update current server configs

etc/etc/hosts

@@ -5,7 +5,6 @@
 
 89.163.145.170	envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423
 5.199.136.30	ssh.envs.net
-
 168.119.12.180	srv01.envs.net
 
 # The following lines are desirable for IPv6 capable hosts
@@ -17,24 +16,18 @@ ff02::2 ip6-allrouters
 # ENVS.NET - LXC
 #
 
-192.168.1.2   ns1.envs.net ns1
-192.168.1.3   mail.envs.net mail 
-192.168.1.4   lists.envs.net lists
-192.168.1.5   ldap.envs.net ldap
-192.168.1.6   moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
+192.168.1.2		ns1.envs.net ns1
+192.168.1.3		mail.envs.net mail 
+192.168.1.4		lists.envs.net lists
+192.168.1.5		ldap.envs.net ldap
 
-192.168.1.10  git.envs.net gitea
-192.168.1.11  searx.envs.net searx
-192.168.1.12  cryptpad pad.envs.net pad cryptpad
-192.168.1.13  drone.envs.net drone
-192.168.1.14  matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
-#168.119.12.180 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
+192.168.1.10	git.envs.net gitea
+192.168.1.11	searx.envs.net searx
+192.168.1.12	cryptpad pad.envs.net pad cryptpad
+192.168.1.13	drone.envs.net drone
+192.168.1.14	codimd.envs.net codimd
+192.168.1.15	envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net
+192.168.1.16	rss.envs.net rss
+192.168.1.17	pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin
 
-192.168.1.15  envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net
-192.168.1.16  rss.envs.net rss
-192.168.1.17  pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin
-192.168.1.18  pleroma.envs.net pleroma social halcyon.envs.net halcyon
-#144.76.146.17  pleroma.envs.net pleroma social halcyon.envs.net halcyon
-192.168.1.19  jitsi.envs.net jitsi meet.envs.net meet
-
-192.168.1.22  dns.envs.net pubdns
+192.168.1.22	dns.envs.net pubdns

etc/init.d/S41firewall

@@ -212,10 +212,6 @@ if [ "$1" = "start" ]; then
 	# ldap
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.5 -j SNAT --to 89.163.145.170
 
-	# monitor (prometheus and grafana)
-	# => apache2 proxy (http/https)
-	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.6 -j SNAT --to 89.163.145.170
-
 	# gitea
 	# => apache2 proxy (http/https)
 	$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
@@ -238,23 +234,8 @@ if [ "$1" = "start" ]; then
 	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.13 -j SNAT --to 5.199.130.141
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.13 -j SNAT --to 5.199.130.141
 
-	# matrix
+	# codimd
 	# => apache2 proxy (http/https)
-	#
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
-	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
-	# coturn
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
-	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 3478 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
-	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 3478 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
-	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
-	$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 5349 -j ACCEPT
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 64000:65535 -j DNAT --to-destination 192.168.1.14 --sport 64000:65535
-	$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 64000:65535 -j ACCEPT
-	#
 	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.14 -j SNAT --to 89.163.145.170
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170
 
@@ -271,22 +252,6 @@ if [ "$1" = "start" ]; then
 	# => apache2 proxy (http/https)
 	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.17 -j SNAT --to 89.163.145.170
 
-	# pleroma / social
-	# => apache2 proxy (http/https)
-	$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.18:22
-	$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 70 -j DNAT --to-destination 192.168.1.18:7070
-	$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
-	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
-	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
-	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
-
-	# jitsi
-	# => apache2 proxy (http/https)
-#	$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000
-#	$IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT
-#	$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170
-#	$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170
-
 
 	# MASQUERADE.
 	#------------------------------------------------------------------------------
@@ -366,8 +331,8 @@ if [ "$1" = "start" ]; then
 	$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p tcp --dport 53 -j ACCEPT
 
 	# prometheus node
-	$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9100 -j ACCEPT
-	$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9113 -j ACCEPT
+	$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -s 144.76.146.17 -p tcp --dport 9100 -j ACCEPT
+	$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -s 144.76.146.17 -p tcp --dport 9113 -j ACCEPT
 
 	# finger
 	$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -p tcp --dport 79 -j ACCEPT

etc/letsencrypt/renewal-hooks/deploy/envs.sh

@@ -13,27 +13,11 @@ for domain in $RENEWED_DOMAINS; do
 			cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
 			cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
 
-			#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
-			#ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
-
-			# matrix
-			matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse
-			cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/
-			cp "$daemon_cert_root/chain.pem" "$matrix_dir"/
-			cp "$daemon_cert_root/fullchain.pem" "$matrix_dir"/
-			chmod 644 "$matrix_dir"/*.pem
-			chown 108:0 "$matrix_dir"/*.pem
-			lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart coturn"
-
-			# pleroma
-			lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
-
-			# monitor
-			lxc-attach -n moni -- bash -c "systemctl reload nginx"
+#			rsync -av "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
+#			ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
 
