diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall index a528cbc..f8015c3 100755 --- a/etc/init.d/S41firewall +++ b/etc/init.d/S41firewall @@ -259,6 +259,16 @@ if [ "$1" = "start" ]; then $IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29 $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29 + # jitsi + # => apache2 proxy (http/https) + $IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170 + $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170 + $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 4443 -j DNAT --to-destination 192.168.1.19:4443 + $IPT -w -A FORWARD -p tcp -d 192.168.1.19 --dport 4443 -j ACCEPT + $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000 + $IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT + + # MASQUERADE. #------------------------------------------------------------------------------ diff --git a/etc/nginx/sites-available/dimension.envs.net.conf b/etc/nginx/sites-available/dimension.envs.net.conf new file mode 100644 index 0000000..cfa1bb9 --- /dev/null +++ b/etc/nginx/sites-available/dimension.envs.net.conf @@ -0,0 +1,27 @@ +### DIMENSION.ENVS.NET - lxc ### +server { + include snippets/listen.conf; +# include snippets/ddos_mid.conf; + server_name dimension.envs.net; + + return 307 https://$host$request_uri; +} + +# SSL +server { + include snippets/listen_ssl.conf; +# include snippets/ddos_mid.conf; + server_name dimension.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + + error_log /var/log/nginx/dimension.envs.net-error.log crit; + + location / { + include proxy_params; + proxy_ssl_name $http_host; + proxy_ssl_server_name on; + proxy_pass https://dimension.envs.net; + } +} diff --git a/etc/nginx/sites-available/envs.net.conf b/etc/nginx/sites-available/envs.net.conf index cc3f24c..73acd9c 100644 --- a/etc/nginx/sites-available/envs.net.conf +++ b/etc/nginx/sites-available/envs.net.conf @@ -72,6 +72,12 @@ server { return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}'; } + location /.well-known/matrix/integrations { + add_header Access-Control-Allow-Origin *; + add_header Content-Type application/json; + return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}'; + } + location /_matrix { include proxy_params; proxy_ssl_name $http_host; diff --git a/etc/nginx/sites-available/jitsi.envs.net.conf b/etc/nginx/sites-available/jitsi.envs.net.conf new file mode 100644 index 0000000..3b5ed2e --- /dev/null +++ b/etc/nginx/sites-available/jitsi.envs.net.conf @@ -0,0 +1,60 @@ +### JITSI.ENVS.NET - lxc ### +server { + include snippets/listen.conf; +# include snippets/ddos_high.conf; + server_name jitsi.envs.net; + + location / { + include proxy_params; + proxy_pass http://jitsi.envs.net; + } +} + +# SSL +server { + include snippets/listen_ssl.conf; +# include snippets/ddos_high.conf; + server_name jitsi.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + + error_log /var/log/nginx/jitsi.envs.net-error.log crit; + + location / { + include proxy_params; + proxy_ssl_name $http_host; + proxy_ssl_server_name on; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + proxy_pass https://jitsi.envs.net; + tcp_nodelay on; + } +} + +#ALIAS +server { + include snippets/listen.conf; +# include snippets/ddos_def.conf; + server_name talk.envs.net; + + location / { + return 301 https://jitsi.envs.net/; + } +} + +server { + include snippets/listen_ssl.conf; +# include snippets/ddos_def.conf; + server_name talk.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + include snippets/local_ssl_header.conf; + + location / { + return 301 https://jitsi.envs.net/; + } +} diff --git a/etc/nginx/sites-available/matrix.envs.net.conf b/etc/nginx/sites-available/matrix.envs.net.conf index b9eecae..47724be 100644 --- a/etc/nginx/sites-available/matrix.envs.net.conf +++ b/etc/nginx/sites-available/matrix.envs.net.conf @@ -30,9 +30,11 @@ server { include proxy_params; proxy_ssl_name $http_host; proxy_ssl_server_name on; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs; } } diff --git a/etc/nginx/sites-available/pleroma.envs.net.conf b/etc/nginx/sites-available/pleroma.envs.net.conf index 60b92b1..70dc0d4 100644 --- a/etc/nginx/sites-available/pleroma.envs.net.conf +++ b/etc/nginx/sites-available/pleroma.envs.net.conf @@ -22,10 +22,11 @@ server { include proxy_params; proxy_ssl_name $http_host; proxy_ssl_server_name on; - proxy_pass https://pleroma.envs.net; - + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + + proxy_pass https://pleroma.envs.net; } } diff --git a/etc/nginx/sites-enabled/dimension.envs.net.conf b/etc/nginx/sites-enabled/dimension.envs.net.conf new file mode 120000 index 0000000..f518761 --- /dev/null +++ b/etc/nginx/sites-enabled/dimension.envs.net.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/dimension.envs.net.conf \ No newline at end of file diff --git a/etc/nginx/sites-enabled/jitsi.envs.net.conf b/etc/nginx/sites-enabled/jitsi.envs.net.conf new file mode 120000 index 0000000..0c50d55 --- /dev/null +++ b/etc/nginx/sites-enabled/jitsi.envs.net.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/jitsi.envs.net.conf \ No newline at end of file