backup prod files

This commit is contained in:
Tykayn 2023-06-15 19:42:12 +02:00 committed by tykayn
parent 05f971797c
commit 0c60e51d5e
2384 changed files with 1003029 additions and 1 deletions

View File

@ -22,3 +22,5 @@ editor /etc/nginx/conf.d/default.conf
pct enter 103
# roadmap
* générer le fichier hosts

View File

@ -6,7 +6,7 @@
import fs from 'node-fs'
import { makeHostFileForWordpress } from './model.wordpress.mjs'
import { makeHostFileForSymfony } from './model.symfony.mjs'
import { makeHostFileForPhpPages } from './model.php-website'
import { makeHostFileForPhpPages } from './model.php-website.mjs'
const LXCcontainerLocalIP = '10.10.10.103'
const LXCcontainerProtocol = 'https'
@ -118,6 +118,14 @@ const domainsConfig = [{
framework: 'static',
disableSSL: false,
},
{
LXCcontainerLocalIP,
LXCcontainerProtocol,
name: 'Join Fediverse',
domain: 'www.joinfediverse.org',
framework: 'static',
disableSSL: false,
},
]
// autres frameworks:
// nextcloud: cloud.tykayn.fr

View File

@ -0,0 +1,12 @@
/**
* turns a domain config to two config files for nginx web sever on proxmox and its container
* @param domainConfig
* @returns {{homeNginxConf: string, containerNginxConf: string}}
*/
export function makeHostFileForWordpress (domainConfig) {
const model = {
hostsList: ``,
}
return model
}

View File

@ -0,0 +1,78 @@
# --------------- nuage nextcloud ------------------
server {
server_name nuage.tykayn.fr;
listen 80;
return 301 https://nuage.tykayn.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nuage.tykayn.fr;
ssl_certificate /etc/letsencrypt/live/nuage.tykayn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nuage.tykayn.fr/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container nextcloud
proxy_pass https://10.10.10.106;
}
add_header Permissions-Policy "interest-cohort=()";
}
server {
server_name cloud.tykayn.fr;
listen 80;
return 301 https://cloud.tykayn.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.tykayn.fr;
ssl_certificate /etc/letsencrypt/live/cloud.tykayn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.tykayn.fr/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container nextcloud
proxy_pass https://10.10.10.106;
}
add_header Permissions-Policy "interest-cohort=()";
}
# --------------- pass vaultwarden cipherbliss ------------------
server {
server_name pass.cipherbliss.com;
listen 80;
return 301 https://pass.cipherbliss.com$request_uri;
}
server {
listen 443 http2;
listen [::]:443 http2;
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name pass.cipherbliss.com;
# ssl_certificate /etc/letsencrypt/live/pass.cipherbliss.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/pass.cipherbliss.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass http://10.10.10.105;
}
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,57 @@
127.0.0.1 lafromagerie-bsf.com www.lafromagerie-bsf.com
127.0.0.1 api.cipherbliss.com
127.0.0.1 api.tykayn.net
127.0.0.1 apresmetoo.com
127.0.0.1 caisse.cipherbliss.com
127.0.0.1 calc.cipherbliss.com
127.0.0.1 catherinefonder.fr www.catherinefonder.fr
127.0.0.1 c.cipherbliss.com
127.0.0.1 chat.cipherbliss.com
127.0.0.1 cil-gometz.org www.cil-gometz.org
127.0.0.1 cipherbliss.com www.cipherbliss.com
127.0.0.1 mastodon.cipherbliss.com
127.0.0.1 clairelemoine.art
127.0.0.1 coussinet.org
127.0.0.1 events.cipherbliss.com
127.0.0.1 framadate-api.cipherbliss.com
127.0.0.1 framadate.cipherbliss.com
127.0.0.1 free-software-academy.org
127.0.0.1 free-software-academy.org
127.0.0.1 helia.tykayn
127.0.0.1 joinfediverse.org
127.0.0.1 localhost
127.0.0.1 nuage.tykayn.fr
127.0.0.1 log.cipherbliss.com
127.0.0.1 ludovicsouliman.com
127.0.0.1 monit.coussinet.org
127.0.0.1 panel.coussinet.org
127.0.0.1 participalibre.cipherbliss.com
127.0.0.1 peertube.cipherbliss.com
127.0.0.1 piwik.cipherbliss.com
127.0.0.1 pix.cipherbliss.com
127.0.0.1 portfolio.cipherbliss.com
127.0.0.1 pucealoreille.fr
127.0.0.1 pass.cipherbliss.com
127.0.0.1 qzine.fr
127.0.0.1 sondages.qzine.fr
127.0.0.1 source.cipherbliss.com
127.0.0.1 taiga.cipherbliss.com
127.0.0.1 time.cipherbliss.com
127.0.0.1 tykayn.fr
127.0.0.1 vibrisse.fr
127.0.0.1 www.catherinefonder.fr
127.0.0.1 www.clairelemoine.art
127.0.0.1 www.coussinet.org
127.0.0.1 www.ludovicsouliman.com
127.0.0.1 www.pucealoreille.fr
127.0.0.1 www.qzine.fr
127.0.0.1 www.tykayn.fr
127.0.0.1 www.vibrisse.fr
127.0.1.1 ns370815.ip-91-121-143.eu ns370815
127.0.0.1 www.unbecetdesailes.fr unbecetdesailes.fr
149.202.77.27 riseup
::1 localhost ip6-localhost ip6-loopback
# coussinet chatons
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# ici c'est 149.202.77.27

