From 317639d4960c33e036aa9ad59c2e7a282ae48f1c Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 27 May 2020 18:27:34 +0000 Subject: [PATCH] nginx --- production/nginx/docker-compose.yml | 246 ++++++++++++++++++ production/nginx/nginx/Dockerfile | 2 + production/nginx/nginx/conf.d/hatthieves.conf | 50 ++++ .../nginx/nginx/defaultdrop-privkey.pem | 28 ++ production/nginx/nginx/defaultdrop.pem | 58 +++++ production/nginx/nginx/dhparam.pem | 13 + production/nginx/nginx/entrypoint.sh | 3 + production/nginx/nginx/fastcgi.conf | 26 ++ production/nginx/nginx/fastcgi_params | 25 ++ production/nginx/nginx/koi-utf | 109 ++++++++ production/nginx/nginx/koi-win | 103 ++++++++ production/nginx/nginx/mime.types | 89 +++++++ .../modules-enabled/10-mod-http-ndk.conf | 1 + .../modules-enabled/50-mod-http-auth-pam.conf | 1 + .../50-mod-http-cache-purge.conf | 1 + .../modules-enabled/50-mod-http-dav-ext.conf | 1 + .../modules-enabled/50-mod-http-echo.conf | 1 + .../50-mod-http-fancyindex.conf | 1 + .../modules-enabled/50-mod-http-geoip.conf | 1 + .../50-mod-http-headers-more-filter.conf | 1 + .../50-mod-http-image-filter.conf | 1 + .../modules-enabled/50-mod-http-lua.conf | 1 + .../modules-enabled/50-mod-http-perl.conf | 1 + .../50-mod-http-subs-filter.conf | 1 + .../50-mod-http-uploadprogress.conf | 1 + .../50-mod-http-upstream-fair.conf | 1 + .../50-mod-http-xslt-filter.conf | 1 + .../nginx/modules-enabled/50-mod-mail.conf | 1 + .../nginx/modules-enabled/50-mod-nchan.conf | 1 + .../nginx/modules-enabled/50-mod-stream.conf | 1 + production/nginx/nginx/nginx.conf | 92 +++++++ production/nginx/nginx/proxy_params | 4 + production/nginx/nginx/registry.htpasswd | 1 + production/nginx/nginx/scgi_params | 17 ++ production/nginx/nginx/security.conf | 21 ++ production/nginx/nginx/sites-available/bbb | 19 ++ production/nginx/nginx/sites-available/chat | 19 ++ production/nginx/nginx/sites-available/codimd | 19 ++ .../nginx/nginx/sites-available/crossposter | 21 ++ .../nginx/nginx/sites-available/default | 91 +++++++ .../nginx/nginx/sites-available/defaultdrop | 37 +++ production/nginx/nginx/sites-available/dvwa | 20 ++ .../nginx/nginx/sites-available/elastic | 21 ++ .../nginx/nginx/sites-available/etherpad | 17 ++ .../nginx/nginx/sites-available/familyark | 18 ++ production/nginx/nginx/sites-available/g | 16 ++ production/nginx/nginx/sites-available/games | 23 ++ production/nginx/nginx/sites-available/gitea | 16 ++ .../nginx/nginx/sites-available/glances | 20 ++ .../nginx/nginx/sites-available/gnusocial | 19 ++ production/nginx/nginx/sites-available/gollum | 14 + .../nginx/nginx/sites-available/grafana | 14 + .../nginx/nginx/sites-available/hatthieves.es | 9 + .../nginx/nginx/sites-available/icecast2 | 15 ++ production/nginx/nginx/sites-available/ipfs | 15 ++ production/nginx/nginx/sites-available/jekyll | 14 + .../nginx/nginx/sites-available/jenkins | 14 + production/nginx/nginx/sites-available/jitsi | 17 ++ production/nginx/nginx/sites-available/kanban | 20 ++ production/nginx/nginx/sites-available/kibana | 21 ++ .../nginx/nginx/sites-available/magicworld | 16 ++ .../nginx/nginx/sites-available/mastodon | 36 +++ production/nginx/nginx/sites-available/meta | 20 ++ production/nginx/nginx/sites-available/mumble | 18 ++ .../nginx/nginx/sites-available/netdata | 19 ++ .../nginx/nginx/sites-available/nextcloud | 21 ++ production/nginx/nginx/sites-available/p2p | 28 ++ .../nginx/nginx/sites-available/peertube | 19 ++ .../nginx/nginx/sites-available/pleroma | 19 ++ .../nginx/nginx/sites-available/pleroma-old | 20 ++ .../nginx/nginx/sites-available/pleroma-test | 18 ++ .../nginx/nginx/sites-available/privatebin | 19 ++ .../nginx/nginx/sites-available/prometheus | 14 + .../nginx/nginx/sites-available/registry | 26 ++ .../nginx/nginx/sites-available/rocketchat | 18 ++ production/nginx/nginx/sites-available/sonar | 14 + production/nginx/nginx/sites-available/tail | 25 ++ production/nginx/nginx/sites-available/theia | 19 ++ production/nginx/nginx/sites-available/tpmw | 16 ++ .../nginx/nginx/sites-available/traefik | 20 ++ production/nginx/nginx/sites-available/video | 17 ++ production/nginx/nginx/sites-available/voip | 18 ++ .../nginx/nginx/sites-available/webmail | 15 ++ .../nginx/nginx/sites-available/wordpress | 18 ++ .../nginx/nginx/sites-available2.tar.xz | Bin 0 -> 3968 bytes production/nginx/nginx/sites-enabled/bbb | 1 + production/nginx/nginx/sites-enabled/chat | 1 + production/nginx/nginx/sites-enabled/codimd | 1 + .../nginx/nginx/sites-enabled/crossposter | 1 + .../nginx/nginx/sites-enabled/defaultdrop | 1 + production/nginx/nginx/sites-enabled/dvwa | 1 + production/nginx/nginx/sites-enabled/elastic | 1 + production/nginx/nginx/sites-enabled/etherpad | 1 + .../nginx/nginx/sites-enabled/familyark | 1 + production/nginx/nginx/sites-enabled/g | 1 + production/nginx/nginx/sites-enabled/games | 1 + production/nginx/nginx/sites-enabled/gitea | 1 + production/nginx/nginx/sites-enabled/glances | 1 + .../nginx/nginx/sites-enabled/gnusocial | 1 + production/nginx/nginx/sites-enabled/grafana | 1 + .../nginx/nginx/sites-enabled/hatthieves.es | 1 + production/nginx/nginx/sites-enabled/icecast2 | 1 + production/nginx/nginx/sites-enabled/ipfs | 1 + production/nginx/nginx/sites-enabled/jitsi | 1 + production/nginx/nginx/sites-enabled/kanban | 1 + production/nginx/nginx/sites-enabled/kibana | 1 + .../nginx/nginx/sites-enabled/magicworld | 1 + production/nginx/nginx/sites-enabled/mastodon | 1 + production/nginx/nginx/sites-enabled/meta | 1 + .../nginx/sites-enabled/modernxsdepueblo | 37 +++ production/nginx/nginx/sites-enabled/mumble | 1 + production/nginx/nginx/sites-enabled/netdata | 1 + .../nginx/nginx/sites-enabled/nextcloud | 1 + production/nginx/nginx/sites-enabled/p2p | 1 + .../nginx/nginx/sites-enabled/panycirco | 37 +++ production/nginx/nginx/sites-enabled/peertube | 1 + production/nginx/nginx/sites-enabled/pleroma | 1 + .../nginx/nginx/sites-enabled/pleroma-old | 1 + .../nginx/nginx/sites-enabled/privatebin | 1 + .../nginx/nginx/sites-enabled/radioelliptica | 54 ++++ production/nginx/nginx/sites-enabled/registry | 1 + .../nginx/nginx/sites-enabled/rocketchat | 1 + production/nginx/nginx/sites-enabled/tail | 1 + production/nginx/nginx/sites-enabled/theia | 1 + production/nginx/nginx/sites-enabled/tpmw | 1 + production/nginx/nginx/sites-enabled/traefik | 1 + production/nginx/nginx/sites-enabled/video | 1 + production/nginx/nginx/sites-enabled/voip | 1 + production/nginx/nginx/sites-enabled/webmail | 1 + .../nginx/nginx/sites-enabled/wordpress | 1 + .../nginx/nginx/snippets/fastcgi-php.conf | 13 + production/nginx/nginx/snippets/snakeoil.conf | 5 + production/nginx/nginx/uwsgi_params | 17 ++ production/nginx/nginx/win-utf | 125 +++++++++ 134 files changed, 2237 insertions(+) create mode 100644 production/nginx/docker-compose.yml create mode 100644 production/nginx/nginx/Dockerfile create mode 100644 production/nginx/nginx/conf.d/hatthieves.conf create mode 100644 production/nginx/nginx/defaultdrop-privkey.pem create mode 100644 production/nginx/nginx/defaultdrop.pem create mode 100644 production/nginx/nginx/dhparam.pem create mode 100644 production/nginx/nginx/entrypoint.sh create mode 100644 production/nginx/nginx/fastcgi.conf create mode 100644 production/nginx/nginx/fastcgi_params create mode 100644 production/nginx/nginx/koi-utf create mode 100644 production/nginx/nginx/koi-win create mode 100644 production/nginx/nginx/mime.types create mode 120000 production/nginx/nginx/modules-enabled/10-mod-http-ndk.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-auth-pam.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-cache-purge.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-dav-ext.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-echo.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-fancyindex.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-geoip.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-headers-more-filter.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-image-filter.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-lua.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-perl.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-subs-filter.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-uploadprogress.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-upstream-fair.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-http-xslt-filter.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-mail.