From f6313e4c54d9e54411096ef19a8326d041711f46 Mon Sep 17 00:00:00 2001 From: creme Date: Thu, 8 Oct 2020 18:16:52 +0000 Subject: [PATCH] change some config from server --- etc/cron.d/certbot | 3 +- etc/etc/hosts | 10 +++- etc/init.d/S41firewall | 14 ++++- etc/letsencrypt/renewal-hooks/deploy/envs.sh | 6 ++ etc/nginx/nginx.conf | 16 +++-- etc/nginx/sites-available/bbj.envs.net.conf | 2 - etc/nginx/sites-available/chat.envs.net.conf | 6 +- .../sites-available/dimension.envs.net.conf | 1 - etc/nginx/sites-available/drone.envs.net.conf | 1 - .../sites-available/element.envs.net.conf | 25 +++----- etc/nginx/sites-available/envs.sh.conf | 16 ++--- etc/nginx/sites-available/git.envs.net.conf | 11 +--- .../sites-available/gopher.envs.net.conf | 1 - .../sites-available/grafana.envs.net.conf | 1 - .../sites-available/halcyon.envs.net.conf | 1 - etc/nginx/sites-available/help.envs.net.conf | 11 +--- etc/nginx/sites-available/ip.envs.net.conf | 21 ++----- etc/nginx/sites-available/lag.envs.net.conf | 1 - etc/nginx/sites-available/lists.envs.net.conf | 1 - etc/nginx/sites-available/mail.envs.net.conf | 1 - .../sites-available/matrix.envs.net.conf | 1 - etc/nginx/sites-available/pad.envs.net.conf | 11 +--- etc/nginx/sites-available/pb.envs.net.conf | 11 +--- .../sites-available/pleroma.envs.net.conf | 11 +--- .../sites-available/prometheus.envs.net.conf | 2 - etc/nginx/sites-available/rss.envs.net.conf | 11 +--- etc/nginx/sites-available/searx.envs.net.conf | 11 +--- etc/nginx/sites-available/stats.envs.net.conf | 1 - etc/nginx/sites-available/ttbp.envs.net.conf | 1 - etc/nginx/sites-available/twtxt.envs.net.conf | 1 - etc/nginx/sites-available/user.envs.net.conf | 1 - etc/nginx/sites-available/user.envs.sh.conf | 1 - .../sites-available/webirc.envs.net.conf | 12 +--- etc/nginx/sites-available/znc.envs.net.conf | 7 +-- etc/nginx/sites-enabled/jitsi.envs.net.conf | 1 - etc/nginx/sites-enabled/tb.envs.net.conf | 1 - .../antonmcclure.com.conf | 59 ------------------- .../user-sites-enabled/antonmcclure.com.conf | 1 - var/tilde/admins | 2 +- 39 files changed, 77 insertions(+), 218 deletions(-) delete mode 120000 etc/nginx/sites-enabled/jitsi.envs.net.conf delete mode 120000 etc/nginx/sites-enabled/tb.envs.net.conf delete mode 100644 etc/nginx/user-sites-available/antonmcclure.com.conf delete mode 120000 etc/nginx/user-sites-enabled/antonmcclure.com.conf diff --git a/etc/cron.d/certbot b/etc/cron.d/certbot index 7fecfe7..95984b3 100644 --- a/etc/cron.d/certbot +++ b/etc/cron.d/certbot @@ -14,4 +14,5 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/envs.sh --renew-hook "systemctl reload nginx" +#1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/envs.sh --renew-hook "systemctl reload nginx" +1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --renew-hook "systemctl reload nginx" diff --git a/etc/etc/hosts b/etc/etc/hosts index 5781b59..4ccba3e 100644 --- a/etc/etc/hosts +++ b/etc/etc/hosts @@ -6,6 +6,8 @@ 89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423 5.199.136.30 ssh.envs.net +168.119.12.180 srv01.envs.net + # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes @@ -15,7 +17,7 @@ ff02::2 ip6-allrouters # ENVS.NET - LXC # -192.168.1.2 ns1.envs.net ns1 dns +192.168.1.2 ns1.envs.net ns1 192.168.1.3 mail.envs.net mail 192.168.1.4 lists.envs.net lists 192.168.1.5 ldap.envs.net ldap @@ -26,9 +28,13 @@ ff02::2 ip6-allrouters 192.168.1.12 cryptpad pad.envs.net pad cryptpad 192.168.1.13 drone.envs.net drone 192.168.1.14 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension +#168.119.12.180 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension -192.168.1.15 envs.sh 0x0.envs.net null.envs.net 0x0 null tb.envs.net tb termbin.envs.net termbin +192.168.1.15 envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net 192.168.1.16 rss.envs.net rss 192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin 192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon +#144.76.146.17 