engineering
/
configurations
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

additions or whateva

merge-requests/2/head
Matthew 2021-05-01 15:13:49 -04:00
parent f127dd6253
commit 6f4266f5b6
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
38 changed files with 855 additions and 1471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Nginx/Server Blocks/ats.libraryofcode.org.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ats.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
root /var/www/opencats;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param HTACCESS on;
proxy_read_timeout 800;
}
}

10
Nginx/Server Blocks/bin.libraryofcode.org.conf
View File

@ -6,16 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/binary;
location / {
autoindex on;

16
Nginx/Server Blocks/board.ins.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/board-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

16
Nginx/Server Blocks/certapi.libraryofcode.org.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

18
Nginx/Server Blocks/cloud.libraryofcode.org.conf
View File

@ -6,24 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 1G;
#limit_req zone=one burst=15;
location / {
return 307 $scheme://www.libraryofcode.org/;
}

16
Nginx/Server Blocks/comm.libraryofcode.org.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

16
Nginx/Server Blocks/confluence.libraryofcode.org.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

11
Nginx/Server Blocks/content.libraryofcode.org.conf
View File

@ -6,17 +6,8 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/content;
location / {
autoindex on;
}

16
Nginx/Server Blocks/crs.ins.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/cr-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

16
Nginx/Server Blocks/data.ins.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/data-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/data-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

10
Nginx/Server Blocks/directory.libraryofcode.org.conf
View File

@ -6,16 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/int;
index index.html;
}

5
Nginx/Server Blocks/dns.libraryofcode.org.conf
View File

@ -5,11 +5,6 @@ server {
ssl_certificate /etc/nginx/ssl/dns.chain.crt;
ssl_certificate_key /etc/nginx/ssl/dns.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
root /opt/powerdns-admin;

16
Nginx/Server Blocks/docker.libraryofcode.org.conf
View File

@ -6,22 +6,8 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 1G;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

16
Nginx/Server Blocks/drive.libraryofcode.org.conf
View File

@ -6,22 +6,8 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 1G;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

25
Nginx/Server Blocks/eds.libraryofcode.org.conf
View File

@ -1,3 +1,8 @@
upstream eds-backend {
server localhost:7101;
server node2.libraryofcode.org:7101 baackup;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
@ -6,22 +11,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;
@ -34,11 +23,9 @@ server {
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:7101;
proxy_pass http://eds-backend;
proxy_read_timeout 90;
proxy_redirect http://localhost:7101 https://eds.libraryofcode.org;
}
}

9
Nginx/Server Blocks/edu.libraryofcode.org.conf
View File

@ -6,15 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /opt/canvas/public;
charset utf-8;

16
Nginx/Server Blocks/firewall.ins.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/firewall-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/firewall-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

8
Nginx/Server Blocks/forms.libraryofcode.org.conf
View File

@ -1,16 +1,10 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name forms.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
root /var/www/forms;
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;

22
Nginx/Server Blocks/gocrypt.libraryofcode.org.conf
View File

@ -3,25 +3,11 @@ server {
listen [::]:443 ssl http2;
server_name gocrypt.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=5;
root /var/www/gocryptdoc;
index index.html;
root /var/www/gocryptdoc;
index index.html;
location / {
try_files $uri $uri/index.html =404;

4
Nginx/Server Blocks/http-redirect.conf
View File

@ -1,7 +1,7 @@
server {
listen 80;
listen 80;
return 301 https://$host$request_uri;
return 301 https://$host$request_uri;
}

13
Nginx/Server Blocks/keys.ins.conf Normal file
View File

@ -0,0 +1,13 @@
server {
listen 10.8.0.1:443 ssl http2;
#listen [::]:443 ssl http2;
server_name keys.ins;
ssl_certificate /etc/nginx/ssl/keys-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/keys-ins.key.pem;
root /var/www/keys;
location / {
autoindex on;
}
}

33
Nginx/Server Blocks/keys.libraryofcode.org.conf
View File

@ -1,23 +1,22 @@
server {
listen 10.8.0.1:443 ssl http2;
#listen [::]:443 ssl http2;
server_name keys.ins;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/keys-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/keys-ins.key.pem;
server_name keys.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
root /var/www/html/sks;
error_page 404 /404.html;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/keys;
location / {
autoindex on;
location ~ (.git|LICENSE|readme.md) {
deny all;
return 404;
}
location /pks {
proxy_pass http://127.0.0.1:11371;
proxy_pass_header Server;
}
}