View File

@ -0,0 +1,78 @@
server {
if ($host = caisse.cipherbliss.com ) {
return 301 https://$host$request_uri;
}
listen caisse.cipherbliss.com:80;
listen [::]:80;
server_name caisse.cipherbliss.com;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl default_server http2;
listen [::]:443 default_server ssl http2;
server_name caisse.cipherbliss.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/caisse.cipherbliss.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/caisse.cipherbliss.com-0001/privkey.pem;
# Path to the root of your installation
root /home/www/tykayn/caisse-fanzine/web/;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /index.php /app.php$is_args$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
# PROD
location ~ ^/app\.php(/|$) {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_intercept_errors on;
# fastcgi_pass php-handler;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,113 @@
upstream php-handler {
server 127.0.0.1:9000;
}
server {
if ($host = www.catherinefonder.fr) {
return 301 https://$host$request_uri;
}
# managed by Certbot
if ($host = catherinefonder.fr) {
return 301 https://www.$host$request_uri;
}
listen 80;
listen [::]:80;
server_name www.catherinefonder.fr;
# enforce https
#return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
root /home/www/catherinefonder.fr/wordpress/;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
index index.php;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name www.catherinefonder.fr catherinefonder.fr;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/catherinefonder.fr-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/catherinefonder.fr-0001/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/catherinefonder.fr/wordpress/;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
index index.php;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,85 @@
server {
if ($host = www.cipherbliss.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.cipherbliss.com;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/www.cipherbliss.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cipherbliss.com-0001/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/tykayn/cipherbliss/;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}
server {
if ($host = caisse.cipherbliss.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name caisse.cipherbliss.com;
# enforce https
# return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
# Path to the root of your installation
root /home/www/tykayn/caisse-bliss/;
## This should be in your http block and if it is, it's not needed here.
index index.php index.html;
}

View File

@ -0,0 +1,86 @@
server {
listen 80;
if ($host = www.clairelemoine.art) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = clairelemoine.art) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
server_name www.clairelemoine.art;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
#listen [::]:443 ssl ipv6only=on; # managed by Certbot
#listen 443 ssl; # managed by Certbot
#ssl_certificate /etc/letsencrypt/live/www.clairelemoine.art/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/www.clairelemoine.art/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/access-clairelemoine.log combined;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.clairelemoine.art clairelemoine.art;
ssl_certificate /etc/letsencrypt/live/www.clairelemoine.art/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.clairelemoine.art/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/wulfila;
index index.html index.php;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
# log_not_found off;
# access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found on;
}
rewrite_log on;
add_header Permissions-Policy "interest-cohort=()";
access_log /var/log/nginx/access-clairelemoine.log;
error_log /var/log/nginx/error-clairelemoine.log debug;
}

View File

@ -0,0 +1,162 @@
#upstream php-handler {
# server 127.0.0.1:9001;
#server unix:/var/run/php/php7.2-fpm.sock;
#}
server {
if ($host = cloud.tykayn.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name cloud.tykayn.fr;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.tykayn.fr;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/cloud.tykayn.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.tykayn.fr/privkey.pem; # managed by Certbot
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /home/www/tykayn/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# $try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

