;
 	}
 }
 

etc/nginx/sites-enabled/dimension.envs.net.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/dimension.envs.net.conf

etc/nginx/sites-enabled/jitsi.envs.net.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/jitsi.envs.net.conf