pleroma.envs.net pleroma social halcyon.envs.net halcyon 192.168.1.19 jitsi.envs.net jitsi meet.envs.net meet + +192.168.1.22 dns.envs.net pubdns diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall index 1d2faeb..68b7f9b 100755 --- a/etc/init.d/S41firewall +++ b/etc/init.d/S41firewall @@ -158,6 +158,18 @@ if [ "$1" = "start" ]; then $IPT -w -A FORWARD -p tcp -d 192.168.1.2 --dport 53 -j ACCEPT $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.2 -j SNAT --to 89.163.145.170 + # DoT / DoH + $IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p udp --dport 53 -j DNAT --to-destination 192.168.1.22:53 + $IPT -w -A FORWARD -p udp -d 192.168.1.22 --dport 53 -j ACCEPT + $IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 53 -j DNAT --to-destination 192.168.1.22:53 + $IPT -w -A FORWARD -p tcp -d 192.168.1.22 --dport 53 -j ACCEPT +# $IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p udp --dport 853 -j DNAT --to-destination 192.168.1.22:853 +# $IPT -w -A FORWARD -p udp -d 192.168.1.22 --dport 853 -j ACCEPT + $IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 853 -j DNAT --to-destination 192.168.1.22:853 + $IPT -w -A FORWARD -p tcp -d 192.168.1.22 --dport 853 -j ACCEPT + # + $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.22 -j SNAT --to 5.199.130.141 + # # MAIL () # => apache2 proxy (http/https) @@ -248,8 +260,6 @@ if [ "$1" = "start" ]; then # 0x0 # => apache2 proxy (http/https) - $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 9999 -j DNAT --to-destination 192.168.1.15:9999 - $IPT -w -A FORWARD -p tcp -d 192.168.1.15 --dport 9999 -j ACCEPT $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.15 -j SNAT --to 89.163.145.170 # rss diff --git a/etc/letsencrypt/renewal-hooks/deploy/envs.sh b/etc/letsencrypt/renewal-hooks/deploy/envs.sh index 6e5ec40..dc6ed03 100755 --- a/etc/letsencrypt/renewal-hooks/deploy/envs.sh +++ b/etc/letsencrypt/renewal-hooks/deploy/envs.sh @@ -13,6 +13,9 @@ for domain in $RENEWED_DOMAINS; do cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" + #rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/ + #ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh" + # matrix matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/ @@ -61,6 +64,9 @@ for domain in $RENEWED_DOMAINS; do cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem" cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" + + #rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/ + # 0x0 / fiche lxc-attach -n null -- bash -c "systemctl reload nginx" ;; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index f995d76..b1b044a 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -52,19 +52,21 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - # if the request body size is more than the buffer size, then the entire (or partial) # request body is written into a temporary file - client_body_buffer_size 128k; +# client_body_buffer_size 128k; + + # buffer size for reading client request header +# client_header_buffer_size 1k; # maximum number and size of buffers for large headers to read from client request - large_client_header_buffers 4 256k; +# large_client_header_buffers 4 256k; ## # SSL Settings ## - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## @@ -126,6 +128,11 @@ http { include /etc/nginx/user-sites-enabled/*; } +# SSL Pass-thru +stream { + include /etc/nginx/streams/*; +} + #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript @@ -146,3 +153,4 @@ http { # proxy on; # } #} + diff --git a/etc/nginx/sites-available/bbj.envs.net.conf b/etc/nginx/sites-available/bbj.envs.net.conf index 8128783..d8e6ffd 100644 --- a/etc/nginx/sites-available/bbj.envs.net.conf +++ b/etc/nginx/sites-available/bbj.