 			# mail
 			# has a own letencrypt cert in container!
-			##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
 
 			# mailinglists
 			lxc-attach -n lists -- bash -c "systemctl reload nginx postfix"
@@ -44,6 +28,9 @@ for domain in $RENEWED_DOMAINS; do
 			# drone-ci
 			lxc-attach -n drone -- bash -c "systemctl reload nginx"
 
+			# codimd
+			lxc-attach -n codimd -- bash -c "systemctl reload nginx"
+
 			# searx
 			lxc-attach -n searx -- bash -c "systemctl reload nginx"
 
@@ -65,9 +52,7 @@ for domain in $RENEWED_DOMAINS; do
 			cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
 			cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
 
-			#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
-
-			# 0x0 / fiche
+			# 0x0
 			lxc-attach -n null -- bash -c "systemctl reload nginx"
 		;;
 

etc/nginx/sites-available/codimd.envs.net.conf

@@ -0,0 +1,33 @@
+### CODIMD.ENVS.NET - lxc ###
+server {
+	include snippets/listen.conf;
+	server_name codimd.envs.net;
+
+	return 307 https://$host$request_uri;
+}
+
+# SSL
+server {
+	include snippets/listen_ssl.conf;
+#	include snippets/ddos_high.conf;
+	server_name codimd.envs.net;
+
+	include snippets/ssl.conf;
+	include ssl/envs_net_wild.conf;
+
+	error_log /var/log/nginx/codimd.envs.net-error.log crit;
+
+	client_max_body_size 32M;
+
+	location / {
+		include proxy_params;
+		proxy_ssl_name $http_host;
+		proxy_ssl_server_name on;
+
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+
+		proxy_pass https://codimd.envs.net;
+	}
+}

etc/nginx/sites-available/default

@@ -1,91 +0,0 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
-#
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
-server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
-	# Note: You should disable gzip for SSL traffic.
-	# See: https://bugs.debian.org/773332
-	#
-	# Read up on ssl_ciphers to ensure a secure configuration.
-	# See: https://bugs.debian.org/765782
-	#
-	# Self signed certs generated by the ssl-cert package
-	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
-
-	root /var/www/html;
-
-	# Add index.php to the list if you are using PHP
-	index index.html index.htm index.nginx-debian.html;
-
-	server_name _;
-
-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ =404;
-	}
-
-	# pass PHP scripts to FastCGI server
-	#
-	#location ~ \.php$ {
-	#	include snippets/fastcgi-php.conf;
-	#
-	#	# With php-fpm (or other unix sockets):
-	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
-	#	# With php-cgi (or other tcp sockets):
-	#	fastcgi_pass 127.0.0.1:9000;
-	#}
-
-	# deny access to .htaccess files, if Apache's document root
-	# concurs with nginx's one
-	#
-	#location ~ /\.ht {
-	#	deny all;
-	#}
-}
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-#	listen 80;
-#	listen [::]:80;
-#
-#	server_name example.com;
-#
-#	root /var/www/example.com;
-#	index index.html;
-#
-#	location / {
-#		try_files $uri $uri/ =404;
-#	}
-#}

etc/nginx/sites-available/dimension.envs.net.conf

@@ -1,26 +0,0 @@
-### DIMENSION.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name dimension.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name dimension.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/dimension.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://dimension.envs.net;
-	}
-}

etc/nginx/sites-available/element.envs.net.conf

@@ -1,47 +0,0 @@
-### ELEMENT.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name element.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name element.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/element.envs.net-error.log crit;
-
-	client_max_body_size 100M;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://element.envs.net;
-	}
-}
-
-#ALIAS
-server {
-	include snippets/listen.conf;
-	server_name riot.envs.net;
-
-	return 301 https://element.envs.net/;
-}
-
-server {
-	include snippets/listen_ssl.conf;
-	server_name riot.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-	include snippets/local_ssl_header.conf;
-
-	return 301 https://element.envs.net/;
-}

etc/nginx/sites-available/envs.net.conf

@@ -20,7 +20,6 @@ server {
 	location /nginx_status {
 		stub_status on;
 		allow 127.0.0.1;
-		allow 192.168.1.6;
 		deny all;
 	}
 }
@@ -80,22 +79,27 @@ server {
 		return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
 	}
 
-	location ~* ^(\/_matrix|\/_synapse) {
+	location ~* ^(\/_matrix|\/_synapse\/client) {
 		include proxy_params;
 		proxy_ssl_name $http_host;
 		proxy_ssl_server_name on;
+
 		proxy_pass https://matrix.envs.net;
 	}
 
-	# maubot logs
+	# maubot
 	location /_matrix/maubot/v1/logs {
+#	location /_matrix/maubot {
 		include proxy_params;
 		proxy_ssl_name $http_host;
 		proxy_ssl_server_name on;
+
 		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "Upgrade";
 		proxy_pass https://matrix.envs.net;
+
+#		return 302 https://matrix.envs.net$request_uri;
 	}
 