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-nchan.conf create mode 120000 production/nginx/nginx/modules-enabled/50-mod-stream.conf create mode 100644 production/nginx/nginx/nginx.conf create mode 100644 production/nginx/nginx/proxy_params create mode 100644 production/nginx/nginx/registry.htpasswd create mode 100644 production/nginx/nginx/scgi_params create mode 100644 production/nginx/nginx/security.conf create mode 100644 production/nginx/nginx/sites-available/bbb create mode 100644 production/nginx/nginx/sites-available/chat create mode 100644 production/nginx/nginx/sites-available/codimd create mode 100644 production/nginx/nginx/sites-available/crossposter create mode 100644 production/nginx/nginx/sites-available/default create mode 100644 production/nginx/nginx/sites-available/defaultdrop create mode 100644 production/nginx/nginx/sites-available/dvwa create mode 100644 production/nginx/nginx/sites-available/elastic create mode 100644 production/nginx/nginx/sites-available/etherpad create mode 100644 production/nginx/nginx/sites-available/familyark create mode 100644 production/nginx/nginx/sites-available/g create mode 100644 production/nginx/nginx/sites-available/games create mode 100644 production/nginx/nginx/sites-available/gitea create mode 100644 production/nginx/nginx/sites-available/glances create mode 100644 production/nginx/nginx/sites-available/gnusocial create mode 100644 production/nginx/nginx/sites-available/gollum create mode 100644 production/nginx/nginx/sites-available/grafana create mode 100644 production/nginx/nginx/sites-available/hatthieves.es create mode 100644 production/nginx/nginx/sites-available/icecast2 create mode 100644 production/nginx/nginx/sites-available/ipfs create mode 100644 production/nginx/nginx/sites-available/jekyll create mode 100644 production/nginx/nginx/sites-available/jenkins create mode 100644 production/nginx/nginx/sites-available/jitsi create mode 100644 production/nginx/nginx/sites-available/kanban create mode 100644 production/nginx/nginx/sites-available/kibana create mode 100644 production/nginx/nginx/sites-available/magicworld create mode 100644 production/nginx/nginx/sites-available/mastodon create mode 100644 production/nginx/nginx/sites-available/meta create mode 100644 production/nginx/nginx/sites-available/mumble create mode 100644 production/nginx/nginx/sites-available/netdata create mode 100644 production/nginx/nginx/sites-available/nextcloud create mode 100644 production/nginx/nginx/sites-available/p2p create mode 100644 production/nginx/nginx/sites-available/peertube create mode 100644 production/nginx/nginx/sites-available/pleroma create mode 100644 production/nginx/nginx/sites-available/pleroma-old create mode 100644 production/nginx/nginx/sites-available/pleroma-test create mode 100644 production/nginx/nginx/sites-available/privatebin create mode 100644 production/nginx/nginx/sites-available/prometheus create mode 100644 production/nginx/nginx/sites-available/registry create mode 100644 production/nginx/nginx/sites-available/rocketchat create mode 100644 production/nginx/nginx/sites-available/sonar create mode 100644 production/nginx/nginx/sites-available/tail create mode 100644 production/nginx/nginx/sites-available/theia create mode 100644 production/nginx/nginx/sites-available/tpmw create mode 100644 production/nginx/nginx/sites-available/traefik create mode 100644 production/nginx/nginx/sites-available/video create mode 100644 production/nginx/nginx/sites-available/voip create mode 100644 production/nginx/nginx/sites-available/webmail create mode 100644 production/nginx/nginx/sites-available/wordpress create mode 100644 production/nginx/nginx/sites-available2.tar.xz create mode 120000 production/nginx/nginx/sites-enabled/bbb create mode 120000 production/nginx/nginx/sites-enabled/chat create mode 120000 production/nginx/nginx/sites-enabled/codimd create mode 120000 production/nginx/nginx/sites-enabled/crossposter create mode 120000 production/nginx/nginx/sites-enabled/defaultdrop create mode 120000 production/nginx/nginx/sites-enabled/dvwa create mode 120000 production/nginx/nginx/sites-enabled/elastic create mode 120000 production/nginx/nginx/sites-enabled/etherpad create mode 120000 production/nginx/nginx/sites-enabled/familyark create mode 120000 production/nginx/nginx/sites-enabled/g create mode 120000 production/nginx/nginx/sites-enabled/games create mode 120000 production/nginx/nginx/sites-enabled/gitea create mode 120000 production/nginx/nginx/sites-enabled/glances create mode 120000 production/nginx/nginx/sites-enabled/gnusocial create mode 120000 production/nginx/nginx/sites-enabled/grafana create mode 120000 production/nginx/nginx/sites-enabled/hatthieves.es