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name bbj.envs.net forum.envs.net; return 307 https://$host$request_uri; @@ -36,7 +35,6 @@ server { #ALIAS server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name forum.envs.net; include snippets/ssl.conf; diff --git a/etc/nginx/sites-available/chat.envs.net.conf b/etc/nginx/sites-available/chat.envs.net.conf index 047190f..674cb0b 100644 --- a/etc/nginx/sites-available/chat.envs.net.conf +++ b/etc/nginx/sites-available/chat.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name chat.envs.net; return 307 https://$server_name$request_uri; @@ -10,14 +9,11 @@ server { server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name chat.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://envs.net/chat/; - } + return 301 https://envs.net/chat/; } diff --git a/etc/nginx/sites-available/dimension.envs.net.conf b/etc/nginx/sites-available/dimension.envs.net.conf index cfa1bb9..5620694 100644 --- a/etc/nginx/sites-available/dimension.envs.net.conf +++ b/etc/nginx/sites-available/dimension.envs.net.conf @@ -1,7 +1,6 @@ ### DIMENSION.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name dimension.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/drone.envs.net.conf b/etc/nginx/sites-available/drone.envs.net.conf index 4d3cc94..377a3ba 100644 --- a/etc/nginx/sites-available/drone.envs.net.conf +++ b/etc/nginx/sites-available/drone.envs.net.conf @@ -1,7 +1,6 @@ ### DRONE.ENVS.NET - lxc ### server { listen 5.199.130.141:80; -# include snippets/ddos_mid.conf; server_name drone.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/element.envs.net.conf b/etc/nginx/sites-available/element.envs.net.conf index 217a362..9e1127c 100644 --- a/etc/nginx/sites-available/element.envs.net.conf +++ b/etc/nginx/sites-available/element.envs.net.conf @@ -1,7 +1,6 @@ ### ELEMENT.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name element.envs.net; return 307 https://$host$request_uri; @@ -30,25 +29,19 @@ server { #ALIAS server { - include snippets/listen.conf; -# include snippets/ddos_def.conf; - server_name riot.envs.net; + include snippets/listen.conf; + server_name riot.envs.net; - location / { - return 301 https://element.envs.net/; - } + return 301 https://element.envs.net/; } server { - include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; - server_name riot.envs.net; + include snippets/listen_ssl.conf; + server_name riot.envs.net; - include snippets/ssl.conf; - include ssl/envs_net_wild.conf; - include snippets/local_ssl_header.conf; + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + include snippets/local_ssl_header.conf; - location / { - return 301 https://element.envs.net/; - } + return 301 https://element.envs.net/; } diff --git a/etc/nginx/sites-available/envs.sh.conf b/etc/nginx/sites-available/envs.sh.conf index f61400b..d6fa7a9 100644 --- a/etc/nginx/sites-available/envs.sh.conf +++ b/etc/nginx/sites-available/envs.sh.conf @@ -1,7 +1,6 @@ ### ENVS.SH - lxc - nullpointer ### server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name envs.sh; location / { @@ -39,42 +38,35 @@ server { # ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh; - location / { - return 301 https://envs.sh/; - } + return 301 https://envs.sh/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh; include snippets/ssl.conf; include ssl/envs_sh_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://envs.sh/; - } + return 301 https://envs.sh/; } ## envs.net server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net; return 307 https://envs.sh$request_uri; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net; - return 307 https://envs.sh$request_uri; include snippets/ssl.conf; include ssl/envs_net_wild.conf; + + return 307 https://envs.sh$request_uri; } diff --git a/etc/nginx/sites-available/git.envs.net.conf b/etc/nginx/sites-available/git.envs.net.conf index 7ef46e2..5eaebbe 100644 --- a/etc/nginx/sites-available/git.envs.net.conf +++ b/etc/nginx/sites-available/git.envs.net.conf @@ -1,7 +1,6 @@ ### GIT.ENVS.NET - lxc ### server { listen 5.199.130.141:80; -# include snippets/ddos_mid.conf; server_name git.envs.net; return 307 https://$host$request_uri; @@ -29,24 +28,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name gitea.envs.net; - location / { - return 301 https://git.envs.net/; - } + return 301 https://git.