From 6084f85d1e391ee07ed09ed066f17d10d6b3b80b Mon Sep 17 00:00:00 2001
From: creme <creme@envs.net>
Date: Thu, 16 Jan 2020 14:40:37 +0000
Subject: [PATCH] update from server

---
 etc/init.d/S41firewall                       |  6 ++++++
 etc/nginx/sites-available/envs.net.conf      | 17 ++++++++++++-----
 etc/nginx/sites-available/help.envs.net.conf |  4 ++--
 etc/nginx/sites-available/pb.envs.net.conf   |  4 ++--
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall
index 5315b6e..efa4d81 100755
--- a/etc/init.d/S41firewall
+++ b/etc/init.d/S41firewall
@@ -201,6 +201,8 @@ if [ "$1" = "start" ]; then
 	# => apache2 proxy (http/https)
 	$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
 	$IPT -w -A FORWARD -p tcp -d 192.168.1.10 --dport 22 -j ACCEPT
+	#
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.10 -j SNAT --to 5.199.130.141
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.10 -j SNAT --to 5.199.130.141
 
 	# searx
@@ -209,10 +211,12 @@ if [ "$1" = "start" ]; then
 
 	# cryptpad
 	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.12 -j SNAT --to 89.163.145.170
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.12 -j SNAT --to 89.163.145.170
 
 	# drone
 	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.13 -j SNAT --to 5.199.130.141
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.13 -j SNAT --to 5.199.130.141
 
 	# matrix
@@ -228,6 +232,7 @@ if [ "$1" = "start" ]; then
 	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 64000:65535 -j DNAT --to-destination 192.168.1.14 --sport 64000:65535
 	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 64000:65535 -j ACCEPT
 	#
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.14 -j SNAT --to 89.163.145.170
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170
 
 	# 0x0
@@ -238,6 +243,7 @@ if [ "$1" = "start" ]; then
 
 	# rss
 	# => apache2 proxy (http/https)
+	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.16 -j SNAT --to 89.163.145.170
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.16 -j SNAT --to 89.163.145.170
 
 	# pb
diff --git a/etc/nginx/sites-available/envs.net.conf b/etc/nginx/sites-available/envs.net.conf
index 16a514d..1aa4612 100644
--- a/etc/nginx/sites-available/envs.net.conf
+++ b/etc/nginx/sites-available/envs.net.conf
@@ -52,6 +52,12 @@ server {
 	}
 
 	# matrix
+	location /.well-known/matrix/ {
+		add_header Access-Control-Allow-Origin *;
+		add_header Content-Type application/json;
+		return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://envs.net"}}';
+	}
+
 	location /_matrix {
         include proxy_params;
         proxy_ssl_name $http_host;
@@ -59,11 +65,12 @@ server {
         proxy_pass https://matrix.envs.net;
     }
 
-	location /.well-known/matrix/ {
-		add_header Access-Control-Allow-Origin *;
-		add_header Content-Type application/json;
-		return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
-	}
+	location /_synapse {
+        include proxy_params;
+        proxy_ssl_name $http_host;
+        proxy_ssl_server_name on;
+        proxy_pass https://matrix.envs.net;
+    }
 
 	# users
 	location ~ ^/(~|u/)(?<user>[\w-]+)(?<user_uri>/.*)?$ {
diff --git a/etc/nginx/sites-available/help.envs.net.conf b/etc/nginx/sites-available/help.envs.net.conf
index 885970a..bc632ef 100644
--- a/etc/nginx/sites-available/help.envs.net.conf
+++ b/etc/nginx/sites-available/help.envs.net.conf
@@ -3,7 +3,7 @@ server {
 	include snippets/listen_local.conf;
 	include snippets/listen.conf;
 #	include snippets/ddos_def.conf;
-	server_name help.envs.net;
+	server_name help.envs.net howto.envs.net;
 
 	return 307 https://$host$request_uri;
 }
@@ -12,7 +12,7 @@ server {
 	include snippets/listen_local_ssl.conf;
 	include snippets/listen_ssl.conf;
 #	include snippets/ddos_def.conf;
-	server_name help.envs.net;
+	server_name help.envs.net howto.envs.net;
 
 	include snippets/ssl.conf;
 	include ssl/envs_net_wild.conf;
diff --git a/etc/nginx/sites-available/pb.envs.net.conf b/etc/nginx/sites-available/pb.envs.net.conf
index 0e0c6e8..03ebeb3 100644
--- a/etc/nginx/sites-available/pb.envs.net.conf
+++ b/etc/nginx/sites-available/pb.envs.net.conf
@@ -2,7 +2,7 @@
 server {
 	include snippets/listen.conf;
 #	include snippets/ddos_mid.conf;
-	server_name pb.envs.net pastebin.envs.net;
+	server_name pb.envs.net paste.envs.net pastebin.envs.net;
 
 	return 307 https://$host$request_uri;
 }
@@ -11,7 +11,7 @@ server {
 server {
 	include snippets/listen_ssl.conf;
 #	include snippets/ddos_mid.conf;
-	server_name pb.envs.net pastebin.envs.net;
+	server_name pb.envs.net paste.envs.net pastebin.envs.net;
 
 	include snippets/ssl.conf;
 	include ssl/envs_net_wild.conf;