mirror of https://git.envs.net/envs/ops.git
init
This commit is contained in:
commit
ff71b8fb76
|
@ -0,0 +1,117 @@
|
||||||
|
BASENAME ?= envs
|
||||||
|
|
||||||
|
PREFIX ?= /usr/local
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
|
||||||
|
|
||||||
|
YELLOW = $$(tput setaf 226)
|
||||||
|
GREEN = $$(tput setaf 46)
|
||||||
|
RED = $$(tput setaf 196)
|
||||||
|
RESET = $$(tput sgr0)
|
||||||
|
|
||||||
|
|
||||||
|
install:
|
||||||
|
@make bin etc cron fail2ban initd letsencrypt nginx ssh sysctl systemd motd znc
|
||||||
|
|
||||||
|
uninstall:
|
||||||
|
@make clean
|
||||||
|
clean:
|
||||||
|
@printf "$(YELLOW)--- clean -----------------------------------------------\n$(RESET)"
|
||||||
|
stow -t "$(BINDIR)" -D bin
|
||||||
|
|
||||||
|
stow -t /etc/cron.d -D -d etc cron.d
|
||||||
|
@rm -fv /etc/inetd.conf /etc/inputrc /etc/nanorc /etc/sudoers
|
||||||
|
@rm -fv /etc/fail2ban/jail.d/envs.conf
|
||||||
|
@rm -fv /etc/init.d/S41firewall
|
||||||
|
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
|
||||||
|
stow -t /etc/nginx -D -d etc nginx
|
||||||
|
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
|
||||||
|
stow -t /etc/sysctl.d -D -d etc sysctl.d
|
||||||
|
stow -t /etc/systemd/system -D -d etc/systemd system
|
||||||
|
stow -t /etc/update-motd.d -D -d etc update-motd.d
|
||||||
|
|
||||||
|
@rm -fv /srv/znc/add_znc_user.sh /srv/znc/newuser.conf.template
|
||||||
|
|
||||||
|
|
||||||
|
bin:
|
||||||
|
@printf "$(GREEN)--- bin ------------------------------------------------\n$(RESET)"
|
||||||
|
stow -t "$(BINDIR)" bin
|
||||||
|
|
||||||
|
etc:
|
||||||
|
@printf "$(GREEN)--- etc ------------------------------------------------\n$(RESET)"
|
||||||
|
@install -m 644 etc/etc/inetd.conf /etc
|
||||||
|
@install -m 644 etc/etc/inputrc /etc
|
||||||
|
@install -m 644 etc/etc/nanorc /etc
|
||||||
|
@install -m 644 etc/etc/sudoers /etc
|
||||||
|
|
||||||
|
cron:
|
||||||
|
@printf "$(GREEN)--- cron -----------------------------------------------\n$(RESET)"
|
||||||
|
stow -t /etc/cron.d -d etc cron.d
|
||||||
|
|
||||||
|
fail2ban:
|
||||||
|
@printf "$(GREEN)--- letsencrypt ----------------------------------------\n$(RESET)"
|
||||||
|
@install -m 755 etc/fail2ban/jail.d/envs.conf /etc/fail2ban/jail.d/
|
||||||
|
|
||||||
|
initd:
|
||||||
|
@printf "$(GREEN)--- init.d ---------------------------------------------\n$(RESET)"
|
||||||
|
@install -m 755 etc/init.d/S41firewall /etc/init.d/
|
||||||
|
|
||||||
|
letsencrypt:
|
||||||
|
@printf "$(GREEN)--- letsencrypt ----------------------------------------\n$(RESET)"
|
||||||
|
@install -m 755 etc/letsencrypt/renewal-hooks/deploy/envs.sh /etc/letsencrypt/renewal-hooks/deploy/
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
@printf "$(GREEN)--- nginx ----------------------------------------------\n$(RESET)"
|
||||||
|
@rm -rf /etc/nginx/conf.d /etc/nginx/modules-available
|
||||||
|
stow -t /etc/nginx -d etc nginx
|
||||||
|
@mkdir /etc/nginx/conf.d /etc/nginx/modules-available
|
||||||
|
|
||||||
|
ssh:
|
||||||
|
@printf "$(GREEN)--- ssh ------------------------------------------------\n$(RESET)"
|
||||||
|
@install -m 644 etc/ssh/ssh_config /etc/ssh/
|
||||||
|
@install -m 644 etc/ssh/sshd_config /etc/ssh/
|
||||||
|
|
||||||
|
sysctl:
|
||||||
|
@printf "$(GREEN)--- sysctl.d -------------------------------------------\n$(RESET)"
|
||||||
|
stow -t /etc/sysctl.d -d etc sysctl.d
|
||||||
|
|
||||||
|
systemd:
|
||||||
|
@printf "$(GREEN)--- systemd --------------------------------------------\n$(RESET)"
|
||||||
|
stow -t /etc/systemd/system -d etc/systemd system
|
||||||
|
|
||||||
|
motd:
|
||||||
|
@printf "$(GREEN)--- motd -----------------------------------------------\n$(RESET)"
|
||||||
|
stow -t /etc/update-motd.d -d etc update-motd.d
|
||||||
|
|
||||||
|
znc:
|
||||||
|
@printf "$(GREEN)--- znc ------------------------------------------------\n$(RESET)"
|
||||||
|
@install -m 755 srv/znc/add_znc_user.sh /srv/znc
|
||||||
|
@install -m 644 srv/znc/newuser.conf.template /srv/znc
|
||||||
|
@chown znc:znc /srv/znc/add_znc_user.sh /srv/znc/newuser.conf.template
|
||||||
|
|
||||||
|
|
||||||
|
nuke:
|
||||||
|
@printf "$(RED)--- nuking existing files ---------------------------------\n$(RESET)"
|
||||||
|
@rm -fv "$(BINDIR)"/conntrack.sh "$(BINDIR)"/envs_conntracks.sh
|
||||||
|
@rm -fv "$(BINDIR)"/envs_* "$(BINDIR)"/envs_user_manage "$(BINDIR)"/welcome-email.tmpl "$(BINDIR)"/welcome-readme.tmpl
|
||||||
|
@rm -fv "$(BINDIR)"/byobu-info "$(BINDIR)"/chat "$(BINDIR)"/dcss "$(BINDIR)"/hole "$(BINDIR)"/idiff "$(BINDIR)"/motd \
|
||||||
|
"$(BINDIR)"/online-users "$(BINDIR)"/webirc
|
||||||
|
|
||||||
|
@rm -fv /etc/cron.d/conntrack /etc/cron.d/envs_* /etc/cron.d/backup \
|
||||||
|
/etc/cron.d/botany /etc/cron.d/certbot /etc/cron.d/update-blacklist /etc/cron.d/update-blacklist_fail2ban
|
||||||
|
|
||||||
|
@rm -fv /etc/fail2ban/jail.d/envs.conf
|
||||||
|
@rm -fv /etc/init.d/S41firewall
|
||||||
|
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
|
||||||
|
@rm -rfv /etc/nginx/*
|
||||||
|
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
|
||||||
|
@rm -fv /etc/sysctl.d/10-kernel-hardening.conf /etc/sysctl.d/30-lxc-inotify.conf \
|
||||||
|
/etc/sysctl.d/fs.conf /etc/sysctl.d/net.conf /etc/sysctl.d/panic.conf /etc/sysctl.d/protect-links.conf
|
||||||
|
@rm -fv /etc/systemd/system/bbj.service /etc/systemd/system/gopherproxy.service \
|
||||||
|
/etc/systemd/system/ifconfigme.service /etc/systemd/system/thelounge.service /etc/systemd/system/znc.service
|
||||||
|
@rm -fv /etc/update-motd.d/*
|
||||||
|
|
||||||
|
@rm -fv /srv/znc/add_znc_user.sh /srv/znc/newuser.conf.template
|
||||||
|
|
||||||
|
|
||||||
|
.PHONY: install clean uninstall nuke bin etc cron fail2ban initd letsencrypt nginx ssh sysctl systemd motd znc
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
python3 /opt/services/AV-98/av98.py "$@"
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
/usr/local/bin/motd
|
||||||
|
|
||||||
|
/usr/bin/figlet -f smslant welcome!
|
||||||
|
|
||||||
|
printf "you're in a byobu session\n"
|
||||||
|
printf "if you're familiar with tmux, continue as normal, but with ctrl-a instead of ctrl-b\n"
|
||||||
|
printf "if you don't want to this happen by default when you log in, run byobu-disable.\n"
|
||||||
|
printf 'press shift-f1 for a full list of keybinds\n'
|
||||||
|
printf 'man byobu for more info\n\n'
|
||||||
|
printf 'f2 creates a new tab\n'
|
||||||
|
printf 'f3 and f4 move you between tabs\n'
|
||||||
|
printf 'f6 disconnects and leaves everything running\n'
|
||||||
|
printf 'shift-f12 disable/enable byobu f-key bindings\n'
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
f="/var/log/conntrack.log"
|
||||||
|
|
||||||
|
d="$(date)"
|
||||||
|
n1="$(/sbin/sysctl -a 2>&1 | grep -i 'net.netfilter.nf_conntrack_max')"
|
||||||
|
n2="$(/sbin/sysctl -a 2>&1 | grep -i 'net.nf_conntrack_max')"
|
||||||
|
c="$(/sbin/sysctl net.netfilter.nf_conntrack_count)"
|
||||||
|
|
||||||
|
echo "conntrack: $d: $n1, $n2, $c" >> $f
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
|
||||||
|
SOURCEKEY="https://crawl.tildeverse.org/dcss.key"
|
||||||
|
MYKEY="${HOME}/.ssh/dcss.key"
|
||||||
|
if [ ! -f "$MYKEY" ]; then
|
||||||
|
mkdir -p "${HOME}/.ssh"
|
||||||
|
curl -s "$SOURCEKEY" > "$MYKEY"
|
||||||
|
chmod 600 "$MYKEY"
|
||||||
|
fi
|
||||||
|
ssh -i "$MYKEY" dcss@crawl.tildeverse.org
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
log_file='/var/log/envs_conntrack.log'
|
||||||
|
|
||||||
|
c_local="$(tail -1 /var/log/conntrack.log | awk '{print $17}')"
|
||||||
|
|
||||||
|
lxc_c=( $(for i in $(lxc-ls --active -1); do tail -1 /var/lib/lxc/"$i"/rootfs/var/log/conntrack.log | awk '{print $15}' ; done) )
|
||||||
|
lxc_sum="$(echo $(printf %d+ ${lxc_c[@]})0 | bc)"
|
||||||
|
|
||||||
|
c_sum="$((c_local + lxc_sum))"
|
||||||
|
echo "conntrack: $c_sum" >> "$log_file"
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,58 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# envs.net - generate index.gmi
|
||||||
|
# - this script is called by /etc/cron.d/envs_gemini
|
||||||
|
#
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
userlist() {
|
||||||
|
mapfile -t users < <(jq -Mr '.data.users|keys[]' /var/www/envs.net/users_info.json)
|
||||||
|
for USERNAME in "${users[@]}"; do
|
||||||
|
if [ -f /home/"$USERNAME"/public_gemini/index.gmi ]; then
|
||||||
|
[[ ! -L /var/gemini/\~"$USERNAME" ]] && ln -s /home/"$USERNAME"/public_gemini /var/gemini/\~"$USERNAME"
|
||||||
|
printf '=> gemini://envs.net/~%s/ ~%s\n' "$USERNAME" "$USERNAME"
|
||||||
|
else
|
||||||
|
[[ -L /var/gemini/\~"$USERNAME" ]] && unlink /var/gemini/\~"$USERNAME"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# INDEX.GMI
|
||||||
|
#
|
||||||
|
cat << EOM >> /tmp/index.gmi_tmp
|
||||||
|
welcome on envs.net - gemini
|
||||||
|
$(figlet -f smslant envs.net)
|
||||||
|
environments
|
||||||
|
|
||||||
|
|
||||||
|
envs.net is a minimalist, non-commercial
|
||||||
|
shared unix system and will always be free to use.
|
||||||
|
|
||||||
|
we are linux lovers, sysadmins, programmer and users who like build
|
||||||
|
webpages, write blogs, chat online, play cool console games and so much
|
||||||
|
more. you wish to join with an small user space?
|
||||||
|
|
||||||
|
join the team today!
|
||||||
|
=> https://envs.net/signup/ signup for a envs.net account (html)
|
||||||
|
|
||||||
|
visit us in gopher and html lands for more info.