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name gitea.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://git.envs.net/; - } + return 301 https://git.envs.net/; } diff --git a/etc/nginx/sites-available/gopher.envs.net.conf b/etc/nginx/sites-available/gopher.envs.net.conf index 954e9aa..24a4afe 100644 --- a/etc/nginx/sites-available/gopher.envs.net.conf +++ b/etc/nginx/sites-available/gopher.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name gopher.envs.net gopherproxy.envs.net; return 307 https://$server_name$request_uri; diff --git a/etc/nginx/sites-available/grafana.envs.net.conf b/etc/nginx/sites-available/grafana.envs.net.conf index dd46469..94e2033 100644 --- a/etc/nginx/sites-available/grafana.envs.net.conf +++ b/etc/nginx/sites-available/grafana.envs.net.conf @@ -1,7 +1,6 @@ ### GRAFANA.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name grafana.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/halcyon.envs.net.conf b/etc/nginx/sites-available/halcyon.envs.net.conf index 51771b1..5d63a0c 100644 --- a/etc/nginx/sites-available/halcyon.envs.net.conf +++ b/etc/nginx/sites-available/halcyon.envs.net.conf @@ -1,7 +1,6 @@ ### HALCYON.ENVS.NET - lxc on pleroma ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name halcyon.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/help.envs.net.conf b/etc/nginx/sites-available/help.envs.net.conf index f215cd9..500a4e4 100644 --- a/etc/nginx/sites-available/help.envs.net.conf +++ b/etc/nginx/sites-available/help.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name help.envs.net; return 307 https://$host$request_uri; @@ -30,24 +29,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name howto.envs.net tutorial.envs.net; - location / { - return 301 https://help.envs.net/; - } + return 301 https://help.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name howto.envs.net tutorial.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://help.envs.net/; - } + return 301 https://help.envs.net/; } diff --git a/etc/nginx/sites-available/ip.envs.net.conf b/etc/nginx/sites-available/ip.envs.net.conf index e0f11b1..5f4b8bb 100644 --- a/etc/nginx/sites-available/ip.envs.net.conf +++ b/etc/nginx/sites-available/ip.envs.net.conf @@ -2,17 +2,13 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net; - location / { - return 301 http://ip.envs.net/; - } + return 301 http://ip.envs.net/; } server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name ip.envs.net; location / { @@ -25,16 +21,13 @@ server { server { include snippets/listen_local_ssl.conf; include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://ip.envs.net/; - } + return 301 https://ip.envs.net/; } server { include snippets/listen_local_ssl.conf; @@ -59,25 +52,19 @@ server { server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name ip.envs.sh whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh; - location / { - return 301 http://ip.envs.net/; - } + return 301 http://ip.envs.net/; } server { include snippets/listen_local_ssl.conf; include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh; include snippets/ssl.conf; include ssl/envs_sh_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://ip.envs.net/; - } + return 301 https://ip.envs.net/; } diff --git a/etc/nginx/sites-available/lag.envs.net.conf b/etc/nginx/sites-available/lag.envs.net.conf index 536f60a..5181930 100644 --- a/etc/nginx/sites-available/lag.envs.net.conf +++ b/etc/nginx/sites-available/lag.envs.net.conf @@ -1,7 +1,6 @@ ### LAG.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name lag.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/lists.envs.net.conf b/etc/nginx/sites-available/lists.envs.net.conf index 9839873..b746851 100644 --- a/etc/nginx/sites-available/lists.envs.net.conf +++ b/etc/nginx/sites-available/lists.envs.net.conf @@ -1,7 +1,6 @@ ### LISTS.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name lists.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/mail.envs.net.conf b/etc/nginx/sites-available/mail.envs.net.conf index 3a17b03..21f4361 100644 --- a/etc/nginx/sites-available/mail.envs.net.conf +++ b/etc/nginx/sites-available/mail.envs.net.conf @@ -1,7 +1,6 @@ ### MAIL.ENVS.NET - lxc ### server { listen 5.199.136.28:80; -# include snippets/ddos_mid.conf; server_name mail.envs.net webmail.envs.net autodiscover.envs.net smtp.envs.net imap.envs.net pop.envs.net; include /etc/nginx/proxy_params; diff --git a/etc/nginx/sites-available/matrix.envs.net.conf b/etc/nginx/sites-available/matrix.envs.net.conf index e627cf8..5a96258 100644 --- a/etc/nginx/sites-available/matrix.envs.net.conf +++ b/etc/nginx/sites-available/matrix.envs.net.conf @@ -1,7 +1,6 @@ ### MATRIX.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name matrix.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/pad.envs.net.conf b/etc/nginx/sites-available/pad.envs.net.conf index c30e8c9..5ccf871 100644 --- a/etc/nginx/sites-available/pad.envs.net.conf +++ b/etc/nginx/sites-available/pad.envs.net.conf @@ -1,7 +1,6 @@ ### PAD.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_high.conf; server_name pad.envs.net; return 307 https://$host$request_uri; @@ -34,24 +33,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name cryptpad.envs.net; - location / { - return 301 https://pad.envs.net/; - } + return 301 https://pad.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name cryptpad.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://pad.envs.net/; - } + return 301 https://pad.envs.net/; } diff --git a/etc/nginx/sites-available/pb.envs.net.conf b/etc/nginx/sites-available/pb.envs.net.conf index c4b0369..41f53ef 100644 --- a/etc/nginx/sites-available/pb.envs.net.conf +++ b/etc/nginx/sites-available/pb.envs.net.conf @@ -1,7 +1,6 @@ ### PB.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name pb.envs.net; return 307 https://$host$request_uri; @@ -29,24 +28,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name bin.envs.net paste.envs.net pastebin.envs.net; - location / { - return 301 https://pb.envs.net/; - } + return 301 https://pb.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name bin.envs.net paste.envs.net pastebin.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://pb.envs.net/; - } + return 301 https://pb.envs.net/; } diff --git a/etc/nginx/sites-available/pleroma.envs.net.conf b/etc/nginx/sites-available/pleroma.envs.net.conf index 8a707f6..e9cf7cd 100644 --- a/etc/nginx/sites-available/pleroma.envs.net.conf +++ b/etc/nginx/sites-available/pleroma.envs.net.conf @@ -1,7 +1,6 @@ ### PLEROMA.ENVS.NET - lxc ### server { listen 5.199.136.29:80; -# include snippets/ddos_mid.conf; server_name pleroma.envs.net; return 307 https://$host$request_uri; @@ -36,24 +35,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name social.envs.net; - location / { - return 301 https://pleroma.envs.net/; - } + return 301 https://pleroma.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name social.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://pleroma.envs.net/; - } + return 301 https://pleroma.envs.net/; } diff --git a/etc/nginx/sites-available/prometheus.envs.net.conf b/etc/nginx/sites-available/prometheus.envs.net.conf index 06bacb1..f3445b6 100644 --- a/etc/nginx/sites-available/prometheus.envs.net.conf +++ b/etc/nginx/sites-available/prometheus.envs.net.conf @@ -1,7 +1,6 @@ ### PROMETHEUS.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name prometheus.envs.net; return 307 https://$host$request_uri; @@ -10,7 +9,6 @@ server { # SSL server { include snippets/listen_ssl.conf; -# include snippets/ddos_mid.conf; server_name prometheus.envs.net; include snippets/ssl.conf; diff --git a/etc/nginx/sites-available/rss.envs.net.conf b/etc/nginx/sites-available/rss.envs.net.conf index 3845cd0..9c4b3aa 100644 --- a/etc/nginx/sites-available/rss.envs.net.conf +++ b/etc/nginx/sites-available/rss.envs.net.conf @@ -1,7 +1,6 @@ ### RSS.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_high.conf; server_name rss.envs.net; return 307 https://$host$request_uri; @@ -29,24 +28,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name atom.envs.net; - location / { - return 301 https://rss.envs.net/; - } + return 301 https://rss.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name atom.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://rss.envs.net/; - } + return 301 https://rss.envs.net/; } diff --git a/etc/nginx/sites-available/searx.envs.net.conf b/etc/nginx/sites-available/searx.envs.net.conf index e7faebd..4916e65 100644 --- a/etc/nginx/sites-available/searx.envs.net.conf +++ b/etc/nginx/sites-available/searx.envs.net.conf @@ -1,7 +1,6 @@ ### SEARX.ENVS.NET - lxc ### server { include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name searx.envs.net; return 307 https://$host$request_uri; @@ -29,24 +28,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name search.envs.net; - location / { - return 301 https://searx.envs.net/; - } + return 301 https://searx.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name search.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://searx.envs.net/; - } + return 301 https://searx.envs.net/; } diff --git a/etc/nginx/sites-available/stats.envs.net.conf b/etc/nginx/sites-available/stats.envs.net.conf index ef0368f..65ec221 100644 --- a/etc/nginx/sites-available/stats.envs.net.conf +++ b/etc/nginx/sites-available/stats.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name stats.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/ttbp.envs.net.conf b/etc/nginx/sites-available/ttbp.envs.net.conf index 55aa428..ebda3b3 100644 --- a/etc/nginx/sites-available/ttbp.envs.net.conf +++ b/etc/nginx/sites-available/ttbp.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name ttbp.envs.net; return 307 https://$host$request_uri; diff --git a/etc/nginx/sites-available/twtxt.envs.net.conf b/etc/nginx/sites-available/twtxt.envs.net.conf index 4f4ac4d..39d4869 100644 --- a/etc/nginx/sites-available/twtxt.envs.net.conf +++ b/etc/nginx/sites-available/twtxt.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_mid.conf; server_name twtxt.envs.net; return 307 https://$server_name$request_uri; diff --git a/etc/nginx/sites-available/user.envs.net.conf b/etc/nginx/sites-available/user.envs.net.conf index b855bf3..dd8b7d0 100644 --- a/etc/nginx/sites-available/user.envs.net.conf +++ b/etc/nginx/sites-available/user.envs.net.conf @@ -9,7 +9,6 @@ limit_req_zone $binary_remote_addr zone=weechat:10m rate=10r/m; server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name ~^(.*)\.envs\.net; return 307 https://$1.envs.net$request_uri; diff --git a/etc/nginx/sites-available/user.envs.sh.conf b/etc/nginx/sites-available/user.envs.sh.conf index e082dea..a05d73a 100644 --- a/etc/nginx/sites-available/user.envs.sh.conf +++ b/etc/nginx/sites-available/user.envs.sh.conf @@ -7,7 +7,6 @@ map $http_upgrade $connection_upgrade { server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name ~^(.*)\.envs\.sh; return 307 https://$1.envs.sh$request_uri; diff --git a/etc/nginx/sites-available/webirc.envs.net.conf b/etc/nginx/sites-available/webirc.envs.net.conf index c5f709a..1688d19 100644 --- a/etc/nginx/sites-available/webirc.envs.net.conf +++ b/etc/nginx/sites-available/webirc.envs.net.conf @@ -2,8 +2,8 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name webirc.envs.net; + return 307 https://webirc.envs.net$request_uri; } @@ -34,24 +34,18 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name thelounge.envs.net lounge.envs.net ; - location / { - return 301 https://webirc.envs.net/; - } + return 301 https://webirc.envs.net/; } server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name