508
Nginx/Server Blocks/libraryofcode.org.conf
View File

@ -1,507 +1,19 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name certificates.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:8080/;
proxy_read_timeout 90;
proxy_redirect https://localhost:8080 https://certificates.libraryofcode.org;
}
}
#server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name staff.libraryofcode.org;
# ssl_certificate /etc/nginx/ssl/staff.chain.crt;
#ssl_certificate_key /etc/nginx/ssl/staff.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
#ssl_prefer_server_ciphers on;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
# ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
# ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
# location / {
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_pass https://localhost:8082/;
#proxy_read_timeout 90;
#proxy_redirect https://localhost:8082 https://staff.libraryofcode.org;
# }
#}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name status.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8787;
proxy_read_timeout 90;
proxy_redirect http://localhost:8787 https://status.libraryofcode.org;
}
}
#server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name modmail.libraryofcode.org;
# ssl_certificate /etc/nginx/ssl/org.chain.crt;
#ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
# location / {
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_pass http://localhost:8001;
#proxy_read_timeout 90;
#proxy_redirect http://localhost:8001 https://modmail.libraryofcode.org;
# }
#}
#upstream zammad-railsserver {
# server 127.0.0.1:3001;
#}
#upstream zammad-websocket {
# server 127.0.0.1:6042;
#}
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
#
# # replace 'localhost' with your fqdn if you want to use zammad from remote
# server_name support.libraryofcode.org;
#
# root /opt/zammad/public;
# access_log /var/log/nginx/zammad.access.log;
# error_log /var/log/nginx/zammad.error.log;
#client_max_body_size 50M;
#ssl_certificate /etc/nginx/ssl/org.chain.crt;
#ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1.2;
#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
#ssl_prefer_server_ciphers on;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
# ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
# ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
# location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
# expires max;
# }
#location /ws {
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header CLIENT_IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_read_timeout 86400;
#proxy_pass http://zammad-websocket;
#}
#location / {
# proxy_set_header Host $http_host;
# proxy_set_header CLIENT_IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_read_timeout 300;
#proxy_pass http://zammad-railsserver;
#gzip on;
#gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
#gzip_proxied any;
#}
#}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vault.staff.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/vault.chain.crt;
ssl_certificate_key /etc/nginx/ssl/vault.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8200;
proxy_read_timeout 90;
proxy_redirect http://localhost:8200 https://vault.staff.libraryofcode.org;
}
}
#upstream gitlab-workhorse {
# server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
#}
## HTTPS host
server {
listen 0.0.0.0:443 ssl http2;
server_name gitlab.libraryofcode.us; ## Replace this with something like gitlab.example.com
root /opt/gitlab/embedded/service/gitlab-rails/public;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
# GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
## See app/controllers/application_controller.rb for headers set
## [Optional] Enable HTTP Strict Transport Security
## HSTS is a feature improving protection against MITM attacks
## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security "max-age=31536000; preload";
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 5s;
## [Optional] Generate a stronger DHE parameter:
## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
##
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
#if ($request_filename ~ /*){
# rewrite ^/$ https://loc.sh/discord redirect;
#}
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
# location / {
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_pass http://localhost:4567;
#proxy_read_timeout 90;
#proxy_redirect http://localhost:4567 https://www.libraryofcode.org;
# }
root /var/www/wordpress;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ecm.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://localhost:7150;
proxy_read_timeout 90;
proxy_redirect https://localhost:7150 https://ecm.libraryofcode.org;
}
}
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name ldap.libraryofcode.org;
# ssl_certificate /etc/nginx/ssl/org.chain.crt;
#ssl_certificate_key /etc/nginx/ssl/org.key.pem;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# ssl_dhparam /etc/nginx/dhparam.pem;
# ssl_ecdh_curve secp384r1;
#include /etc/ldap-account-manager/nginx.conf;
# location / {
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
#proxy_pass https://localhost:7150;
#proxy_read_timeout 90;
#proxy_redirect https://localhost:7150 https://ecm.libraryofcode.org;
#}
#}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name keys.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
root /var/www/html/sks;
error_page 404 /404.html;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
location ~ (.git|LICENSE|readme.md) {
deny all;
return 404;
}
location /pks {
proxy_pass http://127.0.0.1:11371;
proxy_pass_header Server;
}
root /var/www/wordpress;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}

32
Nginx/Server Blocks/lists.libraryofcode.org.conf
View File

@ -6,28 +6,12 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 1G;
#limit_req zone=one burst=15;
location / {
location / {
return 307 $scheme://lists.libraryofcode.org/cgi-bin/mailman/listinfo;
}
location /cgi-bin/mailman {
}
location /cgi-bin/mailman {
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
@ -36,12 +20,12 @@ location /cgi-bin/mailman {
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /images/mailman {
}
location /images/mailman {
alias /usr/share/images/mailman;
}
location /pipermail {
}
location /pipermail {
alias /var/lib/mailman/archives/public;
autoindex on;
}
}
}

