From 63747796ff7b4a21c24ee996c70bd90659507c1f Mon Sep 17 00:00:00 2001 From: Matthew R Date: Tue, 15 Feb 2022 00:26:44 -0500 Subject: [PATCH] nginx cleanup --- .../Server Blocks/bin.libraryofcode.org.conf | 1 + Nginx/Server Blocks/board.ins.conf | 32 ------------------- .../certapi.libraryofcode.org.conf | 16 ---------- .../cloud.libraryofcode.org.conf | 1 + .../Server Blocks/comm.libraryofcode.org.conf | 16 ---------- .../confluence.libraryofcode.org.conf | 1 + .../content.libraryofcode.org.conf | 1 + Nginx/Server Blocks/cr.ins.conf | 14 -------- Nginx/Server Blocks/cshd.ins.conf | 16 ---------- Nginx/Server Blocks/data.ins.conf | 16 ---------- Nginx/Server Blocks/dns.ins.conf | 14 +------- .../docker.libraryofcode.org.conf | 16 ---------- .../drive.libraryofcode.org.conf | 16 ---------- .../Server Blocks/eds.libraryofcode.org.conf | 14 -------- Nginx/Server Blocks/firewall.ins.conf | 16 ---------- .../forms.libraryofcode.org.conf | 1 + .../gitlab.libraryofcode.org.conf | 6 ---- .../gocrypt.libraryofcode.org.conf | 1 + Nginx/Server Blocks/http-redirect.conf | 1 - .../Server Blocks/keys.libraryofcode.org.conf | 8 ++--- .../lists.libraryofcode.org.conf | 3 ++ Nginx/Server Blocks/loc.sh.conf | 14 -------- Nginx/Server Blocks/modmail.ins.conf | 16 ---------- Nginx/Server Blocks/pbx.ins.conf | 2 +- .../report.libraryofcode.org.conf | 2 -- Nginx/Server Blocks/s3.libraryofcode.org.conf | 7 ---- .../Server Blocks/sis.libraryofcode.org.conf | 19 ++--------- .../Server Blocks/skb.libraryofcode.org.conf | 17 +--------- .../staff.libraryofcode.org.conf | 17 ---------- .../static.libraryofcode.org.conf | 10 ------ .../Server Blocks/wiki.libraryofcode.org.conf | 17 +--------- Nginx/nginx.conf | 6 +++- Nginx/proxy.conf | 11 +++++++ 33 files changed, 35 insertions(+), 313 deletions(-) create mode 100644 Nginx/proxy.conf diff --git a/Nginx/Server Blocks/bin.libraryofcode.org.conf b/Nginx/Server Blocks/bin.libraryofcode.org.conf index 038350a..0ffe6a5 100644 --- a/Nginx/Server Blocks/bin.libraryofcode.org.conf +++ b/Nginx/Server Blocks/bin.libraryofcode.org.conf @@ -7,6 +7,7 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; root /var/binary; + location / { autoindex on; } diff --git a/Nginx/Server Blocks/board.ins.conf b/Nginx/Server Blocks/board.ins.conf index d88aad5..a4b7853 100644 --- a/Nginx/Server Blocks/board.ins.conf +++ b/Nginx/Server Blocks/board.ins.conf @@ -7,42 +7,10 @@ server { ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3121; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3121 https://board.ins; - } location /api { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3892; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3892 https://board.ins/api; - } } diff --git a/Nginx/Server Blocks/certapi.libraryofcode.org.conf b/Nginx/Server Blocks/certapi.libraryofcode.org.conf index 60ba00d..2c429eb 100644 --- a/Nginx/Server Blocks/certapi.libraryofcode.org.conf +++ b/Nginx/Server Blocks/certapi.libraryofcode.org.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3030; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3030 https://certapi.libraryofcode.org; - } } diff --git a/Nginx/Server Blocks/cloud.libraryofcode.org.conf b/Nginx/Server Blocks/cloud.libraryofcode.org.conf index 2b511eb..f503341 100644 --- a/Nginx/Server Blocks/cloud.libraryofcode.org.conf +++ b/Nginx/Server Blocks/cloud.libraryofcode.org.conf @@ -9,6 +9,7 @@ server { location / { return 307 $scheme://www.libraryofcode.org/; } + location ~ /(.