--- /dev/null
+server {
+ listen 80;
+ server_name localhost;
+
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+ #
+ #location ~ \.php$ {
+ # proxy_pass http://127.0.0.1;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # root html;
+ # fastcgi_pass 127.0.0.1:9000;
+ # fastcgi_index index.php;
+ # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+++ /dev/null
-# RFC 7239 Forwarded header for Nginx proxy_pass
-
-# Add within your server or location block:
-# proxy_set_header forwarded "$proxy_forwarded;secret=\"YOUR SECRET\"";
-
-# Configure your upstream web server to identify this proxy by that password
-# because otherwise anyone on the Internet could spoof these headers and fake
-# their real IP address and other information to your service.
-
-
-# Provide the full proxy chain in $proxy_forwarded
-map $proxy_add_forwarded $proxy_forwarded {
- default "$proxy_add_forwarded;by=\"_$hostname\";proto=$scheme;host=\"$http_host\";path=\"$request_uri\"";
-}
-
-# The following mappings are based on
-# https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
-
-map $remote_addr $proxy_forwarded_elem {
- # IPv4 addresses can be sent as-is
- ~^[0-9.]+$ "for=$remote_addr";
-
- # IPv6 addresses need to be bracketed and quoted
- ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
-
- # Unix domain socket names cannot be represented in RFC 7239 syntax
- default "for=unknown";
-}
-
-map $http_forwarded $proxy_add_forwarded {
- # If the incoming Forwarded header is syntactically valid, append to it
- "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
-
- # Otherwise, replace it
- default "$proxy_forwarded_elem";
-}
-
+++ /dev/null
-
-fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-fastcgi_param QUERY_STRING $query_string;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-fastcgi_param REQUEST_SCHEME $scheme;
-fastcgi_param HTTPS $https if_not_empty;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param REMOTE_USER $remote_user;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-
-# PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
+++ /dev/null
-
-# This map is not a full koi8-r <> utf8 map: it does not contain
-# box-drawing and some other characters. Besides this map contains
-# several koi8-u and Byelorussian letters which are not in koi8-r.
-# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
-# map instead.
-
-charset_map koi8-r utf-8 {
-
- 80 E282AC ; # euro
-
- 95 E280A2 ; # bullet
-
- 9A C2A0 ; #
-
- 9E C2B7 ; # ·
-
- A3 D191 ; # small yo
- A4 D194 ; # small Ukrainian ye
-
- A6 D196 ; # small Ukrainian i
- A7 D197 ; # small Ukrainian yi
-
- AD D291 ; # small Ukrainian soft g
- AE D19E ; # small Byelorussian short u
-
- B0 C2B0 ; # °
-
- B3 D081 ; # capital YO
- B4 D084 ; # capital Ukrainian YE
-
- B6 D086 ; # capital Ukrainian I
- B7 D087 ; # capital Ukrainian YI
-
- B9 E28496 ; # numero sign
-
- BD D290 ; # capital Ukrainian soft G
- BE D18E ; # capital Byelorussian short U
-
- BF C2A9 ; # (C)
-
- C0 D18E ; # small yu
- C1 D0B0 ; # small a
- C2 D0B1 ; # small b
- C3 D186 ; # small ts
- C4 D0B4 ; # small d
- C5 D0B5 ; # small ye
- C6 D184 ; # small f
- C7 D0B3 ; # small g
- C8 D185 ; # small kh
- C9 D0B8 ; # small i
- CA D0B9 ; # small j
- CB D0BA ; # small k
- CC D0BB ; # small l
- CD D0BC ; # small m
- CE D0BD ; # small n
- CF D0BE ; # small o
-
- D0 D0BF ; # small p
- D1 D18F ; # small ya
- D2 D180 ; # small r
- D3 D181 ; # small s
- D4 D182 ; # small t
- D5 D183 ; # small u
- D6 D0B6 ; # small zh
- D7 D0B2 ; # small v
- D8 D18C ; # small soft sign
- D9 D18B ; # small y
