From 4a9c52bcecf7fa93a7c35541f34f3ecbb34ba71e Mon Sep 17 00:00:00 2001
From: creme <creme@envs.net>
Date: Tue, 21 Jan 2020 12:01:49 +0000
Subject: [PATCH] add pleroma stuff

---
 etc/init.d/S41firewall                        |  5 ++
 etc/letsencrypt/renewal-hooks/deploy/envs.sh  |  3 ++
 .../sites-available/halcyon.envs.net.conf     | 27 ++++++++++
 etc/nginx/sites-available/ip.envs.net.conf    | 12 ++---
 etc/nginx/sites-available/ip.envs.sh.conf     | 43 ++-------------
 .../sites-available/pleroma.envs.net.conf     | 52 +++++++++++++++++++
 etc/nginx/sites-enabled/halcyon.envs.net.conf |  1 +
 etc/nginx/sites-enabled/pleroma.envs.net.conf |  1 +
 8 files changed, 96 insertions(+), 48 deletions(-)
 create mode 100644 etc/nginx/sites-available/halcyon.envs.net.conf
 create mode 100644 etc/nginx/sites-available/pleroma.envs.net.conf
 create mode 120000 etc/nginx/sites-enabled/halcyon.envs.net.conf
 create mode 120000 etc/nginx/sites-enabled/pleroma.envs.net.conf

diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall
index efa4d81..adf1baf 100755
--- a/etc/init.d/S41firewall
+++ b/etc/init.d/S41firewall
@@ -250,6 +250,11 @@ if [ "$1" = "start" ]; then
 	# => apache2 proxy (http/https)
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.17 -j SNAT --to 89.163.145.170
 
+	# pleroma / social
+	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 89.163.145.170
+	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 89.163.145.170
 
 	# MASQUERADE.
 	#------------------------------------------------------------------------------
diff --git a/etc/letsencrypt/renewal-hooks/deploy/envs.sh b/etc/letsencrypt/renewal-hooks/deploy/envs.sh
index 0b02194..951aafb 100755
--- a/etc/letsencrypt/renewal-hooks/deploy/envs.sh
+++ b/etc/letsencrypt/renewal-hooks/deploy/envs.sh
@@ -21,6 +21,9 @@ for domain in $RENEWED_DOMAINS; do
 			chown 108:0 "$matrix_dir"/*.pem
 			lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart matrix-synapse coturn"
 
+			# pleroma
+			lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
+
 			# mail
 			lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
 			# mailinglists
diff --git a/etc/nginx/sites-available/halcyon.envs.net.conf b/etc/nginx/sites-available/halcyon.envs.net.conf
new file mode 100644
index 0000000..51771b1
--- /dev/null
+++ b/etc/nginx/sites-available/halcyon.envs.net.conf
@@ -0,0 +1,27 @@
+### HALCYON.ENVS.NET - lxc on pleroma ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+	server_name halcyon.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+	server_name halcyon.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/halcyon.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_pass https://halcyon.envs.net;
+	}
+}
diff --git a/etc/nginx/sites-available/ip.envs.net.conf b/etc/nginx/sites-available/ip.envs.net.conf
index 5aa7c8a..520c280 100644
--- a/etc/nginx/sites-available/ip.envs.net.conf
+++ b/etc/nginx/sites-available/ip.envs.net.conf
@@ -3,12 +3,10 @@ server {
 	include snippets/listen_local.conf;
 	include snippets/listen.conf;
 #	include snippets/ddos_def.conf;
-	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
+	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
 
 	location / {
-		return 301 https://ip.envs.net/;
+		return 301 http://ip.envs.net/;
 	}
 }
 server {
@@ -17,8 +15,6 @@ server {
 #	include snippets/ddos_def.conf;
 	server_name ip.envs.net;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
 		include proxy_params;
 		proxy_pass http://127.0.0.1:8080;
@@ -30,14 +26,12 @@ server {
 	include snippets/listen_local_ssl.conf;
 	include snippets/listen_ssl.conf;
 #	include snippets/ddos_def.conf;
-	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
+	server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
 
