engineering
/
configurations
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add various scripts

merge-requests/1/merge
Matthew 2021-04-03 02:37:14 -04:00
parent 4aa612a2b6
commit 9dc0820f23
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
18 changed files with 835 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Asterisk/README.md
View File

@ -1,13 +1,13 @@
# Asterisk # Asterisk
*PBX - Private Branch Exchange* *PBX - Private Branch Exchange*
## Accounts ## Accounts
- root - root
- asterisk - asterisk
## Protocols ## Protocols
- PJSIP [5060-UDP] - PJSIP [5060-UDP]
- PJSIP over TLS [5061-UDP] - PJSIP over TLS [5061-UDP]
- SIP [5160-UDP] - SIP [5160-UDP]
- SIP over TLS [5161-UDP] - SIP over TLS [5161-UDP]
- IAX2 [4569-UDP] - IAX2 [4569-UDP]

30
Dovecot/README.md
View File

@ -1,15 +1,15 @@
# Dovecot # Dovecot
*MDA - Mail Delivery Agent* *MDA - Mail Delivery Agent*
## Accounts ## Accounts
- root - root
- dovecot - dovecot
- dovenull - dovenull
- mail - mail
## Protocols ## Protocols
- IMAP [143-TCP] - IMAP [143-TCP]
- IMAPS [993-TCP] - IMAPS [993-TCP]
## Locations ## Locations
- `/etc/dovecot`: Configuration directory - `/etc/dovecot`: Configuration directory

204
Dovecot/dovecot.conf
View File

@ -1,102 +1,102 @@
## Dovecot configuration file ## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it # "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list. # instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces # '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the # and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace " # value inside quotes, eg.: key = "# char and trailing whitespace "
# Most (but not all) settings can be overridden by different protocols and/or # Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example: # source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment # Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {}) # those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples. # or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure # Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr # options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var # --sysconfdir=/etc --localstatedir=/var
# Enable installed protocols # Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol !include_try /usr/share/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections. # A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex, # If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf. # edit conf.d/master.conf.
#listen = *, :: #listen = *, ::
# Base directory where to store runtime data. # Base directory where to store runtime data.
#base_dir = /var/run/dovecot/ #base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands # Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative # can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes # to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output. # in ps output.
#instance_name = dovecot #instance_name = dovecot
# Greeting message for clients. # Greeting message for clients.
#login_greeting = Dovecot ready. #login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these # Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and # IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for # for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here. # these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks = #login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap) # Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = #login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination # proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP. # IP is e.g. a load balancer's IP.
#auth_proxy_self = #auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and # Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes # IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts). # (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no #verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down. # Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without # Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be # forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix). # a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes #shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server, # If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process. # instead of running them directly in the same process.
#doveadm_worker_count = 0 #doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server # UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server #doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot # Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give # startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings. # key=value pairs to always set specific settings.
#import_environment = TZ #import_environment = TZ
## ##
## Dictionary server settings ## Dictionary server settings
## ##
# Dictionary can be used to store key=value lists. This is used by several # Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a # plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs # dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format # when the server is used. These can then be referenced using URIs in format
# "proxy::<name>". # "proxy::<name>".
dict { dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
} }
# Most of the actual configuration gets included below. The filenames are # Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes # first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering. # in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf !include conf.d/*.conf
# A config file can also tried to be included without giving an error if # A config file can also tried to be included without giving an error if
# it's not found: # it's not found:
!include_try local.conf !include_try local.conf

5
Makefile Normal file
View File

@ -0,0 +1,5 @@
nginx_server_blocks := $(shell ./scripts/listnginxserverblocks.sh)
# Formats Nginx configuration files
nginxfmt:
./scripts/nginxfmt.py ${nginx_server_blocks}

