add script to auto symlink nginx conf files

2021-04-14 22:57:08 -04:00 · 2021-04-14 22:57:08 -04:00 · f127dd6253
parent fa30520c75
commit f127dd6253
23 changed files with 1012 additions and 1584 deletions
--- a/Docker/README.md
+++ b/Docker/README.md
--- a/4
+++ b/4
@ -3,3 +3,7 @@ nginx_server_blocks := $(shell ./scripts/listnginxserverblocks.sh)
 # Formats Nginx configuration files
 nginxfmt:
 	./scripts/nginxfmt.py ${nginx_server_blocks}
 # Creates Symlinks for Nginx files, /etc/nginx/sites-available
 nginxsym:
 	./scripts/nginxsymlinks.py
--- a/Nginx/Old/auth.libraryofcode.org.conf
+++ b/Nginx/Old/auth.libraryofcode.org.conf
--- a/Nginx/Old/beta.libraryofcode.org.conf
+++ b/Nginx/Old/beta.libraryofcode.org.conf
--- a/Nginx/Old/commshop.libraryofcode.org.conf
+++ b/Nginx/Old/commshop.libraryofcode.org.conf
--- a/Nginx/Old/default.libraryofcode.conf
+++ b/Nginx/Old/default.libraryofcode.conf
@ -0,0 +1,158 @@
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name libraryofcode.org;
 #    ssl_certificate /etc/nginx/ssl/org.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/org.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;
 #        ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://localhost:4567;
 #proxy_read_timeout 90;
 #proxy_redirect https://www.libraryofcode.us/ https://libraryofcode.org;
 #  }
 #}
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name www.libraryofcode.org;
 #    ssl_certificate /etc/nginx/ssl/org.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/org.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;
 #        ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://localhost:4567;
 #proxy_read_timeout 90;
 #proxy_redirect http://localhost:4567 https://www.libraryofcode.org;
 #  }
 #}
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ecm.libraryofcode.us;
    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 proxy_pass https://localhost:7150;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:7150 https://ecm.libraryofcode.us;
  }
 }
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name directory.libraryofcode.us;
 #    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #ssl_dhparam /etc/nginx/dhparam.pem;
 #ssl_ecdh_curve secp384r1;
 #location /lam {
 #        index index.html;
 #        alias /usr/share/ldap-account-manager;
 #        autoindex off;
 #
 #        location ~ \.php$ {
 #                fastcgi_split_path_info ^(.+\.php)(/.+)$;
 #                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 #                fastcgi_index index.php;
 #                include fastcgi_params;
 #        }
 #
 #        location ~ /lam/(tmp/internal|sess|config|lib|help|locale) {
 #                deny all;
 #                return 403;
 #        }
 #
 #}
 #}
--- a/Nginx/Old/drive.old.1.libraryofcode.org.conf
+++ b/Nginx/Old/drive.old.1.libraryofcode.org.conf
--- a/Nginx/Old/drive.old.libraryofcode.org.conf
+++ b/Nginx/Old/drive.old.libraryofcode.org.conf
--- a/Nginx/Old/hrm.libraryofcode.org.conf
+++ b/Nginx/Old/hrm.libraryofcode.org.conf
--- a/Nginx/Old/inbox.old.1.roundcube.libraryofcode.org.conf
+++ b/Nginx/Old/inbox.old.1.roundcube.libraryofcode.org.conf
--- a/Nginx/Old/inbox.old.libraryofcode.org.conf
+++ b/Nginx/Old/inbox.old.libraryofcode.org.conf
--- a/Nginx/Old/payments.libraryofcode.org.conf
+++ b/Nginx/Old/payments.libraryofcode.org.conf
--- a/Nginx/Old/search.libraryofcode.org.conf
+++ b/Nginx/Old/search.libraryofcode.org.conf
--- a/Blocks/default.libraryofcode.conf
+++ b/Blocks/default.libraryofcode.conf
@ -1,728 +0,0 @@
 server {
 listen 80;
 return 301 https://$host$request_uri;
 }
 #server {
 #  listen 443 ssl http2 default_server;
 #  listen [::]:443 ssl http2 default_server;
 #  server_name _;
 #  ssl_protocols TLSv1.2;
  #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-R$
 #  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 #  ssl_certificate /etc/nginx/ssl/org.chain.crt;
 #  ssl_certificate_key /etc/nginx/ssl/org.key.pem;
  #include /etc/nginx/error/502;
  #include /etc/nginx/error/504;
  #include /etc/nginx/error/500;
  #include /etc/nginx/error/404;
  #return 404;
 #}
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name certificates.libraryofcode.us;
    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass https://localhost:8080/;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:8080 https://certificates.libraryofcode.us;