- DA D0B7 ; # small z
- DB D188 ; # small sh
- DC D18D ; # small e
- DD D189 ; # small shch
- DE D187 ; # small ch
- DF D18A ; # small hard sign
-
- E0 D0AE ; # capital YU
- E1 D090 ; # capital A
- E2 D091 ; # capital B
- E3 D0A6 ; # capital TS
- E4 D094 ; # capital D
- E5 D095 ; # capital YE
- E6 D0A4 ; # capital F
- E7 D093 ; # capital G
- E8 D0A5 ; # capital KH
- E9 D098 ; # capital I
- EA D099 ; # capital J
- EB D09A ; # capital K
- EC D09B ; # capital L
- ED D09C ; # capital M
- EE D09D ; # capital N
- EF D09E ; # capital O
-
- F0 D09F ; # capital P
- F1 D0AF ; # capital YA
- F2 D0A0 ; # capital R
- F3 D0A1 ; # capital S
- F4 D0A2 ; # capital T
- F5 D0A3 ; # capital U
- F6 D096 ; # capital ZH
- F7 D092 ; # capital V
- F8 D0AC ; # capital soft sign
- F9 D0AB ; # capital Y
- FA D097 ; # capital Z
- FB D0A8 ; # capital SH
- FC D0AD ; # capital E
- FD D0A9 ; # capital SHCH
- FE D0A7 ; # capital CH
- FF D0AA ; # capital hard sign
-}
+++ /dev/null
-
-charset_map koi8-r windows-1251 {
-
- 80 88 ; # euro
-
- 95 95 ; # bullet
-
- 9A A0 ; #
-
- 9E B7 ; # ·
-
- A3 B8 ; # small yo
- A4 BA ; # small Ukrainian ye
-
- A6 B3 ; # small Ukrainian i
- A7 BF ; # small Ukrainian yi
-
- AD B4 ; # small Ukrainian soft g
- AE A2 ; # small Byelorussian short u
-
- B0 B0 ; # °
-
- B3 A8 ; # capital YO
- B4 AA ; # capital Ukrainian YE
-
- B6 B2 ; # capital Ukrainian I
- B7 AF ; # capital Ukrainian YI
-
- B9 B9 ; # numero sign
-
- BD A5 ; # capital Ukrainian soft G
- BE A1 ; # capital Byelorussian short U
-
- BF A9 ; # (C)
-
- C0 FE ; # small yu
- C1 E0 ; # small a
- C2 E1 ; # small b
- C3 F6 ; # small ts
- C4 E4 ; # small d
- C5 E5 ; # small ye
- C6 F4 ; # small f
- C7 E3 ; # small g
- C8 F5 ; # small kh
- C9 E8 ; # small i
- CA E9 ; # small j
- CB EA ; # small k
- CC EB ; # small l
- CD EC ; # small m
- CE ED ; # small n
- CF EE ; # small o
-
- D0 EF ; # small p
- D1 FF ; # small ya
- D2 F0 ; # small r
- D3 F1 ; # small s
- D4 F2 ; # small t
- D5 F3 ; # small u
- D6 E6 ; # small zh
- D7 E2 ; # small v
- D8 FC ; # small soft sign
- D9 FB ; # small y
- DA E7 ; # small z
- DB F8 ; # small sh
- DC FD ; # small e
- DD F9 ; # small shch
- DE F7 ; # small ch
- DF FA ; # small hard sign
-
- E0 DE ; # capital YU
- E1 C0 ; # capital A
- E2 C1 ; # capital B
- E3 D6 ; # capital TS
- E4 C4 ; # capital D
- E5 C5 ; # capital YE
- E6 D4 ; # capital F
- E7 C3 ; # capital G
- E8 D5 ; # capital KH
- E9 C8 ; # capital I
- EA C9 ; # capital J
- EB CA ; # capital K
- EC CB ; # capital L
- ED CC ; # capital M
- EE CD ; # capital N
- EF CE ; # capital O
-
- F0 CF ; # capital P
- F1 DF ; # capital YA
- F2 D0 ; # capital R
- F3 D1 ; # capital S
- F4 D2 ; # capital T
- F5 D3 ; # capital U
- F6 C6 ; # capital ZH
- F7 C2 ; # capital V
- F8 DC ; # capital soft sign
- F9 DB ; # capital Y
- FA C7 ; # capital Z
- FB D8 ; # capital SH
- FC DD ; # capital E
- FD D9 ; # capital SHCH
- FE D7 ; # capital CH
- FF DA ; # capital hard sign
-}
types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
+ image/avif avif;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
+ font/woff woff;
+ font/woff2 woff2;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/wasm wasm;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
}
+++ /dev/null
-/usr/share/nginx/modules-available/mod-http-geoip2.conf
\ No newline at end of file
+++ /dev/null
-/usr/share/nginx/modules-available/mod-http-image-filter.conf
\ No newline at end of file
+++ /dev/null
-/usr/share/nginx/modules-available/mod-http-xslt-filter.conf
\ No newline at end of file
+++ /dev/null
-/usr/share/nginx/modules-available/mod-mail.conf