 	# users

etc/nginx/sites-available/grafana.envs.net.conf

@@ -1,26 +0,0 @@
-### GRAFANA.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name grafana.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name grafana.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/grafana.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://grafana.envs.net;
-	}
-}

etc/nginx/sites-available/halcyon.envs.net.conf

@@ -1,26 +0,0 @@
-### HALCYON.ENVS.NET - lxc on pleroma ###
-server {
-	include snippets/listen.conf;
-	server_name halcyon.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name halcyon.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/halcyon.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://halcyon.envs.net;
-	}
-}

etc/nginx/sites-available/jitsi.envs.net.conf

@@ -1,60 +0,0 @@
-### JITSI.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-#	include snippets/ddos_high.conf;
-	server_name jitsi.envs.net;
-
-	location / {
-		include proxy_params;
-		proxy_pass http://jitsi.envs.net;
-	}
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_high.conf;
-	server_name jitsi.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/jitsi.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "Upgrade";
-
-		proxy_pass https://jitsi.envs.net:4444;
-		tcp_nodelay on;
-	}
-}
-
-#ALIAS
-server {
-	include snippets/listen.conf;
-#	include snippets/ddos_def.conf;
-	server_name talk.envs.net meet.envs.net;
-
-	location / {
-		return 301 https://jitsi.envs.net/;
-	}
-}
-
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_def.conf;
-	server_name talk.envs.net meet.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-	include snippets/local_ssl_header.conf;
-
-	location / {
-		return 301 https://jitsi.envs.net/;
-	}
-}

etc/nginx/sites-available/lag.envs.net.conf

@@ -1,26 +0,0 @@
-### LAG.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name lag.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name lag.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/lag.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://lag.envs.net;
-	}
-}

etc/nginx/sites-available/matrix.envs.net.conf

@@ -1,41 +0,0 @@
-### MATRIX.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name matrix.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-#	include snippets/ddos_mid.conf;
-	server_name matrix.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/matrix.envs.net-error.log crit;
-
-	client_max_body_size 100M;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://matrix.envs.net;
-	}
-
-	# maubot log
-	location /_matrix/maubot/v1/logs {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-
-		proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "Upgrade";
-
-		proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
-	}
-}

etc/nginx/sites-available/pad.envs.net.conf

@@ -23,10 +23,12 @@ server {
 		include proxy_params;
 		proxy_ssl_name $http_host;
 		proxy_ssl_server_name on;
-		proxy_pass https://pad.envs.net;
 
+		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "Upgrade";
+
+		proxy_pass https://pad.envs.net;
 	}
 }
 

etc/nginx/sites-available/pleroma.envs.net.conf

@@ -1,52 +0,0 @@
-### PLEROMA.ENVS.NET - lxc ###
-server {
-	listen 5.199.136.29:80;
-	server_name pleroma.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	listen 5.199.136.29:443 ssl http2;
-#	include snippets/ddos_mid.conf;
-	server_name pleroma.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/pleroma.envs.net-error.log crit;
-
-	client_max_body_size 64M;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "Upgrade";
-
-		proxy_pass https://pleroma.envs.net;
-	}
-}
-
-
-#ALIAS
-server {
-	include snippets/listen.conf;
-	server_name social.envs.net;
-
-	return 301 https://pleroma.envs.net/;
-}
-
-server {
-	include snippets/listen_ssl.conf;
-	server_name social.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-	include snippets/local_ssl_header.conf;
-
-	return 301 https://pleroma.envs.net/;
-}

etc/nginx/sites-available/prometheus.envs.net.conf

@@ -1,25 +0,0 @@
-### PROMETHEUS.ENVS.NET - lxc ###
-server {
-	include snippets/listen.conf;
-	server_name prometheus.envs.net;
-
-	return 307 https://$host$request_uri;
-}
-
-# SSL
-server {
-	include snippets/listen_ssl.conf;
-	server_name prometheus.envs.net;
-
-	include snippets/ssl.conf;
-	include ssl/envs_net_wild.conf;
-
-	error_log /var/log/nginx/prometheus.envs.net-error.log crit;
-
-	location / {
-		include proxy_params;
-		proxy_ssl_name $http_host;
-		proxy_ssl_server_name on;
-		proxy_pass https://prometheus.envs.net;
-	}
-}

etc/nginx/sites-enabled/codimd.envs.net.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/codimd.envs.net.conf

etc/nginx/sites-enabled/dimension.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/dimension.envs.net.conf

etc/nginx/sites-enabled/element.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/element.envs.net.conf

etc/nginx/sites-enabled/grafana.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/grafana.envs.net.conf

etc/nginx/sites-enabled/halcyon.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/halcyon.envs.net.conf

etc/nginx/sites-enabled/lag.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/lag.envs.net.conf

etc/nginx/sites-enabled/matrix.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/matrix.envs.net.conf

etc/nginx/sites-enabled/pleroma.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/pleroma.envs.net.conf

etc/nginx/sites-enabled/prometheus.envs.net.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/prometheus.envs.net.conf