change some config from server

This commit is contained in:
creme 2020-10-08 18:16:52 +00:00
parent 56e8fe5642
commit f6313e4c54
39 changed files with 77 additions and 218 deletions

View File

@ -14,4 +14,5 @@
SHELL=/bin/sh SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/envs.sh --renew-hook "systemctl reload nginx" #1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/envs.sh --renew-hook "systemctl reload nginx"
1 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --renew-hook "systemctl reload nginx"

View File

@ -6,6 +6,8 @@
89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423 89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423
5.199.136.30 ssh.envs.net 5.199.136.30 ssh.envs.net
168.119.12.180 srv01.envs.net
# The following lines are desirable for IPv6 capable hosts # The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback ::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes ff02::1 ip6-allnodes
@ -15,7 +17,7 @@ ff02::2 ip6-allrouters
# ENVS.NET - LXC # ENVS.NET - LXC
# #
192.168.1.2 ns1.envs.net ns1 dns 192.168.1.2 ns1.envs.net ns1
192.168.1.3 mail.envs.net mail 192.168.1.3 mail.envs.net mail
192.168.1.4 lists.envs.net lists 192.168.1.4 lists.envs.net lists
192.168.1.5 ldap.envs.net ldap 192.168.1.5 ldap.envs.net ldap
@ -26,9 +28,13 @@ ff02::2 ip6-allrouters
192.168.1.12 cryptpad pad.envs.net pad cryptpad 192.168.1.12 cryptpad pad.envs.net pad cryptpad
192.168.1.13 drone.envs.net drone 192.168.1.13 drone.envs.net drone
192.168.1.14 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension 192.168.1.14 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
#168.119.12.180 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
192.168.1.15 envs.sh 0x0.envs.net null.envs.net 0x0 null tb.envs.net tb termbin.envs.net termbin 192.168.1.15 envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net
192.168.1.16 rss.envs.net rss 192.168.1.16 rss.envs.net rss
192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin 192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin
192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon 192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon
#144.76.146.17 pleroma.envs.net pleroma social halcyon.envs.net halcyon
192.168.1.19 jitsi.envs.net jitsi meet.envs.net meet 192.168.1.19 jitsi.envs.net jitsi meet.envs.net meet
192.168.1.22 dns.envs.net pubdns

View File

@ -158,6 +158,18 @@ if [ "$1" = "start" ]; then
$IPT -w -A FORWARD -p tcp -d 192.168.1.2 --dport 53 -j ACCEPT $IPT -w -A FORWARD -p tcp -d 192.168.1.2 --dport 53 -j ACCEPT
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.2 -j SNAT --to 89.163.145.170 $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.2 -j SNAT --to 89.163.145.170
# DoT / DoH
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p udp --dport 53 -j DNAT --to-destination 192.168.1.22:53
$IPT -w -A FORWARD -p udp -d 192.168.1.22 --dport 53 -j ACCEPT
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 53 -j DNAT --to-destination 192.168.1.22:53
$IPT -w -A FORWARD -p tcp -d 192.168.1.22 --dport 53 -j ACCEPT
# $IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p udp --dport 853 -j DNAT --to-destination 192.168.1.22:853
# $IPT -w -A FORWARD -p udp -d 192.168.1.22 --dport 853 -j ACCEPT
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 853 -j DNAT --to-destination 192.168.1.22:853
$IPT -w -A FORWARD -p tcp -d 192.168.1.22 --dport 853 -j ACCEPT
#
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.22 -j SNAT --to 5.199.130.141
# #
# MAIL () # MAIL ()
# => apache2 proxy (http/https) # => apache2 proxy (http/https)
@ -248,8 +260,6 @@ if [ "$1" = "start" ]; then
# 0x0 # 0x0
# => apache2 proxy (http/https) # => apache2 proxy (http/https)
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 9999 -j DNAT --to-destination 192.168.1.15:9999
$IPT -w -A FORWARD -p tcp -d 192.168.1.15 --dport 9999 -j ACCEPT
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.15 -j SNAT --to 89.163.145.170 $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.15 -j SNAT --to 89.163.145.170
# rss # rss

View File

@ -13,6 +13,9 @@ for domain in $RENEWED_DOMAINS; do
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
#ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
# matrix # matrix
matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse
cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/ cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/
@ -61,6 +64,9 @@ for domain in $RENEWED_DOMAINS; do
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem" cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
# 0x0 / fiche # 0x0 / fiche
lxc-attach -n null -- bash -c "systemctl reload nginx" lxc-attach -n null -- bash -c "systemctl reload nginx"
;; ;;