30
Nginx/README.md
View File

@ -1,15 +1,15 @@
# Nginx # Nginx
*HTTP/SMTP/IMAP/POP3 Proxy Server* *HTTP/SMTP/IMAP/POP3 Proxy Server*
## Accounts ## Accounts
- root - root
- www-data - www-data
## Protocols ## Protocols
- HTTP [80-TCP] - HTTP [80-TCP]
- HTTPS [443-TCP] - HTTPS [443-TCP]
## Locations ## Locations
- `/etc/nginx` - Configuration directory - `/etc/nginx` - Configuration directory

18
Nginx/Server Blocks/auth.libraryofcode.org.conf
View File

@ -18,21 +18,21 @@ server {
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:8200; proxy_pass http://localhost:8200;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:8200 https://auth.libraryofcode.org; proxy_redirect http://localhost:8200 https://auth.libraryofcode.org;
} }
} }

30
Nginx/Server Blocks/bin.libraryofcode.org.conf
View File

@ -1,23 +1,23 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name bin.libraryofcode.org; server_name bin.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
root /var/binary; root /var/binary;
location / { location / {
autoindex on; autoindex on;
} }
} }

36
Nginx/Server Blocks/board.ins.conf
View File

@ -24,41 +24,41 @@ server {
#limit_req zone=one burst=15; #limit_req zone=one burst=15;
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3121; proxy_pass http://localhost:3121;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:3121 https://board.ins; proxy_redirect http://localhost:3121 https://board.ins;
} }
location /api { location /api {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3892; proxy_pass http://localhost:3892;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:3892 https://board.ins/api; proxy_redirect http://localhost:3892 https://board.ins/api;
} }
} }

18
Nginx/Server Blocks/certapi.libraryofcode.org.conf
View File

@ -24,21 +24,21 @@ server {
#limit_req zone=one burst=15; #limit_req zone=one burst=15;
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3030; proxy_pass http://localhost:3030;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://localhost:3030 https://certapi.libraryofcode.org; proxy_redirect http://localhost:3030 https://certapi.libraryofcode.org;
} }
} }

4
Nginx/Server Blocks/cloud.libraryofcode.org.conf
View File

@ -25,9 +25,9 @@ server {
location / { location / {
return 307 $scheme://www.libraryofcode.org/; return 307 $scheme://www.libraryofcode.org/;
} }
location ~ /(.*)$ { location ~ /(.*)$ {
rewrite https://$1.cloud.libraryofcode.org temporary; rewrite https://$1.cloud.libraryofcode.org temporary;
} }
} }

44
Nginx/Server Blocks/comm.libraryofcode.org.conf Normal file
View File

@ -0,0 +1,44 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name comm.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:3895;
proxy_read_timeout 90;
proxy_redirect http://localhost:3895 https://comm.libraryofcode.org;
}
}

51
Nginx/Server Blocks/confluence.libraryofcode.org.conf Normal file
View File

@ -0,0 +1,51 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name confluence.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
#include /etc/nginx/error/502;
#include /etc/nginx/error/504;
#include /etc/nginx/error/500;
#include /etc/nginx/error/404;
#include /etc/nginx/error/429;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
#limit_req zone=one burst=15;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3022;
proxy_read_timeout 90;
proxy_redirect http://localhost:3022 https://confluence.libraryofcode.org;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

28
Nginx/Server Blocks/content.libraryofcode.org.conf Normal file
View File

@ -0,0 +1,28 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name content.libraryofcode.org;
ssl_certificate /etc/nginx/ssl/org.chain.crt;
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
root /var/www/content;
location / {
autoindex on;
}
location /sec {
autoindex on;
auth_basic "Secure Area";
auth_basic_user_file /etc/nginx/htpasswd;
}
}

