nginx cleanup

merge-requests/2/head
Matthew 2022-02-15 00:26:44 -05:00
parent 01783c9cb2
commit 63747796ff
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
33 changed files with 35 additions and 313 deletions

View File

@ -7,6 +7,7 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
root /var/binary; root /var/binary;
location / { location / {
autoindex on; autoindex on;
} }

View File

@ -7,42 +7,10 @@ server {
ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3121; proxy_pass http://localhost:3121;
proxy_read_timeout 90;
proxy_redirect http://localhost:3121 https://board.ins;
} }
location /api { location /api {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3892; proxy_pass http://localhost:3892;
proxy_read_timeout 90;
proxy_redirect http://localhost:3892 https://board.ins/api;
} }
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3030; proxy_pass http://localhost:3030;
proxy_read_timeout 90;
proxy_redirect http://localhost:3030 https://certapi.libraryofcode.org;
} }
} }

View File

@ -9,6 +9,7 @@ server {
location / { location / {
return 307 $scheme://www.libraryofcode.org/; return 307 $scheme://www.libraryofcode.org/;
} }
location ~ /(.*)$ { location ~ /(.*)$ {
rewrite https://$1.cloud.libraryofcode.org temporary; rewrite https://$1.cloud.libraryofcode.org temporary;
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3895; proxy_pass http://localhost:3895;
proxy_read_timeout 90;
proxy_redirect http://localhost:3895 https://comm.libraryofcode.org;
} }
} }

View File

@ -9,6 +9,7 @@ server {
location / { location / {
return 307 https://wiki.libraryofcode.org/; return 307 https://wiki.libraryofcode.org/;
} }
location /synchrony { location /synchrony {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Server $host;

View File

@ -11,6 +11,7 @@ server {
location / { location / {
autoindex on; autoindex on;
} }
location /sec { location /sec {
autoindex on; autoindex on;
auth_basic "Secure Area"; auth_basic "Secure Area";

View File

@ -7,20 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.8.0.1:3891; proxy_pass http://10.8.0.1:3891;
proxy_read_timeout 90;
proxy_redirect http://10.8.0.1:3891 https://cr.ins;
} }
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/cshd-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/cshd-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.8.0.1:5479; proxy_pass http://10.8.0.1:5479;
proxy_read_timeout 90;
proxy_redirect http://10.8.0.1:5479 https://modmail.ins;
} }
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/data-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/data-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.8.0.1:19999; proxy_pass http://10.8.0.1:19999;
proxy_read_timeout 90;
proxy_redirect http://10.8.0.1:19999 https://data.ins;
} }
} }

View File

@ -8,22 +8,10 @@ server {
index index.html index.htm index.php; index index.html index.htm index.php;
root /opt/powerdns-admin; root /opt/powerdns-admin;
access_log /var/log/nginx/powerdns-admin.local.access.log combined; access_log /var/log/nginx/powerdns-admin.local.access.log combined;
error_log /var/log/nginx/powerdns-admin.local.error.log; error_log /var/log/nginx/powerdns-admin.local.error.log;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_buffer_size 8k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_headers_hash_bucket_size 64;
location ~ ^/static/ { location ~ ^/static/ {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
root /opt/powerdns-admin/powerdnsadmin; root /opt/powerdns-admin/powerdnsadmin;

View File

@ -9,22 +9,6 @@ server {
client_max_body_size 1G; client_max_body_size 1G;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:5000; proxy_pass http://localhost:5000;
proxy_read_timeout 90;
proxy_redirect http://localhost:5000 https://docker.libraryofcode.org;
} }
} }

View File

@ -9,22 +9,6 @@ server {
client_max_body_size 1G; client_max_body_size 1G;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:5608; proxy_pass http://localhost:5608;
proxy_read_timeout 90;
proxy_redirect http://localhost:5608 https://drive.libraryofcode.org;
} }
} }

View File

@ -12,20 +12,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://eds-backend; proxy_pass http://eds-backend;
proxy_read_timeout 90;
} }
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/firewall-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/firewall-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://192.168.56.1:80; proxy_pass http://192.168.56.1:80;
proxy_read_timeout 90;
proxy_redirect http://192.168.56.1:80 https://firewall.ins;
} }
} }

View File

@ -7,6 +7,7 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
root /var/www/forms; root /var/www/forms;
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
try_files $uri.html $uri/ $uri =404; try_files $uri.html $uri/ $uri =404;
} }

View File

@ -42,12 +42,6 @@ server {
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 5s; # resolver_timeout 5s;
## [Optional] Generate a stronger DHE parameter:
## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
##
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
## Individual nginx logs for this GitLab vhost ## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log; access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log; error_log /var/log/nginx/gitlab_error.log;

View File

@ -8,6 +8,7 @@ server {
root /var/www/gocryptdoc; root /var/www/gocryptdoc;
index index.html; index index.html;
location / { location / {
try_files $uri $uri/index.html =404; try_files $uri $uri/index.html =404;

