mirror of https://git.envs.net/envs/ops.git
update
This commit is contained in:
parent
a9fdc5c400
commit
114ff933b6
|
|
@ -185,11 +185,16 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -t nat -A PREROUTING -d 5.199.136.28 -p tcp --dport 995 -j DNAT --to-destination 192.168.1.3:995
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 995 -j ACCEPT
|
||||
#
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.4 -s 192.168.1.3 -j SNAT --to 192.168.1.3
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.4 -s 192.168.1.3 -j SNAT --to 5.199.136.28
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.3 -j SNAT --to 5.199.136.28
|
||||
|
||||
# mail-lists
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A PREROUTING -s 192.168.1.3 -d 5.199.136.29 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.4:25
|
||||
$IPT -w -t nat -A PREROUTING -s 5.199.136.28 -d 5.199.136.29 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.4:25
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.4 --dport 25 -j ACCEPT
|
||||
#
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||
|
||||
# gitea
|
||||
|
|
@ -206,6 +211,17 @@ if [ "$1" = "start" ]; then
|
|||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.12 -j SNAT --to 89.163.145.170
|
||||
|
||||
# drone
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.13 -j SNAT --to 5.199.130.141
|
||||
|
||||
# matrix
|
||||
# => apache2 proxy (http/https)
|
||||
#
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170
|
||||
|
||||
# 0x0
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 9999 -j DNAT --to-destination 192.168.1.15:9999
|
||||
|
|
|
|||
|
|
@ -11,6 +11,35 @@ for domain in $RENEWED_DOMAINS; do
|
|||
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
||||
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||
|
||||
# matrix
|
||||
matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse
|
||||
cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/
|
||||
cp "$daemon_cert_root/chain.pem" "$matrix_dir"/
|
||||
cp "$daemon_cert_root/fullchain.pem" "$matrix_dir"/
|
||||
chmod 600 "$matrix_dir"/*.pem
|
||||
chown 108:0 "$matrix_dir"/*.pem
|
||||
lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart matrix-synapse"
|
||||
|
||||
# mail
|
||||
lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
||||
# mailinglists
|
||||
lxc-attach -n lists -- bash -c "systemctl reload nginx postfix"
|
||||
|
||||
# gitea
|
||||
lxc-attach -n gitea -- bash -c "systemctl reload nginx"
|
||||
|
||||
# searx
|
||||
lxc-attach -n searx -- bash -c "systemctl reload nginx"
|
||||
|
||||
# cryptad
|
||||
lxc-attach -n pad -- bash -c "systemctl reload nginx"
|
||||
|
||||
# tt-rss
|
||||
lxc-attach -n rss -- bash -c "systemctl restart apache2"
|
||||
|
||||
# privatebin
|
||||
lxc-attach -n pb -- bash -c "systemctl restart apache2"
|
||||
;;
|
||||
|
||||
envs.sh)
|
||||
|
|
@ -20,6 +49,8 @@ for domain in $RENEWED_DOMAINS; do
|
|||
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
||||
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||
# 0x0 / fiche
|
||||
lxc-attach -n null -- bash -c "systemctl reload nginx"
|
||||
;;
|
||||
|
||||
znc.envs.net)
|
||||
|
|
@ -30,6 +61,7 @@ for domain in $RENEWED_DOMAINS; do
|
|||
cat /etc/ssl/certs/envs_dhparam.pem >> "$daemon_cert_root/znc.pem"
|
||||
chown znc "$daemon_cert_root/znc.pem"
|
||||
chmod 600 "$daemon_cert_root/znc.pem"
|
||||
systemctl restart znc
|
||||
;;
|
||||
|
||||
esac
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
### SEARX.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name matrix.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name matrix.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/matrix.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://matrix.envs.net;
|
||||
}
|
||||
}
|
||||
|
|
@ -3,7 +3,7 @@ server {
|
|||
include snippets/listen_local.conf;
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name lounge.envs.net webirc.envs.net;
|
||||
server_name thelounge.envs.net lounge.envs.net webirc.envs.net;
|
||||
return 307 https://webirc.envs.net$request_uri;
|
||||
}
|
||||
|
||||
|
|
@ -11,7 +11,7 @@ server {
|
|||
include snippets/listen_local_ssl.conf;
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name lounge.envs.net webirc.envs.net;
|
||||
server_name thelounge.envs.net lounge.envs.net webirc.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/matrix.envs.net.conf
|
||||
Loading…
Reference in New Issue