\ No newline at end of file
+++ /dev/null
-/usr/share/nginx/modules-available/mod-stream.conf
\ No newline at end of file
+++ /dev/null
-/usr/share/nginx/modules-available/mod-stream-geoip2.conf
\ No newline at end of file
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-events {
- worker_connections 768;
- # multi_accept on;
-}
-
-http {
-
- ##
- # Basic Settings
- ##
-
- sendfile on;
- tcp_nopush on;
- types_hash_max_size 2048;
- # server_tokens off;
+user nginx;
+worker_processes auto;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
+events {
+ worker_connections 1024;
+}
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ##
- # Logging Settings
- ##
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
- ##
- # Gzip Settings
- ##
+ access_log /var/log/nginx/access.log main;
- gzip on;
+ sendfile on;
+ #tcp_nopush on;
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+ keepalive_timeout 65;
- ##
- # Virtual Host Configs
- ##
+ #gzip on;
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
+ include /etc/nginx/conf.d/*.conf;
}
-
-
-#mail {
-# # See sample authentication script at:
-# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-#
-# # auth_http localhost/auth.php;
-# # pop3_capabilities "TOP" "USER";
-# # imap_capabilities "IMAP4rev1" "UIDPLUS";
-#
-# server {
-# listen localhost:110;
-# protocol pop3;
-# proxy on;
-# }
-#
-# server {
-# listen localhost:143;
-# protocol imap;
-# proxy on;
-# }
-#}
+++ /dev/null
-proxy_set_header Host $http_host;
-proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
+++ /dev/null
-upstream dev.nutra.tk {
- keepalive 100;
- server 127.0.0.1:20000;
- # server unix:/tmp/sanic.sock;
-}
-
-server {
- server_name dev.nutra.tk;
- # listen 80 default_server;
- # listen [::]:80 ipv6only=on;
- listen 443 ssl http2 default_server;
- listen [::]:443 ssl ipv6only=on; # managed by Certbot
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
- # ssl_protocols TLSv1 TLSv1.1; # support legacy browsers
- # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-
- client_max_body_size 50m;
-
- # React app (base URL)
- location / {
- root /var/www/app;
- index index.html;
- #try_files $uri $uri/ /index.html =404;
- }
-
-
- # Blog / Sphinx
- location /blog {
- alias /var/www/blog;
- index index.html;
- }
-
-
- # Sanic
- location /api/ {
- proxy_pass http://$server_name;
- # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
- proxy_http_version 1.1;
- proxy_request_buffering off;
- proxy_buffering off;
- # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
- proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
- # Allow websockets and keep-alive (avoid connection: close)
- proxy_set_header connection "upgrade";
- proxy_set_header upgrade $http_upgrade;
- }
-
-
-# # New chat (matrix / element)
-# location ~ /v2/chat/ {
-# proxy_pass http://127.0.0.1:8008;
-# proxy_set_header X-Forwarded-For $remote_addr;
-# }
-
- # default favicon
- location = /favicon.ico {
- alias /var/www/favicon.gif;
- }
-
-
- # Other
- location ~ /.well-known {
- allow all;
- }
-
-
- # HTTPS / SSL
- ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-}
-
-
-# Open matrix chat on 8448
-#server {
-# listen 8448 ssl default_server;
-# listen [::]:8448 ssl default_server;
-# server_name dev.nutra.tk;
-#
-# location / {
-# proxy_pass http://127.0.0.1:8008;
-# proxy_set_header X-Forwarded-For $remote_addr;
-# }
-#
-# # HTTPS / SSL
-# ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot
-# ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
-# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-#}