  }
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name staff.libraryofcode.us;
    ssl_certificate /etc/nginx/ssl/staff.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/staff.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 ssl_prefer_server_ciphers on;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #       ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass https://localhost:8082/;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:8082 https://staff.libraryofcode.us;
  }
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name status.libraryofcode.us;
    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass http://localhost:8787;
 proxy_read_timeout 90;
 proxy_redirect http://localhost:8787 https://status.libraryofcode.us;
  }
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.securesign.org;
    ssl_certificate /etc/nginx/ssl/digicert.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/digicert.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        #ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass https://localhost:8081/;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:8081 https://www.securesign.org;
  }
 }
 #server {
 #    listen 443 ssl;
 #    listen [::]:443 ssl;
 #
 #    server_name test.securesign.org;
 #    ssl_certificate /etc/nginx/ssl/securesign-site.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/securesign-site.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #       ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
 #       location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass https://localhost:8080/;
 #proxy_read_timeout 90;
 #proxy_redirect https://localhost:8080 https://test.securesign.org;
 #  }
 #}
 #server {
 #    listen 443 ssl;
 #    listen [::]:443 ssl;
 #    server_name system.securesign.org;
 #    ssl_certificate /etc/nginx/ssl/ov.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/digicert.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://sendgrid.net;
 #proxy_read_timeout 90;
 #proxy_redirect http://sendgrid.net https://system.securesign.org;
 #  }
 #}
 #server {
 #    listen 443 ssl;
 #    listen [::]:443 ssl;
 #    server_name modmail.staff.libraryofcode.us;
 #    ssl_certificate /etc/nginx/ssl/modmail.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/modmail.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #       ssl_ciphers          HIGH:!aNULL:!MD5;
 #       ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass https://localhost:8001;
 #proxy_read_timeout 90;
 #proxy_redirect https://localhost:8001 https://modmail.staff.libraryofcode.us;
 #  }
 #}
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name api.securesign.org;
    ssl_certificate /etc/letsencrypt/live/api.securesign.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.securesign.org/privkey.pem; # managed by Certbot
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass https://localhost:8055;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:8055 https://api.securesign.org;
  }
 }
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name support.libraryofcode.us;
 #    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #       ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://localhost:3000/;
 #proxy_read_timeout 90;
 #proxy_redirect http://localhost:3000 https://support.libraryofcode.us;
 #  }
 #}
 upstream zammad-railsserver {
    server 127.0.0.1:3001;
 }
 upstream zammad-websocket {
    server 127.0.0.1:6042;
 }
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    # replace 'localhost' with your fqdn if you want to use zammad from remote
    server_name support.libraryofcode.us;
    root /opt/zammad/public;
    access_log /var/log/nginx/zammad.access.log;
    error_log  /var/log/nginx/zammad.error.log;
    client_max_body_size 50M;
 ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_protocols TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 ssl_prefer_server_ciphers on;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #       ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
    location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
        expires max;
    }
    location /ws {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_pass http://zammad-websocket;
    }
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_pass http://zammad-railsserver;