View File

@ -1,5 +1,4 @@
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;

View File

@ -1,12 +1,12 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;server_name keys.libraryofcode.org;
server_name keys.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
root /var/www/html/sks; root /var/www/html/sks;
error_page 404 /404.html; error_page 404 /404.html;
location ~ (.git|LICENSE|readme.md) { location ~ (.git|LICENSE|readme.md) {
@ -15,7 +15,7 @@ server {
} }
location /pks { location /pks {
proxy_pass http://127.0.0.1:11371; proxy_pass http://localhost:11371;
proxy_pass_header Server; proxy_pass_header Server;
} }

View File

@ -11,6 +11,7 @@ server {
location / { location / {
return 307 $scheme://lists.libraryofcode.org/cgi-bin/mailman/listinfo; return 307 $scheme://lists.libraryofcode.org/cgi-bin/mailman/listinfo;
} }
location /cgi-bin/mailman { location /cgi-bin/mailman {
root /usr/lib/; root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
@ -21,9 +22,11 @@ server {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_pass unix:/var/run/fcgiwrap.socket;
} }
location /images/mailman { location /images/mailman {
alias /usr/share/images/mailman; alias /usr/share/images/mailman;
} }
location /pipermail { location /pipermail {
alias /var/lib/mailman/archives/public; alias /var/lib/mailman/archives/public;
autoindex on; autoindex on;

View File

@ -7,21 +7,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3890; proxy_pass http://localhost:3890;
proxy_read_timeout 90;
proxy_redirect http://localhost:3890 https://loc.sh;
} }
} }

View File

@ -7,22 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem; ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.8.0.1:5478; proxy_pass http://10.8.0.1:5478;
proxy_read_timeout 90;
proxy_redirect http://10.8.0.1:5478 https://modmail.ins;
} }
} }

View File

@ -8,8 +8,8 @@ server {
client_max_body_size 230M; client_max_body_size 230M;
client_body_timeout 1h; client_body_timeout 1h;
root /var/www/html;
root /var/www/html;
index index.html index.htm index.php; index index.html index.htm index.php;
location / { location / {

View File

@ -11,8 +11,6 @@ server {
location /assets { location /assets {
alias /var/www/report/assets/; alias /var/www/report/assets/;
#root /var/www/report/assets;
#try_files /var/www/report/assets/$uri /var/www/report/assets/$uri/ =404;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
} }

View File

@ -7,13 +7,6 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:9000; proxy_pass http://localhost:9000;
proxy_read_timeout 90;
proxy_redirect http://localhost:9000 https://s3.libraryofcode.org;
} }
} }

View File

@ -7,22 +7,7 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
location / { location / {
#proxy_pass http://localhost:6969;
proxy_set_header Host $host; return 307 https://edu.libraryofcode.org/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:6969;
proxy_read_timeout 90;
proxy_redirect http://localhost:6969 https://sis.libraryofcode.org;
} }
} }

View File

@ -7,23 +7,8 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
client_max_body_size 1G; client_max_body_size 1G;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3001; proxy_pass http://localhost:3001;
proxy_read_timeout 90;
proxy_redirect http://localhost:3001 https://skb.libraryofcode.org;
} }
} }

View File

@ -6,25 +6,8 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15; #limit_req zone=one burst=15;
location / { location / {
return 307 https://wiki.libraryofcode.org/en/cs-support; return 307 https://wiki.libraryofcode.org/en/cs-support;
} }
} }

View File

@ -6,16 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/static; root /var/www/static;
location / { location / {
autoindex on; autoindex on;

View File

@ -7,23 +7,8 @@ server {
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
client_max_body_size 1G; client_max_body_size 1G;
location / { location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://wiki.libraryofcode.org;
} }
} }

View File

@ -24,6 +24,7 @@ http {
server_tokens off; server_tokens off;
more_set_headers 'Server: LIBRARY OF CODE SP-US INTERNAL SVCS (nginx) [https://loc.sh/]'; more_set_headers 'Server: LIBRARY OF CODE SP-US INTERNAL SVCS (nginx) [https://loc.sh/]';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
resolver 1.1.1.1 63.141.252.133;
# server_names_hash_bucket_size 64; # server_names_hash_bucket_size 64;
# server_name_in_redirect off; # server_name_in_redirect off;
@ -38,12 +39,14 @@ http {
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; #ssl_stapling_verify on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem; ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve X25519:prime256v1:secp384r1; ssl_ecdh_curve X25519:prime256v1:secp384r1;
## ##
# Logging Settings # Logging Settings
## ##
@ -83,6 +86,7 @@ http {
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; include /etc/nginx/sites-enabled/*;
include /etc/nginx/sites-custom/*; include /etc/nginx/sites-custom/*;
include /etc/nginx/proxy.conf/;
} }

11
Nginx/proxy.conf Normal file
View File

@ -0,0 +1,11 @@
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
client_max_body_size 200M;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;