-
-
-# Redirect all HTTP to HTTPS with no-WWW
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name ~^(?:www\.)?(.*)$;
- return 301 https://$1$request_uri;
-}
-
-
-# Redirect WWW to no-WWW
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name ~^www\.(.*)$;
- return 301 $scheme://$1$request_uri;
-}
-
-
-# TODO: if is evil
-# https://wordpress.org/support/article/nginx/
-# http://wiki.nginx.org/IfIsEvil
-#server {
-# if ($host = dev.nutra.tk) {
-# return 301 $scheme://$host$request_uri;
-# } # managed by Certbot
-#}
-
+++ /dev/null
-
-proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
-
-server {
- listen 443 ssl http2;
-
- http2_push_preload on; # Enable HTTP/2 Server Push
-
- # ssl on;
- ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem;
- ssl_session_timeout 1d;
-
- # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
- ssl_protocols TLSv1.2 TLSv1.3;
-
- # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
- # prevent replay attacks.
- #
- # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
- ssl_early_data on;
-
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:50m;
- # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
- add_header Strict-Transport-Security max-age=15768000;
- # OCSP Stapling ---
- # fetch OCSP records from URL in ssl_certificate and cache them
- ssl_stapling on;
- ssl_stapling_verify on;
-
- add_header X-Early-Data $tls1_3_early_data;
-
- location ~ /chat/api/v[0-9]+/(users/)?websocket$ {
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- client_max_body_size 50M;
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Frame-Options SAMEORIGIN;
- proxy_buffers 256 16k;
- proxy_buffer_size 16k;
- client_body_timeout 60;
- send_timeout 300;
- lingering_timeout 5;
- proxy_connect_timeout 90;
- proxy_send_timeout 300;
- proxy_read_timeout 90s;
- proxy_http_version 1.1;
- proxy_pass http://127.0.0.1:8065;
- }
-
- location /chat/ {
- client_max_body_size 50M;
- proxy_set_header Connection "";
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Frame-Options SAMEORIGIN;
- proxy_buffers 256 16k;
- proxy_buffer_size 16k;
- proxy_read_timeout 600s;
- proxy_cache mattermost_cache;
- proxy_cache_revalidate on;
- proxy_cache_min_uses 2;
- proxy_cache_use_stale timeout;
- proxy_cache_lock on;
- proxy_http_version 1.1;
- proxy_pass http://127.0.0.1:8065;
- }
-}
-
-# This block is useful for debugging TLS v1.3. Please feel free to remove this
-# and use the `$ssl_early_data` variable exposed by NGINX directly should you
-# wish to do so.
-map $ssl_early_data $tls1_3_early_data {
- "~." $ssl_early_data;
- default "";
-}
+++ /dev/null
-/etc/nginx/sites-available/default
\ No newline at end of file
+++ /dev/null
-# regex to split $uri to $fastcgi_script_name and $fastcgi_path
-fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-
-# Check that the PHP script exists before passing it
-try_files $fastcgi_script_name =404;
-
-# Bypass the fact that try_files resets $fastcgi_path_info
-# see: http://trac.nginx.org/nginx/ticket/321
-set $path_info $fastcgi_path_info;
-fastcgi_param PATH_INFO $path_info;
-
-fastcgi_index index.php;
-include fastcgi.conf;
+++ /dev/null
-# Self signed certificates generated by the ssl-cert package
-# Don't use them in a production server!
-
-ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
-ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+++ /dev/null
-# This map is not a full windows-1251 <> utf8 map: it does not
-# contain Serbian and Macedonian letters. If you need a full map,
-# use contrib/unicode2nginx/win-utf map instead.