|
||||||
|
=> https://envs.net website (html)
|
||||||
|
=> gopher://envs.net gophermap (gopher)
|
||||||
|
|
||||||
|
|
||||||
|
here is a list of our esteemed users:
|
||||||
|
if you are not appearing on this list, create your index.gmi in ~/public_gemini
|
||||||
|
|
||||||
|
$(userlist)
|
||||||
|
|
||||||
|
EOM
|
||||||
|
|
||||||
|
|
||||||
|
mv /tmp/index.gmi_tmp /var/gemini/index.gmi
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,45 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
CMD="$1"
|
||||||
|
DB="$2"
|
||||||
|
BACKUP_DIR="/home/$USER/backup"
|
||||||
|
|
||||||
|
print_usage() {
|
||||||
|
printf 'envs.net | mysql backup & restore\n\n'
|
||||||
|
printf 'Usage: %s\n\t backup\t\t\t - backup your default user database (%s)\n' "$(basename "$0")" "$USER"
|
||||||
|
printf '\t backup <db_name>\t - backup database\n'
|
||||||
|
printf '\t restore\t\t - restore your latest user database\n'
|
||||||
|
printf '\t restore <db_name>\t - restore database\n'
|
||||||
|
}
|
||||||
|
|
||||||
|
backup() {
|
||||||
|
[[ -z "$DB" ]] && DB="$USER"
|
||||||
|
test ! -d "$BACKUP_DIR" && mkdir -p "$BACKUP_DIR" && chmod 700 "$BACKUP_DIR"
|
||||||
|
|
||||||
|
mysqldump -u "$USER" "$DB" -p | gzip -c > "$BACKUP_DIR"/db_"$(date +%F.%H%M%S)".sql.gz
|
||||||
|
find "$BACKUP_DIR"/db_*.gz -maxdepth 1 -type f -mtime +7 -delete
|
||||||
|
}
|
||||||
|
|
||||||
|
restore() {
|
||||||
|
if [[ -z "$DB" ]]; then
|
||||||
|
latest=''; for f in "$BACKUP_DIR"/db_*.gz; do [[ "$f" -nt "$latest" ]] && latest="$f"; done
|
||||||
|
[[ -z "$latest" ]] && printf 'no restore file found in %s!\n' "$BACKUP_DIR" && exit 0
|
||||||
|
DB="$latest"
|
||||||
|
gunzip < "$DB" | mysql -u "$USER" "$USER" -p
|
||||||
|
else
|
||||||
|
gunzip < "$BACKUP_DIR"/"$DB" | mysql -u "$USER" "$DB" -p
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
[[ $# -lt 1 ]] && print_usage && exit 1
|
||||||
|
|
||||||
|
case "$CMD" in
|
||||||
|
backup*) backup;;
|
||||||
|
|
||||||
|
restore*) restore;;
|
||||||
|
|
||||||
|
*) print_usage;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
test ! -f /var/www/envs.net/stats/ && mkdir -p /var/www/envs.net/stats/
|
||||||
|
|
||||||
|
{
|
||||||
|
zcat /var/log/nginx/other_vhosts_access.*.gz
|
||||||
|
cat /var/log/nginx/other_vhosts_access.log.1
|
||||||
|
cat /var/log/nginx/other_vhosts_access.log
|
||||||
|
} | awk '$8=$1$8' | goaccess -a \
|
||||||
|
-o /var/www/envs.net/stats/index.html \
|
||||||
|
--ignore-panel=HOSTS \
|
||||||
|
--ignore-panel=KEYPHRASES \
|
||||||
|
--log-format=VCOMBINED -
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,330 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# envs.net - generate sysinfo.json and sysinfo.php
|
||||||
|
# - this script is called by /etc/cron.d/envs_sysinfo
|
||||||
|
#
|
||||||
|
WWW_PATH='/var/www/envs.net'
|
||||||
|
DOMAIN='envs.net'
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
# define packages by category for sysinfo.php Page
|
||||||
|
services=(0x0 bbj cryptpad getwtxt gitea gophernicus jetforce mariadb-server nginx openssh-server privatebin searx termbin tt-rss thelounge znc)
|
||||||
|
readarray -t sorted_services < <(printf '%s\n' "${services[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
shells=(bash csh dash elvish fish ksh mksh sash tcsh xonsh yash zsh)
|
||||||
|
readarray -t sorted_shells < <(printf '%s\n' "${shells[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
editors=(emacs micro nano neovim vim)
|
||||||
|
readarray -t sorted_editors < <(printf '%s\n' "${editors[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
inet_clients=(alpine av98 bombadillo curl irssi lynx neomutt mutt mosh openssh-client pb toot weechat wget vf1)
|
||||||
|
readarray -t sorted_inet_clients < <(printf '%s\n' "${inet_clients[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
coding_pkg=(cargo clang clisp clojure crystal default-jdk default-jre elixir erlang flex
|
||||||
|
g++ gcc gcl gdc gforth ghc go golang guile-2.2 inform lua5.1 lua5.2 lua5.3 mono-complete
|
||||||
|
nasm nodejs octave perl php picolisp ponyc python python2.7 python3 racket ruby rustc scala tcl yasm)
|
||||||
|
readarray -t sorted_coding_pkg < <(printf '%s\n' "${coding_pkg[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
coding_tools=(ack bison build-essential clisp cl-launch cvs devscripts ecl gawk git gron initscripts jq latex-mk latexmk
|
||||||
|
make mawk mercurial rake ripgrep sbcl shellcheck subversion texlive-full virtualenv yarn)
|
||||||
|
readarray -t sorted_coding_tools < <(printf '%s\n' "${coding_tools[@]}" | sort)
|
||||||
|
|
||||||
|
|
||||||
|
misc=(aria2 bc busybox burrow byobu clinte gfu goaccess hugo jekyll mariadb-client mathomatic mathtex mkdocs
|
||||||
|
pandoc pelican screen sqlite3 tmux todotxt-cli twtxt zola)
|
||||||
|
readarray -t sorted_misc < <(printf '%s\n' "${misc[@]}" | sort)
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
custom_pkg_desc() {
|
||||||
|
local pkg="$1"
|
||||||
|
case "$pkg" in
|
||||||
|
# packages
|
||||||
|
av98) pkg_desc='AV-98 - Command line gemini client. High speed, low drag.';;
|
||||||
|
bombadillo) pkg_desc='Bombadillo is a modern Gopher & Gemini client for the terminal';;
|
||||||
|
burrow) pkg_desc='a helper for building and managing a gopher hole';;
|
||||||
|
clinte) pkg_desc='a community notices system';;
|
||||||
|
crystal) pkg_desc='Compiler for the Crystal language';;
|
||||||
|
gfu) pkg_desc='A utility for formatting gophermaps';;
|
||||||
|
go) pkg_desc='tool for managing Go source code';;
|
||||||
|
goaccess) pkg_desc='fast web log analyzer and interactive viewer';;
|
||||||
|
micro) pkg_desc='a new modern terminal-based text editor';;
|
||||||
|
pb) pkg_desc='a helper utility for using 0x0 pastebin services';;
|
||||||
|
twtxt) pkg_desc='Decentralised, minimalist microblogging service for hackers';;
|
||||||
|
vf1) pkg_desc='VF-1 - Command line gopher client. High speed, low drag.';;
|
||||||
|
zola) pkg_desc='single-binary static site generator written in rust';;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# SYSINFO.JSON
|
||||||
|
#
|
||||||
|
JSON_FILE="$WWW_PATH/sysinfo.json"
|
||||||
|
TMP_JSON='/tmp/sysinfo.json_tmp'
|
||||||
|
|
||||||
|
print_pkg_version() {
|
||||||
|
local pkg_version
|
||||||
|
for pkg in $(dpkg-query -f '${binary:Package}\n' -W); do
|
||||||
|
pkg_version="$(dpkg-query -f '${Version}\n' -W "$pkg")"
|
||||||
|
|
||||||
|
printf '\t\t\t"%s": "%s",\n' "$pkg" "$pkg_version"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
cat<<EOM > "$TMP_JSON"
|
||||||
|
{
|
||||||
|
"timestamp": "$(date +'%s')",
|
||||||
|
"data": {
|
||||||
|
"info": {
|
||||||
|
"name": "envs",
|
||||||
|
"description": "envs.net is a minimalist, non-commercial shared unix system and will always be free to use.",
|
||||||
|
"located": "germany",
|
||||||
|
"maintainer": "Sven Kinne (~creme) - creme@envs.net",
|
||||||
|
"website": "https://$DOMAIN",
|
||||||
|
"signup_url": "https://$DOMAIN/signup/",
|
||||||
|
"gopher": "gopher://envs.net/",
|
||||||
|
"email": "hostmaster@$DOMAIN",
|
||||||
|
"admin_email": "sudoers@$DOMAIN",
|
||||||
|
"user_count": $(find /home -mindepth 1 -maxdepth 1 | wc -l)
|
||||||
|
},
|
||||||
|
"system": {
|
||||||
|
"os": "$(lsb_release -sd)",
|
||||||
|
"uptime": "$(cat /proc/uptime)",
|
||||||
|
"uname": "$(uname -a)",
|
||||||
|
"board": "$(hostnamectl status | awk '/Chassis/ {print $2}')",
|
||||||
|
"cpuinfo": "$(awk '/system type|model name/{gsub(/^.*:[ ]*/,"");print $0;exit}' /proc/cpuinfo)",
|
||||||
|
"cpucount": "$(grep -c ^processor /proc/cpuinfo)"
|
||||||
|
},
|
||||||
|
"services": {
|
||||||
|
"0x0": {
|
||||||
|
"desc": "the null pointer - file hosting and url shortener",
|
||||||
|
"version": "-",
|
||||||
|
"url": "https://envs.sh/"
|
||||||
|
},
|
||||||
|
"bbj": {
|
||||||
|
"desc": "Bulletin Butter & Jelly: An HTTP bulletin board server for small communities",
|
||||||
|
"version": "-",
|
||||||
|
"url": "https://bbj.envs.net/"
|
||||||
|
},
|
||||||
|
"cryptpad": {
|
||||||
|
"desc": "collaborative real time editing",
|
||||||
|
"version": "$(curl -s https://pad."$DOMAIN"/api/config | awk '/ver=/ {print $2}' | sed -e 's/"ver=//' -e '$ s/"$//')",
|
||||||
|
"url": "https://pad.envs.net/"
|
||||||
|
},
|
||||||
|
"getwtxt": {
|
||||||
|
"desc": "a twtxt registry service",
|
||||||
|
"version": "$(curl -s https://twtxt."$DOMAIN"/api/plain/version | sed 's/getwtxt v//')",
|
||||||
|
"url": "https://twtxt.envs.net/"
|
||||||
|
},
|
||||||
|
"gitea": {
|
||||||
|
"desc": "a painless self-hosted git service written in go",
|
||||||
|
"version": "$(lxc-attach -n gitea -- bash -c "gitea --version | awk '{print \$3}'")",
|
||||||
|
"url": "https://git.envs.net/"
|
||||||
|
},
|
||||||
|
"gophernicus": {
|
||||||
|
"desc": "a modern full-featured (and hopefully) secure gopher daemon",
|
||||||
|
"version": "$(/usr/sbin/gophernicus -v | sed 's/Gophernicus\///' | awk '{print $1}')",
|
||||||
|
"url": "gopher://envs.net/"
|
||||||
|
},
|
||||||
|
"jetforce": {
|
||||||
|
"desc": "an tcp server for the gemini protocol",
|
||||||
|
"version": "$(/usr/local/bin/jetforce -V | awk '{printf $2}')",
|
||||||
|
"url": "gemini://envs.net/"
|
||||||
|
},
|
||||||
|
"privatebin": {
|
||||||
|
"desc": "a pastebin service",
|
||||||
|
"version": "$(lxc-attach -n pb -- bash -c "awk '/Current version:/ {print \$3}' /var/www/PrivateBin/README.md | sed '$ s/*$//'")",
|
||||||
|
"url": "https://pb.envs.net/"
|
||||||
|
},
|
||||||
|
"searx": {
|
||||||
|
"desc": "privacy-respecting metasearch engine",
|
||||||
|
"version": "$(curl -s https://searx."$DOMAIN"/config | jq -Mr .version)",
|
||||||
|
"url": "https://searx.envs.net/"
|
||||||
|
},
|
||||||
|
"termbin": {
|
||||||
|
"desc": "a command line pastebin",
|
||||||
|
"version": "-",
|
||||||
|
"url": "https://tb.envs.net/"
|
||||||
|
},
|
||||||
|
"thelounge": {
|
||||||
|
"desc": "a self-hosted web irc client",
|
||||||
|
"version": "$(sudo -u thelounge /srv/thelounge/.yarn/bin/thelounge -v | sed 's/v//')",
|
||||||
|
"url": "https://webirc.envs.net/"
|
||||||
|
},
|
||||||
|
"tt-rss": {
|
||||||
|
"desc": "tiny tiny rss - web-based news feed (rss/atom) aggregator",
|
||||||
|
"version": "$(lxc-attach -n rss -- bash -c "dpkg -s tt-rss | awk '/Version:/ {print \$2}' | head -n1")",
|
||||||
|
"url": "https://rss.envs.net/"
|
||||||
|
},
|
||||||
|
"znc": {
|
||||||
|
"desc": "advanced modular irc bouncer",
|
||||||
|
"version": "$(dpkg -s znc | awk '/Version:/ {print $2}' | head -n1)",
|
||||||
|
"url": "https://znc.envs.net/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"packages": {
|
||||||
|
"av98": "$(/usr/local/bin/av98 --version | awk '{print $2}')",
|
||||||
|
"bombadillo": "$(/usr/local/bin/bombadillo -v | sed 's/Bombadillo v//')",
|
||||||
|
"burrow": "$(/usr/local/bin/burrow -v | sed 's/v//')",
|
||||||
|
"clinte": "$(/usr/local/bin/clinte -V | awk '{print $2}')",
|
||||||
|
"gfu": "$(/usr/local/bin/gfu -v | sed '/version/s/.*version \([^ ][^ ]*\)[ ]*.*/\1/')",
|
||||||
|
"go": "$(sed 's/go//' /usr/local/go/VERSION)",
|
||||||
|
"goaccess": "$(/usr/bin/goaccess -V | head -1 | sed -e 's/GoAccess - //' -e '$ s/.$//')",
|
||||||
|
"micro": "$(/usr/local/bin/micro -version | head -n1 | awk '{print $2}')",
|
||||||
|
"pb": "$(/usr/local/bin/pb -v)",
|
||||||
|
"twtxt": "$(/usr/local/bin/twtxt --version | awk '{printf $3}')",
|
||||||
|
"vf1": "$(/usr/local/bin/vf1 --version | awk '{print $2}')",
|
||||||
|
"zola": "$(/usr/local/bin/zola -V | awk '{print $2}')",
|
||||||
|
$(print_pkg_version)
|
||||||
|
EOM
|
||||||
|
# remove trailing ',' on last line
|
||||||
|
sed -i '$ s/,$//' "$TMP_JSON"
|
||||||
|
|
||||||
|
cat<<EOM >> "$TMP_JSON"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOM
|
||||||
|
|
||||||
|
mv "$TMP_JSON" "$JSON_FILE"
|
||||||
|
chown root:www-data "$JSON_FILE"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# SYSINFO.PHP
|
||||||
|
#
|
||||||
|
print_pkg_info() {
|
||||||
|
local pkg="$1"
|
||||||
|
|
||||||
|
local pkg_version
|
||||||
|
pkg_version="$(jq -Mr '.data.packages."'"$pkg"'"|select (.!=null)' "$JSON_FILE")"
|
||||||
|
[[ "$pkg_version" = '' ]] && pkg_version='n.a.'
|
||||||
|
|
||||||
|
local pkg_desc
|
||||||
|
custom_pkg_desc "$pkg"
|
||||||
|
[[ "$pkg_desc" = '' ]] && pkg_desc="$(apt-cache show "$pkg" | awk '/Description-en/ {print substr($0, index($0,$3))}' | head -1)"
|
||||||
|
[[ "$pkg_desc" = '' ]] && pkg_desc="$(apt-cache search ^"$pkg"$ | awk '{print substr($0, index($0,$3))}')"
|
||||||
|
[[ "$pkg_desc" = '' ]] && pkg_desc='n.a.'
|
||||||
|
# remove description-en string
|
||||||
|
pkg_desc="${pkg_desc//Description-en: /}"
|
||||||
|
# replace double qoutes with single qoute
|
||||||
|
pkg_desc="${pkg_desc//\"/\'}"
|
||||||
|
# string to lowercase
|
||||||
|
pkg_desc="${pkg_desc,,}"
|
||||||
|
|
||||||
|
printf '\t<tr> <td>%s</td> <td>%s</td> <td>%s</td> </tr>\n' "$pkg" "$pkg_version" "$pkg_desc"
|
||||||
|
}
|
||||||
|
|
||||||
|
print_pkg_info_services() {
|
||||||
|
local pkg="$1"
|
||||||
|
|
||||||
|
local pkg_desc
|
||||||
|
pkg_desc="$(jq -Mr '.data.services."'"$pkg"'".desc|select (.!=null)' "$JSON_FILE")"
|
||||||
|
|
||||||
|
local pkg_version
|
||||||
|
pkg_version="$(jq -Mr '.data.services."'"$pkg"'".version|select (.!=null)' "$JSON_FILE")"
|
||||||
|
|
||||||
|
local s_url
|
||||||
|
s_url="$(jq -Mr '.data.services."'"$pkg"'".url|select (.!=null)' "$JSON_FILE")"
|
||||||
|
|
||||||
|
printf '\t<tr> <td><a href="%s" target="_blank">%s</a></td> <td>%s</td> <td>%s</td> </tr>\n' "$s_url" "$pkg" "$pkg_version" "$pkg_desc"
|
||||||
|
}
|
||||||
|
|
||||||
|
print_category() {
|
||||||
|
local category="$1"
|
||||||
|
shift
|
||||||
|
local arr=("$@")
|
||||||
|
|
||||||
|
if [ "$category" = 'services' ]; then
|
||||||
|
printf '<details open=""><summary class="menu" id="%s"><strong># %s</strong></summary>\n' "$category" "${category//_/ }"
|
||||||
|
else
|
||||||
|
printf '<details><summary class="menu" id="%s"><strong># %s</strong></summary>\n' "$category" "${category//_/ }"
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf '<table id="table_pkg">\n'
|
||||||
|
printf '<tr> <th width="140px">Package</th> <th width="280px">Version</th> <th>Description</th></tr>\n'
|
||||||
|
|
||||||
|
if [ "$category" = 'services' ]; then
|
||||||
|
for pkg in "${arr[@]}"; do
|
||||||
|
# check service is in json
|
||||||
|
s_in_j="$(jq -Mr '.data.services."'"$pkg"'"|select (.!=null)' "$JSON_FILE")"
|
||||||
|
|
||||||
|
if [ -n "$s_in_j" ]; then
|
||||||
|
print_pkg_info_services "$pkg"
|
||||||
|
else
|
||||||
|
print_pkg_info "$pkg"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
else
|
||||||
|
for pkg in "${arr[@]}"; do print_pkg_info "$pkg"; done
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf '</table></details>\n'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
cat<<EOM > /tmp/sysinfo.php_tmp
|
||||||
|
<?php
|
||||||
|
// do not touch
|
||||||
|
// this files is generated by /usr/local/bin/envs_sysinfo.sh
|
||||||
|
\$title = "$DOMAIN | sysinfo";
|
||||||
|
\$desc = "$DOMAIN | sysinfo";
|
||||||
|
|
||||||
|
include 'header.php';
|
||||||
|
?>
|
||||||
|
|
||||||
|
<body id="body" class="dark-mode">
|
||||||
|
<div>
|
||||||
|
|
||||||
|
<div class="button_back">
|
||||||
|
<pre class="clean"><strong><a href="/">< back</a></strong></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div id="main">
|
||||||
|
<div class="block">
|
||||||
|
<pre>
|
||||||
|
<h1><em>sysinfo</em></h1>
|
||||||
|
|
||||||
|
<em>full data source: <a href="/sysinfo.json">https://$DOMAIN/sysinfo.json</a></em>
|
||||||
|
<em>webserver stats: <a href="/stats/">https://$DOMAIN/stats/</a></em>
|
||||||
|
|
||||||
|
<em>server admin: <a href="/~creme/">~creme</a></em>
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
this is a static list of the package informations. it updates once per day.
|
||||||
|
|
||||||
|
<strong># can i get [package] installed?</strong>
|
||||||
|
probably! send an email with your suggestion to <a href="mailto:sudoers@$DOMAIN">sudoers@$DOMAIN</a>.