        gzip on;
        gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
        gzip_proxied any;
    }
 }
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name vault.libraryofcode.org;
    ssl_certificate /etc/nginx/ssl/org.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/org.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_protocols TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 ssl_prefer_server_ciphers on;
 #ssl_stapling on;
 #ssl_stapling_verify on;
 #limit_req zone=one burst=5;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_pass http://localhost:8200;
 proxy_read_timeout 90;
 proxy_redirect http://localhost:8200 https://vault.libraryofcode.org;
  }
 }
 upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
 }
 ## HTTPS host
 server {
  listen 0.0.0.0:443 ssl http2;
  listen [::]:443 ipv6only=on ssl http2;
  server_name gitlab.libraryofcode.org; ## Replace this with something like gitlab.example.com
  root /opt/gitlab/embedded/service/gitlab-rails/public;
  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/nginx/ssl/org.chain.crt;
  ssl_certificate_key /etc/nginx/ssl/org.key.pem;
  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  #ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  ## See app/controllers/application_controller.rb for headers set
  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000; preload";
  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 5s;
  ## [Optional] Generate a stronger DHE parameter:
  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  ##
  ssl_dhparam /etc/nginx/dhparam.pem;
  ssl_ecdh_curve secp384r1;
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
 }
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name libraryofcode.org;
 #    ssl_certificate /etc/nginx/ssl/org.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/org.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;
 #        ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://localhost:4567;
 #proxy_read_timeout 90;
 #proxy_redirect https://www.libraryofcode.us/ https://libraryofcode.org;
 #  }
 #}
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name www.libraryofcode.org;
 #    ssl_certificate /etc/nginx/ssl/org.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/org.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 #       ssl_dhparam /etc/nginx/dhparam.pem;
 #        ssl_ecdh_curve secp384r1;
 #        location / {
 #proxy_set_header Host $host;
 #proxy_set_header X-Real-IP $remote_addr;
 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 #proxy_set_header X-Forwarded-Proto $scheme;
 #proxy_pass http://localhost:4567;
 #proxy_read_timeout 90;
 #proxy_redirect http://localhost:4567 https://www.libraryofcode.org;
 #  }
 #}
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ecm.libraryofcode.us;
    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_ecdh_curve secp384r1;
        location / {
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 proxy_pass https://localhost:7150;
 proxy_read_timeout 90;
 proxy_redirect https://localhost:7150 https://ecm.libraryofcode.us;
  }
 }
 #server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name directory.libraryofcode.us;
 #    ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 #ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 #ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 #ssl_dhparam /etc/nginx/dhparam.pem;
 #ssl_ecdh_curve secp384r1;
 #location /lam {
 #        index index.html;
 #        alias /usr/share/ldap-account-manager;
 #        autoindex off;
 #
 #        location ~ \.php$ {
 #                fastcgi_split_path_info ^(.+\.php)(/.+)$;
 #                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 #                fastcgi_index index.php;
 #                include fastcgi_params;
 #        }
 #
 #        location ~ /lam/(tmp/internal|sess|config|lib|help|locale) {
 #                deny all;
 #                return 403;
 #        }
 #
 #}
 #}
--- a/Blocks/drive.libraryofcode.org.conf
+++ b/Blocks/drive.libraryofcode.org.conf
@ -34,11 +34,11 @@ server {
      proxy_set_header X-Frame-Options SAMEORIGIN;
-      proxy_pass http://localhost:6123;
+      proxy_pass http://localhost:5608;
      proxy_read_timeout 90;
-      proxy_redirect http://localhost:6123  https://drive.libraryofcode.org;
+      proxy_redirect http://localhost:5608  https://drive.libraryofcode.org;
  }
 }
--- a/Blocks/gitlab.libraryofcode.org.conf
+++ b/Blocks/gitlab.libraryofcode.org.conf
@ -0,0 +1,74 @@
 upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
 }
 ## HTTPS host
 server {
  listen 0.0.0.0:443 ssl http2;
  listen [::]:443 ipv6only=on ssl http2;
  server_name gitlab.libraryofcode.org; ## Replace this with something like gitlab.example.com
  root /opt/gitlab/embedded/service/gitlab-rails/public;
  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/nginx/ssl/org.chain.crt;
  ssl_certificate_key /etc/nginx/ssl/org.key.pem;
  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  #ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  ## See app/controllers/application_controller.rb for headers set
  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000; preload";
  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 5s;
  ## [Optional] Generate a stronger DHE parameter:
  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  ##
  ssl_dhparam /etc/nginx/dhparam.pem;
  ssl_ecdh_curve secp384r1;
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
 }
--- a/Blocks/http-redirect.conf
+++ b/Blocks/http-redirect.conf
@ -0,0 +1,7 @@
 server {
 listen 80;
 return 301 https://$host$request_uri;
 }
--- a/Blocks/locsh.libraryofcode.org.conf
+++ b/Blocks/locsh.libraryofcode.org.conf
--- a/Blocks/pbx.libraryofcode.org.conf
+++ b/Blocks/pbx.libraryofcode.org.conf
--- a/Blocks/servicedesk.libraryofcode.org.conf
+++ b/Blocks/servicedesk.libraryofcode.org.conf
--- a/Blocks/support.libraryofcode.us.conf
+++ b/Blocks/support.libraryofcode.us.conf
@ -1,73 +0,0 @@
 #
 # this is the nginx config for zammad
 #
 upstream zammad-railsserver {
    server 127.0.0.1:3000;
 }
 upstream zammad-websocket {
    server 127.0.0.1:6042;
 }
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    # replace 'localhost' with your fqdn if you want to use zammad from remote
    server_name support.libraryofcode.us;
    root /opt/zammad/public;
    access_log /var/log/nginx/zammad.access.log;
    error_log  /var/log/nginx/zammad.error.log;
    client_max_body_size 50M;
 ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
 ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 ssl_prefer_server_ciphers on;
 #ssl_session_cache builtin:1000 shared:SSL:10m;
 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
 #ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
 #       ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
 #       ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_dhparam /etc/nginx/dhparam.pem;ssl_ecdh_curve secp384r1;
    location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
        expires max;
    }
    location /ws {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_pass http://zammad-websocket;
    }
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_pass http://zammad-railsserver;
        gzip on;
        gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
        gzip_proxied any;
    }
 }
--- a/Blocks/test.ins.conf
+++ b/Blocks/test.ins.conf
@ -1,44 +0,0 @@
 server {
    listen 10.8.0.1:443 ssl http2;
    #listen [::]:443 ssl http2;
    server_name modmail.ins;
    ssl_certificate /etc/nginx/ssl/modmail-ins.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    #include /etc/nginx/error/502;
    #include /etc/nginx/error/504;
    #include /etc/nginx/error/500;
    #include /etc/nginx/error/404;
    #include /etc/nginx/error/429;
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    #limit_req zone=one burst=15;
    location / {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Frame-Options SAMEORIGIN;
      proxy_pass http://10.8.0.1:5478;
      proxy_read_timeout 90;
      proxy_redirect http://10.8.0.1:5478  https://modmail.ins;
  }
 }
--- a/scripts/nginxsymlinks.py
+++ b/scripts/nginxsymlinks.py
@ -0,0 +1,30 @@
 #!/usr/bin/env python
 """
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) 2021  Library of Code sp-us, Department of Engineering
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 """
 import os
 blocks = os.listdir("Nginx/Server Blocks")
 old_blocks = os.listdir("/etc/nginx/sites-available")
 path = os.path.abspath("Nginx/Server Blocks")
 for block in blocks:
  os.symlink("%s/%s" % (path, block), "/etc/nginx/sites-available/%s" % block)
 for block in old_blocks:
  os.unlink("/etc/nginx/sites-available/%s" % block)