From 41054ea97270fbfa59a021abcb372bd847c1e35b Mon Sep 17 00:00:00 2001 From: Jonathan Chan Date: Sat, 23 Oct 2021 07:04:25 +0200 Subject: [PATCH] New sites for new server. --- al.ert.space | 41 ------------------------------ conc.ert.space | 40 ------------------------------ default | 3 +-- nginx-default => default.bak | 2 +- doi.ionathan.ch | 24 ------------------ ert.space | 29 ---------------------- ex.ert.space | 38 ---------------------------- git.ionathan.ch | 10 +++++--- gitb.ert.space | 30 ---------------------- hilb.ert.space | 30 ---------------------- in.ert.space | 27 -------------------- next.ionathan.ch | 10 +++++--- nitter.ionathan.ch | 23 ----------------- pix.ert.space | 28 --------------------- ress.ert.space | 29 ---------------------- rss.ionathan.ch | 48 +++++++++++++++++++++++++++--------- sea.ionathan.ch | 14 ----------- stand.ert.space | 26 ------------------- wiki.ert.space | 27 -------------------- 19 files changed, 52 insertions(+), 427 deletions(-) delete mode 100644 al.ert.space delete mode 100644 conc.ert.space rename nginx-default => default.bak (99%) delete mode 100644 doi.ionathan.ch delete mode 100644 ert.space delete mode 100644 ex.ert.space delete mode 100644 gitb.ert.space delete mode 100644 hilb.ert.space delete mode 100644 in.ert.space delete mode 100644 nitter.ionathan.ch delete mode 100644 pix.ert.space delete mode 100644 ress.ert.space delete mode 100644 sea.ionathan.ch delete mode 100644 stand.ert.space delete mode 100644 wiki.ert.space diff --git a/al.ert.space b/al.ert.space deleted file mode 100644 index b09d758..0000000 --- a/al.ert.space +++ /dev/null @@ -1,41 +0,0 @@ -server { - server_name al.ert.space; - root /srv/www/al.ert.space/app; - index index.html /server/index.php; - - auth_basic "Authentication Required"; - auth_basic_user_file /etc/apache2/.htpasswd; - - location / { - try_files $uri $uri/ =404; - } - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php7.0-fpm.sock; - } - - location ~ /\.ht { - deny all; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = al.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - - server_name al.ert.space; - return 404; # managed by Certbot -} - diff --git a/conc.ert.space b/conc.ert.space deleted file mode 100644 index aa4d947..0000000 --- a/conc.ert.space +++ /dev/null @@ -1,40 +0,0 @@ -upstream fw { - # depending on your setup, you may want to update this - server 0.0.0.0:5000; -} -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - server_name conc.ert.space; - client_max_body_size 512M; - - # HSTS - add_header Strict-Transport-Security "max-age=31536000"; - - location / { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://fw/; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = conc.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - server_name conc.ert.space; - return 404; # managed by Certbot -} - diff --git a/default b/default index 9cc154e..f370327 100644 --- a/default +++ b/default @@ -1,7 +1,6 @@ server { listen 80 default_server; - listen [::]:80 default_server; - server_name localhost; + server_name _; return 301 https://ionathan.ch; } diff --git a/nginx-default b/default.bak similarity index 99% rename from nginx-default rename to default.bak index 5822785..9117e37 100644 --- a/nginx-default +++ b/default.bak @@ -38,7 +38,7 @@ server { # # include snippets/snakeoil.conf; - root /srv/www/html; + root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; diff --git a/doi.ionathan.ch b/doi.ionathan.ch deleted file mode 100644 index 40ec176..0000000 --- a/doi.ionathan.ch +++ /dev/null @@ -1,24 +0,0 @@ -server { - root /srv/www/doi.ionathan.ch; - server_name doi.ionathan.ch; - error_page 404 /index.html; - location ~/.* { - try_files $uri $uri/ =404; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/git.ionathan.ch/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.ionathan.ch/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = doi.ionathan.ch) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name doi.ionathan.ch; - listen 80; - return 404; # managed by Certbot -} diff --git a/ert.space b/ert.space deleted file mode 100644 index e06b65b..0000000 --- a/ert.space +++ /dev/null @@ -1,29 +0,0 @@ -server { - server_name ert.space; - root /srv/www/ert.space; - location / { - try_files $uri $uri/ =404; - } - server_name ert.space; - - listen [::]:443 ssl ipv6only=on; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name ert.space; - - listen 80; - listen [::]:80; - server_name ert.space; - return 404; # managed by Certbot -} - diff --git a/ex.ert.space b/ex.ert.space deleted file mode 100644 index 6f48c2d..0000000 --- a/ex.ert.space +++ /dev/null @@ -1,38 +0,0 @@ -server { - server_name ex.ert.space; - client_max_body_size 512M; - location / { - proxy_pass http://localhost:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - - location = /.well-known/carddav { - return 301 http://localhost:8080/remote.php/dav; - } - location = /.well-known/caldav { - return 301 http://localhost:8080/remote.php/dav; - } - server_name ex.ert.space; - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = ex.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name ex.ert.space; - - listen 80; - listen [::]:80; - server_name ex.ert.space; - return 404; # managed by Certbot -} - diff --git a/git.ionathan.ch b/git.ionathan.ch index 6755160..a41aef4 100644 --- a/git.ionathan.ch +++ b/git.ionathan.ch @@ -7,10 +7,11 @@ server { } listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/git.ionathan.ch/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.ionathan.ch/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/next.ionathan.ch/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/next.ionathan.ch/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } server { @@ -18,7 +19,10 @@ server { return 301 https://$host$request_uri; } # managed by Certbot + server_name git.ionathan.ch; listen 80; return 404; # managed by Certbot -} + + +} \ No newline at end of file diff --git a/gitb.ert.space b/gitb.ert.space deleted file mode 100644 index 36ed708..0000000 --- a/gitb.ert.space +++ /dev/null @@ -1,30 +0,0 @@ -server { - server_name gitb.ert.space; - location / { - proxy_pass http://localhost:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - server_name gitb.ert.space; - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = gitb.