|
||||||
|
|
||||||
|
$(print_category 'services' "${sorted_services[@]}")
|
||||||
|
$(print_category 'shells' "${sorted_shells[@]}")
|
||||||
|
$(print_category 'editors' "${sorted_editors[@]}")
|
||||||
|
$(print_category 'online_browser_and_clients' "${sorted_inet_clients[@]}")
|
||||||
|
$(print_category 'coding_packages' "${sorted_coding_pkg[@]}")
|
||||||
|
$(print_category 'coding_tools' "${sorted_coding_tools[@]}")
|
||||||
|
$(print_category 'misc' "${sorted_misc[@]}")
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<?php include 'footer.php'; ?>
|
||||||
|
|
||||||
|
EOM
|
||||||
|
|
||||||
|
mv /tmp/sysinfo.php_tmp "$WWW_PATH"/sysinfo.php
|
||||||
|
chown root:www-data "$WWW_PATH"/sysinfo.php
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
printf 'toot as envs.net\n\n'
|
||||||
|
|
||||||
|
if [ -n "$1" ] && [ -z "$2" ]; then
|
||||||
|
sudo -u services /usr/bin/toot post "$1"
|
||||||
|
else
|
||||||
|
printf 'usage: envs_toot "your message"\n'
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,175 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
domain='envs.net'
|
||||||
|
short_dom="$(echo $domain | awk -F. '{printf $1}')"
|
||||||
|
|
||||||
|
|
||||||
|
cmd="$1"
|
||||||
|
user="$2"
|
||||||
|
mailTo="$3"
|
||||||
|
ssh_pubkey="$4"
|
||||||
|
|
||||||
|
newpw=$(pwgen -s 12 1)
|
||||||
|
pwcrypt=$(perl -e "print crypt('${newpw}', 'sa');")
|
||||||
|
|
||||||
|
# mail header
|
||||||
|
head_mime='MIME-Version: 1.0'
|
||||||
|
head_type='Content-type: text/plain; charset=utf-8'
|
||||||
|
head_def="$head_mime\r\n$head_type"
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
|
add_user_db() {
|
||||||
|
mysql -u root << EOF
|
||||||
|
CREATE DATABASE $user;
|
||||||
|
GRANT ALL PRIVILEGES ON $USER.* TO '$user'@'localhost' IDENTIFIED BY '$newpw';
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
del_user_db() {
|
||||||
|
mysqldump -u root "$user" > /tmp/"$user".sql
|
||||||
|
mv /tmp/"$user".sql /root/mysql_dumps/"$user".sql
|
||||||
|
|
||||||
|
mysql -u root << EOF
|
||||||
|
DROP DATABASE $user;
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
add_user() {
|
||||||
|
useradd -m -g 9999 -s /bin/bash -p "$pwcrypt" "$user"
|
||||||
|
|
||||||
|
# set user quota
|
||||||
|
echo "$user hard nproc 200" | tee /etc/security/limits.d/"$user" >/dev/null 2>&1
|
||||||
|
setquota -u "$user" 1024M 1536M 0 0 /
|
||||||
|
|
||||||
|
# set mail aliases
|
||||||
|
echo "$user: $user@$domain" | tee -a /etc/aliases >/dev/null 2>&1
|
||||||
|
echo "$user: $user@$domain" | tee -a /etc/email-addresses >/dev/null 2>&1
|
||||||
|
|
||||||
|
# systemd service
|
||||||
|
chown -R "$user":"$short_dom" /home/"$user"/.config/systemd/user/
|
||||||
|
|
||||||
|
# set users ssh pub key
|
||||||
|
if [ -n "$ssh_pubkey" ]; then
|
||||||
|
echo "$ssh_pubkey" | tee /home/"$user"/.ssh/authorized_keys
|
||||||
|
else
|
||||||
|
nano /home/"$user"/.ssh/authorized_keys
|
||||||
|
fi
|
||||||
|
chmod 700 /home/"$user"/.ssh/
|
||||||
|
chmod 644 /home/"$user"/.ssh/authorized_keys
|
||||||
|
chown -R "$user":"$short_dom" /home/"$user"/.ssh
|
||||||
|
|
||||||
|
# setup database
|
||||||
|
add_user_db
|
||||||
|
|
||||||
|
# setup email mailbox
|
||||||
|
lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts create \
|
||||||
|
-p username=$user@$domain -p role=SimpleUsers -p language=en \
|
||||||
|
-p password=$newpw -p secondary_email=$mailTo >/dev/null 2>&1 "
|
||||||
|
|
||||||
|
sleep 3
|
||||||
|
|
||||||
|
# send readme mail
|
||||||
|
readme_sub="Subject: Welcome ~$user | please readme!"
|
||||||
|
readme_mail="$head_def\r\nTo: $user@$domain\r\nFrom: sudoers@$domain\r\n$readme_sub"
|
||||||
|
|
||||||
|
echo -e "$readme_mail\r\n$(cat /usr/local/bin/welcome-readme.tmpl)" | sendmail "$user"@"$domain"
|
||||||
|
|
||||||
|
# send welcome mail
|
||||||
|
wel_sub="Subject: Welcome to $domain | ~$user"
|
||||||
|
wel_mail="$head_def\r\nTo: $mailTo\r\nCC: $user@$domain\r\nFrom: hosting@$domain\r\n$wel_sub"
|
||||||
|
|
||||||
|
sleep 1 && echo -e "$wel_mail\r\n$(sed -e s/_username_/"$user"/g -e s/_password_/"$newpw"/ /usr/local/bin/welcome-email.tmpl)" \
|
||||||
|
| sendmail "$user"@"$domain" "$mailTo"
|
||||||
|
|
||||||
|
# subscribing to mailing list
|
||||||
|
sleep 1 && echo -e "$head_def\r\nTo: team-join@$domain\r\nFrom: $user@$domain\r\nSubject: subscribe\r\n" \
|
||||||
|
| sudo -u "$user" sendmail team-join@"$domain"
|
||||||
|
|
||||||
|
# setup mutt
|
||||||
|
echo -e "$(sed -e s/_username_/"$user"/g -e s/_password_/"$newpw"/ /home/"$user"/.muttrc)" > /home/"$user"/.muttrc
|
||||||
|
chmod go-r /home/"$user"/.muttrc
|
||||||
|
printf '\n~%s\n' "$user" > /home/"$user"/.mutt/signature
|
||||||
|
|
||||||
|
# setup znc account
|
||||||
|
sudo -u znc pkill -SIGUSR1 znc && pkill znc
|
||||||
|
sudo -u znc /srv/znc/add_znc_user.sh "$user"
|
||||||
|
systemctl start znc
|
||||||
|
|
||||||
|
# setup weechat
|
||||||
|
sed -i s/_username_/"$user"/g /home/"$user"/.weechat/irc.conf
|
||||||
|
|
||||||
|
# cleanup /etc/skel/ git stuff from user home
|
||||||
|
rm -rf /home/"$user"/.git /home/"$user"/README.md
|
||||||
|
|
||||||
|
# envs user update (userlist, recently updates and users_info.json)
|
||||||
|
/usr/local/bin/envs_user_updated.sh
|
||||||
|
|
||||||
|
# announcing new user on mastodon
|
||||||
|
sudo -u services toot post "welcome new user ~$user"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
del_user() {
|
||||||
|
# unsubscribe mailing list
|
||||||
|
# ??
|
||||||
|
echo -e "$head_def\r\nTo: team-leave@$domain\r\nFrom: $user@$domain\r\nSubject: leave\r\n" | sudo -u "$user" sendmail team-leave@"$domain"
|
||||||
|
# remove user
|
||||||
|
deluser --remove-home "$user"
|
||||||
|
# unset user quota
|
||||||
|
rm /etc/security/limits.d/"$user"
|
||||||
|
# unset mail aliases
|
||||||
|
sed -i /"$user"/d /etc/aliases
|
||||||
|
sed -i /"$user"/d /etc/email-addresses
|
||||||
|
# remove email mailbox
|
||||||
|
# get userid from lxc-attach
|
||||||
|
mail_userid=$(lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts list -p search=$user@$domain | jq '.[] | .pk'")
|
||||||
|
lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts delete -p id=$mail_userid"
|
||||||
|
# remove database
|
||||||
|
del_user_db
|
||||||
|
# unlink gemini
|
||||||
|
[[ -L /var/gemini/\~"$user" ]] && unlink /var/gemini/\~"$user"
|
||||||
|
# remove znc account
|
||||||
|
printf '\n!!! ADMIN: please remove %s also from lists.%s and znc.%s !!!\n\n' "$user" "$domain" "$domain"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
case "$cmd" in
|
||||||
|
add) [[ $# -lt 3 ]] && printf 'not enough args\n' && exit 1
|
||||||
|
if ! id -u "$user" >/dev/null 2>&1; then
|
||||||
|
printf '\nAdd User %s to %s\n' "$user" "$domain"
|
||||||
|
printf 'mail to: %s\n\n' "$mailTo"
|
||||||
|
add_user
|
||||||
|
else
|
||||||
|
printf 'User already exists!\n'
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
del) [[ $# -lt 2 ]] && printf 'not enough args\n' && exit 1
|
||||||
|
if id -u "$user" >/dev/null 2>&1; then
|
||||||
|
printf '\nDelete User %s from %s?\n' "$user" "$domain"
|
||||||
|
select yn in "Yes" "No"; do
|
||||||
|
case $yn in
|
||||||
|
Yes ) del_user ; break ;;
|
||||||
|
No ) break ;;
|
||||||
|
esac ; done
|
||||||
|
else
|
||||||
|
printf 'User not exists!\n'
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
*) printf '%s | User Account Setup\n\n' "$domain"
|
||||||
|
printf 'Usage: %s\n Add a User:\n' "$(basename "$0")"
|
||||||
|
printf '\t%s add "username" "email" "ssh-pubkey"\n' "$(basename "$0")"
|
||||||
|
printf ' Delete a User:\n'
|
||||||
|
printf '\t%s del "username"\n' "$(basename "$0")"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,233 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# envs.net - generate user_updates.php and users_info.json
|
||||||
|
# - this script is called by /etc/cron.d/envs_sysinfo
|
||||||
|
#
|
||||||
|
WWW_PATH='/var/www/envs.net'
|
||||||
|
DOMAIN="envs.net"
|
||||||
|
|
||||||
|
|
||||||
|
[[ "$EUID" -ne 0 ]] && printf 'Please run as root!\n' && exit 1
|
||||||
|
|
||||||
|
#
|
||||||
|
# user_updates.php
|
||||||
|
#
|
||||||
|
|
||||||
|
LIST="$(stat --format=%Z\ %n /home/*/public_html/* | grep -v updated | grep -v your_index_template.php | grep -v cgi-bin | sort -r)"
|
||||||
|
echo "$LIST" | perl /usr/local/bin/envs_user_updated_genpage.pl > /tmp/user_updates.php_tmp
|
||||||
|
|
||||||
|
mv /tmp/user_updates.php_tmp "$WWW_PATH"/user_updates.php
|
||||||
|
chown root:www-data "$WWW_PATH"/user_updates.php
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# users_info.json
|
||||||
|
#
|
||||||
|
TMP_JSON='/tmp/users_info.json_tmp'
|
||||||
|
|
||||||
|
cat << EOM > "$TMP_JSON"
|
||||||
|
{
|
||||||
|
"timestamp": "$(date +'%s')",
|
||||||
|
"data": {
|
||||||
|
"info": {
|
||||||
|
"name": "envs",
|
||||||
|
"description": "envs.net is a minimalist, non-commercial shared unix system and will always be free to use.",
|
||||||
|
"located": "germany",
|
||||||
|
"maintainer": "Sven Kinne (~creme) - creme@envs.net",
|
||||||
|
"website": "https://$DOMAIN",
|
||||||
|
"signup_url": "https://$DOMAIN/signup/",
|
||||||
|
"gopher": "gopher://envs.net/",
|
||||||
|
"email": "hostmaster@$DOMAIN",
|
||||||
|
"admin_email": "sudoers@$DOMAIN",
|
||||||
|
"user_count": $(find /home -mindepth 1 -maxdepth 1 | wc -l)
|
||||||
|
},
|
||||||
|
"users": {
|
||||||
|
EOM
|
||||||
|
# user header
|
||||||
|
for USERNAME in /home/*
|
||||||
|
do
|
||||||
|
USER_HOME="$USERNAME"
|
||||||
|
USERNAME="${USERNAME/\/home\//}"
|
||||||
|
INFO_FILE="$USER_HOME/.envs"
|
||||||
|
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"$USERNAME": {
|
||||||
|
"home": "$USER_HOME",
|
||||||
|
"email": "$USERNAME@$DOMAIN",
|
||||||
|
EOM
|
||||||
|
# desc
|
||||||
|
if [[ -f "$INFO_FILE" ]]; then
|
||||||
|
desc="$(sed -n '/^desc=/{s#^.*=##;p}' "$INFO_FILE")"
|
||||||
|
|
||||||
|
if [[ -z "$desc" ]] || [[ "$desc" == 'a short describtion or message' ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"desc": "",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"desc": "$desc",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"desc": "",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# website
|
||||||
|
if [[ -f "$USER_HOME"/public_html/index.php ]] || [[ "$(test -f "$USER_HOME"/public_html/index.*htm*; echo $?)" -eq 0 ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"website": "https://$DOMAIN/~$USERNAME/",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"website": "",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# gopher
|
||||||
|
if [ -f "$USER_HOME"/public_gopher/gophermap ]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"gopher": "gopher://$DOMAIN/1/~$USERNAME/",
|
||||||
|
"gopherproxy": "https://gopher.$DOMAIN/$DOMAIN/1/~$USERNAME/",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"gopher": "",
|
||||||
|
"gopherproxy": "",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# gemini
|
||||||
|
if [ -f "$USER_HOME"/public_gemini/index.gmi ]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"gemini": "gemini://$DOMAIN/~$USERNAME/",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# blog
|
||||||
|
if [[ "$(find "$USER_HOME"/public_html/blog/ -maxdepth 1 2>/dev/null | wc -l)" -ge 3 ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"blog": "https://$DOMAIN/~$USERNAME/blog/",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"blog": "",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# twtwt
|
||||||
|
if [[ -f "$USER_HOME"/public_html/twtxt.txt ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"twtxt": "https://$DOMAIN/~$USERNAME/twtxt.txt",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"twtxt": "",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
# user custom infos from .envs file (max. 10 entrys)
|
||||||
|
if [[ -f "$INFO_FILE" ]]; then
|
||||||
|
count_entry='0' # use to limit entrys
|
||||||
|
count_field_entry='0' # use to separat array line by line
|
||||||
|
|
||||||
|
unset field_exists; declare -a field_exists=() # contains field names to limit entrys
|
||||||
|
unset field_is_array; declare -a field_is_array=() # contains array fields to printf correct json entrys
|
||||||
|
unset line_to_set; declare -A line_to_set # contains user info lines
|
||||||
|
|
||||||
|
# check 'INFO_FILE' and add entrys to 'line_to_set' array
|
||||||
|
while read -r LINE ; do
|
||||||
|
if [[ -n "$LINE" ]] && ! [[ "$LINE" = '#'* ]] && ! [[ "$LINE" = 'desc='* ]]; then
|
||||||
|
user_field="${LINE//=*/}"
|
||||||
|
user_value="${LINE//*=/}"
|
||||||
|
|
||||||
|
if ! [[ ":${field_exists[*]}:" =~ $user_field ]]; then
|
||||||
|
# entry will be a single line
|
||||||
|
count_entry="$(( "$count_entry" + 1 ))"; [[ "$count_entry" -le '10' ]] || continue
|
||||||
|
field_exists+=( "$user_field" )
|
||||||
|
line_to_set["$user_field","$count_field_entry"]+="$user_value"
|
||||||
|
else
|
||||||
|
# entry will be a array
|
||||||
|
if ! [[ ":${field_is_array[*]}:" =~ $user_field ]]; then
|
||||||
|
field_is_array+=( "$user_field" )
|
||||||
|
fi
|
||||||
|
count_field_entry="$(( "$count_field_entry" +1 ))"
|
||||||
|
line_to_set["$user_field","$count_field_entry"]+="$user_value"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done <<< "$(tac "$INFO_FILE")" # read file from buttom
|
||||||
|
|
||||||
|
# add users custom entrys from line_to_set (single lines before arrays)
|
||||||
|
#
|
||||||
|
# single line entrys
|
||||||
|
for field in "${!line_to_set[@]}"; do
|
||||||
|
field_name="${field//,*/}"
|
||||||
|
|
||||||
|
if ! [[ ":${field_is_array[*]}:" =~ $field_name ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"$field_name": "${line_to_set[$field]}",
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
#
|
||||||
|
# array line entrys
|
||||||
|
field_in_progress=''
|
||||||
|
|
||||||
|
for field in "${!line_to_set[@]}"; do
|
||||||
|
field_name="${field//,*/}"
|
||||||
|
field_count="${field//*,/}"
|
||||||
|
|
||||||
|
if [[ ":${field_is_array[*]}:" =~ $field_name ]]; then
|
||||||
|
# begin of user def. array
|
||||||
|
if ! [[ "$field_in_progress" = "$field_name" ]]; then
|
||||||
|
field_in_progress="$field_name"
|
||||||
|
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"$field_name": [
|
||||||
|
"${line_to_set[$field]}",
|
||||||
|
EOM
|
||||||
|
else
|
||||||
|
# continue user def. array
|
||||||
|
if ! [[ "$field_count" -eq '0' ]]; then
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"${line_to_set[$field]}",
|
||||||
|
EOM
|
||||||
|
# end of user def. array
|
||||||
|
else
|
||||||
|
unset field_in_progress
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"${line_to_set[$field]}"
|
||||||
|
],
|
||||||
|
EOM
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
# ssh
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
"ssh-pubkey": [
|
||||||
|
EOM
|
||||||
|
while read -r LINE ; do
|
||||||
|
[[ "$LINE" == 'ssh'* ]] && printf '\t\r\t\r\t\r\t\r\t"%s",\n' "$LINE" >> "$TMP_JSON"
|
||||||
|
done < "$USER_HOME"/.ssh/authorized_keys
|
||||||
|
# remove trailing ',' for the last pubkey
|
||||||
|
sed -i '$ s/,$//' "$TMP_JSON"
|
||||||
|
|
||||||
|
# close user ssh pubkey array ']' and user part. '},'
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
EOM
|
||||||
|
# EOF
|
||||||
|
done
|
||||||
|
# remove trailing ',' on last user entry
|
||||||
|
sed -i '$ s/,$//' "$TMP_JSON"
|
||||||
|
|
||||||
|
cat << EOM >> "$TMP_JSON"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOM
|
||||||
|
|
||||||
|
|
||||||
|
mv "$TMP_JSON" "$WWW_PATH"/users_info.json
|
||||||
|
chown root:www-data "$WWW_PATH"/users_info.json
|
||||||
|
|
||||||
|
#
|
||||||
|
exit 0
|
|
@ -0,0 +1,50 @@
|
||||||
|
#!/usr/bin/perl
|
||||||
|
#
|
||||||
|
# source from pgadey (ctrl-c.club)
|
||||||
|
# url: https://github.com/pgadey/bin/blob/master/ctrl-c.club
|
||||||
|
#
|
||||||
|
|
||||||
|
print "<?php
|
||||||
|
// do not touch
|
||||||
|
// this files is generated by /usr/local/bin/envs_user_updated.sh
|
||||||
|
|
||||||
|
\$title = \"envs.net | recently user updates\";
|
||||||
|
\$desc = \"envs.net | recently user updates\";
|
||||||
|
|
||||||
|
include 'header.php';
|
||||||
|
?>
|
||||||
|
|
||||||
|
<body id=\"body\" class=\"dark-mode\">
|
||||||
|
<div>
|
||||||
|
|
||||||
|
<div class=\"button_back\">
|
||||||
|
<pre class=\"clean\"><strong><a href=\"/\">< back</a></strong></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div id=\"main\">
|
||||||
|
<div class=\"block\">
|
||||||
|
<pre>
|
||||||
|
<h1><em>recently user updates</em></h1>
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
this is a static list of the pages modified in <code>/home/*/public_html/*</code>. it updates every hour.
