From: nutra-bot Date: Tue, 18 Apr 2023 00:02:47 +0000 (+0000) Subject: commit new nginx 1.24 config X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=b6e18141bc4cafc1d5368a2616779adfd4af425c;p=nutratech%2Fvps-root.git commit new nginx 1.24 config --- diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf new file mode 100644 index 0000000..ff2ced6 --- /dev/null +++ b/etc/nginx/conf.d/default.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name localhost; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/etc/nginx/conf.d/forwarded.conf b/etc/nginx/conf.d/forwarded.conf deleted file mode 100644 index 7141d89..0000000 --- a/etc/nginx/conf.d/forwarded.conf +++ /dev/null @@ -1,37 +0,0 @@ -# RFC 7239 Forwarded header for Nginx proxy_pass - -# Add within your server or location block: -# proxy_set_header forwarded "$proxy_forwarded;secret=\"YOUR SECRET\""; - -# Configure your upstream web server to identify this proxy by that password -# because otherwise anyone on the Internet could spoof these headers and fake -# their real IP address and other information to your service. - - -# Provide the full proxy chain in $proxy_forwarded -map $proxy_add_forwarded $proxy_forwarded { - default "$proxy_add_forwarded;by=\"_$hostname\";proto=$scheme;host=\"$http_host\";path=\"$request_uri\""; -} - -# The following mappings are based on -# https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ - -map $remote_addr $proxy_forwarded_elem { - # IPv4 addresses can be sent as-is - ~^[0-9.]+$ "for=$remote_addr"; - - # IPv6 addresses need to be bracketed and quoted - ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; - - # Unix domain socket names cannot be represented in RFC 7239 syntax - default "for=unknown"; -} - -map $http_forwarded $proxy_add_forwarded { - # If the incoming Forwarded header is syntactically valid, append to it - "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; - - # Otherwise, replace it - default "$proxy_forwarded_elem"; -} - diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf deleted file mode 100644 index d53a628..0000000 --- a/etc/nginx/fastcgi.conf +++ /dev/null @@ -1,27 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/nginx/fastcgi_params b/etc/nginx/fastcgi_params index 69c4387..28decb9 100644 --- a/etc/nginx/fastcgi_params +++ b/etc/nginx/fastcgi_params @@ -17,7 +17,6 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; diff --git a/etc/nginx/koi-utf b/etc/nginx/koi-utf deleted file mode 100644 index e7974ff..0000000 --- a/etc/nginx/koi-utf +++ /dev/null @@ -1,109 +0,0 @@ - -# This map is not a full koi8-r <> utf8 map: it does not contain -# box-drawing and some other characters. Besides this map contains -# several koi8-u and Byelorussian letters which are not in koi8-r. -# If you need a full and standard map, use contrib/unicode2nginx/koi-utf -# map instead. - -charset_map koi8-r utf-8 { - - 80 E282AC ; # euro - - 95 E280A2 ; # bullet - - 9A C2A0 ; #   - - 9E C2B7 ; # · - - A3 D191 ; # small yo - A4 D194 ; # small Ukrainian ye - - A6 D196 ; # small Ukrainian i - A7 D197 ; # small Ukrainian yi - - AD D291 ; # small Ukrainian soft g - AE D19E ; # small Byelorussian short u - - B0 C2B0 ; # ° - - B3 D081 ; # capital YO - B4 D084 ; # capital Ukrainian YE - - B6 D086 ; # capital Ukrainian I - B7 D087 ; # capital Ukrainian YI - - B9 E28496 ; # numero sign - - BD D290 ; # capital Ukrainian soft G - BE D18E ; # capital Byelorussian short U - - BF C2A9 ; # (C) - - C0 D18E ; # small yu - C1 D0B0 ; # small a - C2 D0B1 ; # small b - C3 D186 ; # small ts - C4 D0B4 ; # small d - C5 D0B5 ; # small ye - C6 D184 ; # small f - C7 D0B3 ; # small g - C8 D185 ; # small kh - C9 D0B8 ; # small i - CA D0B9 ; # small j - CB D0BA ; # small k - CC D0BB ; # small l - CD D0BC ; # small m - CE D0BD ; # small n - CF D0BE ; # small o - - D0 D0BF ; # small p - D1 D18F ; # small ya - D2 D180 ; # small r - D3 D181 ; # small s - D4 D182 ; # small t - D5 D183 ; # small u - D6 D0B6 ; # small zh - D7 D0B2 ; # small v - D8 D18C ; # small soft sign - D9 D18B ; # small y - DA D0B7 ; # small z - DB D188 ; # small sh - DC D18D ; # small e - DD D189 ; # small shch - DE D187 ; # small ch - DF D18A ; # small hard sign - - E0 D0AE ; # capital YU - E1 D090 ; # capital A - E2 D091 ; # capital B - E3 D0A6 ; # capital TS - E4 D094 ; # capital D - E5 D095 ; # capital YE - E6 D0A4 ; # capital F - E7 D093 ; # capital G - E8 D0A5 ; # capital KH - E9 D098 ; # capital I - EA D099 ; # capital J - EB D09A ; # capital K - EC D09B ; # capital L - ED D09C ; # capital M - EE D09D ; # capital N - EF D09E ; # capital O - - F0 D09F ; # capital P - F1 D0AF ; # capital YA - F2 D0A0 ; # capital R - F3 D0A1 ; # capital S - F4 D0A2 ; # capital T - F5 D0A3 ; # capital U - F6 D096 ; # capital ZH - F7 D092 ; # capital V - F8 D0AC ; # capital soft sign - F9 D0AB ; # capital Y - FA D097 ; # capital Z - FB D0A8 ; # capital SH - FC D0AD ; # capital E - FD D0A9 ; # capital SHCH - FE D0A7 ; # capital CH - FF D0AA ; # capital hard sign -} diff --git a/etc/nginx/koi-win b/etc/nginx/koi-win deleted file mode 100644 index 72afabe..0000000 --- a/etc/nginx/koi-win +++ /dev/null @@ -1,103 +0,0 @@ - -charset_map koi8-r windows-1251 { - - 80 88 ; # euro - - 95 95 ; # bullet - - 9A A0 ; #   - - 9E B7 ; # · - - A3 B8 ; # small yo - A4 BA ; # small Ukrainian ye - - A6 B3 ; # small Ukrainian i - A7 BF ; # small Ukrainian yi - - AD B4 ; # small Ukrainian soft g - AE A2 ; # small Byelorussian short u - - B0 B0 ; # ° - - B3 A8 ; # capital YO - B4 AA ; # capital Ukrainian YE - - B6 B2 ; # capital Ukrainian I - B7 AF ; # capital Ukrainian YI - - B9 B9 ; # numero sign - - BD A5 ; # capital Ukrainian soft G - BE A1 ; # capital Byelorussian short U - - BF A9 ; # (C) - - C0 FE ; # small yu - C1 E0 ; # small a - C2 E1 ; # small b - C3 F6 ; # small ts - C4 E4 ; # small d - C5 E5 ; # small ye - C6 F4 ; # small f - C7 E3 ; # small g - C8 F5 ; # small kh - C9 E8 ; # small i - CA E9 ; # small j - CB EA ; # small k - CC EB ; # small l - CD EC ; # small m - CE ED ; # small n - CF EE ; # small o - - D0 EF ; # small p - D1 FF ; # small ya - D2 F0 ; # small r - D3 F1 ; # small s - D4 F2 ; # small t - D5 F3 ; # small u - D6 E6 ; # small zh - D7 E2 ; # small v - D8 FC ; # small soft sign - D9 FB ; # small y - DA E7 ; # small z - DB F8 ; # small sh - DC FD ; # small e - DD F9 ; # small shch - DE F7 ; # small ch - DF FA ; # small hard sign - - E0 DE ; # capital YU - E1 C0 ; # capital A - E2 C1 ; # capital B - E3 D6 ; # capital TS - E4 C4 ; # capital D - E5 C5 ; # capital YE - E6 D4 ; # capital F - E7 C3 ; # capital G - E8 D5 ; # capital KH - E9 C8 ; # capital I - EA C9 ; # capital J - EB CA ; # capital K - EC CB ; # capital L - ED CC ; # capital M - EE CD ; # capital N - EF CE ; # capital O - - F0 CF ; # capital P - F1 DF ; # capital YA - F2 D0 ; # capital R - F3 D1 ; # capital S - F4 D2 ; # capital T - F5 D3 ; # capital U - F6 C6 ; # capital ZH - F7 C2 ; # capital V - F8 DC ; # capital soft sign - F9 DB ; # capital Y - FA C7 ; # capital Z - FB D8 ; # capital SH - FC DD ; # capital E - FD D9 ; # capital SHCH - FE D7 ; # capital CH - FF DA ; # capital hard sign -} diff --git a/etc/nginx/mime.types b/etc/nginx/mime.types index 89be9a4..1c00d70 100644 --- a/etc/nginx/mime.types +++ b/etc/nginx/mime.types @@ -1,89 +1,99 @@ types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; - application/font-woff woff; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; + font/woff woff; + font/woff2 woff2; - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; } diff --git a/etc/nginx/modules-enabled/50-mod-http-geoip2.conf b/etc/nginx/modules-enabled/50-mod-http-geoip2.conf deleted file mode 120000 index e2655c3..0000000 --- a/etc/nginx/modules-enabled/50-mod-http-geoip2.