Merge branch 'master' of git.envs.net:envs/ops

etc/init.d/S41firewall

@@ -250,6 +250,11 @@ if [ "$1" = "start" ]; then
 	# => apache2 proxy (http/https)
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.17 -j SNAT --to 89.163.145.170
 
+	# pleroma / social
+	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 89.163.145.170
+	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 89.163.145.170
 
 	# MASQUERADE.
 	#------------------------------------------------------------------------------

etc/letsencrypt/renewal-hooks/deploy/envs.sh

@@ -21,6 +21,9 @@ for domain in $RENEWED_DOMAINS; do
 			chown 108:0 "$matrix_dir"/*.pem
 			lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart matrix-synapse coturn"
 
+			# pleroma
+			lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
+
 			# mail
 			lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
 			# mailinglists

etc/nginx/sites-available/halcyon.envs.net.conf

@@ -0,0 +1,27 @@
+### HALCYON.ENVS.NET - lxc on pleroma ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+	server_name halcyon.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+	server_name halcyon.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/halcyon.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_pass https://halcyon.envs.net;
+	}
+}

etc/nginx/sites-available/ip.envs.net.conf

@@ -3,12 +3,10 @@ server {
 	include snippets/listen_local.conf;
 	include snippets/listen.conf;
 #	include snippets/ddos_def.conf;
-	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
+	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
 
 	location / {
-		return 301 https://ip.envs.net/;
+		return 301 http://ip.envs.net/;
 	}
 }
 server {
@@ -17,8 +15,6 @@ server {
 #	include snippets/ddos_def.conf;
 	server_name ip.envs.net;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
 		include proxy_params;
 		proxy_pass http://127.0.0.1:8080;
@@ -30,14 +26,12 @@ server {
 	include snippets/listen_local_ssl.conf;
 	include snippets/listen_ssl.conf;
 #	include snippets/ddos_def.conf;
-	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
+	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
 
 	include snippets/ssl.conf;
 	include ssl/envs_net_wild.conf;
 	include snippets/local_ssl_header.conf;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
 		return 301 https://ip.envs.net/;
 	}

etc/nginx/sites-available/ip.envs.sh.conf

@@ -3,59 +3,24 @@ server {
 	include snippets/listen_local.conf;
 	include snippets/listen.conf;
 #   include snippets/ddos_def.conf;
-	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
+	server_name ip.envs.sh whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
 
 	location / {
-		return 301 https://ip.envs.sh/;
+		return 301 http://ip.envs.net/;
 	}
 }
-server {
-	include snippets/listen_local.conf;
-	include snippets/listen.conf;
-#   include snippets/ddos_def.conf;
-	server_name ip.envs.sh;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_pass http://127.0.0.1:8080;
-	}
-}
-
 
 server {
 	include snippets/listen_local_ssl.conf;
 	include snippets/listen_ssl.conf;
 #   include snippets/ddos_def.conf;
-	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh;
+	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
 
 	include snippets/ssl.conf;
 	include ssl/envs_sh_wild.conf;
 	include snippets/local_ssl_header.conf;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
-		return 301 https://ip.envs.sh/;
-	}
-}
-server {
-	include snippets/listen_local_ssl.conf;
-	include snippets/listen_ssl.conf;
-#   include snippets/ddos_def.conf;
-	server_name ip.envs.sh;
-
-	include snippets/ssl.conf;
-	include ssl/envs_sh_wild.conf;
-	include snippets/local_ssl_header.conf;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_pass http://127.0.0.1:8080;
+		return 301 https://ip.envs.net/;
 	}
 }

etc/nginx/sites-available/pleroma.envs.net.conf

@@ -0,0 +1,52 @@
+### PLEROMA.ENVS.NET - lxc ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+	server_name pleroma.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+	server_name pleroma.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/pleroma.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_pass https://pleroma.envs.net;
+	}
+}
+
+#ALIAS
+server {
+    include snippets/listen.conf;
+#   include snippets/ddos_def.conf;
+    server_name social.envs.net;
+
+    location / {
+        return 301 https://pleroma.envs.net/;
+    }
+}
+
+server {
+    include snippets/listen_ssl.conf;
+#   include snippets/ddos_def.conf;
+    server_name social.envs.net;
+    
+    include snippets/ssl.conf;
+    include ssl/envs_net_wild.conf;
+    include snippets/local_ssl_header.conf;
+
+    location / {
+        return 301 https://pleroma.envs.net/;
+    }   
+}

etc/nginx/sites-enabled/halcyon.envs.net.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/halcyon.envs.net.conf

etc/nginx/sites-enabled/pleroma.envs.net.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/pleroma.envs.net.conf