|
||||||
|
<ul>\n";
|
||||||
|
|
||||||
|
while (<>) {
|
||||||
|
chomp;
|
||||||
|
($date, $index) = split(/ /, $_);
|
||||||
|
$date = `date --date="\@$date" +'%F %H:%M:%S'`;
|
||||||
|
$author = $index;
|
||||||
|
$file = $index;
|
||||||
|
$author =~ s%/home/(\w+)/public_html/(\S+)%$1%;
|
||||||
|
$file =~ s%/home/(\w+)/public_html/(\S+)%$2%;
|
||||||
|
print "<li><a href=\"https://envs.net/\~$author/\">\~$author</a> (<a href=\"https://envs.net/\~$author/$file\">$file</a>) at $date</li>\n";
|
||||||
|
};
|
||||||
|
|
||||||
|
print "</ul>
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<?php include 'footer.php'; ?>";
|
|
@ -0,0 +1,74 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Color diff output, for human consumption
|
||||||
|
|
||||||
|
# License: LGPLv2
|
||||||
|
# Author:
|
||||||
|
# http://www.pixelbeat.org/
|
||||||
|
# Notes:
|
||||||
|
# If 2 parameters are passed, then they are passed to
|
||||||
|
# the `diff -Naru` command first. Otherwise the parameters
|
||||||
|
# (or stdin) are assumed to be diff format and are colourised.
|
||||||
|
#
|
||||||
|
# VIM can be useful for viewing diffs also:
|
||||||
|
# diff -Naru a b | vim -R -
|
||||||
|
# vim -R a-b.diff
|
||||||
|
# Changes:
|
||||||
|
# V0.1, 12 Feb 2008, Initial release
|
||||||
|
# V0.2, 18 Feb 2008, Use tput rather than hardcoding escape sequences.
|
||||||
|
# V0.3, 24 Apr 2008, Support Mac OS X
|
||||||
|
# V0.4, 30 Apr 2008, P@draigBrady.com
|
||||||
|
# Use $PAGER if set
|
||||||
|
# Manfred Schwarb <manfred99@gmx.ch>
|
||||||
|
# Support `diff -c` format fully.
|
||||||
|
# Pointed out issues with less -EF options.
|
||||||
|
# Suggested to use the less -S option.
|
||||||
|
# V0.5, 18 Jun 2009, P@draigBrady.com
|
||||||
|
# Delineate each file level item with highlight.
|
||||||
|
# Simplify expressions by using '&' in replacement.
|
||||||
|
# Use 't' after all matches for consistency and speed.
|
||||||
|
|
||||||
|
# less -K reportedly not available on older Mac OS X
|
||||||
|
less -K -Ff /dev/null 2>/dev/null && CTRL_C_EXITS="-K"
|
||||||
|
|
||||||
|
RED=1; GREEN=2; BLUE=4; BRIGHT='1;'
|
||||||
|
|
||||||
|
tputc() {
|
||||||
|
bright=$1; colour=$2
|
||||||
|
[ "$bright" ] && tput bold
|
||||||
|
tput setaf $colour
|
||||||
|
}
|
||||||
|
|
||||||
|
DEL="`tputc $BRIGHT $RED`"
|
||||||
|
ADD="`tputc $BRIGHT $GREEN`"
|
||||||
|
CHG="`tputc $BRIGHT $BLUE`"
|
||||||
|
FIL="`tput smso`" #highlight file level items
|
||||||
|
RST="`tput sgr0`"
|
||||||
|
|
||||||
|
if [ "$#" -eq "2" ]; then
|
||||||
|
diff -Naru "$@"
|
||||||
|
else
|
||||||
|
cat "$@"
|
||||||
|
fi |
|
||||||
|
sed "
|
||||||
|
s/^\*\{3\}.*\*\{4\}/$CHG&$RST/;t
|
||||||
|
s/^-\{3\}.*-\{4\}/$CHG&$RST/;t
|
||||||
|
s/^@.*/$CHG&$RST/;t
|
||||||
|
s/^[0-9].*/$CHG&$RST/;t
|
||||||
|
s/^!.*/$CHG&$RST/;t
|
||||||
|
|
||||||
|
s/^-.*/$DEL&$RST/;t
|
||||||
|
s/^<.*/$DEL&$RST/;t
|
||||||
|
|
||||||
|
s/^\*.*/$ADD&$RST/;t
|
||||||
|
s/^\+.*/$ADD&$RST/;t
|
||||||
|
s/^>.*/$ADD&$RST/;t
|
||||||
|
|
||||||
|
s/^Only in.*/$FIL&$RST/;t
|
||||||
|
s/^Index: .*/$FIL&$RST/;t
|
||||||
|
s/^diff .*/$FIL&$RST/;t
|
||||||
|
" |
|
||||||
|
${PAGER:-less -QRS $CTRL_C_EXITS}
|
||||||
|
|
||||||
|
# could use less -EFX also, but for large files or lots of scrolling, this
|
||||||
|
# is a lot more obtrusive on the terminal as the [de]init codes not used.
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
users | tr ' ' \\n | uniq | wc -l
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
printf 'setting up your thelounge account\n\n'
|
||||||
|
|
||||||
|
THELOUNGE_HOME=/srv/thelounge sudo -u thelounge /srv/thelounge/.yarn/bin/thelounge add "$USER"
|
||||||
|
|
||||||
|
printf '\nyou can now log in to https://irc.envs.net as %s with the password you just created.\n' "$USER"
|
|
@ -0,0 +1,38 @@
|
||||||
|
hello ~_username_,
|
||||||
|
|
||||||
|
welcome to envs.net!
|
||||||
|
|
||||||
|
your account has been established and you can ssh or mosh
|
||||||
|
into envs.net with the ssh key you supplied on registration.
|
||||||
|
|
||||||
|
your password is "_password_".
|
||||||
|
please change it when you log in for the first time with ssh.
|
||||||
|
also you need to change the password on https://mail.envs.net !
|
||||||
|
the password is used for imap/smtp auth(mail) and mysql. NOT shell login,
|
||||||
|
which is set to only use ssh key authentication.
|
||||||
|
your mail password will also used for znc.envs.net (imap-auth).
|
||||||
|
|
||||||
|
the best way you can help envs.net is by working
|
||||||
|
to support a great system culture. build cool programs and
|
||||||
|
share them with others; and help others; be a
|
||||||
|
good example for others and have fun!
|
||||||
|
|
||||||
|
your ~/public_www directory is served at:
|
||||||
|
https://envs.net/~_username_ , https://envs.net/u/_username_
|
||||||
|
https://_username_.envs.net and https://_username_.envs.sh/.
|
||||||
|
|
||||||
|
your mysql database is also has been provisioned. information below should
|
||||||
|
be used to connect to it:
|
||||||
|
|
||||||
|
database name: _username_
|
||||||
|
database user: _username_
|
||||||
|
password: (see your password above)
|
||||||
|
|
||||||
|
of course you can also use sqlite databases.
|
||||||
|
|
||||||
|
|
||||||
|
check out our help page at https://envs.net/help for more informations.
|
||||||
|
|
||||||
|
we seeing you! :)
|
||||||
|
|
||||||
|
envs.net ~creme
|
|
@ -0,0 +1,33 @@
|
||||||
|
hello,
|
||||||
|
|
||||||
|
welcome to envs.net!
|
||||||
|
|
||||||
|
you made it! we've set you up with a 'byobu' session with the
|
||||||
|
following default tabs:
|
||||||
|
|
||||||
|
- weechat for irc
|
||||||
|
- mutt for email
|
||||||
|
- a shell
|
||||||
|
|
||||||
|
if you're reading this, you're in the mutt pane. have a look
|
||||||
|
at the status bar at the bottom. the current windows are shown
|
||||||
|
in the bottom left, with several system status symbols on the right.
|
||||||
|
|
||||||
|
some of the most important keybinds are:
|
||||||
|
|
||||||
|
- f2: open a new window/tab
|
||||||
|
- f3/f4: prev/next windows
|
||||||
|
- f6: disconnect from you byobu session
|
||||||
|
- shift-f12 disable/enable byobu f-key bindings
|
||||||
|
|
||||||
|
press shift-f1 to see a more complete list of keybinds,
|
||||||
|
but these will get you wherever you need to go.
|
||||||
|
|
||||||
|
if you need help, switch to the first window and ask in irc.
|
||||||
|
|
||||||
|
also, if you know what you're doing and would rather use a different
|
||||||
|
terminal multiplexer, run byobu-disable to prevent it from launching on login.
|
||||||
|
|
||||||
|
we look forward to seeing you around! welcome to the envs.net!
|
||||||
|
|
||||||
|
envs ~ admins
|
|
@ -0,0 +1,7 @@
|
||||||
|
#
|
||||||
|
# BACKUP Server every day
|
||||||
|
#
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root
|
||||||
|
|
||||||
|
13 1,13 * * * root /root/backup-server.sh >/dev/null 2>&1
|
|
@ -0,0 +1,4 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/bin:/opt/services
|
||||||
|
|
||||||
|
0 0 * * 0 services python /opt/services/botany/clear_weekly_users.py >/dev/null 2>&1
|
|
@ -0,0 +1,17 @@
|
||||||
|
# /etc/cron.d/certbot: crontab entries for the certbot package
|
||||||
|
#
|
||||||
|
# Upstream recommends attempting renewal twice a day
|
||||||
|
#
|
||||||
|
# Eventually, this will be an opportunity to validate certificates
|
||||||
|
# haven't been revoked, etc. Renewal will only occur if expiration
|
||||||
|
# is within 30 days.
|
||||||
|
#
|
||||||
|
# Important Note! This cronjob will NOT be executed if you are
|
||||||
|
# running systemd as your init system. If you are running systemd,
|
||||||
|
# the cronjob.timer function takes precedence over this cronjob. For
|
||||||
|
# more details, see the systemd.timer manpage, or use systemctl show
|
||||||
|
# certbot.timer.
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/envs.sh --renew-hook "systemctl reload nginx"
|
|
@ -0,0 +1,4 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0-59/1 * * * * root /usr/local/bin/conntrack.sh && /usr/local/bin/envs_conntracks.sh >/dev/null 2>&1
|
|
@ -0,0 +1,7 @@
|
||||||
|
#
|
||||||
|
# generate envs gemini - index.gem (once per hour)
|
||||||
|
#
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0 * * * * root /usr/local/bin/envs_gemini_genpage.sh >/dev/null 2>&1
|
|
@ -0,0 +1,7 @@
|
||||||
|
#
|
||||||
|
# generate envs stats.html (once per hour)
|
||||||
|
#
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0 * * * * root /usr/local/bin/envs_stats.sh >/dev/null 2>&1
|
|
@ -0,0 +1,7 @@
|
||||||
|
#
|
||||||
|
# generate sysinfo.json and sysinfo.php every day
|
||||||
|
#
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0 0 * * * root /usr/local/bin/envs_sysinfo.sh >/dev/null 2>&1
|
|
@ -0,0 +1,8 @@
|
||||||
|
#
|
||||||
|
# generate user_updates.php , users_info.json
|
||||||
|
# (once per hour)
|
||||||
|
#
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
0 * * * * root /usr/local/bin/envs_user_updated.sh >/dev/null 2>&1
|
|
@ -0,0 +1,4 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
33 23 * * * root /usr/local/sbin/update-blacklist.sh /etc/ipset-blacklist/ipset-blacklist.conf >/dev/null 2>/dev/null&
|
|
@ -0,0 +1,6 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
0-59/30 * * * * root /usr/local/sbin/ipset-fail2ban.sh /etc/ipset-fail2ban/ipset-fail2ban.conf >/dev/null 2>/dev/null&
|
||||||
|
# clear list once per week
|
||||||
|
0 0 * * 0 root /usr/local/sbin/ipset-fail2ban.sh /etc/ipset-fail2ban/ipset-fail2ban.conf -c >/dev/null 2>&1
|
|
@ -0,0 +1,43 @@
|
||||||
|
# /etc/inetd.conf: see inetd(8) for further informations.
|
||||||
|
#
|
||||||
|
# Internet superserver configuration database
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Lines starting with "#:LABEL:" or "#<off>#" should not
|
||||||
|
# be changed unless you know what you are doing!
|
||||||
|
#
|
||||||
|
# If you want to disable an entry so it isn't touched during
|
||||||
|
# package updates just comment it out with a single '#' character.
|
||||||
|
#
|
||||||
|
# Packages should modify this file by using update-inetd(8)
|
||||||
|
#
|
||||||
|
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
|
||||||
|
#
|
||||||
|
#:INTERNAL: Internal services
|
||||||
|
#discard stream tcp nowait root internal
|
||||||
|
#discard dgram udp wait root internal
|
||||||
|
#daytime stream tcp nowait root internal
|
||||||
|
#time stream tcp nowait root internal
|
||||||
|
|
||||||
|
#:STANDARD: These are standard services.
|
||||||
|
|
||||||
|
#:BSD: Shell, login, exec and talk are BSD protocols.
|
||||||
|
talk dgram udp wait nobody.tty /usr/sbin/tcpd in.talkd
|
||||||
|
ntalk dgram udp wait nobody.tty /usr/sbin/tcpd in.ntalkd
|
||||||
|
|
||||||
|
#:MAIL: Mail, news and uucp services.