*)$ { rewrite https://$1.cloud.libraryofcode.org temporary; } diff --git a/Nginx/Server Blocks/comm.libraryofcode.org.conf b/Nginx/Server Blocks/comm.libraryofcode.org.conf index 4e71fae..6bb8605 100644 --- a/Nginx/Server Blocks/comm.libraryofcode.org.conf +++ b/Nginx/Server Blocks/comm.libraryofcode.org.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3895; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3895 https://comm.libraryofcode.org; - } } diff --git a/Nginx/Server Blocks/confluence.libraryofcode.org.conf b/Nginx/Server Blocks/confluence.libraryofcode.org.conf index ebd6ea2..1fbbe46 100644 --- a/Nginx/Server Blocks/confluence.libraryofcode.org.conf +++ b/Nginx/Server Blocks/confluence.libraryofcode.org.conf @@ -9,6 +9,7 @@ server { location / { return 307 https://wiki.libraryofcode.org/; } + location /synchrony { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; diff --git a/Nginx/Server Blocks/content.libraryofcode.org.conf b/Nginx/Server Blocks/content.libraryofcode.org.conf index 0e8bb52..9d5fff5 100644 --- a/Nginx/Server Blocks/content.libraryofcode.org.conf +++ b/Nginx/Server Blocks/content.libraryofcode.org.conf @@ -11,6 +11,7 @@ server { location / { autoindex on; } + location /sec { autoindex on; auth_basic "Secure Area"; diff --git a/Nginx/Server Blocks/cr.ins.conf b/Nginx/Server Blocks/cr.ins.conf index bb087ef..24d2202 100644 --- a/Nginx/Server Blocks/cr.ins.conf +++ b/Nginx/Server Blocks/cr.ins.conf @@ -7,20 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://10.8.0.1:3891; - - proxy_read_timeout 90; - - proxy_redirect http://10.8.0.1:3891 https://cr.ins; - } } diff --git a/Nginx/Server Blocks/cshd.ins.conf b/Nginx/Server Blocks/cshd.ins.conf index aa1b02b..6fecbc3 100644 --- a/Nginx/Server Blocks/cshd.ins.conf +++ b/Nginx/Server Blocks/cshd.ins.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/cshd-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://10.8.0.1:5479; - - proxy_read_timeout 90; - - proxy_redirect http://10.8.0.1:5479 https://modmail.ins; - } } diff --git a/Nginx/Server Blocks/data.ins.conf b/Nginx/Server Blocks/data.ins.conf index 3032710..43397af 100644 --- a/Nginx/Server Blocks/data.ins.conf +++ b/Nginx/Server Blocks/data.ins.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/data-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://10.8.0.1:19999; - - proxy_read_timeout 90; - - proxy_redirect http://10.8.0.1:19999 https://data.ins; - } } diff --git a/Nginx/Server Blocks/dns.ins.conf b/Nginx/Server Blocks/dns.ins.conf index 9bed8aa..26a2019 100644 --- a/Nginx/Server Blocks/dns.ins.conf +++ b/Nginx/Server Blocks/dns.ins.conf @@ -8,22 +8,10 @@ server { index index.html index.htm index.php; root /opt/powerdns-admin; + access_log /var/log/nginx/powerdns-admin.local.access.log combined; error_log /var/log/nginx/powerdns-admin.local.error.log; - client_max_body_size 10m; - client_body_buffer_size 128k; - proxy_redirect off; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; - proxy_buffers 32 4k; - proxy_buffer_size 8k; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_headers_hash_bucket_size 64; - location ~ ^/static/ { include /etc/nginx/mime.types; root /opt/powerdns-admin/powerdnsadmin; diff --git a/Nginx/Server Blocks/docker.libraryofcode.org.conf b/Nginx/Server Blocks/docker.libraryofcode.org.conf index 25e1843..2b24f42 100644 --- a/Nginx/Server Blocks/docker.libraryofcode.org.conf +++ b/Nginx/Server Blocks/docker.libraryofcode.org.conf @@ -9,22 +9,6 @@ server { client_max_body_size 1G; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:5000; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:5000 