View File

@ -52,19 +52,21 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
# if the request body size is more than the buffer size, then the entire (or partial) # if the request body size is more than the buffer size, then the entire (or partial)
# request body is written into a temporary file # request body is written into a temporary file
client_body_buffer_size 128k; # client_body_buffer_size 128k;
# buffer size for reading client request header
# client_header_buffer_size 1k;
# maximum number and size of buffers for large headers to read from client request # maximum number and size of buffers for large headers to read from client request
large_client_header_buffers 4 256k; # large_client_header_buffers 4 256k;
## ##
# SSL Settings # SSL Settings
## ##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
## ##
@ -126,6 +128,11 @@ http {
include /etc/nginx/user-sites-enabled/*; include /etc/nginx/user-sites-enabled/*;
} }
# SSL Pass-thru
stream {
include /etc/nginx/streams/*;
}
#mail { #mail {
# # See sample authentication script at: # # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
@ -146,3 +153,4 @@ http {
# proxy on; # proxy on;
# } # }
#} #}

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name bbj.envs.net forum.envs.net; server_name bbj.envs.net forum.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -36,7 +35,6 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name forum.envs.net; server_name forum.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name chat.envs.net; server_name chat.envs.net;
return 307 https://$server_name$request_uri; return 307 https://$server_name$request_uri;
@ -10,14 +9,11 @@ server {
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name chat.envs.net; server_name chat.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://envs.net/chat/;
return 301 https://envs.net/chat/;
}
} }

View File

@ -1,7 +1,6 @@
### DIMENSION.ENVS.NET - lxc ### ### DIMENSION.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name dimension.envs.net; server_name dimension.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### DRONE.ENVS.NET - lxc ### ### DRONE.ENVS.NET - lxc ###
server { server {
listen 5.199.130.141:80; listen 5.199.130.141:80;
# include snippets/ddos_mid.conf;
server_name drone.envs.net; server_name drone.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### ELEMENT.ENVS.NET - lxc ### ### ELEMENT.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name element.envs.net; server_name element.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -30,25 +29,19 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf; server_name riot.envs.net;
server_name riot.envs.net;
location / { return 301 https://element.envs.net/;
return 301 https://element.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf; server_name riot.envs.net;
server_name riot.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://element.envs.net/;
return 301 https://element.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### ENVS.SH - lxc - nullpointer ### ### ENVS.SH - lxc - nullpointer ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name envs.sh; server_name envs.sh;
location / { location / {
@ -39,42 +38,35 @@ server {
# ALIAS # ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh; server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh;
location / { return 301 https://envs.sh/;
return 301 https://envs.sh/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh; server_name 0x0.envs.sh null.envs.sh ix.envs.sh io.envs.sh;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_sh_wild.conf; include ssl/envs_sh_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://envs.sh/;
return 301 https://envs.sh/;
}
} }
## envs.net ## envs.net
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net; server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net;
return 307 https://envs.sh$request_uri; return 307 https://envs.sh$request_uri;
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net; server_name 0x0.envs.net null.envs.net ix.envs.net io.envs.net;
return 307 https://envs.sh$request_uri;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
return 307 https://envs.sh$request_uri;
} }

View File

@ -1,7 +1,6 @@
### GIT.ENVS.NET - lxc ### ### GIT.ENVS.NET - lxc ###
server { server {
listen 5.199.130.141:80; listen 5.199.130.141:80;
# include snippets/ddos_mid.conf;
server_name git.envs.net; server_name git.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -29,24 +28,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name gitea.envs.net; server_name gitea.envs.net;
location / { return 301 https://git.envs.net/;
return 301 https://git.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name gitea.envs.net; server_name gitea.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://git.envs.net/;
return 301 https://git.envs.net/;
}
} }

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name gopher.envs.net gopherproxy.envs.net; server_name gopher.envs.net gopherproxy.envs.net;
return 307 https://$server_name$request_uri; return 307 https://$server_name$request_uri;

View File

@ -1,7 +1,6 @@
### GRAFANA.ENVS.NET - lxc ### ### GRAFANA.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name grafana.envs.net; server_name grafana.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### HALCYON.ENVS.NET - lxc on pleroma ### ### HALCYON.ENVS.NET - lxc on pleroma ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name halcyon.envs.net; server_name halcyon.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name help.envs.net; server_name help.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -30,24 +29,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name howto.envs.net tutorial.envs.net; server_name howto.envs.net tutorial.envs.net;
location / { return 301 https://help.envs.net/;
return 301 https://help.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name howto.envs.net tutorial.envs.net; server_name howto.envs.net tutorial.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://help.envs.net/;
return 301 https://help.envs.net/;
}
} }