|
||||||
|
|
||||||
|
#:INFO: Info services
|
||||||
|
finger stream tcp nowait efingerd /usr/sbin/tcpd /usr/sbin/efingerd -fi
|
||||||
|
ident stream tcp nowait identd /usr/sbin/ident2 ident2 -i -n
|
||||||
|
|
||||||
|
#:BOOT: TFTP service is provided primarily for booting. Most sites
|
||||||
|
# run this only on machines acting as "boot servers."
|
||||||
|
|
||||||
|
#:RPC: RPC based services
|
||||||
|
|
||||||
|
#:HAM-RADIO: amateur-radio services
|
||||||
|
|
||||||
|
#:OTHER: Other services
|
||||||
|
#gopher stream tcp nowait nobody /usr/sbin/gophernicus gophernicus -h envs.net -nv -o UTF-8
|
||||||
|
gopher stream tcp nowait nobody /usr/sbin/gophernicus gophernicus -h envs.net -nv -r /var/gopher/envs.net -o UTF-8
|
|
@ -0,0 +1,67 @@
|
||||||
|
# /etc/inputrc - global inputrc for libreadline
|
||||||
|
# See readline(3readline) and `info rluserman' for more information.
|
||||||
|
|
||||||
|
# Be 8 bit clean.
|
||||||
|
set input-meta on
|
||||||
|
set output-meta on
|
||||||
|
|
||||||
|
# To allow the use of 8bit-characters like the german umlauts, uncomment
|
||||||
|
# the line below. However this makes the meta key not work as a meta key,
|
||||||
|
# which is annoying to those which don't need to type in 8-bit characters.
|
||||||
|
|
||||||
|
# set convert-meta off
|
||||||
|
|
||||||
|
# try to enable the application keypad when it is called. Some systems
|
||||||
|
# need this to enable the arrow keys.
|
||||||
|
# set enable-keypad on
|
||||||
|
|
||||||
|
# see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
|
||||||
|
|
||||||
|
# do not bell on tab-completion
|
||||||
|
set bell-style none
|
||||||
|
# set bell-style visible
|
||||||
|
|
||||||
|
# some defaults / modifications for the emacs mode
|
||||||
|
$if mode=emacs
|
||||||
|
|
||||||
|
# allow the use of the Home/End keys
|
||||||
|
"\e[1~": beginning-of-line
|
||||||
|
"\e[4~": end-of-line
|
||||||
|
|
||||||
|
# allow the use of the Delete/Insert keys
|
||||||
|
"\e[3~": delete-char
|
||||||
|
"\e[2~": quoted-insert
|
||||||
|
|
||||||
|
# mappings for "page up" and "page down" to step to the beginning/end
|
||||||
|
# of the history
|
||||||
|
# "\e[5~": beginning-of-history
|
||||||
|
# "\e[6~": end-of-history
|
||||||
|
|
||||||
|
# alternate mappings for "page up" and "page down" to search the history
|
||||||
|
"\e[5~": history-search-backward
|
||||||
|
"\e[6~": history-search-forward
|
||||||
|
|
||||||
|
# mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
|
||||||
|
"\e[1;5C": forward-word
|
||||||
|
"\e[1;5D": backward-word
|
||||||
|
"\e[5C": forward-word
|
||||||
|
"\e[5D": backward-word
|
||||||
|
"\e\e[C": forward-word
|
||||||
|
"\e\e[D": backward-word
|
||||||
|
|
||||||
|
$if term=rxvt
|
||||||
|
"\e[7~": beginning-of-line
|
||||||
|
"\e[8~": end-of-line
|
||||||
|
"\eOc": forward-word
|
||||||
|
"\eOd": backward-word
|
||||||
|
$endif
|
||||||
|
|
||||||
|
# for non RH/Debian xterm, can't hurt for RH/Debian xterm
|
||||||
|
# "\eOH": beginning-of-line
|
||||||
|
# "\eOF": end-of-line
|
||||||
|
|
||||||
|
# for freebsd console
|
||||||
|
# "\e[H": beginning-of-line
|
||||||
|
# "\e[F": end-of-line
|
||||||
|
|
||||||
|
$endif
|
|
@ -0,0 +1,272 @@
|
||||||
|
## Sample initialization file for GNU nano.
|
||||||
|
##
|
||||||
|
## Please note that you must have configured nano with --enable-nanorc
|
||||||
|
## for this file to be read! Also note that this file should not be in
|
||||||
|
## DOS or Mac format, and that characters specially interpreted by the
|
||||||
|
## shell should not be escaped here.
|
||||||
|
##
|
||||||
|
## To make sure an option is disabled, use "unset <option>".
|
||||||
|
##
|
||||||
|
## For the options that take parameters, the default value is given.
|
||||||
|
## Other options are unset by default.
|
||||||
|
##
|
||||||
|
## Quotes inside string parameters don't have to be escaped with
|
||||||
|
## backslashes. The last double quote in the string will be treated as
|
||||||
|
## its end. For example, for the "brackets" option, ""')>]}" will match
|
||||||
|
## ", ', ), >, ], and }.
|
||||||
|
|
||||||
|
## Make the 'nextword' function (Ctrl+Right) stop at word ends
|
||||||
|
## instead of at beginnings.
|
||||||
|
# set afterends
|
||||||
|
|
||||||
|
## When soft line wrapping is enabled, make it wrap lines at blanks
|
||||||
|
## (tabs and spaces) instead of always at the edge of the screen.
|
||||||
|
# set atblanks
|
||||||
|
|
||||||
|
## Automatically indent a newly created line to the same number of
|
||||||
|
## tabs and/or spaces as the preceding line -- or as the next line
|
||||||
|
## if the preceding line is the beginning of a paragraph.
|
||||||
|
# set autoindent
|
||||||
|
|
||||||
|
## Back up files to the current filename plus a tilde.
|
||||||
|
# set backup
|
||||||
|
|
||||||
|
## The directory to put unique backup files in.
|
||||||
|
# set backupdir ""
|
||||||
|
|
||||||
|
## Use bold text instead of reverse video text.
|
||||||
|
# set boldtext
|
||||||
|
|
||||||
|
## The characters treated as closing brackets when justifying paragraphs.
|
||||||
|
## This may not include any blank characters. Only closing punctuation,
|
||||||
|
## optionally followed by these closing brackets, can end sentences.
|
||||||
|
# set brackets ""')>]}"
|
||||||
|
|
||||||
|
## Do case-sensitive searches by default.
|
||||||
|
# set casesensitive
|
||||||
|
|
||||||
|
## Constantly display the cursor position in the status bar. Note that
|
||||||
|
## this overrides "quickblank".
|
||||||
|
# set constantshow
|
||||||
|
|
||||||
|
## Use cut-from-cursor-to-end-of-line by default.
|
||||||
|
# set cutfromcursor
|
||||||
|
## (The old form, 'cut', is deprecated.)
|
||||||
|
|
||||||
|
## Set the line length for wrapping text and justifying paragraphs.
|
||||||
|
## If the value is 0 or less, the wrapping point will be the screen
|
||||||
|
## width less this number.
|
||||||
|
# set fill -8
|
||||||
|
|
||||||
|
## Remember the used search/replace strings for the next session.
|
||||||
|
set historylog
|
||||||
|
|
||||||
|
## Display line numbers to the left of the text.
|
||||||
|
# set linenumbers
|
||||||
|
|
||||||
|
## Enable vim-style lock-files. This is just to let a vim user know you
|
||||||
|
## are editing a file [s]he is trying to edit and vice versa. There are
|
||||||
|
## no plans to implement vim-style undo state in these files.
|
||||||
|
set locking
|
||||||
|
|
||||||
|
## The opening and closing brackets that can be found by bracket
|
||||||
|
## searches. They cannot contain blank characters. The former set must
|
||||||
|
## come before the latter set, and both must be in the same order.
|
||||||
|
# set matchbrackets "(<[{)>]}"
|
||||||
|
|
||||||
|
## Use the blank line below the title bar as extra editing space.
|
||||||
|
# set morespace
|
||||||
|
|
||||||
|
## Enable mouse support, if available for your system. When enabled,
|
||||||
|
## mouse clicks can be used to place the cursor, set the mark (with a
|
||||||
|
## double click), and execute shortcuts. The mouse will work in the X
|
||||||
|
## Window System, and on the console when gpm is running.
|
||||||
|
# set mouse
|
||||||
|
|
||||||
|
## Switch on multiple file buffers (inserting a file will put it into
|
||||||
|
## a separate buffer).
|
||||||
|
# set multibuffer
|
||||||
|
|
||||||
|
## Don't convert files from DOS/Mac format.
|
||||||
|
# set noconvert
|
||||||
|
|
||||||
|
## Don't display the helpful shortcut lists at the bottom of the screen.
|
||||||
|
# set nohelp
|
||||||
|
|
||||||
|
## Don't automatically add a newline when a file does not end with one.
|
||||||
|
# set nonewlines
|
||||||
|
|
||||||
|
## Don't pause between warnings at startup. Which means that only the
|
||||||
|
## last one will be readable (when there are multiple ones).
|
||||||
|
# set nopauses
|
||||||
|
|
||||||
|
## Don't wrap text at all.
|
||||||
|
set nowrap
|
||||||
|
|
||||||
|
## Set operating directory. nano will not read or write files outside
|
||||||
|
## this directory and its subdirectories. Also, the current directory
|
||||||
|
## is changed to here, so any files are inserted from this dir. A blank
|
||||||
|
## string means the operating-directory feature is turned off.
|
||||||
|
# set operatingdir ""
|
||||||
|
|
||||||
|
## Remember the cursor position in each file for the next editing session.
|
||||||
|
# set positionlog
|
||||||
|
|
||||||
|
## Preserve the XON and XOFF keys (^Q and ^S).
|
||||||
|
# set preserve
|
||||||
|
|
||||||
|
## The characters treated as closing punctuation when justifying
|
||||||
|
## paragraphs. They cannot contain blank characters. Only closing
|
||||||
|
## punctuation, optionally followed by closing brackets, can end
|
||||||
|
## sentences.
|
||||||
|
# set punct "!.?"
|
||||||
|
|
||||||
|
## Do quick status-bar blanking. Status-bar messages will disappear after
|
||||||
|
## 1 keystroke instead of 26. Note that "constantshow" overrides this.
|
||||||
|
# set quickblank
|
||||||
|
|
||||||
|
## The email-quote string, used to justify email-quoted paragraphs.
|
||||||
|
## This is an extended regular expression. The default is:
|
||||||
|
# set quotestr "^([ ]*([#:>|}]|//))+"
|
||||||
|
|
||||||
|
## Fix Backspace/Delete confusion problem.
|
||||||
|
# set rebinddelete
|
||||||
|
|
||||||
|
## Fix numeric keypad key confusion problem.
|
||||||
|
# set rebindkeypad
|
||||||
|
|
||||||
|
## Do extended regular expression searches by default.
|
||||||
|
# set regexp
|
||||||
|
|
||||||
|
## Put the cursor on the highlighted item in the file browser;
|
||||||
|
## useful for people who use a braille display.
|
||||||
|
# set showcursor
|
||||||
|
|
||||||
|
## Make the Home key smarter. When Home is pressed anywhere but at the
|
||||||
|
## very beginning of non-whitespace characters on a line, the cursor
|
||||||
|
## will jump to that beginning (either forwards or backwards). If the
|
||||||
|
## cursor is already at that position, it will jump to the true
|
||||||
|
## beginning of the line.
|
||||||
|
# set smarthome
|
||||||
|
|
||||||
|
## Use smooth scrolling as the default.
|
||||||
|
# set smooth
|
||||||
|
|
||||||
|
## Enable soft line wrapping (AKA full-line display).
|
||||||
|
# set softwrap
|
||||||
|
|
||||||
|
## Use this spelling checker instead of the internal one. This option
|
||||||
|
## does not have a default value.
|
||||||
|
# set speller "aspell -x -c"
|
||||||
|
|
||||||
|
## Allow nano to be suspended.
|
||||||
|
set suspend
|
||||||
|
|
||||||
|
## Use this tab size instead of the default; it must be greater than 0.
|
||||||
|
set tabsize 4
|
||||||
|
|
||||||
|
## Convert typed tabs to spaces.
|
||||||
|
# set tabstospaces
|
||||||
|
|
||||||
|
## Save automatically on exit; don't prompt.
|
||||||
|
# set tempfile
|
||||||
|
|
||||||
|
## Snip whitespace at the end of lines when justifying or hard-wrapping.
|
||||||
|
# set trimblanks
|
||||||
|
## (The old form, 'justifytrim', is deprecated.)
|
||||||
|
|
||||||
|
## Disallow file modification. Why would you want this in an rcfile? ;)
|
||||||
|
# set view
|
||||||
|
|
||||||
|
## The two single-column characters used to display the first characters
|
||||||
|
## of tabs and spaces. 187 in ISO 8859-1 (0000BB in Unicode) and 183 in
|
||||||
|
## ISO-8859-1 (0000B7 in Unicode) seem to be good values for these.
|
||||||
|
## The default when in a UTF-8 locale:
|
||||||
|
# set whitespace "»·"
|
||||||
|
## The default otherwise:
|
||||||
|
# set whitespace ">."
|
||||||
|
|
||||||
|
## Detect word boundaries differently by treating punctuation
|
||||||
|
## characters as parts of words.
|
||||||
|
# set wordbounds
|
||||||
|
|
||||||
|
## The characters (besides alphanumeric ones) that should be considered
|
||||||
|
## as parts of words. This option does not have a default value. When
|
||||||
|
## set, it overrides option 'set wordbounds'.
|
||||||
|
# set wordchars "<_>."
|
||||||
|
|
||||||
|
|
||||||
|
## Paint the interface elements of nano. These are examples;
|
||||||
|
## by default there are no colors, except for errorcolor.
|
||||||
|
# set titlecolor brightwhite,blue
|
||||||
|
# set statuscolor brightwhite,green
|
||||||
|
# set errorcolor brightwhite,red
|
||||||
|
# set selectedcolor brightwhite,magenta
|
||||||
|
# set numbercolor cyan
|
||||||
|
# set keycolor cyan
|
||||||
|
# set functioncolor green
|
||||||
|
## In root's .nanorc you might want to use:
|
||||||
|
# set titlecolor brightwhite,magenta
|
||||||
|
# set statuscolor brightwhite,magenta
|
||||||
|
# set errorcolor brightwhite,red
|
||||||
|
# set selectedcolor brightwhite,cyan
|
||||||
|
# set numbercolor magenta
|
||||||
|
# set keycolor brightmagenta
|
||||||
|
# set functioncolor magenta
|
||||||
|
|
||||||
|
|
||||||
|
## Setup of syntax coloring.
|
||||||
|
##
|
||||||
|
## Format:
|
||||||
|
##
|
||||||
|
## syntax "short description" ["filename regex" ...]
|
||||||
|
##
|
||||||
|
## The "none" syntax is reserved; specifying it on the command line is
|
||||||
|
## the same as not having a syntax at all. The "default" syntax is
|
||||||
|
## special: it takes no filename regexes, and applies to files that
|
||||||
|
## don't match any other syntax's filename regexes.
|
||||||
|
##
|
||||||
|
## color foreground,background "regex" ["regex"...]
|
||||||
|
## or
|
||||||
|
## icolor foreground,background "regex" ["regex"...]
|
||||||
|
##
|
||||||
|
## "color" will do case-sensitive matches, while "icolor" will do
|
||||||
|
## case-insensitive matches.
|
||||||
|
##
|
||||||
|
## Valid colors: white, black, red, blue, green, yellow, magenta, cyan.
|
||||||
|
## For foreground colors, you may use the prefix "bright" to get a
|
||||||
|
## stronger highlight.
|
||||||
|
##
|
||||||
|
## To use multi-line regexes, use the start="regex" end="regex"
|
||||||
|
## [start="regex" end="regex"...] format.
|
||||||
|
##
|
||||||
|
## If your system supports transparency, not specifying a background
|
||||||
|
## color will use a transparent color. If you don't want this, be sure
|
||||||
|
## to set the background color to black or white.
|
||||||
|
##
|
||||||
|
## All regexes should be extended regular expressions.
|
||||||
|
##
|
||||||
|
## If you wish, you may put your syntax definitions in separate files.
|
||||||
|
## You can make use of such files as follows:
|
||||||
|
##
|
||||||
|
## include "/path/to/syntax_file.nanorc"
|
||||||
|
##
|
||||||
|
## Unless otherwise noted, the name of the syntax file (without the
|
||||||
|
## ".nanorc" extension) should be the same as the "short description"
|
||||||
|
## name inside that file. These names are kept fairly short to make
|
||||||
|
## them easier to remember and faster to type using nano's -Y option.
|
||||||
|
##
|
||||||
|
## To include all existing syntax definitions, you can do:
|
||||||
|
include "/usr/share/nano/*.nanorc"