https://docker.libraryofcode.org; - } } diff --git a/Nginx/Server Blocks/drive.libraryofcode.org.conf b/Nginx/Server Blocks/drive.libraryofcode.org.conf index 6d60d97..d13fc6f 100644 --- a/Nginx/Server Blocks/drive.libraryofcode.org.conf +++ b/Nginx/Server Blocks/drive.libraryofcode.org.conf @@ -9,22 +9,6 @@ server { client_max_body_size 1G; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:5608; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:5608 https://drive.libraryofcode.org; - } } diff --git a/Nginx/Server Blocks/eds.libraryofcode.org.conf b/Nginx/Server Blocks/eds.libraryofcode.org.conf index ef4fb40..df2a6f5 100644 --- a/Nginx/Server Blocks/eds.libraryofcode.org.conf +++ b/Nginx/Server Blocks/eds.libraryofcode.org.conf @@ -12,20 +12,6 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://eds-backend; - - proxy_read_timeout 90; - } } diff --git a/Nginx/Server Blocks/firewall.ins.conf b/Nginx/Server Blocks/firewall.ins.conf index a868e12..8c3aa37 100644 --- a/Nginx/Server Blocks/firewall.ins.conf +++ b/Nginx/Server Blocks/firewall.ins.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/firewall-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://192.168.56.1:80; - - proxy_read_timeout 90; - - proxy_redirect http://192.168.56.1:80 https://firewall.ins; - } } diff --git a/Nginx/Server Blocks/forms.libraryofcode.org.conf b/Nginx/Server Blocks/forms.libraryofcode.org.conf index c716596..dead835 100644 --- a/Nginx/Server Blocks/forms.libraryofcode.org.conf +++ b/Nginx/Server Blocks/forms.libraryofcode.org.conf @@ -7,6 +7,7 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; root /var/www/forms; + rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; try_files $uri.html $uri/ $uri =404; } diff --git a/Nginx/Server Blocks/gitlab.libraryofcode.org.conf b/Nginx/Server Blocks/gitlab.libraryofcode.org.conf index 36cf2f2..a28d808 100644 --- a/Nginx/Server Blocks/gitlab.libraryofcode.org.conf +++ b/Nginx/Server Blocks/gitlab.libraryofcode.org.conf @@ -42,12 +42,6 @@ server { # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired # resolver_timeout 5s; - ## [Optional] Generate a stronger DHE parameter: - ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 - ## - ssl_dhparam /etc/nginx/dhparam.pem; - ssl_ecdh_curve secp384r1; - ## Individual nginx logs for this GitLab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; diff --git a/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf b/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf index 1d3caba..1f744c5 100644 --- a/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf +++ b/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf @@ -8,6 +8,7 @@ server { root /var/www/gocryptdoc; index index.html; + location / { try_files $uri $uri/index.html =404; diff --git a/Nginx/Server Blocks/http-redirect.conf b/Nginx/Server Blocks/http-redirect.conf index f6b5076..0a41d02 100644 --- a/Nginx/Server Blocks/http-redirect.conf +++ b/Nginx/Server Blocks/http-redirect.conf @@ -1,5 +1,4 @@ server { - listen 80; listen [::]:80; diff --git a/Nginx/Server Blocks/keys.libraryofcode.org.conf b/Nginx/Server Blocks/keys.libraryofcode.org.conf index 55368c2..b0707bb 100644 --- a/Nginx/Server Blocks/keys.libraryofcode.org.conf +++ b/Nginx/Server Blocks/keys.libraryofcode.org.conf @@ -1,12 +1,12 @@ server { listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name keys.libraryofcode.org; + listen [::]:443 ssl http2;server_name keys.libraryofcode.org; + ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate_key /etc/nginx/ssl/org.key.pem; root /var/www/html/sks; + error_page 404 /404.html; location ~ (.git|LICENSE|readme.md) { @@ -15,7 +15,7 @@ server { } location /pks { - proxy_pass http://127.0.0.1:11371; + proxy_pass http://localhost:11371; proxy_pass_header Server; } diff --git a/Nginx/Server Blocks/lists.libraryofcode.org.conf b/Nginx/Server Blocks/lists.libraryofcode.org.conf index 6258817..a823fa7 100644 --- a/Nginx/Server Blocks/lists.libraryofcode.org.conf +++ b/Nginx/Server Blocks/lists.libraryofcode.org.conf @@ -11,6 +11,7 @@ server { location / { return 307 $scheme://lists.libraryofcode.org/cgi-bin/mailman/listinfo; } + location /cgi-bin/mailman { root /usr/lib/; fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; @@ -21,9 +22,11 @@ server { fastcgi_intercept_errors on; fastcgi_pass unix:/var/run/fcgiwrap.socket; } + location /images/mailman { alias /usr/share/images/mailman; } + location /pipermail { alias /var/lib/mailman/archives/public; autoindex on; diff --git a/Nginx/Server Blocks/loc.sh.conf b/Nginx/Server Blocks/loc.sh.conf index 8a4d36f..01c1ea1 100644 --- a/Nginx/Server Blocks/loc.sh.conf +++ b/Nginx/Server Blocks/loc.sh.conf @@ -7,21 +7,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:3890; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3890 https://loc.sh; - } } diff --git a/Nginx/Server Blocks/modmail.ins.conf b/Nginx/Server Blocks/modmail.ins.conf index 11be8c5..4a554e1 100644 --- a/Nginx/Server Blocks/modmail.ins.conf +++ b/Nginx/Server Blocks/modmail.ins.conf @@ -7,22 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://10.8.0.1:5478; - - proxy_read_timeout 90; - - proxy_redirect http://10.8.0.1:5478 https://modmail.ins; - } } diff --git a/Nginx/Server Blocks/pbx.ins.conf b/Nginx/Server Blocks/pbx.ins.conf index 80137d2..90c6c61 100644 --- a/Nginx/Server Blocks/pbx.ins.conf +++ b/Nginx/Server Blocks/pbx.ins.conf @@ -8,8 +8,8 @@ server { client_max_body_size 230M; client_body_timeout 1h; + root /var/www/html; - index index.html index.htm index.php; location / { diff --git a/Nginx/Server Blocks/report.libraryofcode.org.conf b/Nginx/Server Blocks/report.libraryofcode.org.conf index a040267..84018bb 100644 --- a/Nginx/Server Blocks/report.libraryofcode.org.conf +++ b/Nginx/Server Blocks/report.libraryofcode.org.conf @@ -11,8 +11,6 @@ server { location /assets { alias /var/www/report/assets/; - #root /var/www/report/assets; - #try_files /var/www/report/assets/$uri /var/www/report/assets/$uri/ =404; try_files $uri $uri/ =404; } } diff --git a/Nginx/Server Blocks/s3.libraryofcode.org.conf b/Nginx/Server Blocks/s3.libraryofcode.org.conf index 01a6c61..99f6a84 100644 --- a/Nginx/Server Blocks/s3.libraryofcode.org.conf +++ b/Nginx/Server Blocks/s3.libraryofcode.org.conf @@ -7,13 +7,6 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://localhost:9000; - proxy_read_timeout 90; - proxy_redirect http://localhost:9000 https://s3.libraryofcode.org; } } diff --git a/Nginx/Server Blocks/sis.libraryofcode.org.conf b/Nginx/Server Blocks/sis.libraryofcode.org.conf index dffd2e0..3baba9a 100644 --- a/Nginx/Server Blocks/sis.libraryofcode.org.conf +++ b/Nginx/Server Blocks/sis.libraryofcode.org.conf @@ -7,22 +7,7 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://localhost:6969; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:6969 https://sis.libraryofcode.org; - + #proxy_pass http://localhost:6969; + return 307 https://edu.libraryofcode.org/; } } diff --git a/Nginx/Server Blocks/skb.libraryofcode.org.conf b/Nginx/Server Blocks/skb.libraryofcode.org.conf index 527260b..1c70c5f 100644 --- a/Nginx/Server Blocks/skb.libraryofcode.org.conf +++ b/Nginx/Server Blocks/skb.libraryofcode.org.conf @@ -7,23 +7,8 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; client_max_body_size 1G; + location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3001; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3001 https://skb.libraryofcode.org; - } } diff --git a/Nginx/Server Blocks/staff.libraryofcode.org.conf b/Nginx/Server Blocks/staff.libraryofcode.org.conf index 39e2983..c861c9f 100644 --- a/Nginx/Server Blocks/staff.libraryofcode.org.conf +++ b/Nginx/Server Blocks/staff.libraryofcode.org.conf @@ -6,25 +6,8 @@ server { ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate_key /etc/nginx/ssl/org.key.pem; - ssl_session_cache builtin:1000 shared:SSL:10m; - #include /etc/nginx/error/502; - #include /etc/nginx/error/504; - #include /etc/nginx/error/500; - #include /etc/nginx/error/404; - #include /etc/nginx/error/429; - ssl_protocols TLSv1.2; - - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - ssl_prefer_server_ciphers on; - - ssl_stapling on; - ssl_stapling_verify on; - #limit_req zone=one burst=15; location / { - return 307 https://wiki.libraryofcode.org/en/cs-support; - } } diff --git a/Nginx/Server Blocks/static.libraryofcode.org.conf b/Nginx/Server Blocks/static.libraryofcode.org.conf index f74267f..faf4768 100644 --- a/Nginx/Server Blocks/static.libraryofcode.org.conf +++ b/Nginx/Server Blocks/static.libraryofcode.org.conf @@ -6,16 +6,6 @@ server { ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate_key /etc/nginx/ssl/org.key.pem; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1.2; - - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - ssl_prefer_server_ciphers on; - - ssl_stapling on; - ssl_stapling_verify on; - root /var/www/static; location / { autoindex on; diff --git a/Nginx/Server Blocks/wiki.libraryofcode.org.conf b/Nginx/Server Blocks/wiki.libraryofcode.org.conf index f122ec1..40d6f4f 100644 --- a/Nginx/Server Blocks/wiki.libraryofcode.org.conf +++ b/Nginx/Server Blocks/wiki.libraryofcode.org.conf @@ -7,23 +7,8 @@ server { ssl_certificate_key /etc/nginx/ssl/org.key.pem; client_max_body_size 1G; + location / { - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://localhost:3000; - - proxy_read_timeout 90; - - proxy_redirect http://localhost:3000 https://wiki.libraryofcode.org; - } } diff --git a/Nginx/nginx.conf b/Nginx/nginx.conf index c65a55e..84fdad4 100644 --- a/Nginx/nginx.conf +++ b/Nginx/nginx.conf @@ -24,6 +24,7 @@ http { server_tokens off; more_set_headers 'Server: LIBRARY OF CODE SP-US INTERNAL SVCS (nginx) [https://loc.sh/]'; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + resolver 1.1.1.1 63.141.252.133; # server_names_hash_bucket_size 64; # server_name_in_redirect off; @@ -38,12 +39,14 @@ http { ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_stapling on; - ssl_stapling_verify on; + #ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ecdh_curve X25519:prime256v1:secp384r1; + + ## # Logging Settings ## @@ -83,6 +86,7 @@ http { include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; include /etc/nginx/sites-custom/*; + include /etc/nginx/proxy.conf/; } diff --git a/Nginx/proxy.conf b/Nginx/proxy.conf new file mode 100644 index 0000000..765753e --- /dev/null +++ b/Nginx/proxy.conf @@ -0,0 +1,11 @@ +proxy_redirect default; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Frame-Options SAMEORIGIN; +client_max_body_size 200M; +proxy_connect_timeout 90; +proxy_send_timeout 90; +proxy_read_timeout 90; +proxy_buffers 32 4k;