View File

@ -0,0 +1,74 @@
server {
server_name coussinet.org ;
# enforce https
return 301 https://www.coussinet.org$request_uri;
listen [::]:443; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/coussinet.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/coussinet.org/privkey.pem; # managed by Certbot
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.coussinet.org;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/coussinet.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/coussinet.org/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/coussinet;
## This should be in your http block and if it is, it's not needed here.
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}
server {
if ($host = pucealoreille.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name coussinet.org;
return 404; # managed by Certbot
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,93 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
add_header Permissions-Policy "interest-cohort=()";
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

View File

@ -0,0 +1,48 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name g1.cipherbliss.com;
# Ne s'applique pas si vous utilisez un sous-domaine
if ($host = www.g1.cipherbliss.com) {
return 301 https://g1.cipherbliss.com$request_uri;
}
access_log /var/log/nginx/duniter-access.log;
error_log /var/log/nginx/duniter-error.log;
location / {
proxy_pass http://127.0.0.1:10901;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /ws2p {
proxy_pass http://127.0.0.1:10901;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# HTTPS
ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ecdh_curve prime256v1;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
resolver 80.67.169.12 80.67.169.40 valid=300s;
resolver_timeout 5s;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15768000";
add_header Referrer-Policy "strict-origin-when-cross-origin";
}

View File

@ -0,0 +1,77 @@
############# start framadate server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name framadate-api.cipherbliss.com;
root /home/www/tykayn/cipherbliss/framadate-api/public/;
try_files $uri /index.php$is_args$args;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/framadate-api.cipherbliss.com-0001/fullchain.pem; # managed by Cert$
ssl_certificate_key /etc/letsencrypt/live/framadate-api.cipherbliss.com-0001/privkey.pem; # managed by Ce$
client_max_body_size 32m;
location / {
try_files $uri /index.php$is_args$args;
}
# optionally disable falling back to PHP script for the asset directories;
# nginx will return a 404 error when files are not found instead of passing the
# request to Symfony (improves performance but Symfony's 404 page is not displayed)
# location /bundles {
# try_files $uri =404;
# }
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
# fastcgi_pass php-handler;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# include fastcgi.conf;
fastcgi_intercept_errors on;
# fastcgi_pass php-handler-8.2;
# optionally set the value of the environment variables used in the application
# fastcgi_param APP_ENV prod;
# fastcgi_param APP_SECRET <app-secret-id>;
# fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param APP_ENV prod;
fastcgi_param APP_DEBUG 1;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
# Prevents URIs that include the front controller. This will 404:
# http://framadate-api.cipherbliss.com/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
# tests: https://framadate-api.cipherbliss.com/index.php/api/v1/poll/
# https://framadate-api.cipherbliss.com/api/v1/poll/ only this one should work without the internal directive
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/framadate-api_error.log;
access_log /var/log/nginx/framadate-api_access.log;
add_header Permissions-Policy "interest-cohort=()";
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
############# end framadate server

View File

@ -0,0 +1,52 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cil-gometz.org;
ssl_certificate /etc/letsencrypt/live/www.cil-gometz.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cil-gometz.org/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/cil/;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
index index.php;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,64 @@
server {
if ($host = helia.tykayn.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name helia.tykayn.fr;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name helia.tykayn.fr;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/helia.tykayn.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/helia.tykayn.fr/privkey.pem; # managed by Certbot
client_max_body_size 54m;
# Path to the root of your installation
root /home/www/tykayn/helia/;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
# fastcgi_pass php-handler;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,40 @@
server {
if ($host = www.joinfediverse.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = joinfediverse.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name joinfediverse.org www.joinfediverse.org;
root /home/www/joinfediverse/public;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name joinfediverse.org www.joinfediverse.org;
# root /home/www/joinfediverse/demo/joinfediverse/dist;
root /home/www/joinfediverse/public;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
# ssl_certificate /etc/letsencrypt/live/joinfediverse.org/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/joinfediverse.org/privkey.pem; # managed by Certbot
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.html$is_args$args;
}
error_log /var/log/nginx/joinfediverse_error.log;
access_log /var/log/nginx/joinfediverse_access.log;
}

View File

@ -0,0 +1,80 @@
server {
listen 80;
if ($host = www.lafromagerie-bsf.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = lafromagerie-bsf.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
server_name www.lafromagerie-bsf.com;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
access_log /var/log/nginx/access-lafromagerie-bsf.com.log combined;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.lafromagerie-bsf.com lafromagerie-bsf.com;
ssl_certificate /etc/letsencrypt/live/lafromagerie-bsf.com-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lafromagerie-bsf.com-0002/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/lafromagerie-bsf.com/wordpress;
index index.html index.php;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
# log_not_found off;
# access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found on;
}
rewrite_log on;
add_header Permissions-Policy "interest-cohort=()";
access_log /var/log/nginx/access-lafromagerie-bsf.com.log;
error_log /var/log/nginx/error-lafromagerie-bsf.com.log debug;
}