|
||||||
|
|
||||||
|
|
||||||
|
## Key bindings.
|
||||||
|
## See nanorc(5) (section REBINDING KEYS) for more details on this.
|
||||||
|
##
|
||||||
|
## The following two functions are not bound to any key by default.
|
||||||
|
## You may wish to choose other keys than the ones suggested here.
|
||||||
|
# bind M-B cutwordleft main
|
||||||
|
# bind M-N cutwordright main
|
||||||
|
|
||||||
|
## Set this if your Backspace key sends Del most of the time.
|
||||||
|
# bind Del backspace all
|
|
@ -0,0 +1,33 @@
|
||||||
|
#
|
||||||
|
# This file MUST be edited with the 'visudo' command as root.
|
||||||
|
#
|
||||||
|
# Please consider adding local content in /etc/sudoers.d/ instead of
|
||||||
|
# directly modifying this file.
|
||||||
|
#
|
||||||
|
# See the man page for details on how to write a sudoers file.
|
||||||
|
#
|
||||||
|
Defaults env_reset
|
||||||
|
Defaults mail_badpass
|
||||||
|
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
|
# Host alias specification
|
||||||
|
|
||||||
|
# User alias specification
|
||||||
|
|
||||||
|
# Cmnd alias specification
|
||||||
|
Cmnd_Alias THELOUNGE=/srv/thelounge/.yarn/bin/thelounge add *
|
||||||
|
Cmnd_Alias TOOT=/usr/bin/toot post *
|
||||||
|
|
||||||
|
# User privilege specification
|
||||||
|
root ALL=(ALL:ALL) ALL
|
||||||
|
services ALL=(ALL:ALL) NOPASSWD:ALL
|
||||||
|
|
||||||
|
# Allow members of group sudo to execute any command
|
||||||
|
%sudo ALL=(ALL:ALL) ALL
|
||||||
|
|
||||||
|
%envs ALL=(thelounge) NOPASSWD: THELOUNGE
|
||||||
|
%envs ALL=(services) NOPASSWD: TOOT
|
||||||
|
|
||||||
|
# See sudoers(5) for more information on "#include" directives:
|
||||||
|
|
||||||
|
#includedir /etc/sudoers.d
|
|
@ -0,0 +1,40 @@
|
||||||
|
#
|
||||||
|
# Fail2ban config
|
||||||
|
#
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
|
||||||
|
# ban a host which matches an address in this list. Several addresses can be
|
||||||
|
# defined using space separator.
|
||||||
|
ignoreip = 127.0.0.1/8
|
||||||
|
|
||||||
|
# External command that will take an tagged arguments to ignore, e.g. <ip>,
|
||||||
|
# and return true if the IP is to be ignored. False otherwise.
|
||||||
|
#
|
||||||
|
# ignorecommand = /path/to/command <ip>
|
||||||
|
ignorecommand =
|
||||||
|
|
||||||
|
# "bantime" is the number of seconds that a host is banned. (1day)
|
||||||
|
bantime = 3600
|
||||||
|
|
||||||
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||||
|
# seconds.
|
||||||
|
findtime = 600
|
||||||
|
|
||||||
|
# "maxretry" is the number of failures before a host get banned.
|
||||||
|
maxretry = 5
|
||||||
|
|
||||||
|
#
|
||||||
|
# enabled modules
|
||||||
|
#
|
||||||
|
|
||||||
|
# ssh enabled by default config
|
||||||
|
#[sshd]
|
||||||
|
#enabled = true
|
||||||
|
|
||||||
|
[pam-generic]
|
||||||
|
enabled = true
|
||||||
|
|
||||||
|
[nginx-http-auth]
|
||||||
|
enabled = true
|
||||||
|
|
|
@ -0,0 +1,398 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: S41firewall
|
||||||
|
# Required-Start: network.target
|
||||||
|
# Required-Stop:
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: set basic firewall
|
||||||
|
# Description: set basic firewall
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
# - do more secure and optimize
|
||||||
|
# - change to nftables
|
||||||
|
#
|
||||||
|
|
||||||
|
DEF_IF='enp2s0'
|
||||||
|
IPT='/usr/sbin/iptables'
|
||||||
|
|
||||||
|
# Logging options.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
LOG="LOG --log-level debug --log-tcp-sequence --log-tcp-options"
|
||||||
|
LOG="$LOG --log-ip-options"
|
||||||
|
|
||||||
|
# Defaults for rate limiting
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
RLIMIT="-m limit --limit 3/s --limit-burst 30"
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$1" = "start" ]; then
|
||||||
|
|
||||||
|
# Default policies.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Drop everything by default.
|
||||||
|
$IPT -P INPUT DROP
|
||||||
|
$IPT -P FORWARD DROP
|
||||||
|
$IPT -P OUTPUT ACCEPT
|
||||||
|
|
||||||
|
# Set the nat/mangle/raw tables' chains to ACCEPT
|
||||||
|
$IPT -w -t nat -P PREROUTING ACCEPT
|
||||||
|
$IPT -w -t nat -P OUTPUT ACCEPT
|
||||||
|
$IPT -w -t nat -P POSTROUTING ACCEPT
|
||||||
|
|
||||||
|
$IPT -w -t mangle -P PREROUTING ACCEPT
|
||||||
|
$IPT -w -t mangle -P INPUT ACCEPT
|
||||||
|
$IPT -w -t mangle -P FORWARD ACCEPT
|
||||||
|
$IPT -w -t mangle -P OUTPUT ACCEPT
|
||||||
|
$IPT -w -t mangle -P POSTROUTING ACCEPT
|
||||||
|
|
||||||
|
# Cleanup.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Delete all
|
||||||
|
$IPT -F
|
||||||
|
$IPT -t nat -F
|
||||||
|
$IPT -t mangle -F
|
||||||
|
|
||||||
|
# Delete all
|
||||||
|
$IPT -X
|
||||||
|
$IPT -t nat -X
|
||||||
|
$IPT -t mangle -X
|
||||||
|
|
||||||
|
# Zero all packets and counters.
|
||||||
|
$IPT -Z
|
||||||
|
$IPT -t nat -Z
|
||||||
|
$IPT -t mangle -Z
|
||||||
|
|
||||||
|
# Custom user-defined chains.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# LOG packets, then ACCEPT.
|
||||||
|
$IPT -w -N ACCEPTLOG
|
||||||
|
$IPT -w -A ACCEPTLOG -j "$LOG" "$RLIMIT" --log-prefix "ACCEPT "
|
||||||
|
$IPT -w -A ACCEPTLOG -j ACCEPT
|
||||||
|
|
||||||
|
# LOG packets, then DROP.
|
||||||
|
$IPT -w -N DROPLOG
|
||||||
|
$IPT -w -A DROPLOG -j "$LOG" "$RLIMIT" --log-prefix "DROP "
|
||||||
|
$IPT -w -A DROPLOG -j DROP
|
||||||
|
|
||||||
|
# LOG packets, then REJECT.
|
||||||
|
# TCP packets are rejected with a TCP reset.
|
||||||
|
$IPT -w -N REJECTLOG
|
||||||
|
$IPT -w -A REJECTLOG -j "$LOG" "$RLIMIT" --log-prefix "REJECT "
|
||||||
|
$IPT -w -A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset
|
||||||
|
$IPT -w -A REJECTLOG -j REJECT
|
||||||
|
|
||||||
|
# Only allows RELATED ICMP types
|
||||||
|
# (destination-unreachable, time-exceeded, and parameter-problem).
|
||||||
|
# TODO: Rate-limit this traffic?
|
||||||
|
# TODO: Allow fragmentation-needed?
|
||||||
|
# TODO: Test.
|
||||||
|
$IPT -w -N RELATED_ICMP
|
||||||
|
$IPT -w -A RELATED_ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT
|
||||||
|
$IPT -w -A RELATED_ICMP -p icmp --icmp-type time-exceeded -j ACCEPT
|
||||||
|
$IPT -w -A RELATED_ICMP -p icmp --icmp-type parameter-problem -j ACCEPT
|
||||||
|
$IPT -w -A RELATED_ICMP -p icmp --icmp-type fragmentation-needed -j ACCEPT
|
||||||
|
#$IPT -w -A RELATED_ICMP -p icmp --icmp-type source-quench -j ACCEPT
|
||||||
|
$IPT -w -A RELATED_ICMP -j DROPLOG
|
||||||
|
|
||||||
|
# Make It Even Harder To Multi-PING
|
||||||
|
$IPT -w -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
|
||||||
|
$IPT -w -A OUTPUT -p icmp -j ACCEPT
|
||||||
|
|
||||||
|
# Only allow the minimally required/recommended parts of ICMP. Block the rest.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Allow all ESTABLISHED ICMP traffic.
|
||||||
|
$IPT -w -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT "$RLIMIT"
|
||||||
|
$IPT -w -A OUTPUT -p icmp -m state --state ESTABLISHED -j ACCEPT "$RLIMIT"
|
||||||
|
|
||||||
|
# Allow some parts of the RELATED ICMP traffic, block the rest.
|
||||||
|
$IPT -w -A INPUT -p icmp -m state --state RELATED -j RELATED_ICMP "$RLIMIT"
|
||||||
|
$IPT -w -A OUTPUT -p icmp -m state --state RELATED -j RELATED_ICMP "$RLIMIT"
|
||||||
|
|
||||||
|
# Allow incoming ICMP echo requests (ping), but only rate-limited.
|
||||||
|
$IPT -w -A INPUT -p icmp --icmp-type echo-request -j ACCEPT "$RLIMIT"
|
||||||
|
|
||||||
|
# Allow outgoing ICMP echo requests (ping), but only rate-limited.
|
||||||
|
$IPT -w -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT "$RLIMIT"
|
||||||
|
|
||||||
|
# Drop any other ICMP traffic.
|
||||||
|
$IPT -w -A INPUT -p icmp -j DROPLOG
|
||||||
|
$IPT -w -A OUTPUT -p icmp -j DROPLOG
|
||||||
|
$IPT -w -A FORWARD -p icmp -j DROPLOG
|
||||||
|
|
||||||
|
# Selectively allow certain special types of traffic.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Allow loopback interface to do anything.
|
||||||
|
$IPT -w -A INPUT -i lo -j ACCEPT
|
||||||
|
$IPT -w -A OUTPUT -o lo -j ACCEPT
|
||||||
|
|
||||||
|
# Allow incoming connections related to existing allowed connections.
|
||||||
|
$IPT -w -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
|
||||||
|
# Allow outgoing connections EXCEPT invalid
|
||||||
|
$IPT -w -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
|
||||||
|
# FORWARD RULES
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
$IPT -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
||||||
|
|
||||||
|
#
|
||||||
|
# ENVS.NET - 89.163.145.170 (default wan_ip)
|
||||||
|
#
|
||||||
|
# lxcbr0 - 192.168.1.0/24
|
||||||
|
$IPT -w -t nat -A POSTROUTING -d 192.168.1.0/24 -s 192.168.1.1 -j SNAT --to 192.168.1.1
|
||||||
|
|
||||||
|
# dns
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p udp --dport 53 -j DNAT --to-destination 192.168.1.2:53
|
||||||
|
$IPT -w -A FORWARD -p udp -d 192.168.1.2 --dport 53 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 53 -j DNAT --to-destination 192.168.1.2:53
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.2 --dport 53 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.2 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
#
|
||||||
|
# MAIL ()
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
# SMTP
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.3:25
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.3:25
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 25 -j ACCEPT
|
||||||
|
# SMTPs
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 587 -j DNAT --to-destination 192.168.1.3:587
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 587 -j DNAT --to-destination 192.168.1.3:587
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 587 -j ACCEPT
|
||||||
|
# Sieve
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 4190 -j DNAT --to-destination 192.168.1.3:4190
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 4190 -j DNAT --to-destination 192.168.1.3:4190
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 4190 -j ACCEPT
|
||||||
|
# IMAP
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 143 -j DNAT --to-destination 192.168.1.3:143
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 143 -j DNAT --to-destination 192.168.1.3:143
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 143 -j ACCEPT
|
||||||
|
# IMAPs
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 993 -j DNAT --to-destination 192.168.1.3:993
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 993 -j DNAT --to-destination 192.168.1.3:993
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 993 -j ACCEPT
|
||||||
|
# POP
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 110 -j DNAT --to-destination 192.168.1.3:110
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 110 -j DNAT --to-destination 192.168.1.3:110
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 110 -j ACCEPT
|
||||||
|
# POPs
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.136.28 -p tcp --dport 995 -j DNAT --to-destination 192.168.1.3:995
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 995 -j DNAT --to-destination 192.168.1.3:995
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 995 -j ACCEPT
|
||||||
|
#
|
||||||
|
$IPT -w -t nat -A POSTROUTING -d 192.168.1.4 -s 192.168.1.3 -j SNAT --to 192.168.1.3
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.3 -j SNAT --to 5.199.136.28
|
||||||
|
|
||||||
|
# mail-lists
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||||
|
|
||||||
|
# gitea
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.10 --dport 22 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.10 -j SNAT --to 5.199.130.141
|
||||||
|
|
||||||
|
# searx
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.11 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
# cryptpad
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.12 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
# 0x0
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A PREROUTING -i "$DEF_IF" -d 89.163.145.170 -p tcp --dport 9999 -j DNAT --to-destination 192.168.1.15:9999
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.15 --dport 9999 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.15 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
# rss
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.16 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
# pb
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.17 -j SNAT --to 89.163.145.170
|
||||||
|
|
||||||
|
|
||||||
|
# MASQUERADE.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#dont SNAT locally generated packets target for local
|
||||||
|
$IPT -w -t nat -A POSTROUTING -o lo -j ACCEPT
|
||||||
|
|
||||||
|
# snat all lxc traffic to freifunk network
|
||||||
|
# this allows to access the freifunk network from other lxc container
|
||||||
|
# all container must setup a routing entry to lxc.vpn1
|
||||||
|
#iptables -t nat -A POSTROUTING -o tbb+ -s 192.168.1.0/24 -j SNAT --to-source 10.200.1.1
|
||||||
|
#iptables -I FORWARD -i "$DEF_IF" -o tbb+ -j ACCEPT
|
||||||
|
|
||||||
|
# wen using lxc, masq all traffic which goes via "$DEF_IF" (like DNS,vpn)
|
||||||
|
# iptables -t nat -o "$DEF_IF" -A POSTROUTING -j MASQUERADE
|
||||||
|
|
||||||
|
# Selectively allow certain outbound connections, block the rest.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# dns
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# openvpn
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 1194 -j ACCEPT
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
||||||
|
|
||||||
|
# http
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
|
||||||
|
|
||||||
|
# https
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
|
||||||
|
|
||||||
|
# smtp
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT
|
||||||
|
|
||||||
|
# smtps
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 465 -j ACCEPT
|
||||||
|
|
||||||
|
# syslog
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p udp --dport 514 -j ACCEPT
|
||||||
|
|
||||||
|
# "submission" (RFC 2476)
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 587 -j ACCEPT
|
||||||
|
|
||||||
|
# pop3s
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 995 -j ACCEPT
|
||||||
|
|
||||||
|
# ssh
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
|
||||||
|
|
||||||
|
# ftp
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
|
||||||
|
|
||||||
|
# ntp
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p udp --dport 123 -j ACCEPT
|
||||||
|
|
||||||
|
# whois
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 43 -j ACCEPT
|
||||||
|
|
||||||
|
# csv
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 2401 -j ACCEPT
|
||||||
|
|
||||||
|
# mysql
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT
|
||||||
|
|
||||||
|
# svn
|
||||||
|
$IPT -w -A OUTPUT -m state --state NEW -p tcp --dport 3690 -j ACCEPT
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Selectively allow certain inbound connections, block the rest.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# dns
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# finger
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 79 -j ACCEPT
|
||||||
|
|
||||||
|
# ident
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 113 -j ACCEPT
|
||||||
|
|
||||||
|
# gopher
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 70 -j ACCEPT
|
||||||
|
|
||||||
|
# http/https
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
|
||||||
|
|
||||||
|
# gemini
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 1965 -j ACCEPT
|
||||||
|
|
||||||
|
# ssh
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 2222 -j ACCEPT
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 2223 -j ACCEPT
|
||||||
|
|
||||||
|
# mosh
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p udp --dport 60001:61000 -j ACCEPT
|
||||||
|
|
||||||
|
# znc
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 6667 -j ACCEPT
|
||||||
|
$IPT -w -A INPUT -m state --state NEW -p tcp --dport 6697 -j ACCEPT
|
||||||
|
|
||||||
|
|
||||||
|
# Miscellaneous.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Explicitly drop invalid incoming traffic
|
||||||
|
$IPT -w -A INPUT -m state --state INVALID -j DROP
|
||||||
|
|
||||||
|
# Drop invalid outgoing traffic, too.
|
||||||
|
$IPT -w -A OUTPUT -m state --state INVALID -j DROP
|
||||||
|
|
||||||
|
# If we would use NAT, INVALID packets would pass - BLOCK them anyways
|
||||||
|
$IPT -w -A FORWARD -m state --state INVALID -j DROP
|
||||||
|
|
||||||
|
# Explicitly log and reject everything else.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Enable blacklists
|
||||||
|
ipset restore < /etc/ipset-blacklist/ip-blacklist.restore
|
||||||
|
ipset restore < /etc/ipset-fail2ban/ipset-fail2ban.restore
|
||||||
|
|
||||||
|
$IPT -I INPUT 1 -m set --match-set blacklist_default src -j DROP
|
||||||
|
$IPT -I INPUT 2 -m set --match-set blacklist_fail2ban src -j DROP
|
||||||
|
|
||||||
|
$IPT -I FORWARD 1 -m set --match-set blacklist_default src -j DROP
|
||||||
|
$IPT -I FORWARD 2 -m set --match-set blacklist_fail2ban src -j DROP
|
||||||
|
|
||||||
|
|
||||||
|
# Use REJECT instead of REJECTLOG if you don't need/want logging.
|
||||||
|
$IPT -w -A INPUT -j REJECT
|
||||||
|
$IPT -w -A FORWARD -j REJECT
|
||||||
|
$IPT -w -A OUTPUT -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "stop" ]; then
|
||||||
|
|
||||||
|
$IPT -t mangle -F PREROUTING
|
||||||
|
$IPT -t mangle -F OUTPUT
|
||||||
|
$IPT -t nat -F PREROUTING
|
||||||
|
$IPT -t nat -F POSTROUTING
|
||||||
|
$IPT -t nat -F OUTPUT
|
||||||
|
$IPT -F INPUT
|
||||||
|
$IPT -F FORWARD
|
||||||
|
$IPT -F OUTPUT
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "restart" ]; then
|
||||||
|
|
||||||
|
$0 stop
|
||||||
|
sleep 1
|
||||||
|
$0 start
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "status" ]; then
|
||||||
|
|
||||||
|
echo "iptables -vnL ..."
|
||||||
|
$IPT -vnL --line-numbers
|
||||||
|
echo "iptables -vnL -t nat ..."
|
||||||
|
$IPT -vnL -t nat --line-numbers
|
||||||
|
echo "iptables -vnL -t mangle ..."
|
||||||
|
$IPT -vnL -t mangle --line-numbers
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Exit gracefully.