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-http-geoip2.conf \ No newline at end of file diff --git a/etc/nginx/modules-enabled/50-mod-http-image-filter.conf b/etc/nginx/modules-enabled/50-mod-http-image-filter.conf deleted file mode 120000 index fa27cd3..0000000 --- a/etc/nginx/modules-enabled/50-mod-http-image-filter.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-http-image-filter.conf \ No newline at end of file diff --git a/etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf b/etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf deleted file mode 120000 index 51d7ca7..0000000 --- a/etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-http-xslt-filter.conf \ No newline at end of file diff --git a/etc/nginx/modules-enabled/50-mod-mail.conf b/etc/nginx/modules-enabled/50-mod-mail.conf deleted file mode 120000 index baa6ea9..0000000 --- a/etc/nginx/modules-enabled/50-mod-mail.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-mail.conf \ No newline at end of file diff --git a/etc/nginx/modules-enabled/50-mod-stream.conf b/etc/nginx/modules-enabled/50-mod-stream.conf deleted file mode 120000 index 7f65cc5..0000000 --- a/etc/nginx/modules-enabled/50-mod-stream.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-stream.conf \ No newline at end of file diff --git a/etc/nginx/modules-enabled/70-mod-stream-geoip2.conf b/etc/nginx/modules-enabled/70-mod-stream-geoip2.conf deleted file mode 120000 index 612a5e1..0000000 --- a/etc/nginx/modules-enabled/70-mod-stream-geoip2.conf +++ /dev/null @@ -1 +0,0 @@ -/usr/share/nginx/modules-available/mod-stream-geoip2.conf \ No newline at end of file diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 136753e..5e076aa 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -1,83 +1,32 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - # server_tokens off; +user nginx; +worker_processes auto; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; - include /etc/nginx/mime.types; - default_type application/octet-stream; - ## - # SSL Settings - ## +events { + worker_connections 1024; +} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - ## - # Logging Settings - ## +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; - ## - # Gzip Settings - ## + access_log /var/log/nginx/access.log main; - gzip on; + sendfile on; + #tcp_nopush on; - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + keepalive_timeout 65; - ## - # Virtual Host Configs - ## + #gzip on; - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; + include /etc/nginx/conf.d/*.conf; } - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params deleted file mode 100644 index df75bc5..0000000 --- a/etc/nginx/proxy_params +++ /dev/null @@ -1,4 +0,0 @@ -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default deleted file mode 100644 index ab0a8ed..0000000 --- a/etc/nginx/sites-available/default +++ /dev/null @@ -1,123 +0,0 @@ -upstream dev.nutra.tk { - keepalive 100; - server 127.0.0.1:20000; - # server unix:/tmp/sanic.sock; -} - -server { - server_name dev.nutra.tk; - # listen 80 default_server; - # listen [::]:80 ipv6only=on; - listen 443 ssl http2 default_server; - listen [::]:443 ssl ipv6only=on; # managed by Certbot - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; - # ssl_protocols TLSv1 TLSv1.1; # support legacy browsers - # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - - client_max_body_size 50m; - - # React app (base URL) - location / { - root /var/www/app; - index index.html; - #try_files $uri $uri/ /index.html =404; - } - - - # Blog / Sphinx - location /blog { - alias /var/www/blog; - index index.html; - } - - - # Sanic - location /api/ { - proxy_pass http://$server_name; - # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered) - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_buffering off; - # Proxy forwarding (password configured in app.config.FORWARDED_SECRET) - proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\""; - # Allow websockets and keep-alive (avoid connection: close) - proxy_set_header connection "upgrade"; - proxy_set_header