 	include snippets/ssl.conf;
 	include ssl/envs_net_wild.conf;
 	include snippets/local_ssl_header.conf;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
 		return 301 https://ip.envs.net/;
 	}
diff --git a/etc/nginx/sites-available/ip.envs.sh.conf b/etc/nginx/sites-available/ip.envs.sh.conf
index 3e7f458..0e7bedd 100644
--- a/etc/nginx/sites-available/ip.envs.sh.conf
+++ b/etc/nginx/sites-available/ip.envs.sh.conf
@@ -3,59 +3,24 @@ server {
 	include snippets/listen_local.conf;
 	include snippets/listen.conf;
 #   include snippets/ddos_def.conf;
-	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
+	server_name ip.envs.sh whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
 
 	location / {
-		return 301 https://ip.envs.sh/;
+		return 301 http://ip.envs.net/;
 	}
 }
-server {
-	include snippets/listen_local.conf;
-	include snippets/listen.conf;
-#   include snippets/ddos_def.conf;
-	server_name ip.envs.sh;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_pass http://127.0.0.1:8080;
-	}
-}
-
 
 server {
 	include snippets/listen_local_ssl.conf;
 	include snippets/listen_ssl.conf;
 #   include snippets/ddos_def.conf;
-	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh;
+	server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
 
 	include snippets/ssl.conf;
 	include ssl/envs_sh_wild.conf;
 	include snippets/local_ssl_header.conf;
 
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
 	location / {
-		return 301 https://ip.envs.sh/;
-	}
-}
-server {
-	include snippets/listen_local_ssl.conf;
-	include snippets/listen_ssl.conf;
-#   include snippets/ddos_def.conf;
-	server_name ip.envs.sh;
-
-	include snippets/ssl.conf;
-	include ssl/envs_sh_wild.conf;
-	include snippets/local_ssl_header.conf;
-
-	error_log /var/log/nginx/ip.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_pass http://127.0.0.1:8080;
+		return 301 https://ip.envs.net/;
 	}
 }
diff --git a/etc/nginx/sites-available/pleroma.envs.net.conf b/etc/nginx/sites-available/pleroma.envs.net.conf
new file mode 100644
index 0000000..4b322ec
--- /dev/null
+++ b/etc/nginx/sites-available/pleroma.envs.net.conf
@@ -0,0 +1,52 @@
+### PLEROMA.ENVS.NET - lxc ###
+server {
+	include snippets/listen.conf;
+#	include snippets/ddos_mid.conf;
+	server_name pleroma.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_mid.conf;
+	server_name pleroma.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/pleroma.envs.net-error.log crit;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+		proxy_pass https://pleroma.envs.net;
+	}
+}
+
+#ALIAS
+server {
+    include snippets/listen.conf;
+#   include snippets/ddos_def.conf;
+    server_name social.envs.net;
+
+    location / {
+        return 301 https://pleroma.envs.net/;
+    }
+}
+
+server {
+    include snippets/listen_ssl.conf;
+#   include snippets/ddos_def.conf;
+    server_name social.envs.net;
+    
+    include snippets/ssl.conf;
+    include ssl/envs_net_wild.conf;
+    include snippets/local_ssl_header.conf;
+
+    location / {
+        return 301 https://pleroma.envs.net/;
+    }   
+}
diff --git a/etc/nginx/sites-enabled/halcyon.envs.net.conf b/etc/nginx/sites-enabled/halcyon.envs.net.conf
new file mode 120000
index 0000000..495e72a
--- /dev/null
+++ b/etc/nginx/sites-enabled/halcyon.envs.net.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/halcyon.envs.net.conf
\ No newline at end of file
diff --git a/etc/nginx/sites-enabled/pleroma.envs.net.conf b/etc/nginx/sites-enabled/pleroma.envs.net.conf
new file mode 120000
index 0000000..90ad2b7
--- /dev/null
+++ b/etc/nginx/sites-enabled/pleroma.envs.net.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/pleroma.envs.net.conf
\ No newline at end of file