|
||||||
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
for domain in $RENEWED_DOMAINS; do
|
||||||
|
case $domain in
|
||||||
|
envs.net)
|
||||||
|
daemon_cert_root=/opt/lxc_ssl/envs.net
|
||||||
|
umask 077
|
||||||
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/privkey.pem"
|
||||||
|
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
||||||
|
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||||
|
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||||
|
;;
|
||||||
|
|
||||||
|
envs.sh)
|
||||||
|
daemon_cert_root=/opt/lxc_ssl/envs.sh
|
||||||
|
umask 077
|
||||||
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/privkey.pem"
|
||||||
|
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
||||||
|
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||||
|
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||||
|
;;
|
||||||
|
|
||||||
|
znc.envs.net)
|
||||||
|
daemon_cert_root=/srv/znc/.znc
|
||||||
|
umask 077
|
||||||
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/znc.pem"
|
||||||
|
cat "$RENEWED_LINEAGE/fullchain.pem" >> "$daemon_cert_root/znc.pem"
|
||||||
|
cat /etc/ssl/certs/envs_dhparam.pem >> "$daemon_cert_root/znc.pem"
|
||||||
|
chown znc "$daemon_cert_root/znc.pem"
|
||||||
|
chmod 600 "$daemon_cert_root/znc.pem"
|
||||||
|
;;
|
||||||
|
|
||||||
|
esac
|
||||||
|
done
|
|
@ -0,0 +1,25 @@
|
||||||
|
fastcgi_param QUERY_STRING $query_string;
|
||||||
|
fastcgi_param REQUEST_METHOD $request_method;
|
||||||
|
fastcgi_param CONTENT_TYPE $content_type;
|
||||||
|
fastcgi_param CONTENT_LENGTH $content_length;
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param REQUEST_URI $request_uri;
|
||||||
|
fastcgi_param DOCUMENT_URI $document_uri;
|
||||||
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||||
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||||
|
fastcgi_param REQUEST_SCHEME $scheme;
|
||||||
|
fastcgi_param HTTPS $https if_not_empty;
|
||||||
|
|
||||||
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||||
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||||
|
|
||||||
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||||
|
fastcgi_param REMOTE_PORT $remote_port;
|
||||||
|
fastcgi_param SERVER_ADDR $server_addr;
|
||||||
|
fastcgi_param SERVER_PORT $server_port;
|
||||||
|
fastcgi_param SERVER_NAME $server_name;
|
||||||
|
|
||||||
|
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||||
|
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,25 @@
|
||||||
|
fastcgi_param QUERY_STRING $query_string;
|
||||||
|
fastcgi_param REQUEST_METHOD $request_method;
|
||||||
|
fastcgi_param CONTENT_TYPE $content_type;
|
||||||
|
fastcgi_param CONTENT_LENGTH $content_length;
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||||
|
fastcgi_param REQUEST_URI $request_uri;
|
||||||
|
fastcgi_param DOCUMENT_URI $document_uri;
|
||||||
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||||
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||||
|
fastcgi_param REQUEST_SCHEME $scheme;
|
||||||
|
fastcgi_param HTTPS $https if_not_empty;
|
||||||
|
|
||||||
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||||
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||||
|
|
||||||
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||||
|
fastcgi_param REMOTE_PORT $remote_port;
|
||||||
|
fastcgi_param SERVER_ADDR $server_addr;
|
||||||
|
fastcgi_param SERVER_PORT $server_port;
|
||||||
|
fastcgi_param SERVER_NAME $server_name;
|
||||||
|
|
||||||
|
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||||
|
fastcgi_param REDIRECT_STATUS 200;
|
|
@ -0,0 +1,109 @@
|
||||||
|
|
||||||
|
# This map is not a full koi8-r <> utf8 map: it does not contain
|
||||||
|
# box-drawing and some other characters. Besides this map contains
|
||||||
|
# several koi8-u and Byelorussian letters which are not in koi8-r.
|
||||||
|
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
|
||||||
|
# map instead.
|
||||||
|
|
||||||
|
charset_map koi8-r utf-8 {
|
||||||
|
|
||||||
|
80 E282AC ; # euro
|
||||||
|
|
||||||
|
95 E280A2 ; # bullet
|
||||||
|
|
||||||
|
9A C2A0 ; #
|
||||||
|
|
||||||
|
9E C2B7 ; # ·
|
||||||
|
|
||||||
|
A3 D191 ; # small yo
|
||||||
|
A4 D194 ; # small Ukrainian ye
|
||||||
|
|
||||||
|
A6 D196 ; # small Ukrainian i
|
||||||
|
A7 D197 ; # small Ukrainian yi
|
||||||
|
|
||||||
|
AD D291 ; # small Ukrainian soft g
|
||||||
|
AE D19E ; # small Byelorussian short u
|
||||||
|
|
||||||
|
B0 C2B0 ; # °
|
||||||
|
|
||||||
|
B3 D081 ; # capital YO
|
||||||
|
B4 D084 ; # capital Ukrainian YE
|
||||||
|
|
||||||
|
B6 D086 ; # capital Ukrainian I
|
||||||
|
B7 D087 ; # capital Ukrainian YI
|
||||||
|
|
||||||
|
B9 E28496 ; # numero sign
|
||||||
|
|
||||||
|
BD D290 ; # capital Ukrainian soft G
|
||||||
|
BE D18E ; # capital Byelorussian short U
|
||||||
|
|
||||||
|
BF C2A9 ; # (C)
|
||||||
|
|
||||||
|
C0 D18E ; # small yu
|
||||||
|
C1 D0B0 ; # small a
|
||||||
|
C2 D0B1 ; # small b
|
||||||
|
C3 D186 ; # small ts
|
||||||
|
C4 D0B4 ; # small d
|
||||||
|
C5 D0B5 ; # small ye
|
||||||
|
C6 D184 ; # small f
|
||||||
|
C7 D0B3 ; # small g
|
||||||
|
C8 D185 ; # small kh
|
||||||
|
C9 D0B8 ; # small i
|
||||||
|
CA D0B9 ; # small j
|
||||||
|
CB D0BA ; # small k
|
||||||
|
CC D0BB ; # small l
|
||||||
|
CD D0BC ; # small m
|
||||||
|
CE D0BD ; # small n
|
||||||
|
CF D0BE ; # small o
|
||||||
|
|
||||||
|
D0 D0BF ; # small p
|
||||||
|
D1 D18F ; # small ya
|
||||||
|
D2 D180 ; # small r
|
||||||
|
D3 D181 ; # small s
|
||||||
|
D4 D182 ; # small t
|
||||||
|
D5 D183 ; # small u
|
||||||
|
D6 D0B6 ; # small zh
|
||||||
|
D7 D0B2 ; # small v
|
||||||
|
D8 D18C ; # small soft sign
|
||||||
|
D9 D18B ; # small y
|
||||||
|
DA D0B7 ; # small z
|
||||||
|
DB D188 ; # small sh
|
||||||
|
DC D18D ; # small e
|
||||||
|
DD D189 ; # small shch
|
||||||
|
DE D187 ; # small ch
|
||||||
|
DF D18A ; # small hard sign
|
||||||
|
|
||||||
|
E0 D0AE ; # capital YU
|
||||||
|
E1 D090 ; # capital A
|
||||||
|
E2 D091 ; # capital B
|
||||||
|
E3 D0A6 ; # capital TS
|
||||||
|
E4 D094 ; # capital D
|
||||||
|
E5 D095 ; # capital YE
|
||||||
|
E6 D0A4 ; # capital F
|
||||||
|
E7 D093 ; # capital G
|
||||||
|
E8 D0A5 ; # capital KH
|
||||||
|
E9 D098 ; # capital I
|
||||||
|
EA D099 ; # capital J
|
||||||
|
EB D09A ; # capital K
|
||||||
|
EC D09B ; # capital L
|
||||||
|
ED D09C ; # capital M
|
||||||
|
EE D09D ; # capital N
|
||||||
|
EF D09E ; # capital O
|
||||||
|
|
||||||
|
F0 D09F ; # capital P
|
||||||
|
F1 D0AF ; # capital YA
|
||||||
|
F2 D0A0 ; # capital R
|
||||||
|
F3 D0A1 ; # capital S
|
||||||
|
F4 D0A2 ; # capital T
|
||||||
|
F5 D0A3 ; # capital U
|
||||||
|
F6 D096 ; # capital ZH
|
||||||
|
F7 D092 ; # capital V
|
||||||
|
F8 D0AC ; # capital soft sign
|
||||||
|
F9 D0AB ; # capital Y
|
||||||
|
FA D097 ; # capital Z
|
||||||
|
FB D0A8 ; # capital SH
|
||||||
|
FC D0AD ; # capital E
|
||||||
|
FD D0A9 ; # capital SHCH
|
||||||
|
FE D0A7 ; # capital CH
|
||||||
|
FF D0AA ; # capital hard sign
|
||||||
|
}
|
|
@ -0,0 +1,103 @@
|
||||||
|
|
||||||
|
charset_map koi8-r windows-1251 {
|
||||||
|
|
||||||
|
80 88 ; # euro
|
||||||
|
|
||||||
|
95 95 ; # bullet
|
||||||
|
|
||||||
|
9A A0 ; #
|
||||||
|
|
||||||
|
9E B7 ; # ·
|
||||||
|
|
||||||
|
A3 B8 ; # small yo
|
||||||
|
A4 BA ; # small Ukrainian ye
|
||||||
|
|
||||||
|
A6 B3 ; # small Ukrainian i
|
||||||
|
A7 BF ; # small Ukrainian yi
|
||||||
|
|
||||||
|
AD B4 ; # small Ukrainian soft g
|
||||||
|
AE A2 ; # small Byelorussian short u
|
||||||
|
|
||||||
|
B0 B0 ; # °
|
||||||
|
|
||||||
|
B3 A8 ; # capital YO
|
||||||
|
B4 AA ; # capital Ukrainian YE
|
||||||
|
|
||||||
|
B6 B2 ; # capital Ukrainian I
|
||||||
|
B7 AF ; # capital Ukrainian YI
|
||||||
|
|
||||||
|
B9 B9 ; # numero sign
|
||||||
|
|
||||||
|
BD A5 ; # capital Ukrainian soft G
|
||||||
|
BE A1 ; # capital Byelorussian short U
|
||||||
|
|
||||||
|
BF A9 ; # (C)
|
||||||
|
|
||||||
|
C0 FE ; # small yu
|
||||||
|
C1 E0 ; # small a
|
||||||
|
C2 E1 ; # small b
|
||||||
|
C3 F6 ; # small ts
|
||||||
|
C4 E4 ; # small d
|
||||||
|
C5 E5 ; # small ye
|
||||||
|
C6 F4 ; # small f
|
||||||
|
C7 E3 ; # small g
|
||||||
|
C8 F5 ; # small kh
|
||||||
|
C9 E8 ; # small i
|
||||||
|
CA E9 ; # small j
|
||||||
|
CB EA ; # small k
|
||||||
|
CC EB ; # small l
|
||||||
|
CD EC ; # small m
|
||||||
|
CE ED ; # small n
|
||||||
|
CF EE ; # small o
|
||||||
|
|
||||||
|
D0 EF ; # small p
|
||||||
|
D1 FF ; # small ya
|
||||||
|
D2 F0 ; # small r
|
||||||
|
D3 F1 ; # small s
|
||||||
|
D4 F2 ; # small t
|
||||||
|
D5 F3 ; # small u
|
||||||
|
D6 E6 ; # small zh
|
||||||
|
D7 E2 ; # small v
|
||||||
|
D8 FC ; # small soft sign
|
||||||
|
D9 FB ; # small y
|
||||||
|
DA E7 ; # small z
|
||||||
|
DB F8 ; # small sh
|
||||||
|
DC FD ; # small e
|
||||||
|
DD F9 ; # small shch
|
||||||
|
DE F7 ; # small ch
|
||||||
|
DF FA ; # small hard sign
|
||||||
|
|
||||||
|
E0 DE ; # capital YU
|
||||||
|
E1 C0 ; # capital A
|
||||||
|
E2 C1 ; # capital B
|
||||||
|
E3 D6 ; # capital TS
|
||||||
|
E4 C4 ; # capital D
|
||||||
|
E5 C5 ; # capital YE
|
||||||
|
E6 D4 ; # capital F
|
||||||
|
E7 C3 ; # capital G
|
||||||
|
E8 D5 ; # capital KH
|
||||||
|
E9 C8 ; # capital I
|
||||||
|
EA C9 ; # capital J
|
||||||
|
EB CA ; # capital K
|
||||||
|
EC CB ; # capital L
|
||||||
|
ED CC ; # capital M
|
||||||
|
EE CD ; # capital N
|
||||||
|
EF CE ; # capital O
|
||||||
|
|
||||||
|
F0 CF ; # capital P
|
||||||
|
F1 DF ; # capital YA
|
||||||
|
F2 D0 ; # capital R
|
||||||
|
F3 D1 ; # capital S
|
||||||
|
F4 D2 ; # capital T
|
||||||
|
F5 D3 ; # capital U
|
||||||
|
F6 C6 ; # capital ZH
|
||||||
|
F7 C2 ; # capital V
|
||||||
|
F8 DC ; # capital soft sign
|
||||||
|
F9 DB ; # capital Y
|
||||||
|
FA C7 ; # capital Z
|
||||||
|
FB D8 ; # capital SH
|
||||||
|
FC DD ; # capital E
|
||||||
|
FD D9 ; # capital SHCH
|
||||||
|
FE D7 ; # capital CH
|
||||||
|
FF DA ; # capital hard sign
|
||||||
|
}
|
|
@ -0,0 +1,89 @@
|
||||||
|
|
||||||
|
types {
|
||||||
|
text/html html htm shtml;
|
||||||
|
text/css css;
|
||||||
|
text/xml xml;
|
||||||
|
image/gif gif;
|
||||||
|
image/jpeg jpeg jpg;
|
||||||
|
application/javascript js;
|
||||||
|
application/atom+xml atom;
|
||||||
|
application/rss+xml rss;
|
||||||
|
|
||||||
|
text/mathml mml;
|
||||||
|
text/plain txt;
|
||||||
|
text/vnd.sun.j2me.app-descriptor jad;
|
||||||
|
text/vnd.wap.wml wml;
|
||||||
|
text/x-component htc;
|
||||||
|
|
||||||
|
image/png png;
|
||||||
|
image/tiff tif tiff;
|
||||||
|
image/vnd.wap.wbmp wbmp;
|
||||||
|
image/x-icon ico;
|
||||||
|
image/x-jng jng;
|
||||||
|
image/x-ms-bmp bmp;
|
||||||
|
image/svg+xml svg svgz;
|
||||||
|
image/webp webp;
|
||||||
|
|
||||||
|
application/font-woff woff;
|
||||||
|
application/java-archive jar war ear;
|
||||||
|
application/json json;
|
||||||
|
application/mac-binhex40 hqx;
|
||||||
|
application/msword doc;
|
||||||
|
application/pdf pdf;
|
||||||
|
application/postscript ps eps ai;
|
||||||
|
application/rtf rtf;
|
||||||
|
application/vnd.apple.mpegurl m3u8;
|
||||||
|
application/vnd.ms-excel xls;
|
||||||
|
application/vnd.ms-fontobject eot;
|
||||||
|
application/vnd.ms-powerpoint ppt;
|
||||||
|
application/vnd.wap.wmlc wmlc;
|
||||||
|
application/vnd.google-earth.kml+xml kml;
|
||||||
|
application/vnd.google-earth.kmz kmz;
|
||||||
|
application/x-7z-compressed 7z;
|
||||||
|
application/x-cocoa cco;
|
||||||
|
application/x-java-archive-diff jardiff;
|
||||||
|
application/x-java-jnlp-file jnlp;
|
||||||
|
application/x-makeself run;
|
||||||
|
application/x-perl pl pm;
|
||||||
|
application/x-pilot prc pdb;
|
||||||
|
application/x-rar-compressed rar;
|
||||||
|
application/x-redhat-package-manager rpm;
|
||||||
|
application/x-sea sea;
|
||||||
|
application/x-shockwave-flash swf;
|
||||||
|
application/x-stuffit sit;
|
||||||
|
application/x-tcl tcl tk;
|
||||||
|
application/x-x509-ca-cert der pem crt;
|
||||||
|
application/x-xpinstall xpi;
|
||||||
|
application/xhtml+xml xhtml;
|
||||||
|
application/xspf+xml xspf;
|
||||||
|
application/zip zip;
|
||||||
|
|
||||||
|
application/octet-stream bin exe dll;
|
||||||
|
application/octet-stream deb;
|
||||||
|
application/octet-stream dmg;
|
||||||
|
application/octet-stream iso img;
|
||||||
|
application/octet-stream msi msp msm;
|
||||||
|
|
||||||
|
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
|
||||||
|
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
|
||||||
|
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
|
||||||
|
|
||||||
|
audio/midi mid midi kar;
|
||||||
|
audio/mpeg mp3;
|
||||||
|
audio/ogg ogg;
|
||||||
|
audio/x-m4a m4a;
|
||||||
|
audio/x-realaudio ra;
|
||||||
|
|
||||||
|
video/3gpp 3gpp 3gp;
|
||||||
|
video/mp2t ts;
|
||||||
|
video/mp4 mp4;
|
||||||
|
video/mpeg mpeg mpg;
|
||||||
|
video/quicktime mov;
|
||||||
|
video/webm webm;
|
||||||
|
video/x-flv flv;
|
||||||
|
video/x-m4v m4v;
|
||||||
|
video/x-mng mng;
|
||||||
|
video/x-ms-asf asx asf;
|
||||||
|
video/x-ms-wmv wmv;
|
||||||
|
video/x-msvideo avi;
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-ndk.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-auth-pam.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-cache-purge.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-dav-ext.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-echo.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-fancyindex.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-geoip.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-headers-more-filter.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-image-filter.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-lua.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-perl.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-subs-filter.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-uploadprogress.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-mail.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-nchan.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/nginx/modules-available/mod-stream.conf
|
|
@ -0,0 +1,164 @@
|
||||||
|
user www-data;
|
||||||
|
worker_processes auto;
|
||||||
|
worker_rlimit_nofile 100000;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log crit;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 4000;
|
||||||
|
use epoll;
|
||||||
|
multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
client_max_body_size 32M;
|
||||||
|
|
||||||
|
open_file_cache max=100000 inactive=20s;
|
||||||
|
open_file_cache_valid 30s;
|
||||||
|
open_file_cache_min_uses 2;
|
||||||
|
open_file_cache_errors on;
|
||||||
|
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
variables_hash_max_size 2048;
|
||||||
|
variables_hash_bucket_size 128;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
|
||||||
|
# server_tokens off;
|
||||||
|
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
|
# allow the server to close connection on non responding client, this will free up memory
|
||||||
|
reset_timedout_connection on;
|
||||||
|
|
||||||
|
# request timed out -- default 60
|
||||||
|
client_body_timeout 10;
|
||||||
|
client_header_timeout 10;
|
||||||
|
|
||||||
|
# if client stop responding, free up memory -- default 60
|
||||||
|
send_timeout 10;
|
||||||
|
|
||||||
|
# server will close connection after this time -- default 75
|
||||||
|
keepalive_timeout 30;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Logging Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
#access_log /var/log/nginx/access.log;
|
||||||
|
#error_log /var/log/nginx/error.log crit;
|
||||||
|
|
||||||
|
# borrowed from Apache
|
||||||
|
# (Could use $host instead of $server_name to log vhost aliases separately)
|
||||||
|
log_format vhost_combined '$server_name $remote_addr - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
|
||||||
|
log_format vcombined '$host:$server_port '
|
||||||
|
'$remote_addr - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
|
||||||
|
# Define an access log for VirtualHosts that don't define their own logfile
|
||||||
|
access_log /var/log/nginx/other_vhosts_access.log vcombined;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_min_length 10240;
|
||||||
|
gzip_comp_level 1;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
gzip_proxied expired no-cache no-store private auth;
|
||||||
|
gzip_types
|
||||||
|
# text/html is always compressed by HttpGzipModule
|
||||||
|
text/css
|
||||||
|
text/javascript
|
||||||
|
text/xml
|
||||||
|
text/plain
|
||||||
|
text/x-component
|
||||||
|
application/javascript
|
||||||
|
application/x-javascript
|
||||||
|
application/json
|
||||||
|
application/xml
|
||||||
|
application/rss+xml
|
||||||
|
application/atom+xml
|
||||||
|
font/truetype
|
||||||
|
font/opentype
|
||||||
|
application/vnd.ms-fontobject
|
||||||
|
image/svg+xml;
|
||||||
|
|
||||||
|
# gzip_proxied any;
|
||||||
|
# gzip_comp_level 6;
|
||||||
|
# gzip_buffers 16 8k;
|
||||||
|
# gzip_http_version 1.1;
|
||||||
|
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
|
||||||
|
##
|
||||||
|
# DDOS Defense
|
||||||
|
##
|
||||||
|
# limit the number of connections per single IP
|
||||||
|
# limit_conn_zone $binary_remote_addr zone=conn_limit_def:10m;
|
||||||
|
# limit_conn_zone $binary_remote_addr zone=conn_limit_mid:32m;
|
||||||
|
# limit_conn_zone $binary_remote_addr zone=conn_limit_high:64m;
|
||||||
|
|
||||||
|
# limit the number of requests for a given session
|
||||||
|
# limit_req_zone $binary_remote_addr zone=req_limit_def:64m rate=10r/s;
|
||||||
|
# limit_req_zone $binary_remote_addr zone=req_limit_mid:128m rate=20r/s;
|
||||||
|
# limit_req_zone $binary_remote_addr zone=req_limit_high:512m rate=30r/s;
|
||||||
|
|
||||||
|
# if the request body size is more than the buffer size, then the entire (or partial)
|
||||||
|
# request body is written into a temporary file
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
# maximum number and size of buffers for large headers to read from client request
|
||||||
|
large_client_header_buffers 4 256k;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Virtual Host Configs
|
||||||
|
##
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
}
|
||||||
|
|
||||||
|
#mail {
|
||||||
|
# # See sample authentication script at:
|
||||||
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||||
|
#
|
||||||
|
# # auth_http localhost/auth.php;
|
||||||
|
# # pop3_capabilities "TOP" "USER";
|
||||||
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:110;