17
Nginx/Server Blocks/loc.sh.conf
View File

@ -2,25 +2,10 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name loc.sh;
ssl_certificate /etc/letsencrypt/live/loc.sh-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

16
Nginx/Server Blocks/modmail.ins.conf
View File

@ -6,22 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/modmail-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

15
Nginx/Server Blocks/pbx.ins.conf
View File

@ -6,23 +6,8 @@ server {
ssl_certificate /etc/nginx/ssl/pbx-ins.chain.crt;
ssl_certificate_key /etc/nginx/ssl/pbx-ins.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 230M;
client_body_timeout 1h;
#limit_req zone=one burst=15;
root /var/www/html;
index index.html index.htm index.php;

10
Nginx/Server Blocks/report.libraryofcode.org.conf
View File

@ -6,16 +6,6 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/report;
index public/index.html;

15
Nginx/Server Blocks/wiki.libraryofcode.org.conf
View File

@ -6,22 +6,7 @@ server {
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 1G;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;

11
Nginx/nginx.conf
View File

@ -35,11 +35,14 @@ http {
# SSL Settings
##
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem
;ssl_ecdh_curve secp384r1;
ssl_ecdh_curve prime256v1:secp384r1;
##
# Logging Settings

104
Postfix/main.conf Normal file
View File

@ -0,0 +1,104 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Server Information
smtpd_banner = $myhostname Library of Code sp-us Staff Services | ESMTP (Debian/GNU)
myhostname = staff.libraryofcode.org
myorigin = /etc/mailname
mydestination = $myhostname, libraryofcode.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 63.141.252.130
mail_name = Library of Code sp-us | Staff Services
# Relay Settings
relayhost =
relay_domains = lists.libraryofcode.org
# MDA & Delivery
append_dot_mydomain = no
biff = no
mailbox_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 1073741824
transport_maps = hash:/etc/postfix/transport
mailbox_size_limit = 0
recipient_delimiter = +
# Authentication
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
# TLS parameters
smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt
smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# RESTRICTIONS
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination,
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
permit,
smtpd_sender_restrictions =
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated,
permit,
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
check_policy_service inet:127.0.0.1:10023,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,
permit,
# Local Aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
# Virtual Alises
smtpd_sender_login_maps = hash:/etc/postfix/virtual-mailbox-users
virtual_alias_maps = hash:/etc/postfix/virtual
# Network Settings & Milters
inet_interfaces = all
inet_protocols = all
milter_default_action = accept
milter_protocol = 6
smtpd_milters =
inet:localhost:8891,
local:/opendmarc/opendmarc.sock,
inet:localhost:8892
non_smtpd_milters = $smtpd_milters
# Misc
readme_directory = no
compatibility_level = 2
unknown_local_recipient_reject_code = 550
mailman_destination_recipient_limit = 1

227
Postfix/master.conf
View File

@ -1,98 +1,135 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o content_filter=spamassassin
-o syslog_name=postfix/smtp
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o cleanup_service_name=privclean
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtpd_banner = $myhostname Library of Code sp-us Staff Services | ESMTP (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt
smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
# RESTRICTIONS
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination,
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
permit,
smtpd_sender_restrictions =
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated,
permit,
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
check_policy_service inet:127.0.0.1:10023
permit,
myhostname = staff.libraryofcode.org
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
smtpd_sender_login_maps = hash:/etc/postfix/virtual-mailbox-users
myorigin = /etc/mailname
mydestination = $myhostname, libraryofcode.org, libraryofcode.us staff.libraryofcode.us, staff-libraryofcode.staff.libraryofcode.us, localhost.staff.libraryofcode.us, localhost, libraryofcode.us
relayhost =
relay_domains = lists.libraryofcode.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 63.141.252.130
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION" DEFAULT=/var/mail/$USER
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891, local:/opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters
mail_name = Library of Code sp-us | Staff Command
virtual_alias_maps = hash:/etc/postfix/virtual
#authorized_submit_users = !boss, !test, static:all
message_size_limit = 1073741824
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
mailman_destination_recipient_limit = 1
#local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp
privclean unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/outgoing_headers
-o nested_header_checks=

6
scripts/learnspam.py Normal file
View File

@ -0,0 +1,6 @@
import os
home_directories = os.listdir("/home")
for user in home_directories:
os.system("sa-learn --spam /home/%s/mail/Junk" % user)

8
scripts/nact.sh Normal file
View File

@ -0,0 +1,8 @@
# Activate Nginx Server Blocks
if [ $# -eq 0 ]; then
echo "No arguments provided"
exit 1
fi
sudo ln -s /etc/nginx/sites-available/$1.conf /etc/nginx/sites-enabled/$1.conf