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name gitb.ert.space; - - listen 80; - listen [::]:80; - server_name gitb.ert.space; - return 404; # managed by Certbot -} - diff --git a/hilb.ert.space b/hilb.ert.space deleted file mode 100644 index 96bdccd..0000000 --- a/hilb.ert.space +++ /dev/null @@ -1,30 +0,0 @@ -server { - server_name hilb.ert.space; - client_max_body_size 5M; - root /srv/www/ert.space; - location / { - try_files $uri $uri/ =404; - } - server_name hilb.ert.space; - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = hilb.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name hilb.ert.space; - - listen 80; - listen [::]:80; - server_name hilb.ert.space; - return 404; # managed by Certbot -} - diff --git a/in.ert.space b/in.ert.space deleted file mode 100644 index 4d22daf..0000000 --- a/in.ert.space +++ /dev/null @@ -1,27 +0,0 @@ -server { - root /srv/www/ert.space; - server_name in.ert.space; - error_page 404 /404.html; - location / { - try_files $uri $uri/ =404; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = in.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - server_name in.ert.space; - return 404; # managed by Certbot -} - diff --git a/next.ionathan.ch b/next.ionathan.ch index 215c9c4..ce5967b 100644 --- a/next.ionathan.ch +++ b/next.ionathan.ch @@ -16,10 +16,11 @@ server { } listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/git.ionathan.ch/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.ionathan.ch/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/next.ionathan.ch/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/next.ionathan.ch/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } server { @@ -27,7 +28,10 @@ server { return 301 https://$host$request_uri; } # managed by Certbot + server_name next.ionathan.ch; listen 80; return 404; # managed by Certbot -} + + +} \ No newline at end of file diff --git a/nitter.ionathan.ch b/nitter.ionathan.ch deleted file mode 100644 index 788a377..0000000 --- a/nitter.ionathan.ch +++ /dev/null @@ -1,23 +0,0 @@ -server { - server_name nitter.ionathan.ch; - location / { - proxy_pass http://localhost:8888; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/git.ionathan.ch/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.ionathan.ch/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} -server { - if ($host = nitter.ionathan.ch) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name nitter.ionathan.ch; - return 404; # managed by Certbot -} diff --git a/pix.ert.space b/pix.ert.space deleted file mode 100644 index f204d52..0000000 --- a/pix.ert.space +++ /dev/null @@ -1,28 +0,0 @@ -server { - server_name pix.ert.space; - location / { - proxy_pass http://localhost:8008; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot -} - -server { - if ($host = pix.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - listen [::]:80; - server_name pix.ert.space; - return 404; # managed by Certbot -} - diff --git a/ress.ert.space b/ress.ert.space deleted file mode 100644 index ac15fc4..0000000 --- a/ress.ert.space +++ /dev/null @@ -1,29 +0,0 @@ -server { - server_name ress.ert.space; - location / { - proxy_pass http://localhost:8181; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - server_name ress.ert.space; - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = ress.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - server_name ress.ert.space; - - listen 80; - listen [::]:80; - server_name ress.ert.space; - return 404; # managed by Certbot -} - diff --git a/rss.ionathan.ch b/rss.ionathan.ch index 04b0ce2..4ecc248 100644 --- a/rss.ionathan.ch +++ b/rss.ionathan.ch @@ -1,25 +1,49 @@ +upstream freshrss { + server localhost:8080; + keepalive 64; +} + server { - server_name rss.ionathan.ch; - location / { - proxy_pass http://localhost:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - } + server_name rss.ionathan.ch; + + location / { + # The final `/` is important. + proxy_pass http://freshrss/; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_read_timeout 90; + + # Forward the Authorization header for the Google Reader API. + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/git.ionathan.ch/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.ionathan.ch/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/next.ionathan.ch/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/next.ionathan.ch/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } + + server { if ($host = rss.ionathan.ch) { return 301 https://$host$request_uri; } # managed by Certbot - server_name rss.ionathan.ch; - listen 80; + + server_name rss.ionathan.ch; + listen 80; return 404; # managed by Certbot -} + + +} \ No newline at end of file diff --git a/sea.ionathan.ch b/sea.ionathan.ch deleted file mode 100644 index 20f4db6..0000000 --- a/sea.ionathan.ch +++ /dev/null @@ -1,14 +0,0 @@ -server { - server_name sea.ionathan.ch; - listen 80; - listen [::]:80; - client_max_body_size 512M; - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; - - location / { - proxy_pass http://localhost:8008; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } -} - diff --git a/stand.ert.space b/stand.ert.space deleted file mode 100644 index 5e5b530..0000000 --- a/stand.ert.space +++ /dev/null @@ -1,26 +0,0 @@ -server { - server_name stand.ert.space; - location / { - proxy_pass http://localhost:3030; - proxy_set_header Host $host; - proxy_set_header X-Real_IP $remote_addr; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = stand.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - server_name stand.ert.space; - return 404; # managed by Certbot -} diff --git a/wiki.ert.space b/wiki.ert.space deleted file mode 100644 index 65965b2..0000000 --- a/wiki.ert.space +++ /dev/null @@ -1,27 +0,0 @@ -server { - server_name wiki.ert.space; - location / { - proxy_pass https://github.com/ionathanch/ionathanch/wiki; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - -server { - if ($host = wiki.ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - listen [::]:80; - server_name wiki.ert.space; - return 404; # managed by Certbot -} -