|
||||||
|
# protocol pop3;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:143;
|
||||||
|
# protocol imap;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#}
|
|
@ -0,0 +1,12 @@
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
port_in_redirect off;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_connect_timeout 300;
|
||||||
|
|
||||||
|
#proxy_buffering off;
|
||||||
|
#proxy_buffer_size 128k;
|
||||||
|
#proxy_buffers 100 128k;
|
|
@ -0,0 +1,17 @@
|
||||||
|
|
||||||
|
scgi_param REQUEST_METHOD $request_method;
|
||||||
|
scgi_param REQUEST_URI $request_uri;
|
||||||
|
scgi_param QUERY_STRING $query_string;
|
||||||
|
scgi_param CONTENT_TYPE $content_type;
|
||||||
|
|
||||||
|
scgi_param DOCUMENT_URI $document_uri;
|
||||||
|
scgi_param DOCUMENT_ROOT $document_root;
|
||||||
|
scgi_param SCGI 1;
|
||||||
|
scgi_param SERVER_PROTOCOL $server_protocol;
|
||||||
|
scgi_param REQUEST_SCHEME $scheme;
|
||||||
|
scgi_param HTTPS $https if_not_empty;
|
||||||
|
|
||||||
|
scgi_param REMOTE_ADDR $remote_addr;
|
||||||
|
scgi_param REMOTE_PORT $remote_port;
|
||||||
|
scgi_param SERVER_PORT $server_port;
|
||||||
|
scgi_param SERVER_NAME $server_name;
|
|
@ -0,0 +1,31 @@
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name auth.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name auth.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.net-error.log;
|
||||||
|
|
||||||
|
root /var/www/auth.envs.net/;
|
||||||
|
location / {
|
||||||
|
index index.php index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
include snippets/fastcgi-php.conf;
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
### BBJ.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name bbj.envs.net forum.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name bbj.envs.net forum.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/bbj.envs.net-error.log crit;
|
||||||
|
|
||||||
|
root /var/www/bbj.envs.net/;
|
||||||
|
location / {
|
||||||
|
index index.php index.html index.shtml index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
include snippets/fastcgi-php.conf;
|
||||||
|
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/favicon;
|
||||||
|
}
|
|
@ -0,0 +1,91 @@
|
||||||
|
##
|
||||||
|
# You should look at the following URL's in order to grasp a solid understanding
|
||||||
|
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||||
|
# https://www.nginx.com/resources/wiki/start/
|
||||||
|
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
||||||
|
# https://wiki.debian.org/Nginx/DirectoryStructure
|
||||||
|
#
|
||||||
|
# In most cases, administrators will remove this file from sites-enabled/ and
|
||||||
|
# leave it as reference inside of sites-available where it will continue to be
|
||||||
|
# updated by the nginx packaging team.
|
||||||
|
#
|
||||||
|
# This file will automatically load configuration files provided by other
|
||||||
|
# applications, such as Drupal or Wordpress. These applications will be made
|
||||||
|
# available underneath a path with that package name, such as /drupal8.
|
||||||
|
#
|
||||||
|
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Default server configuration
|
||||||
|
#
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
|
# SSL configuration
|
||||||
|
#
|
||||||
|
# listen 443 ssl default_server;
|
||||||
|
# listen [::]:443 ssl default_server;
|
||||||
|
#
|
||||||
|
# Note: You should disable gzip for SSL traffic.
|
||||||
|
# See: https://bugs.debian.org/773332
|
||||||
|
#
|
||||||
|
# Read up on ssl_ciphers to ensure a secure configuration.
|
||||||
|
# See: https://bugs.debian.org/765782
|
||||||
|
#
|
||||||
|
# Self signed certs generated by the ssl-cert package
|
||||||
|
# Don't use them in a production server!
|
||||||
|
#
|
||||||
|
# include snippets/snakeoil.conf;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
# Add index.php to the list if you are using PHP
|
||||||
|
index index.html index.htm index.nginx-debian.html;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# First attempt to serve request as file, then
|
||||||
|
# as directory, then fall back to displaying a 404.
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# pass PHP scripts to FastCGI server
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# include snippets/fastcgi-php.conf;
|
||||||
|
#
|
||||||
|
# # With php-fpm (or other unix sockets):
|
||||||
|
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
||||||
|
# # With php-cgi (or other tcp sockets):
|
||||||
|
# fastcgi_pass 127.0.0.1:9000;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# deny access to .htaccess files, if Apache's document root
|
||||||
|
# concurs with nginx's one
|
||||||
|
#
|
||||||
|
#location ~ /\.ht {
|
||||||
|
# deny all;
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Virtual Host configuration for example.com
|
||||||
|
#
|
||||||
|
# You can move that to a different file under sites-available/ and symlink that
|
||||||
|
# to sites-enabled/ to enable it.
|
||||||
|
#
|
||||||
|
#server {
|
||||||
|
# listen 80;
|
||||||
|
# listen [::]:80;
|
||||||
|
#
|
||||||
|
# server_name example.com;
|
||||||
|
#
|
||||||
|
# root /var/www/example.com;
|
||||||
|
# index index.html;
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# try_files $uri $uri/ =404;
|
||||||
|
# }
|
||||||
|
#}
|
|
@ -0,0 +1,98 @@
|
||||||
|
### ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
# listen 80 default_server;
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name envs.net www.envs.net _;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# listen 443 ssl http2 default_server;
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name envs.net www.envs.net _;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
add_header X-Frame-Options "ALLOW-FROM https://envs.sh/";
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.net-error.log crit;
|
||||||
|
|
||||||
|
include snippets/error_pages;
|
||||||
|
|
||||||
|
root /var/www/envs.net/;
|
||||||
|
index index.php index.html;
|
||||||
|
|
||||||
|
rewrite ^([^.\?]*[^/])$ $1/ permanent;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
try_files $uri.html $uri $uri/ @extensionless-php;
|
||||||
|
}
|
||||||
|
location @extensionless-php {
|
||||||
|
rewrite ^(.*)/$ $1.php last;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /cgi-bin {
|
||||||
|
gzip off;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
|
}
|
||||||
|
|
||||||
|
# users
|
||||||
|
location ~ ^/(~|u/)(?<user>[\w-]+)(?<user_uri>/.*)?$ {
|
||||||
|
alias /home/$user/public_html$user_uri;
|
||||||
|
index index.html index.php;
|
||||||
|
|
||||||
|
fancyindex on;
|
||||||
|
fancyindex_exact_size off;
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
location ~ [^/]\.php(/|$) {
|
||||||
|
include snippets/php_common;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ (\.cgi|\.py|\.sh|\.pl|\.lua|\/cgi-bin)$ {
|
||||||
|
gzip off;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /home/$user/public_html$request_filename;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* /\.(eot|ttf|woff|woff2)$ {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
expires 365d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* /\.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
expires 365d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* /\.(pdf)$ {
|
||||||
|
expires 30d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /(\.ht|\.git)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# include php and ssi
|
||||||
|
include snippets/php.conf;
|
||||||
|
ssi on;
|
||||||
|
}
|
|
@ -0,0 +1,55 @@
|
||||||
|
### ENVS.SH - lxc - nullpointer ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name envs.sh 0x0.envs.sh null.envs.sh;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name envs.sh 0x0.envs.sh null.envs.sh;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_sh_wild.conf;
|
||||||
|
|
||||||
|
client_max_body_size 512M;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.sh-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://envs.sh;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/favicon;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# 0x0.envs.net
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name 0x0.envs.net null.envs.net;
|
||||||
|
|
||||||
|
return 307 https://envs.sh$request_uri;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name 0x0.envs.net null.envs.net;
|
||||||
|
return 307 https://envs.sh$request_uri;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### GIT.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
listen 5.199.130.141:80;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name git.envs.net gitea.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
listen 5.199.130.141:443 ssl http2;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name git.envs.net gitea.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/git.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://git.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
### GOPHER.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name gopher.envs.net gopherproxy.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name gopher.envs.net gopherproxy.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/gopher.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:8993;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/favicon;
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### HELP.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name help.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name help.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/help.envs.net-error.log crit;
|
||||||
|
|
||||||
|
root /var/www/docs/help/site/;
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
### IP.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ip.envs.net whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/ip.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ip.envs.net whois.envs.net ifconfig.envs.net ifconf.envs.net ping.envs.net checkip.envs.net ipconfig.envs.net ipconf.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/ip.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
### IP.ENVS.SH - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ip.envs.sh whois.envs.sh;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/ip.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name ip.envs.sh whois.envs.sh;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_sh_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/ip.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### LISTS.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
listen 5.199.136.29:80;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name lists.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
listen 5.199.136.29:443 ssl http2;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name lists.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/lists.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://lists.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,58 @@
|
||||||
|
### MAIL.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
listen 5.199.136.28:80;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name mail.envs.net webmail.envs.net autodiscover.envs.net smtp.envs.net imap.envs.net;
|
||||||
|
|
||||||
|
include /etc/nginx/proxy_params;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://mail.envs.net/.well-known/acme-challenge/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# automx
|
||||||
|
server {
|
||||||
|
listen 5.199.136.28:80;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name autoconfig.envs.net;
|
||||||
|
|
||||||
|
include /etc/nginx/proxy_params;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://autoconfig.envs.net/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://mail.envs.net/.well-known/acme-challenge/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 5.199.136.28:443 ssl http2;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name mail.envs.net webmail.envs.net autodiscover.envs.net;
|
||||||
|
|
||||||
|
ssl_certificate /var/lib/lxc/mail/rootfs/etc/letsencrypt/live/mail.envs.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /var/lib/lxc/mail/rootfs/etc/letsencrypt/live/mail.envs.net/privkey.pem;
|
||||||
|
ssl_dhparam /var/lib/lxc/mail/rootfs/etc/nginx/dhparam.pem;
|
||||||
|
ssl_trusted_certificate /var/lib/lxc/mail/rootfs/etc/letsencrypt/live/mail.envs.net/chain.pem;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/mail.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://mail.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
### PAD.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name pad.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name pad.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/pad.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://pad.envs.net;
|
||||||
|
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### PB.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name pb.envs.net pastebin.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name pb.envs.net pastebin.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/pb.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://pb.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### RSS.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name rss.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name rss.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/rss.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://rss.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### SEARX.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name searx.envs.net search.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name searx.envs.net search.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/searx.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://searx.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### STATS.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name stats.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name stats.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/stats.envs.net-error.log crit;
|
||||||
|
|
||||||
|
root /var/www/envs.net/;
|
||||||
|
location / {
|
||||||
|
index stats.html;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
### TB.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name tb.envs.net termbin.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name tb.envs.net termbin.envs.net;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/tb.envs.net-error.log crit;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
client_max_body_size 256M;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://tb.envs.net;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/favicon;
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
### TTBP.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ttbp.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ttbp.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/ttbp.envs.net-error.log crit;
|
||||||
|
|
||||||
|
root /var/global/ttbp/public_html/;
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
### TWTXT.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name twtxt.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name twtxt.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/twtxt.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://127.0.0.1:9001;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/favicon;
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
### <USER>.ENVS.NET - local ###
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
limit_req_zone $binary_remote_addr zone=weechat:10m rate=10r/m;
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ~^(.*)\.envs\.net;
|
||||||
|
|
||||||
|
return 307 https://$1.envs.net$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ~^(?<user>[^.]+)\.envs\.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.net-error.log crit;
|
||||||
|
|
||||||
|
include snippets/user.envs.conf;
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
### <USER>.ENVS.SH - local ###
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ~^(.*)\.envs\.sh;
|
||||||
|
|
||||||
|
return 307 https://$1.envs.sh$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name ~^(?<user>[^.]+)\.envs\.sh;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_sh_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/envs.net-error.log crit;
|
||||||
|
|
||||||
|
include snippets/user.envs.conf;
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
### WEBIRC.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name lounge.envs.net webirc.envs.net;
|
||||||
|
return 307 https://webirc.envs.net$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name lounge.envs.net webirc.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/webirc.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
|
||||||
|
proxy_pass http://127.0.0.1:9000;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
### ZNC.ENVS.NET - local ###
|
||||||
|
server {
|
||||||
|
include snippets/listen_local.conf;
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name znc.envs.net bouncer.envs.net;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
alias /var/lib/letsencrypt/.well-known/acme-challenge/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_local_ssl.conf;
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name znc.envs.net bouncer.envs.net;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/znc.envs.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/znc.envs.net/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/znc.envs.net/chain.pem;
|
||||||
|
ssl_dhparam /etc/ssl/certs/envs_dhparam.pem;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/znc.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://znc.envs.net:6667;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/bbj.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/envs.sh.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/git.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/gopher.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/help.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/ip.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/ip.envs.sh.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/lists.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/mail.envs.net.conf
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue