monarch-pass/etc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Iniital commit

Browse Source
This commit is contained in:
Adrian Malacoda
2018-11-22 16:19:07 -06:00
commit a0f7e80abd
25 changed files with 1364 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
nginx/nginx.conf Normal file
View File

@@ -0,0 +1,86 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

94
nginx/sites-available/default Normal file
View File

@@ -0,0 +1,94 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# https://weakdh.org/sysadmin.html
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/monarch-pass.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/monarch-pass.net/privkey.pem;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex on;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

91
nginx/sites-available/default.dpkg-dist Normal file
View File

@@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

25
nginx/sites-available/etherpad.conf Normal file
View File

@@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name etherpad.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name etherpad.monarch-pass.net;
access_log /var/log/nginx/etherpad.monarch-pass.net/access.log;
error_log /var/log/nginx/etherpad.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:8004/;
}
}

27
nginx/sites-available/forge.monarch-pass.net.conf Normal file
View File

@@ -0,0 +1,27 @@
server {
listen 80;
listen [::]:80;
server_name forge.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 100G;
server_name forge.monarch-pass.net;
access_log /var/log/nginx/forge.monarch-pass.net/access.log;
error_log /var/log/nginx/forge.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:8011/;
}
}

50
nginx/sites-available/gammapedia.conf Normal file
View File

@@ -0,0 +1,50 @@
server {
listen 80;
listen [::]:80;
server_name gammapedia.monarch-pass.net;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gammapedia.monarch-pass.net;
root /var/www/html/gammapedia;
index index.html index.htm index.nginx-debian.html index.php;
access_log /var/log/nginx/gammapedia.monarch-pass.net/access.log;
error_log /var/log/nginx/gammapedia.monarch-pass.net/error.log;
location / {
try_files $uri $uri/ =404;
}
location = / {
return 302 $scheme://$host/wiki/;
}
location = /wiki {
return 302 $scheme://$host/wiki/;
}
location = /wiki/ {
return 302 $scheme://$host/wiki/Main_Page;
}
location ~ ^\/wiki/.+$ {
rewrite ^/wiki/(.+)$ /w/index.php?title=$1 last;
}
location /pad/ {
proxy_pass http://localhost:9001/;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm-gammapedia.sock;
}
}

29
nginx/sites-available/gitlab.conf Normal file
View File

@@ -0,0 +1,29 @@
server {
listen 80;
listen [::]:80;
server_name gitlab.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 100G;
server_name gitlab.monarch-pass.net;
access_log /var/log/nginx/gitlab.monarch-pass.net/access.log;
error_log /var/log/nginx/gitlab.monarch-pass.net/error.log;
return 301 https://forge.monarch-pass.net$request_uri;
# location /.well-known/ {
# root /var/www/html/;
# try_files $uri $uri/ =404;
# }
# location / {
# proxy_pass http://127.0.0.1:8001/;
# }
}

34
nginx/sites-available/glitchcity.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
server_name forums.glitchcity.info glitchcity.info www.glitchcity.info;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name forums.glitchcity.info glitchcity.info www.glitchcity.info;
client_max_body_size 100M;
access_log /var/log/nginx/glitchcity.info/access.log;
error_log /var/log/nginx/glitchcity.info/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8002;
}
#location / {
# root /var/www/html/maintenance;
# try_files $uri $uri/ =404;
#}
}

25
nginx/sites-available/hastebin.conf Normal file
View File

@@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name hastebin.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name hastebin.monarch-pass.net;
access_log /var/log/nginx/hastebin.monarch-pass.net/access.log;
error_log /var/log/nginx/hastebin.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:8005/;
}
}

30
nginx/sites-available/hydrocitynet.conf Normal file
View File

@@ -0,0 +1,30 @@
server {
listen 80;
listen [::]:80;
server_name hydrocitynet.org www.hydrocitynet.org;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
server_name hydrocitynet.org www.hydrocitynet.org;
access_log /var/log/nginx/hydrocitynet.org/access.log;
error_log /var/log/nginx/hydrocitynet.org/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
root /var/www/html/hydrocitynet;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}

29
nginx/sites-available/matrix.conf Normal file
View File

@@ -0,0 +1,29 @@
#server {
# listen 80;
# listen [::]:80;
# server_name matrix.monarch-pass.net;
# return 301 https://$host$request_uri;
#}
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 100G;
server_name matrix.monarch-pass.net;
access_log /var/log/nginx/matrix.monarch-pass.net/access.log;
error_log /var/log/nginx/matrix.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location /_matrix {
proxy_pass http://127.0.0.1:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 300s;
}
}

27
nginx/sites-available/mediagoblin.conf Normal file
View File

@@ -0,0 +1,27 @@
server {
listen 80;
listen [::]:80;
server_name media.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 100G;
server_name media.monarch-pass.net;
access_log /var/log/nginx/media.monarch-pass.net/access.log;
error_log /var/log/nginx/media.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:8009/;
}
}

25
nginx/sites-available/nanoyagi.conf Normal file
View File

@@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name nanoyagi.com www.nanoyagi.com;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
server_name nanoyagi.com www.nanoyagi.com;
access_log /var/log/nginx/nanoyagi.com/access.log;
error_log /var/log/nginx/nanoyagi.com/error.log;
root /var/www/html/nanoyagi;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}

26
nginx/sites-available/optimecapsule.conf Normal file
View File

@@ -0,0 +1,26 @@
server {
listen 80;
listen [::]:80;
server_name optimecapsule.com www.optimecapsule.com forums.optimecapsule.com forum.optimecapsule.com;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
server_name optimecapsule.com www.optimecapsule.com;
access_log /var/log/nginx/optimecapsule.com/access.log;
error_log /var/log/nginx/optimecapsule.com/error.log;
root /var/www/html/optimecapsule;
index index.html;
autoindex on;
location / {
try_files $uri $uri/ =404;
}
}

25
nginx/sites-available/phpmyadmin.conf Normal file
View File

@@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
server_name phpmyadmin.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name phpmyadmin.monarch-pass.net;
access_log /var/log/nginx/phpmyadmin.monarch-pass.net/access.log;
error_log /var/log/nginx/phpmyadmin.monarch-pass.net/error.log;
location /.well-known/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:8007/;
}
}

75
nginx/sites-available/social.conf Normal file
View File

@@ -0,0 +1,75 @@
server {
listen 80;
listen [::]:80;
server_name social.monarch-pass.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name social.monarch-pass.net;
access_log /var/log/nginx/social.monarch-pass.net/access.log;
error_log /var/log/nginx/social.monarch-pass.net/error.log;
#location /.well-known/ {
# root /var/www/html/;
# try_files $uri $uri/ =404;
#}
location /.well-known/acme-challenge/ {
root /var/www/html/;
try_files $uri $uri/ =404;
}
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
location / {
# if you do not want remote frontends to be able to access your Pleroma backend
# server, remove these lines.
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
# stop removing lines here.
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
# Uncomment this only after you get HTTPS working.
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8012;
client_max_body_size 16m;
}
# location /proxy {
# proxy_cache pleroma_media_cache;
# proxy_cache_lock on;
# proxy_ignore_client_abort on;
# proxy_pass http://127.0.0.1:8012;
# }
}