thelounge.envs.net lounge.envs.net ; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://webirc.envs.net/; - } + return 301 https://webirc.envs.net/; } diff --git a/etc/nginx/sites-available/znc.envs.net.conf b/etc/nginx/sites-available/znc.envs.net.conf index d9b13c4..dc3b303 100644 --- a/etc/nginx/sites-available/znc.envs.net.conf +++ b/etc/nginx/sites-available/znc.envs.net.conf @@ -2,7 +2,6 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name znc.envs.net; location / { @@ -43,7 +42,6 @@ server { #ALIAS server { include snippets/listen.conf; -# include snippets/ddos_def.conf; server_name bouncer.envs.net ; location / { @@ -57,14 +55,11 @@ server { server { include snippets/listen_ssl.conf; -# include snippets/ddos_def.conf; server_name bouncer.envs.net ; include snippets/ssl.conf; include ssl/envs_net_wild.conf; include snippets/local_ssl_header.conf; - location / { - return 301 https://znc.envs.net/; - } + return 301 https://znc.envs.net/; } diff --git a/etc/nginx/sites-enabled/jitsi.envs.net.conf b/etc/nginx/sites-enabled/jitsi.envs.net.conf deleted file mode 120000 index 0c50d55..0000000 --- a/etc/nginx/sites-enabled/jitsi.envs.net.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/jitsi.envs.net.conf \ No newline at end of file diff --git a/etc/nginx/sites-enabled/tb.envs.net.conf b/etc/nginx/sites-enabled/tb.envs.net.conf deleted file mode 120000 index 388afc3..0000000 --- a/etc/nginx/sites-enabled/tb.envs.net.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/tb.envs.net.conf \ No newline at end of file diff --git a/etc/nginx/user-sites-available/antonmcclure.com.conf b/etc/nginx/user-sites-available/antonmcclure.com.conf deleted file mode 100644 index 423f83c..0000000 --- a/etc/nginx/user-sites-available/antonmcclure.com.conf +++ /dev/null @@ -1,59 +0,0 @@ -### ANTONMCCLURE.COM - local ### -server { - include snippets/listen.conf; -# include snippets/ddos_mid.conf; - server_name antonmcclure.com www.antonmcclure.com; - - error_log /var/log/nginx/antonmcclure.com-error.log crit; - - location / { - return 307 https://$host$request_uri; - } - - location /.well-known/acme-challenge/ { - alias /var/lib/letsencrypt/.well-known/acme-challenge/; - } -} - -server { - include snippets/listen_ssl.conf; -# include snippets/ddos_mid.conf; - server_name antonmcclure.com www.antonmcclure.com; - - include snippets/ssl.conf; - - ssl_certificate /etc/letsencrypt/live/antonmcclure.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/antonmcclure.com/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/antonmcclure.com/chain.pem; - ssl_dhparam /etc/ssl/certs/envs_dhparam.pem; - - - server_tokens off; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - add_header X-Content-Type-Options nosniff; - add_header 'Referrer-Policy' 'origin, no-referrer-when-downgrade'; - add_header X-Frame-Options SAMEORIGIN; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - - - error_log /var/log/nginx/antonmcclure.com-error.log crit; - - root /home/anton/public_html/; - index index.html index.php index.cgi index.py index.sh index.pl index.lua; - - location / { - add_header Access-Control-Allow-Origin *; - try_files $uri.html $uri $uri/ /index.php?$args ; - } - - location /cgi-bin { - gzip off; - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # include php and ssi - include snippets/php.conf; - ssi on; -} diff --git a/etc/nginx/user-sites-enabled/antonmcclure.com.conf b/etc/nginx/user-sites-enabled/antonmcclure.com.conf deleted file mode 120000 index d95b2db..0000000 --- a/etc/nginx/user-sites-enabled/antonmcclure.com.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/user-sites-available/antonmcclure.com.conf \ No newline at end of file diff --git a/var/tilde/admins b/var/tilde/admins index befab4b..918bc04 160000 --- a/var/tilde/admins +++ b/var/tilde/admins @@ -1 +1 @@ -Subproject commit befab4b9b47340c4a0f10bcab45c80202e25d130 +Subproject commit 918bc0406fb046ad3baaf1b27708ef5e59c24752