upgrade $http_upgrade; - } - - -# # New chat (matrix / element) -# location ~ /v2/chat/ { -# proxy_pass http://127.0.0.1:8008; -# proxy_set_header X-Forwarded-For $remote_addr; -# } - - # default favicon - location = /favicon.ico { - alias /var/www/favicon.gif; - } - - - # Other - location ~ /.well-known { - allow all; - } - - - # HTTPS / SSL - ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - - -# Open matrix chat on 8448 -#server { -# listen 8448 ssl default_server; -# listen [::]:8448 ssl default_server; -# server_name dev.nutra.tk; -# -# location / { -# proxy_pass http://127.0.0.1:8008; -# proxy_set_header X-Forwarded-For $remote_addr; -# } -# -# # HTTPS / SSL -# ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot -# ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot -# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot -# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -#} - - -# Redirect all HTTP to HTTPS with no-WWW -server { - listen 80 default_server; - listen [::]:80 default_server; - server_name ~^(?:www\.)?(.*)$; - return 301 https://$1$request_uri; -} - - -# Redirect WWW to no-WWW -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ~^www\.(.*)$; - return 301 $scheme://$1$request_uri; -} - - -# TODO: if is evil -# https://wordpress.org/support/article/nginx/ -# http://wiki.nginx.org/IfIsEvil -#server { -# if ($host = dev.nutra.tk) { -# return 301 $scheme://$host$request_uri; -# } # managed by Certbot -#} - diff --git a/etc/nginx/sites-available/mattermost b/etc/nginx/sites-available/mattermost deleted file mode 100644 index 3efe205..0000000 --- a/etc/nginx/sites-available/mattermost +++ /dev/null @@ -1,83 +0,0 @@ - -proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; - -server { - listen 443 ssl http2; - - http2_push_preload on; # Enable HTTP/2 Server Push - - # ssl on; - ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; - ssl_session_timeout 1d; - - # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). - ssl_protocols TLSv1.2 TLSv1.3; - - # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to - # prevent replay attacks. - # - # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data - ssl_early_data on; - - ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:50m; - # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months) - add_header Strict-Transport-Security max-age=15768000; - # OCSP Stapling --- - # fetch OCSP records from URL in ssl_certificate and cache them - ssl_stapling on; - ssl_stapling_verify on; - - add_header X-Early-Data $tls1_3_early_data; - - location ~ /chat/api/v[0-9]+/(users/)?websocket$ { - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - client_max_body_size 50M; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - client_body_timeout 60; - send_timeout 300; - lingering_timeout 5; - proxy_connect_timeout 90; - proxy_send_timeout 300; - proxy_read_timeout 90s; - proxy_http_version 1.1; - proxy_pass http://127.0.0.1:8065; - } - - location /chat/ { - client_max_body_size 50M; - proxy_set_header Connection ""; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - proxy_read_timeout 600s; - proxy_cache mattermost_cache; - proxy_cache_revalidate on; - proxy_cache_min_uses 2; - proxy_cache_use_stale timeout; - proxy_cache_lock on; - proxy_http_version 1.1; - proxy_pass http://127.0.0.1:8065; - } -} - -# This block is useful for debugging TLS v1.3. Please feel free to remove this -# and use the `$ssl_early_data` variable exposed by NGINX directly should you -# wish to do so. -map $ssl_early_data $tls1_3_early_data { - "~." $ssl_early_data; - default ""; -} diff --git a/etc/nginx/sites-enabled/default b/etc/nginx/sites-enabled/default deleted file mode 120000 index ad35b83..0000000 --- a/etc/nginx/sites-enabled/default +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/default \ No newline at end of file diff --git a/etc/nginx/snippets/fastcgi-php.conf b/etc/nginx/snippets/fastcgi-php.conf deleted file mode 100644 index 467a9e7..0000000 --- a/etc/nginx/snippets/fastcgi-php.conf +++ /dev/null @@ -1,13 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+?