From ecefa47175dd751e0aa7ecd332f8ccd2c40118ff Mon Sep 17 00:00:00 2001 From: creme Date: Tue, 27 Jul 2021 19:48:15 +0000 Subject: [PATCH] update config from server --- etc/etc/hosts | 4 +- etc/etc/inetd.conf | 4 +- etc/letsencrypt/renewal-hooks/deploy/envs.sh | 2 +- etc/nginx/nginx.conf | 8 +-- etc/nginx/sites-available/envs.net.conf | 8 +++ .../sites-available/ffsync.envs.net.conf | 55 +++++++++++++++++++ etc/nginx/sites-enabled/ffsync.envs.net.conf | 1 + etc/nginx/snippets/ssl.conf | 5 +- 8 files changed, 76 insertions(+), 11 deletions(-) create mode 100644 etc/nginx/sites-available/ffsync.envs.net.conf create mode 120000 etc/nginx/sites-enabled/ffsync.envs.net.conf diff --git a/etc/etc/hosts b/etc/etc/hosts index c6b3e4c..b651ac3 100644 --- a/etc/etc/hosts +++ b/etc/etc/hosts @@ -23,9 +23,9 @@ ff02::2 ip6-allrouters 192.168.1.10 git.envs.net gitea 192.168.1.11 searx.envs.net searx -192.168.1.12 cryptpad pad.envs.net pad cryptpad +192.168.1.12 cryptpad pad.envs.net sandpad.envs.net pad cryptpad sandpad 192.168.1.13 drone.envs.net drone -192.168.1.14 codimd.envs.net codimd +192.168.1.14 codimd.envs.net codimd hedgedoc.envs.net hedgedoc 192.168.1.15 envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net 192.168.1.16 rss.envs.net rss 192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin diff --git a/etc/etc/inetd.conf b/etc/etc/inetd.conf index be7bf14..a38a194 100644 --- a/etc/etc/inetd.conf +++ b/etc/etc/inetd.conf @@ -41,5 +41,5 @@ ident stream tcp nowait identd /usr/sbin/ident2 ident2 -i -n #:HAM-RADIO: amateur-radio services #:OTHER: Other services -#gopher stream tcp nowait nobody /usr/sbin/gophernicus gophernicus -h envs.net -nv -o UTF-8 -gopher stream tcp nowait nobody /usr/sbin/gophernicus gophernicus -h envs.net -nv -r /var/gopher/envs.net -o UTF-8 +#gopher stream tcp nowait nobody /usr/local/sbin/gophernicus gophernicus -h envs.net -nv -o UTF-8 +gopher stream tcp nowait nobody /usr/local/sbin/gophernicus gophernicus -h envs.net -nv -r /var/gopher/envs.net -o UTF-8 diff --git a/etc/letsencrypt/renewal-hooks/deploy/envs.sh b/etc/letsencrypt/renewal-hooks/deploy/envs.sh index 566b2bd..642fccd 100755 --- a/etc/letsencrypt/renewal-hooks/deploy/envs.sh +++ b/etc/letsencrypt/renewal-hooks/deploy/envs.sh @@ -59,7 +59,7 @@ for domain in $RENEWED_DOMAINS; do cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" # 0x0 - lxc-attach -n null -- bash -c "systemctl reload nginx" + lxc-attach -n 0x0 -- bash -c "systemctl reload nginx" ;; znc.envs.net) diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index fd085ba..ed228ed 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -40,14 +40,14 @@ http { reset_timedout_connection on; # request timed out -- default 60 - client_body_timeout 10; - client_header_timeout 10; + client_body_timeout 60; + client_header_timeout 60; # if client stop responding, free up memory -- default 60 - send_timeout 10; + send_timeout 60; # server will close connection after this time -- default 75 - keepalive_timeout 30; + keepalive_timeout 75; include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/etc/nginx/sites-available/envs.net.conf b/etc/nginx/sites-available/envs.net.conf index 8757914..65b71cd 100644 --- a/etc/nginx/sites-available/envs.net.conf +++ b/etc/nginx/sites-available/envs.net.conf @@ -170,6 +170,14 @@ server { location /matrix { return 301 https://envs.net/chat/matrix/; } + # matrix documentation + location /matrix/doc { + return 301 https://envs.net/chat/matrix/doc/; + } + location /chat/matrix/doc { + alias /var/www/docs/matrix-dokumentation/public/; + index index.html; + } # include php and ssi include snippets/php.conf; diff --git a/etc/nginx/sites-available/ffsync.envs.net.conf b/etc/nginx/sites-available/ffsync.envs.net.conf new file mode 100644 index 0000000..bb1e624 --- /dev/null +++ b/etc/nginx/sites-available/ffsync.envs.net.conf @@ -0,0 +1,55 @@ +### FFSYNC.ENVS.NET - lxc - nullpointer ### +server { + include snippets/listen.conf; + server_name ffsync.envs.net; + + location / { + return 307 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + alias /var/lib/letsencrypt/.well-known/acme-challenge/; + } +} + +server { + include snippets/listen_ssl.conf; +# include snippets/ddos_def.conf; + server_name ffsync.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + + client_max_body_size 64M; + + error_log /var/log/nginx/ffsync.envs.net-error.log crit; + + location / { + include proxy_params; + proxy_ssl_name $http_host; + proxy_ssl_server_name on; + proxy_pass https://ffsync.envs.net; + } + + include snippets/favicon; +} + + +# ALIAS +server { + include snippets/listen.conf; + server_name ff-sync.envs.net; + + return 301 https://ffsync.envs.net$request_uri; +} + +server { + include snippets/listen_ssl.conf; + server_name ff-sync.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + include snippets/local_ssl_header.conf; + + return 301 https://ffsync.envs.net$request_uri; +} diff --git a/etc/nginx/sites-enabled/ffsync.envs.net.conf b/etc/nginx/sites-enabled/ffsync.envs.net.conf new file mode 120000 index 0000000..8209558 --- /dev/null +++ b/etc/nginx/sites-enabled/ffsync.envs.net.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/ffsync.envs.net.conf \ No newline at end of file diff --git a/etc/nginx/snippets/ssl.conf b/etc/nginx/snippets/ssl.conf index fdfda08..f8c73b2 100644 --- a/etc/nginx/snippets/ssl.conf +++ b/etc/nginx/snippets/ssl.conf @@ -1,6 +1,7 @@ ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5'; -ssl_prefer_server_ciphers on; +#ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5'; +ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; +ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_verify_depth 3;