-
-charset_map windows-1251 utf-8 {
-
- 82 E2809A; # single low-9 quotation mark
-
- 84 E2809E; # double low-9 quotation mark
- 85 E280A6; # ellipsis
- 86 E280A0; # dagger
- 87 E280A1; # double dagger
- 88 E282AC; # euro
- 89 E280B0; # per mille
-
- 91 E28098; # left single quotation mark
- 92 E28099; # right single quotation mark
- 93 E2809C; # left double quotation mark
- 94 E2809D; # right double quotation mark
- 95 E280A2; # bullet
- 96 E28093; # en dash
- 97 E28094; # em dash
-
- 99 E284A2; # trade mark sign
-
- A0 C2A0; #
- A1 D18E; # capital Byelorussian short U
- A2 D19E; # small Byelorussian short u
-
- A4 C2A4; # currency sign
- A5 D290; # capital Ukrainian soft G
- A6 C2A6; # borken bar
- A7 C2A7; # section sign
- A8 D081; # capital YO
- A9 C2A9; # (C)
- AA D084; # capital Ukrainian YE
- AB C2AB; # left-pointing double angle quotation mark
- AC C2AC; # not sign
- AD C2AD; # soft hypen
- AE C2AE; # (R)
- AF D087; # capital Ukrainian YI
-
- B0 C2B0; # °
- B1 C2B1; # plus-minus sign
- B2 D086; # capital Ukrainian I
- B3 D196; # small Ukrainian i
- B4 D291; # small Ukrainian soft g
- B5 C2B5; # micro sign
- B6 C2B6; # pilcrow sign
- B7 C2B7; # ·
- B8 D191; # small yo
- B9 E28496; # numero sign
- BA D194; # small Ukrainian ye
- BB C2BB; # right-pointing double angle quotation mark
-
- BF D197; # small Ukrainian yi
-
- C0 D090; # capital A
- C1 D091; # capital B
- C2 D092; # capital V
- C3 D093; # capital G
- C4 D094; # capital D
- C5 D095; # capital YE
- C6 D096; # capital ZH
- C7 D097; # capital Z
- C8 D098; # capital I
- C9 D099; # capital J
- CA D09A; # capital K
- CB D09B; # capital L
- CC D09C; # capital M
- CD D09D; # capital N
- CE D09E; # capital O
- CF D09F; # capital P
-
- D0 D0A0; # capital R
- D1 D0A1; # capital S
- D2 D0A2; # capital T
- D3 D0A3; # capital U
- D4 D0A4; # capital F
- D5 D0A5; # capital KH
- D6 D0A6; # capital TS
- D7 D0A7; # capital CH
- D8 D0A8; # capital SH
- D9 D0A9; # capital SHCH
- DA D0AA; # capital hard sign
- DB D0AB; # capital Y
- DC D0AC; # capital soft sign
- DD D0AD; # capital E
- DE D0AE; # capital YU
- DF D0AF; # capital YA
-
- E0 D0B0; # small a
- E1 D0B1; # small b
- E2 D0B2; # small v
- E3 D0B3; # small g
- E4 D0B4; # small d
- E5 D0B5; # small ye
- E6 D0B6; # small zh
- E7 D0B7; # small z
- E8 D0B8; # small i
- E9 D0B9; # small j
- EA D0BA; # small k
- EB D0BB; # small l
- EC D0BC; # small m
- ED D0BD; # small n
- EE D0BE; # small o
- EF D0BF; # small p
-
- F0 D180; # small r
- F1 D181; # small s
- F2 D182; # small t
- F3 D183; # small u
- F4 D184; # small f
- F5 D185; # small kh
- F6 D186; # small ts
- F7 D187; # small ch
- F8 D188; # small sh
- F9 D189; # small shch
- FA D18A; # small hard sign
- FB D18B; # small y
- FC D18C; # small soft sign
- FD D18D; # small e
- FE D18E; # small yu
- FF D18F; # small ya
-}
projects / nutratech / vps-root.git / commitdiff