\.php)(/.*)$; - -# Check that the PHP script exists before passing it -try_files $fastcgi_script_name =404; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -fastcgi_index index.php; -include fastcgi.conf; diff --git a/etc/nginx/snippets/snakeoil.conf b/etc/nginx/snippets/snakeoil.conf deleted file mode 100644 index ad26c3e..0000000 --- a/etc/nginx/snippets/snakeoil.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Self signed certificates generated by the ssl-cert package -# Don't use them in a production server! - -ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; -ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/etc/nginx/win-utf b/etc/nginx/win-utf deleted file mode 100644 index 774fd9f..0000000 --- a/etc/nginx/win-utf +++ /dev/null @@ -1,125 +0,0 @@ -# This map is not a full windows-1251 <> utf8 map: it does not -# contain Serbian and Macedonian letters. If you need a full map, -# use contrib/unicode2nginx/win-utf map instead. - -charset_map windows-1251 utf-8 { - - 82 E2809A; # single low-9 quotation mark - - 84 E2809E; # double low-9 quotation mark - 85 E280A6; # ellipsis - 86 E280A0; # dagger - 87 E280A1; # double dagger - 88 E282AC; # euro - 89 E280B0; # per mille - - 91 E28098; # left single quotation mark - 92 E28099; # right single quotation mark - 93 E2809C; # left double quotation mark - 94 E2809D; # right double quotation mark - 95 E280A2; # bullet - 96 E28093; # en dash - 97 E28094; # em dash - - 99 E284A2; # trade mark sign - - A0 C2A0; #   - A1 D18E; # capital Byelorussian short U - A2 D19E; # small Byelorussian short u - - A4 C2A4; # currency sign - A5 D290; # capital Ukrainian soft G - A6 C2A6; # borken bar - A7 C2A7; # section sign - A8 D081; # capital YO - A9 C2A9; # (C) - AA D084; # capital Ukrainian YE - AB C2AB; # left-pointing double angle quotation mark - AC C2AC; # not sign - AD C2AD; # soft hypen - AE C2AE; # (R) - AF D087; # capital Ukrainian YI - - B0 C2B0; # ° - B1 C2B1; # plus-minus sign - B2 D086; # capital Ukrainian I - B3 D196; # small Ukrainian i - B4 D291; # small Ukrainian soft g - B5 C2B5; # micro sign - B6 C2B6; # pilcrow sign - B7 C2B7; # · - B8 D191; # small yo - B9 E28496; # numero sign - BA D194; # small Ukrainian ye - BB C2BB; # right-pointing double angle quotation mark - - BF D197; # small Ukrainian yi - - C0 D090; # capital A - C1 D091; # capital B - C2 D092; # capital V - C3 D093; # capital G - C4 D094; # capital D - C5 D095; # capital YE - C6 D096; # capital ZH - C7 D097; # capital Z - C8 D098; # capital I - C9 D099; # capital J - CA D09A; # capital K - CB D09B; # capital L - CC D09C; # capital M - CD D09D; # capital N - CE D09E; # capital O - CF D09F; # capital P - - D0 D0A0; # capital R - D1 D0A1; # capital S - D2 D0A2; # capital T - D3 D0A3; # capital U - D4 D0A4; # capital F - D5 D0A5; # capital KH - D6 D0A6; # capital TS - D7 D0A7; # capital CH - D8 D0A8; # capital SH - D9 D0A9; # capital SHCH - DA D0AA; # capital hard sign - DB D0AB; # capital Y - DC D0AC; # capital soft sign - DD D0AD; # capital E - DE D0AE; # capital YU - DF D0AF; # capital YA - - E0 D0B0; # small a - E1 D0B1; # small b - E2 D0B2; # small v - E3 D0B3; # small g - E4 D0B4; # small d - E5 D0B5; # small ye - E6 D0B6; # small zh - E7 D0B7; # small z - E8 D0B8; # small i - E9 D0B9; # small j - EA D0BA; # small k - EB D0BB; # small l - EC D0BC; # small m - ED D0BD; # small n - EE D0BE; # small o - EF D0BF; # small p - - F0 D180; # small r - F1 D181; # small s - F2 D182; # small t - F3 D183; # small u - F4 D184; # small f - F5 D185; # small kh - F6 D186; # small ts - F7 D187; # small ch - F8 D188; # small sh - F9 D189; # small shch - FA D18A; # small hard sign - FB D18B; # small y - FC D18C; # small soft sign - FD D18D; # small e - FE D18E; # small yu - FF D18F; # small ya -}