View File

@ -2,17 +2,13 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net; server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
location / { return 301 http://ip.envs.net/;
return 301 http://ip.envs.net/;
}
} }
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name ip.envs.net; server_name ip.envs.net;
location / { location / {
@ -25,16 +21,13 @@ server {
server { server {
include snippets/listen_local_ssl.conf; include snippets/listen_local_ssl.conf;
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net; server_name whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net ipinfo.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://ip.envs.net/;
return 301 https://ip.envs.net/;
}
} }
server { server {
include snippets/listen_local_ssl.conf; include snippets/listen_local_ssl.conf;
@ -59,25 +52,19 @@ server {
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name ip.envs.sh whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh; server_name ip.envs.sh whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
location / { return 301 http://ip.envs.net/;
return 301 http://ip.envs.net/;
}
} }
server { server {
include snippets/listen_local_ssl.conf; include snippets/listen_local_ssl.conf;
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh; server_name whois.envs.sh ifconfig.envs.sh ifconf.envs.sh ping.envs.sh checkip.envs.sh ipconfig.envs.sh ipconf.envs.sh ipinfo.envs.sh;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_sh_wild.conf; include ssl/envs_sh_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://ip.envs.net/;
return 301 https://ip.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### LAG.ENVS.NET - lxc ### ### LAG.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name lag.envs.net; server_name lag.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### LISTS.ENVS.NET - lxc ### ### LISTS.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name lists.envs.net; server_name lists.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### MAIL.ENVS.NET - lxc ### ### MAIL.ENVS.NET - lxc ###
server { server {
listen 5.199.136.28:80; listen 5.199.136.28:80;
# include snippets/ddos_mid.conf;
server_name mail.envs.net webmail.envs.net autodiscover.envs.net smtp.envs.net imap.envs.net pop.envs.net; server_name mail.envs.net webmail.envs.net autodiscover.envs.net smtp.envs.net imap.envs.net pop.envs.net;
include /etc/nginx/proxy_params; include /etc/nginx/proxy_params;

View File

@ -1,7 +1,6 @@
### MATRIX.ENVS.NET - lxc ### ### MATRIX.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name matrix.envs.net; server_name matrix.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -1,7 +1,6 @@
### PAD.ENVS.NET - lxc ### ### PAD.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_high.conf;
server_name pad.envs.net; server_name pad.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -34,24 +33,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name cryptpad.envs.net; server_name cryptpad.envs.net;
location / { return 301 https://pad.envs.net/;
return 301 https://pad.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name cryptpad.envs.net; server_name cryptpad.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://pad.envs.net/;
return 301 https://pad.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### PB.ENVS.NET - lxc ### ### PB.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name pb.envs.net; server_name pb.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -29,24 +28,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name bin.envs.net paste.envs.net pastebin.envs.net; server_name bin.envs.net paste.envs.net pastebin.envs.net;
location / { return 301 https://pb.envs.net/;
return 301 https://pb.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name bin.envs.net paste.envs.net pastebin.envs.net; server_name bin.envs.net paste.envs.net pastebin.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://pb.envs.net/;
return 301 https://pb.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### PLEROMA.ENVS.NET - lxc ### ### PLEROMA.ENVS.NET - lxc ###
server { server {
listen 5.199.136.29:80; listen 5.199.136.29:80;
# include snippets/ddos_mid.conf;
server_name pleroma.envs.net; server_name pleroma.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -36,24 +35,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name social.envs.net; server_name social.envs.net;
location / { return 301 https://pleroma.envs.net/;
return 301 https://pleroma.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name social.envs.net; server_name social.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://pleroma.envs.net/;
return 301 https://pleroma.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### PROMETHEUS.ENVS.NET - lxc ### ### PROMETHEUS.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name prometheus.envs.net; server_name prometheus.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -10,7 +9,6 @@ server {
# SSL # SSL
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_mid.conf;
server_name prometheus.envs.net; server_name prometheus.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;

View File

@ -1,7 +1,6 @@
### RSS.ENVS.NET - lxc ### ### RSS.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_high.conf;
server_name rss.envs.net; server_name rss.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -29,24 +28,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name atom.envs.net; server_name atom.envs.net;
location / { return 301 https://rss.envs.net/;
return 301 https://rss.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name atom.envs.net; server_name atom.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://rss.envs.net/;
return 301 https://rss.envs.net/;
}
} }

View File

@ -1,7 +1,6 @@
### SEARX.ENVS.NET - lxc ### ### SEARX.ENVS.NET - lxc ###
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name searx.envs.net; server_name searx.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;
@ -29,24 +28,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name search.envs.net; server_name search.envs.net;
location / { return 301 https://searx.envs.net/;
return 301 https://searx.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name search.envs.net; server_name search.envs.net;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://searx.envs.net/;
return 301 https://searx.envs.net/;
}
} }

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name stats.envs.net; server_name stats.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name ttbp.envs.net; server_name ttbp.envs.net;
return 307 https://$host$request_uri; return 307 https://$host$request_uri;

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name twtxt.envs.net; server_name twtxt.envs.net;
return 307 https://$server_name$request_uri; return 307 https://$server_name$request_uri;

View File

@ -9,7 +9,6 @@ limit_req_zone $binary_remote_addr zone=weechat:10m rate=10r/m;
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name ~^(.*)\.envs\.net; server_name ~^(.*)\.envs\.net;
return 307 https://$1.envs.net$request_uri; return 307 https://$1.envs.net$request_uri;

View File

@ -7,7 +7,6 @@ map $http_upgrade $connection_upgrade {
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name ~^(.*)\.envs\.sh; server_name ~^(.*)\.envs\.sh;
return 307 https://$1.envs.sh$request_uri; return 307 https://$1.envs.sh$request_uri;

View File

@ -2,8 +2,8 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name webirc.envs.net; server_name webirc.envs.net;
return 307 https://webirc.envs.net$request_uri; return 307 https://webirc.envs.net$request_uri;
} }
@ -34,24 +34,18 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name thelounge.envs.net lounge.envs.net ; server_name thelounge.envs.net lounge.envs.net ;
location / { return 301 https://webirc.envs.net/;
return 301 https://webirc.envs.net/;
}
} }
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name thelounge.envs.net lounge.envs.net ; server_name thelounge.envs.net lounge.envs.net ;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://webirc.envs.net/;
return 301 https://webirc.envs.net/;
}
} }

View File

@ -2,7 +2,6 @@
server { server {
include snippets/listen_local.conf; include snippets/listen_local.conf;
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name znc.envs.net; server_name znc.envs.net;
location / { location / {
@ -43,7 +42,6 @@ server {
#ALIAS #ALIAS
server { server {
include snippets/listen.conf; include snippets/listen.conf;
# include snippets/ddos_def.conf;
server_name bouncer.envs.net ; server_name bouncer.envs.net ;
location / { location / {
@ -57,14 +55,11 @@ server {
server { server {
include snippets/listen_ssl.conf; include snippets/listen_ssl.conf;
# include snippets/ddos_def.conf;
server_name bouncer.envs.net ; server_name bouncer.envs.net ;
include snippets/ssl.conf; include snippets/ssl.conf;
include ssl/envs_net_wild.conf; include ssl/envs_net_wild.conf;
include snippets/local_ssl_header.conf; include snippets/local_ssl_header.conf;
location / { return 301 https://znc.envs.net/;
return 301 https://znc.envs.net/;
}
} }

View File

@ -1 +0,0 @@
/etc/nginx/sites-available/jitsi.envs.net.conf

View File

@ -1 +0,0 @@
/etc/nginx/sites-available/tb.envs.net.conf

View File

@ -1,59 +0,0 @@
### ANTONMCCLURE.COM - local ###
server {
include snippets/listen.conf;
# include snippets/ddos_mid.conf;
server_name antonmcclure.com www.antonmcclure.com;
error_log /var/log/nginx/antonmcclure.com-error.log crit;
location / {
return 307 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
}
}
server {
include snippets/listen_ssl.conf;
# include snippets/ddos_mid.conf;
server_name antonmcclure.com www.antonmcclure.com;
include snippets/ssl.conf;
ssl_certificate /etc/letsencrypt/live/antonmcclure.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/antonmcclure.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/antonmcclure.com/chain.pem;
ssl_dhparam /etc/ssl/certs/envs_dhparam.pem;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header 'Referrer-Policy' 'origin, no-referrer-when-downgrade';
add_header X-Frame-Options SAMEORIGIN;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
error_log /var/log/nginx/antonmcclure.com-error.log crit;
root /home/anton/public_html/;
index index.html index.php index.cgi index.py index.sh index.pl index.lua;
location / {
add_header Access-Control-Allow-Origin *;
try_files $uri.html $uri $uri/ /index.php?$args ;
}
location /cgi-bin {
gzip off;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
# include php and ssi
include snippets/php.conf;
ssi on;
}

View File

@ -1 +0,0 @@
/etc/nginx/user-sites-available/antonmcclure.com.conf

@ -1 +1 @@
Subproject commit befab4b9b47340c4a0f10bcab45c80202e25d130 Subproject commit 918bc0406fb046ad3baaf1b27708ef5e59c24752