196
Nginx/nginx.conf
View File

@ -1,98 +1,98 @@
# Main Nginx Configuration File # Main Nginx Configuration File
user www-data; user www-data;
worker_processes auto; worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
worker_connections 768; worker_connections 768;
# multi_accept on; # multi_accept on;
} }
http { http {
## ##
# Basic Settings # Basic Settings
## ##
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
server_tokens off; server_tokens off;
more_set_headers 'Server: Library of Code Staff Command (https://www.libraryofcode.org)'; more_set_headers 'Server: Library of Code Staff Command (https://www.libraryofcode.org)';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# server_names_hash_bucket_size 64; # server_names_hash_bucket_size 64;
# server_name_in_redirect off; # server_name_in_redirect off;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
## ##
# SSL Settings # SSL Settings
## ##
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_dhparam /etc/nginx/dhparam.pem ssl_dhparam /etc/nginx/dhparam.pem
;ssl_ecdh_curve secp384r1; ;ssl_ecdh_curve secp384r1;
## ##
# Logging Settings # Logging Settings
## ##
#access_log /var/log/nginx/access.log; #access_log /var/log/nginx/access.log;
#error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log;
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" ' 'rt=$request_time ' 'ua="$upstream_addr" us="$upstream_status" ' 'ut="$upstream_response_time" ul="$upstream_response_length" ' 'cs=$upstream_cache_status' ; log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" ' 'rt=$request_time ' 'ua="$upstream_addr" us="$upstream_status" ' 'ut="$upstream_response_time" ul="$upstream_response_length" ' 'cs=$upstream_cache_status' ;
access_log /var/log/nginx/access.log main_ext; access_log /var/log/nginx/access.log main_ext;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
## ##
# Gzip Settings # Gzip Settings
## ##
gzip on; gzip on;
gzip_disable "msie6"; gzip_disable "msie6";
# gzip_vary on; # gzip_vary on;
# gzip_proxied any; # gzip_proxied any;
# gzip_comp_level 6; # gzip_comp_level 6;
# gzip_buffers 16 8k; # gzip_buffers 16 8k;
# gzip_http_version 1.1; # gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
## ##
# Virtual Host Configs # Virtual Host Configs
## ##
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; include /etc/nginx/sites-enabled/*;
} }
#mail { #mail {
# # See sample authentication script at: # # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# #
# # auth_http localhost/auth.php; # # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER"; # # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # imap_capabilities "IMAP4rev1" "UIDPLUS";
# #
# server { # server {
# listen localhost:110; # listen localhost:110;
# protocol pop3; # protocol pop3;
# proxy on; # proxy on;
# } # }
# #
# server { # server {
# listen localhost:143; # listen localhost:143;
# protocol imap; # protocol imap;
# proxy on; # proxy on;
# } # }
#} #}

30
Postfix/README.md
View File

@ -1,15 +1,15 @@
# Postfix # Postfix
*MTA - Mail Transfer Agent* *MTA - Mail Transfer Agent*
## Accounts ## Accounts
- root - root
- postfix - postfix
## Protocols ## Protocols
- SMTP (MTA <-> MTA) [25-TCP] - SMTP (MTA <-> MTA) [25-TCP]
- SMTP (MUA <-> MTA) [587-TCP] - SMTP (MUA <-> MTA) [587-TCP]
- SMTPS (MUA <-> MTA) [467-TCP] - SMTPS (MUA <-> MTA) [467-TCP]
## Locations ## Locations
- `/etc/postfix` - Configuration directory - `/etc/postfix` - Configuration directory