View File

@ -0,0 +1,87 @@
upstream php-handler {
server 127.0.0.1:9001;
}
server {
listen 80;
listen [::]:80;
server_name events.cipherbliss.com;
root /home/www/tykayn/cipherbliss/mobilizon;
}
############# end framadate server
server {
if ($host = www.cipherbliss.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cipherbliss.com) {
return 301 https://www.$host$request_uri;
}
listen 80;
listen [::]:80;
server_name www.cipherbliss.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cipherbliss.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/www.cipherbliss.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cipherbliss.com/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/larome/wordpress/;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
index index.php;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

View File

@ -0,0 +1,87 @@
upstream php-handler {
server 127.0.0.1:9001;
}
server {
listen 80;
listen [::]:80;
server_name events.cipherbliss.com;
root /home/www/tykayn/cipherbliss/mobilizon;
}
############# end framadate server
server {
if ($host = www.cipherbliss.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cipherbliss.com) {
return 301 https://www.$host$request_uri;
}
listen 80;
listen [::]:80;
server_name www.cipherbliss.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name larome-restaurant.frwww.cipherbliss.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/www.cipherbliss.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cipherbliss.com/privkey.pem; # managed by Certbot
# Path to the root of your installation
root /home/www/larome/wordpress/;
gzip on;
gzip_disable "msie6";
include /etc/nginx/mime.types;
## This should be in your http block and if it is, it's not needed here.
index index.php;
add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

View File

@ -0,0 +1,62 @@
server {
if ($host = ludovicsouliman.com) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
if ($host = www.ludovicsouliman.com) {
return 301 https://$server_name$request_uri;
} # managed by TK
listen 80;
listen [::]:80;
server_name ludovicsouliman.com www.ludovicsouliman.com;
# enforce https
return 301 https://$server_name$request_uri;
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.ludovicsouliman.com ludovicsouliman.com;
# Path to the root of your installation
root /home/www/ludovicsouliman/;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
ssl_certificate /etc/letsencrypt/live/ludovicsouliman.com-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ludovicsouliman.com-0002/privkey.pem; # managed by Certbot
add_header Permissions-Policy "interest-cohort=()";
}

View File

@ -0,0 +1,107 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
server {
listen 80;
listen [::]:80;
server_name mastodon.cipherbliss.com;
root /home/mastodon/live/public;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
add_header Permissions-Policy "interest-cohort=()";
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mastodon.cipherbliss.com;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# Uncomment these lines once you acquire a certificate:
ssl_certificate /etc/letsencrypt/live/mastodon.cipherbliss.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mastodon.cipherbliss.com-0001/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /home/mastodon/live/public;
add_header Permissions-Policy "interest-cohort=()";
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000";
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}

View File

@ -0,0 +1,40 @@
#mattermost
proxy_cache_path /var/cache/nginx-mattermost levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen localhost:80;
listen [::]:80;
server_name chat.cipherbliss.com;
return 301 https://chat.cipherbliss.com$request_uri;
}
server{
listen localhost:433 ssl http2;
listen [::]:433 ssl http2;
server_name chat.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/chat.cipherbliss.com/fullchain.pem; # managed by Certb$
ssl_certificate_key /etc/letsencrypt/live/chat.cipherbliss.com/privkey.pem; # managed by Cer$
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location ~ {
proxy_pass http://127.0.0.1:8065;
}
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
}
location / {
proxy_http_version 1.1;
}
}

View File

@ -0,0 +1,58 @@
upstream php-handler {
server 127.0.0.1:9001;
}
server {
listen 80;
listen [::]:80;
server_name www.meetoo.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.meetoo.com;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/www.meetoo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.meetoo.com/privkey.pem;
# Path to the root of your installation
root /home/www/tykayn/moiaussi_blog/;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php-handler;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

View File

@ -0,0 +1,174 @@
server {
listen 80;
listen [::]:80;
server_name peertube.cipherbliss.com;
access_log /var/log/nginx/peertube.cipherbliss.com.access.log;
error_log /var/log/nginx/peertube.cipherbliss.com.error.log;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/certbot;
}
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name peertube.cipherbliss.com;
# For cipherbliss with certbot (you need a certificate to run https)