196
Postfix/master.conf
View File

@ -1,98 +1,98 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first # Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default # line of that file to be used as the name. The Debian default
# is /etc/mailname. # is /etc/mailname.
#myorigin = /etc/mailname #myorigin = /etc/mailname
smtpd_banner = $myhostname Library of Code sp-us Staff Services | ESMTP (Debian/GNU) smtpd_banner = $myhostname Library of Code sp-us Staff Services | ESMTP (Debian/GNU)
biff = no biff = no
# appending .domain is the MUA's job. # appending .domain is the MUA's job.
append_dot_mydomain = no append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings # Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h #delay_warning_time = 4h
readme_directory = no readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs. # fresh installs.
compatibility_level = 2 compatibility_level = 2
# TLS parameters # TLS parameters
smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt
smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem
smtpd_use_tls=yes smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may smtp_tls_security_level = may
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client. # information on enabling SSL in the smtp client.
# RESTRICTIONS # RESTRICTIONS
smtpd_relay_restrictions = smtpd_relay_restrictions =
permit_mynetworks, permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
defer_unauth_destination, defer_unauth_destination,
smtpd_helo_restrictions = smtpd_helo_restrictions =
permit_mynetworks, permit_mynetworks,
reject_non_fqdn_helo_hostname, reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname, reject_invalid_helo_hostname,
reject_unknown_helo_hostname, reject_unknown_helo_hostname,
permit, permit,
smtpd_sender_restrictions = smtpd_sender_restrictions =
reject_unknown_sender_domain, reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname, reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname, reject_unknown_client_hostname,
reject_sender_login_mismatch, reject_sender_login_mismatch,
permit_mynetworks, permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
permit, permit,
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
reject_unauth_pipelining, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unknown_recipient_domain,
permit_mynetworks, permit_mynetworks,
check_policy_service inet:127.0.0.1:10023 check_policy_service inet:127.0.0.1:10023
permit, permit,
myhostname = staff.libraryofcode.org myhostname = staff.libraryofcode.org
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
smtpd_sender_login_maps = hash:/etc/postfix/virtual-mailbox-users smtpd_sender_login_maps = hash:/etc/postfix/virtual-mailbox-users
myorigin = /etc/mailname myorigin = /etc/mailname
mydestination = $myhostname, libraryofcode.org, libraryofcode.us staff.libraryofcode.us, staff-libraryofcode.staff.libraryofcode.us, localhost.staff.libraryofcode.us, localhost, libraryofcode.us mydestination = $myhostname, libraryofcode.org, libraryofcode.us staff.libraryofcode.us, staff-libraryofcode.staff.libraryofcode.us, localhost.staff.libraryofcode.us, localhost, libraryofcode.us
relayhost = relayhost =
relay_domains = lists.libraryofcode.org relay_domains = lists.libraryofcode.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 63.141.252.130 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 63.141.252.130
mailbox_size_limit = 0 mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION" DEFAULT=/var/mail/$USER mailbox_command = procmail -a "$EXTENSION" DEFAULT=/var/mail/$USER
recipient_delimiter = + recipient_delimiter = +
inet_interfaces = all inet_interfaces = all
inet_protocols = all inet_protocols = all
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
milter_default_action = accept milter_default_action = accept
milter_protocol = 6 milter_protocol = 6
smtpd_milters = inet:localhost:8891, local:/opendmarc/opendmarc.sock smtpd_milters = inet:localhost:8891, local:/opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters non_smtpd_milters = $smtpd_milters
mail_name = Library of Code sp-us | Staff Command mail_name = Library of Code sp-us | Staff Command
virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual
#authorized_submit_users = !boss, !test, static:all #authorized_submit_users = !boss, !test, static:all
message_size_limit = 1073741824 message_size_limit = 1073741824
transport_maps = hash:/etc/postfix/transport transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
mailman_destination_recipient_limit = 1 mailman_destination_recipient_limit = 1
#local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp #local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp

27
scripts/listnginxserverblocks.sh Normal file
View File

@ -0,0 +1,27 @@
#This is free and unencumbered software released into the public domain.
#Anyone is free to copy, modify, publish, use, compile, sell, or
#distribute this software, either in source code form or as a compiled
#binary, for any purpose, commercial or non-commercial, and by any
#means.
#In jurisdictions that recognize copyright laws, the author or authors
#of this software dedicate any and all copyright interest in the
#software to the public domain. We make this dedication for the benefit
#of the public at large and to the detriment of our heirs and
#successors. We intend this dedication to be an overt act of
#relinquishment in perpetuity of all present and future rights to this
#software under copyright law.
#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
#EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
#IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
#OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
#ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
#OTHER DEALINGS IN THE SOFTWARE.
#For more information, please refer to <http://unlicense.org/>
find "Nginx/Server Blocks" -type f -name "*" | awk '{ print "\""$0"\""}'

271
scripts/nginxfmt.py Normal file
View File

@ -0,0 +1,271 @@
#!/usr/bin/env python3
"""
Copyright 2016 Michał Słomkowski
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
"""This Python script formats nginx configuration files in consistent way.
Originally published under https://github.com/1connect/nginx-config-formatter
"""
import argparse
import codecs
import re
__author__ = "Michał Słomkowski"
__license__ = "Apache 2.0"
__version__ = "1.0.2"
INDENTATION = ' ' * 4
TEMPLATE_VARIABLE_OPENING_TAG = '___TEMPLATE_VARIABLE_OPENING_TAG___'
TEMPLATE_VARIABLE_CLOSING_TAG = '___TEMPLATE_VARIABLE_CLOSING_TAG___'
TEMPLATE_BRACKET_OPENING_TAG = '___TEMPLATE_BRACKET_OPENING_TAG___'
TEMPLATE_BRACKET_CLOSING_TAG = '___TEMPLATE_BRACKET_CLOSING_TAG___'
def strip_line(single_line):
"""Strips the line and replaces neighbouring whitespaces with single space (except when within quotation marks)."""
single_line = single_line.strip()
if single_line.startswith('#'):
return single_line
within_quotes = False
parts = []
for part in re.split('"', single_line):
if within_quotes:
parts.append(part)
else:
parts.append(re.sub(r'[\s]+', ' ', part))
within_quotes = not within_quotes
return '"'.join(parts)
def count_multi_semicolon(single_line):
"""count multi_semicolon (except when within quotation marks)."""
single_line = single_line.strip()
if single_line.startswith('#'):
return 0, 0
within_quotes = False
q = 0
c = 0
for part in re.split('"', single_line):
if within_quotes:
q = 1
else:
c += part.count(';')
within_quotes = not within_quotes
return q, c
def multi_semicolon(single_line):
"""break multi_semicolon into multiline (except when within quotation marks)."""
single_line = single_line.strip()
if single_line.startswith('#'):
return single_line
within_quotes = False
parts = []
for part in re.split('"', single_line):
if within_quotes:
parts.append(part)
else:
parts.append(part.replace(";", ";\n"))
within_quotes = not within_quotes
return '"'.join(parts)
def apply_variable_template_tags(line: str) -> str:
"""Replaces variable indicators ${ and } with tags, so subsequent formatting is easier."""
return re.sub(r'\${\s*(\w+)\s*}',
TEMPLATE_VARIABLE_OPENING_TAG + r"\1" + TEMPLATE_VARIABLE_CLOSING_TAG,
line,
flags=re.UNICODE)
def strip_variable_template_tags(line: str) -> str:
"""Replaces tags back with ${ and } respectively."""
return re.sub(TEMPLATE_VARIABLE_OPENING_TAG + r'\s*(\w+)\s*' + TEMPLATE_VARIABLE_CLOSING_TAG,
r'${\1}',
line,
flags=re.UNICODE)
def apply_bracket_template_tags(content: str) -> str:
""" Replaces bracket { and } with tags, so subsequent formatting is easier."""
result = ""
in_quotes = False
last_c = ""
for c in content:
if (c == "\'" or c == "\"") and last_c != "\\":
in_quotes = reverse_in_quotes_status(in_quotes)
if in_quotes:
if c == "{":
result += TEMPLATE_BRACKET_OPENING_TAG
elif c == "}":
result += TEMPLATE_BRACKET_CLOSING_TAG
else:
result += c
else:
result += c
last_c = c
return result
def reverse_in_quotes_status(status: bool) -> bool:
if status:
return False
return True
def strip_bracket_template_tags(content: str) -> str:
""" Replaces tags back with { and } respectively."""
content = content.replace(TEMPLATE_BRACKET_OPENING_TAG, "{", -1)
content = content.replace(TEMPLATE_BRACKET_CLOSING_TAG, "}", -1)
return content
def clean_lines(orig_lines) -> list:
"""Strips the lines and splits them if they contain curly brackets."""
cleaned_lines = []
for line in orig_lines:
line = strip_line(line)
line = apply_variable_template_tags(line)
if line == "":
cleaned_lines.append("")
continue
else:
if line.startswith("#"):
cleaned_lines.append(strip_variable_template_tags(line))
else:
q, c = count_multi_semicolon(line)
if q == 1 and c > 1:
ml = multi_semicolon(line)
cleaned_lines.extend(clean_lines(ml.splitlines()))
elif q != 1 and c > 1:
newlines = line.split(";")
cleaned_lines.extend(clean_lines(["".join([ln, ";"]) for ln in newlines if ln != ""]))
else:
if line.startswith("rewrite"):
cleaned_lines.append(strip_variable_template_tags(line))
else:
cleaned_lines.extend(
[strip_variable_template_tags(l).strip() for l in re.split(r"([{}])", line) if l != ""])
return cleaned_lines
def join_opening_bracket(lines):
"""When opening curly bracket is in it's own line (K&R convention), it's joined with precluding line (Java)."""
modified_lines = []
for i in range(len(lines)):
if i > 0 and lines[i] == "{":
modified_lines[-1] += " {"
else:
modified_lines.append(lines[i])
return modified_lines
def perform_indentation(lines):
"""Indents the lines according to their nesting level determined by curly brackets."""
indented_lines = []
current_indent = 0
for line in lines:
if not line.startswith("#") and line.endswith('}') and current_indent > 0:
current_indent -= 1
if line != "":
indented_lines.append(current_indent * INDENTATION + line)
else:
indented_lines.append("")
if not line.startswith("#") and line.endswith('{'):
current_indent += 1
return indented_lines
def format_config_contents(contents):
"""Accepts the string containing nginx configuration and returns formatted one. Adds newline at the end."""
contents = apply_bracket_template_tags(contents)
lines = contents.splitlines()
lines = clean_lines(lines)
lines = join_opening_bracket(lines)
lines = perform_indentation(lines)
text = '\n'.join(lines)
text = strip_bracket_template_tags(text)
for pattern, substitute in ((r'\n{3,}', '\n\n\n'), (r'^\n', ''), (r'\n$', '')):
text = re.sub(pattern, substitute, text, re.MULTILINE)
return text + '\n'
def format_config_file(file_path, original_backup_file_path=None, verbose=True):
"""
Performs the formatting on the given file. The function tries to detect file encoding first.
:param file_path: path to original nginx configuration file. This file will be overridden.
:param original_backup_file_path: optional path, where original file will be backed up.
:param verbose: show messages
"""
encodings = ('utf-8', 'latin1')
encoding_failures = []
chosen_encoding = None
for enc in encodings:
try:
with codecs.open(file_path, 'r', encoding=enc) as rfp:
original_file_content = rfp.read()
chosen_encoding = enc
break
except ValueError as e:
encoding_failures.append(e)
if chosen_encoding is None:
raise Exception('none of encodings %s are valid for file %s. Errors: %s'
% (encodings, file_path, [e.message for e in encoding_failures]))
assert original_file_content is not None
with codecs.open(file_path, 'w', encoding=chosen_encoding) as wfp:
wfp.write(format_config_contents(original_file_content))
if verbose:
print("Formatted file '%s' (detected encoding %s)." % (file_path, chosen_encoding))
if original_backup_file_path:
with codecs.open(original_backup_file_path, 'w', encoding=chosen_encoding) as wfp:
wfp.write(original_file_content)
if verbose:
print("Original saved to '%s'." % original_backup_file_path)
if __name__ == "__main__":
arg_parser = argparse.ArgumentParser(description=__doc__)
arg_parser.add_argument("-v", "--verbose", action="store_true", help="show formatted file names")
arg_parser.add_argument("-b", "--backup-original", action="store_true", help="backup original config file")
arg_parser.add_argument("config_files", nargs='+', help="configuration files to format")
args = arg_parser.parse_args()
for config_file_path in args.config_files:
backup_file_path = config_file_path + '~' if args.backup_original else None
format_config_file(config_file_path, backup_file_path, args.verbose)