create mode 120000 production/nginx/nginx/sites-enabled/icecast2 create mode 120000 production/nginx/nginx/sites-enabled/ipfs create mode 120000 production/nginx/nginx/sites-enabled/jitsi create mode 120000 production/nginx/nginx/sites-enabled/kanban create mode 120000 production/nginx/nginx/sites-enabled/kibana create mode 120000 production/nginx/nginx/sites-enabled/magicworld create mode 120000 production/nginx/nginx/sites-enabled/mastodon create mode 120000 production/nginx/nginx/sites-enabled/meta create mode 100644 production/nginx/nginx/sites-enabled/modernxsdepueblo create mode 120000 production/nginx/nginx/sites-enabled/mumble create mode 120000 production/nginx/nginx/sites-enabled/netdata create mode 120000 production/nginx/nginx/sites-enabled/nextcloud create mode 120000 production/nginx/nginx/sites-enabled/p2p create mode 100644 production/nginx/nginx/sites-enabled/panycirco create mode 120000 production/nginx/nginx/sites-enabled/peertube create mode 120000 production/nginx/nginx/sites-enabled/pleroma create mode 120000 production/nginx/nginx/sites-enabled/pleroma-old create mode 120000 production/nginx/nginx/sites-enabled/privatebin create mode 100644 production/nginx/nginx/sites-enabled/radioelliptica create mode 120000 production/nginx/nginx/sites-enabled/registry create mode 120000 production/nginx/nginx/sites-enabled/rocketchat create mode 120000 production/nginx/nginx/sites-enabled/tail create mode 120000 production/nginx/nginx/sites-enabled/theia create mode 120000 production/nginx/nginx/sites-enabled/tpmw create mode 120000 production/nginx/nginx/sites-enabled/traefik create mode 120000 production/nginx/nginx/sites-enabled/video create mode 120000 production/nginx/nginx/sites-enabled/voip create mode 120000 production/nginx/nginx/sites-enabled/webmail create mode 120000 production/nginx/nginx/sites-enabled/wordpress create mode 100644 production/nginx/nginx/snippets/fastcgi-php.conf create mode 100644 production/nginx/nginx/snippets/snakeoil.conf create mode 100644 production/nginx/nginx/uwsgi_params create mode 100644 production/nginx/nginx/win-utf diff --git a/production/nginx/docker-compose.yml b/production/nginx/docker-compose.yml new file mode 100644 index 0000000..503d237 --- /dev/null +++ b/production/nginx/docker-compose.yml @@ -0,0 +1,246 @@ +version: '2.1' + +services: + nginx: + build: ./docker-nginx-http3 +# image: nwtgck/nginx-http3 +# image: ranadeeppolavarapu/nginx-http3 +# build: ./nginx + hostname: nginx + container_name: nginx + restart: always +# entrypoint: +# - /bin/bash +# - /etc/nginx/entrypoint.sh + volumes: + - ./nginx:/etc/nginx + - /opt/docker/secure/fullchain.pem:/etc/nginx/hatthieves.crt:ro + - /opt/docker/secure/privkey.pem:/etc/nginx/hatthieves.key:ro + - /root/letsencrypt/hatthieves.com/fullchain.pem:/etc/nginx/hatthieves.com.crt:ro + - /root/letsencrypt/hatthieves.com/privkey.pem:/etc/nginx/hatthieves.com.key:ro + - ./nginx/nginx.conf:/usr/local/nginx/conf/nginx.conf + - ./logs:/usr/local/nginx/logs + ports: + - "80:80" +# - "2001:ba0:1800:80e0::1:80:80" + - "443:443" +# - "2001:ba0:1800:80e0::1:443:443" + - "443:443/udp" +# - "2001:ba0:1800:80e0::1:443:443/udp" +# cap_add: +# - NET_BIND_SERVICE +# sysctls: +# - net.ipv6.conf.all.disable_ipv6=0 +# - net.ipv6.bindv6only=0 +# - net.ipv6.conf.all.forwarding=1 +# cap_add: +# - NET_ADMIN + networks: + mynet: + ipv4_address: 172.10.0.101 + ipv6_address: 2001:db8:2::101 + gollum: + haraka: + gitea: + pad: + rocket: + defaultdrop: + registry: + pleroma: + ipfs: + doom: + nextcloud: + magicworld: + peertube: + g: + pleroma-test: + icecast2: + gnusocial: + jitsi: + tpmw: + wordpress: + familyark: + crossposter: + kamailio: + privatebin: + glances: + tail: + arjion: + kanban: + theia: + nms: + dvwa: + bbb: + traefik: + elk: + codimd: + netdata: + youtube: + mumbleweb: + p2p: + +networks: + mynet: + enable_ipv6: true + driver: bridge + ipam: + config: + - subnet: 172.10.0.0/24 + - subnet: 2001:db8:2::/64 + + gollum: + external: + name: gollum_mynet + + haraka: + external: + name: harakawildduck_mynet + + gitea: + external: + name: gitea_mynet + + pad: + external: + name: etherpad_mynet + + rocket: + external: + name: rocket_mynet + + defaultdrop: + external: + name: bikini + + registry: + external: + name: registry_mynet + + pleroma: + external: + name: pleroma_mynet + + ipfs: + external: + name: ipfs_mynet + + doom: + external: + name: web_mynet + + nextcloud: + external: + name: nextcloud_mynet + + magicworld: + external: + name: magicworld_mynet + + peertube: + external: + name: peertube_mynet + + g: + external: + name: g_mynet + + pleroma-test: + external: + name: pleromatest_mynet + + icecast2: + external: + name: icecast2_mynet + + gnusocial: + external: + name: gnusocial_mynet + + jitsi: + external: + name: jitsimeet_mynet + + tpmw: + external: + name: magicworldphoenix_mynet + + wordpress: + external: + name: wordpress_mynet + + familyark: + external: + name: familyark_mynet + + crossposter: + external: + name: crossposter_mynet + + kamailio: + external: + name: kamailio_mynet + + privatebin: + external: + name: privatebin_mynet + + glances: + external: + name: glances_mynet + + tail: + external: + name: tail_mynet + + arjion: + external: + name: arjion_mynet + + kanban: + external: + name: kanban_mynet + + theia: + external: + name: theia_mynet + + nms: + external: + name: nms_mynet + + dvwa: + external: + name: dvwa_mynet + + bbb: + external: + name: bigbluebutton_mynet + + traefik: + external: + name: traefik_mynet + + elk: + external: + name: elk_mynet + + codimd: + external: + name: codimd_mynet + + netdata: + external: + name: netdata_mynet + + youtube: + external: + name: youtube_mynet + + mumbleweb: + external: + name: mumbleweb_mynet + + p2p: + external: + name: p2p_mynet + diff --git a/production/nginx/nginx/Dockerfile b/production/nginx/nginx/Dockerfile new file mode 100644 index 0000000..7c07dcd --- /dev/null +++ b/production/nginx/nginx/Dockerfile @@ -0,0 +1,2 @@ +FROM debian:sid-slim +RUN apt update && apt -y upgrade && apt -y install nginx nginx-extras && apt clean diff --git a/production/nginx/nginx/conf.d/hatthieves.conf b/production/nginx/nginx/conf.d/hatthieves.conf new file mode 100644 index 0000000..ff7413b --- /dev/null +++ b/production/nginx/nginx/conf.d/hatthieves.conf @@ -0,0 +1,50 @@ +server { + listen 80 default_server; + listen 80 default_server quic reuseport; + listen [::]:80 default_server; + listen [::]:80 default_server quic reuseport; + server_name _; + return 301 https://$host$request_uri; +} + +server { + listen 443 default_server ssl http2; + listen [::]:443 ssl http2; + server_name _; +# index index.html index.htm; + ssl_certificate /etc/nginx/hatthieves.crt; + ssl_certificate_key /etc/nginx/hatthieves.key; + ssl_dhparam /etc/nginx/dhparam.pem; +# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; +# add_header Alt-Svc 'h3-25=":443"; ma=86400'; + add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; +} + +server { + listen 443 ssl http2; + listen 443 default_server quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 default_server quic reuseport; + server_name hatthieves.com *.hatthieves.com; +# index index.html index.htm; + ssl_certificate /etc/nginx/hatthieves.com.crt; + ssl_certificate_key /etc/nginx/hatthieves.com.key; + ssl_dhparam /etc/nginx/dhparam.pem; +# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; +# add_header Alt-Svc 'h3-25=":443"; ma=86400'; + add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + location / { + return 301 https://www.hatthieves.es; +# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent; + } + +} + diff --git a/production/nginx/nginx/defaultdrop-privkey.pem b/production/nginx/nginx/defaultdrop-privkey.pem new file mode 100644 index 0000000..44b4700 --- /dev/null +++ b/production/nginx/nginx/defaultdrop-privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtYhU7lRu3xOwl +LlbK1GwZJoHHsL9k+J5b9WRtBt6/oUB00eK6XyNFrpazhw/H+ycXXiSETiNvvrwX +NzLY1AIHk/uTgBNT76zfqARFyUhg0bvXM0Hk+3vuLDw8FEySnz2W5oGBpNu3KnGp +jIEMKGgm9g0j5Xj4bZzeGxKNgrcCAmXg2WEyxTBkdMkIA4sBaR75r30y6hol7Flr +2hjuVoIj4gbM/m8U9leTnOJ1vOeBGm0rPYLoDGUvhG4L876Ho1r5eB3hq6U8PJBm +rSugl56XyXzTf2X5XmT1GDRTCQqN+xWG3SCS71v4oGYBAxgkD54SABavxhKPio9R +lhJQzOvnAgMBAAECggEBAIT6LP69pbyUM+lwWPDHawD/H5pgXOq8I/izhIp6Mm0W +57CxKQt33D2dYcffVqMyZRDvC2LN6y/RQcEsfLsAH25geRrvp+NAd34yBtTfQ7u+ +ICs1DNzqZGqPUsNhbjkmGL6bm8grALjCvNolAPSqKPd4zysw3E7tAtr2OIyALIxE +t0keTI5IXaAFkkemH62QiKt0AIsxEnOPpg8qmW++9awEudVFQagU16d/cbpOimED +8EUEfU3r2vS5xzdQhP8m3mHNhvbfKSI51wcH+3gx2tPCJYG6pBxjK+y1EoQTvFbg +pf8eQV29RedNDf8thNIPs5nNEYRqTfm+6u/lf2NiFcECgYEA2AUKoio7iq8CHqiT +Enljb54pHQFGQSJA0ubvScgVzTJz5xQZS7ffje2xHrhpp/l1yu16oW9qPYCtgDHx +x2OjI+7G4jBC30/FLUcV7mgep6Q3PsaU1Mb2woOy0W1SkObYXyaCeh0rlHQ12ABX +FZehUkjA1p55JkCf/p1dCuEnplsCgYEAzXjuntzArHhvwssLYuCE29Sitr132vJN +UKkYZk0KNA1JljK6E4cF67BQw8/nSoiB3zDSJfN5KUTg+RdzyNsrihOOBpR9bkZA +vfB0OgA3rQ1rPjwEP1hsZm0nS4tuWsuy9xSWdhNVBCm+a+CrVnHCuzc2zJbNTEhU +2EINrh5u/mUCgYB/ACfKQ04SMOXsJGujFt7RBolhVhh5vquh0sen9wxqQVlG59gf +XhD+nlndl8n2SYFpNsk8FAa/9eELV1GwSfHl9EHVRU5rf7iK8BoCuhAbuz4HmDR0 +DC2TGl6NJdq++hkHh9p59KBkfRYS0dBhD252s/M7upu7U4884EONW+Y1tQKBgFUQ +h9mFEs9UXRCL9v7MbLSF54c4EXK3dYK7Prq7kknSZnCkN5z1/WGB8S3f2KVmtj2s +fJPxpGuNdIYrS2gQNIpJZjcbKoKI2yzHa5bHmEUwlQGC309KUDZnYilIZDt6sXDR +OSlQ/5VloswOi2CSYEgZp7ozhHLcTyPo1LkNKG5xAoGBAIk1BD3X4Reey+yg24J8 +wNeRrD8TkvQNFTxRsOIFiuuFUA1c9lOJAEGj+/MIpQEB3HVklbMYI5MLt64m+Fze +dGRTl1stQ1XeyqisE3YJ3mwcXgwBi2vuX8Hi9b6QquMWvNV8Gbss7LOVaXTLfqa2 +JUU+wsKZFFi2ffB67VPeKjbh +-----END PRIVATE KEY----- diff --git a/production/nginx/nginx/defaultdrop.pem b/production/nginx/nginx/defaultdrop.pem new file mode 100644 index 0000000..82dc314 --- /dev/null +++ b/production/nginx/nginx/defaultdrop.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIFaTCCBFGgAwIBAgISA60nQCGaO0x4aNwAtDacXhFmMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMTcxOTIwMjZaFw0y +MDA2MTUxOTIwMjZaMBwxGjAYBgNVBAMMESouZGVmYXVsdGRyb3AubmV0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWIVO5Ubt8TsJS5WytRsGSaBx7C/ +ZPieW/VkbQbev6FAdNHiul8jRa6Ws4cPx/snF14khE4jb768Fzcy2NQCB5P7k4AT +U++s36gERclIYNG71zNB5Pt77iw8PBRMkp89luaBgaTbtypxqYyBDChoJvYNI+V4 ++G2c3hsSjYK3AgJl4NlhMsUwZHTJCAOLAWke+a99MuoaJexZa9oY7laCI+IGzP5v +FPZXk5zidbzngRptKz2C6AxlL4RuC/O+h6Na+Xgd4aulPDyQZq0roJeel8l8039l ++V5k9Rg0UwkKjfsVht0gku9b+KBmAQMYJA+eEgAWr8YSj4qPUZYSUMzr5wIDAQAB +o4ICdTCCAnEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSD3Nre/viHhFe4gOcJCclU +3elQwDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB +AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw +dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw +dC5vcmcvMC0GA1UdEQQmMCSCESouZGVmYXVsdGRyb3AubmV0gg9kZWZhdWx0ZHJv +cC5uZXQwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggr +BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5 +AgQCBIHzBIHwAO4AdQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA +AXDqJ5AdAAAEAwBGMEQCIGqLWqENQc/8h3QmK+k+TYsV8etQQgbcMYBIbj4nZ7Mz +AiBfIzRoRUmUoFcW/Z88Uh3LQ1rBn3Zuk/SoS7enWmCvswB1ALIeBcyLos2KIE6H +ZvkruYolIGdr2vpw57JJUy3vi5BeAAABcOonkAoAAAQDAEYwRAIgHH11ABo+SUo2 +G/k9GmNZk5Ubq+awToZPVvBvJpTDR0MCIELd7gwq2Nw7SSf2oUZVMk1rnOO/fnrK +LJR+9L2/xnMBMA0GCSqGSIb3DQEBCwUAA4IBAQCHBiFuDFA16/SzQzbtRZm1TRLK +2SktOndgZkzir36tBttAyGGuz4t8KGO1CPBbCi3l0eBr7I/pnfx9c5MP04478em4 +cCGqWjyhvKjNPprNsjwCt7paqQtmoHqbCWogGCsDim8NgWSA+qx+PHWBjVGr3L2r +2Bu6fBGQb1edSmrtKrxr6YUDVeOf6T0LfCttgGpu5fcIw7ScjPH2/uQrV5u2g6Ze +ydct7HLBu+bsbXxjjRhGUQZ7Szu0hP2YzyXZhwWFtA+F0wdqAJXWrJbtv2zENqMe +QfPQamnoyjMLkF0b3tlt37tMvK83PkG9/WD/qqHuYkiv+K7/aPKENgUzF4ps +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow +SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT +GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF +q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 +SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 +Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA +a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj +/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T +AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG +CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv +bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k +c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw +VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC +ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz +MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu +Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF +AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo +uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ +wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu +X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG +PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 +KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== +-----END CERTIFICATE----- diff --git a/production/nginx/nginx/dhparam.pem b/production/nginx/nginx/dhparam.pem new file mode 100644 index 0000000..9133678 --- /dev/null +++ b/production/nginx/nginx/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA57hgX4cjMTAsXfuMi1DBzfe6ueq77w0aqFSRlPOSsyCjDNIF3jJ2 +cHmhODLeZi5dDde6eGkNjVuBleWUoJhUqC/8eWHOJtWyEcJ98ACK/vgCJbYQ9Z7y +eBK4hp4PwJKD2jTCzb55qMw7pXVaxptoY488nmIURkZRBImPMkJBzUhlg+p2NzgJ +KP9DVBzaOZIRv7suSD90DP2xTImA/nE6rSBrLrmIHVdB3QJ/nw+E8U/p1sGxDuPG +XUoqhUMckczMAqVjg/VnG91bkfXZi0AOvTz48wK1jLYku/DK+WUczJw9qmIyYCBG +h+JdYIJaUJc5R1nwS20AtkNmpGSZll4XfHshB5eOEdgr9fxPsY27pKuQVnslAEqU +psfUHSrKEgadohNapiPQH9DyuXCqiifp5fdHyK9nob2OYsYsZzSebzvCDiNA1Hu7 +8st30JB3EHAb6qVLcqYQuS6qhKMPLhzp4KK5J/GwotwqNRZpS4eKa8lO1tOm/mVI +7rSW2Hg3ZzsL0nr7sKb3p5gRyhKz80j5whrxRAwIVmeWHJrebPbA3gMpGdF4kiPA +HB05kED1USqmhnZv1T1oCYr3p6UawrK6+3b/6SxLV06p+cfI0ypoW8ExMpE9ynxF +/koOqNbjqK2M3cvyLhDS8ikK1238HP5q/e+G0fQ5YFWKcuPQi6ZSVfsCAQI= +-----END DH PARAMETERS----- diff --git a/production/nginx/nginx/entrypoint.sh b/production/nginx/nginx/entrypoint.sh new file mode 100644 index 0000000..d073230 --- /dev/null +++ b/production/nginx/nginx/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +/etc/init.d/nginx start +/bin/sleep infinity diff --git a/production/nginx/nginx/fastcgi.conf b/production/nginx/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/production/nginx/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/production/nginx/nginx/fastcgi_params b/production/nginx/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/production/nginx/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/production/nginx/nginx/koi-utf b/production/nginx/nginx/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/production/nginx/nginx/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/production/nginx/nginx/koi-win b/production/nginx/nginx/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/production/nginx/nginx/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/production/nginx/nginx/mime.types b/production/nginx/nginx/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/production/nginx/nginx/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/production/nginx/nginx/modules-enabled/10-mod-http-ndk.conf b/production/nginx/nginx/modules-enabled/10-mod-http-ndk.conf new file mode 120000 index 0000000..5174c8d --- /dev/null +++ b/production/nginx/nginx/modules-enabled/10-mod-http-ndk.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-ndk.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-auth-pam.conf b/production/nginx/nginx/modules-enabled/50-mod-http-auth-pam.conf new file mode 120000 index 0000000..2c9098d --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-auth-pam.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-auth-pam.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-cache-purge.conf b/production/nginx/nginx/modules-enabled/50-mod-http-cache-purge.conf new file mode 120000 index 0000000..84f9763 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-cache-purge.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-cache-purge.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-dav-ext.conf b/production/nginx/nginx/modules-enabled/50-mod-http-dav-ext.conf new file mode 120000 index 0000000..4bcd08d --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-dav-ext.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-dav-ext.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-echo.conf b/production/nginx/nginx/modules-enabled/50-mod-http-echo.conf new file mode 120000 index 0000000..2ca55aa --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-echo.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-echo.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-fancyindex.conf b/production/nginx/nginx/modules-enabled/50-mod-http-fancyindex.conf new file mode 120000 index 0000000..126d476 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-fancyindex.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-fancyindex.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-geoip.conf b/production/nginx/nginx/modules-enabled/50-mod-http-geoip.conf new file mode 120000 index 0000000..390fab2 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-geoip.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-geoip.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-headers-more-filter.conf b/production/nginx/nginx/modules-enabled/50-mod-http-headers-more-filter.conf new file mode 120000 index 0000000..fe66216 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-headers-more-filter.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-headers-more-filter.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-image-filter.conf b/production/nginx/nginx/modules-enabled/50-mod-http-image-filter.conf new file mode 120000 index 0000000..fa27cd3 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-image-filter.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-image-filter.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-lua.conf b/production/nginx/nginx/modules-enabled/50-mod-http-lua.conf new file mode 120000 index 0000000..2c98eab --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-lua.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-lua.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-perl.conf b/production/nginx/nginx/modules-enabled/50-mod-http-perl.conf new file mode 120000 index 0000000..b7577db --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-perl.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-perl.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-subs-filter.conf b/production/nginx/nginx/modules-enabled/50-mod-http-subs-filter.conf new file mode 120000 index 0000000..60fc893 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-subs-filter.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-subs-filter.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-uploadprogress.conf b/production/nginx/nginx/modules-enabled/50-mod-http-uploadprogress.conf new file mode 120000 index 0000000..e84a764 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-uploadprogress.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-uploadprogress.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-upstream-fair.conf b/production/nginx/nginx/modules-enabled/50-mod-http-upstream-fair.conf new file mode 120000 index 0000000..2dc0c72 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-upstream-fair.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-upstream-fair.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-http-xslt-filter.conf b/production/nginx/nginx/modules-enabled/50-mod-http-xslt-filter.conf new file mode 120000 index 0000000..51d7ca7 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-http-xslt-filter.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-http-xslt-filter.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-mail.conf b/production/nginx/nginx/modules-enabled/50-mod-mail.conf new file mode 120000 index 0000000..baa6ea9 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-mail.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-mail.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-nchan.conf b/production/nginx/nginx/modules-enabled/50-mod-nchan.conf new file mode 120000 index 0000000..df9816c --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-nchan.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-nchan.conf \ No newline at end of file diff --git a/production/nginx/nginx/modules-enabled/50-mod-stream.conf b/production/nginx/nginx/modules-enabled/50-mod-stream.conf new file mode 120000 index 0000000..7f65cc5 --- /dev/null +++ b/production/nginx/nginx/modules-enabled/50-mod-stream.conf @@ -0,0 +1 @@ +/usr/share/nginx/modules-available/mod-stream.conf \ No newline at end of file diff --git a/production/nginx/nginx/nginx.conf b/production/nginx/nginx/nginx.conf new file mode 100644 index 0000000..03d4e2a --- /dev/null +++ b/production/nginx/nginx/nginx.conf @@ -0,0 +1,92 @@ +#user www-data; +worker_processes 4; +pid /run/nginx.pid; +#include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 256; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + client_max_body_size 10M; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + +# access_log /var/log/nginx/access.log; +# error_log /var/log/nginx/error.log; +# log_format main '$remote_addr - $remote_user [$time_local] "$request" ' +# '$status $body_bytes_sent "$http_referer" ' +# '"$http_user_agent" "$http_x_forwarded_for"'; +# access_log /usr/local/nginx/logs/access.log main; +# error_log /usr/local/nginx/logs/error.log; + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + server_tokens off; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/production/nginx/nginx/proxy_params b/production/nginx/nginx/proxy_params new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/production/nginx/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/production/nginx/nginx/registry.htpasswd b/production/nginx/nginx/registry.htpasswd new file mode 100644 index 0000000..264c8a9 --- /dev/null +++ b/production/nginx/nginx/registry.htpasswd @@ -0,0 +1 @@ +docker:$apr1$/l68L6xX$mymg9DNDAxQDs5S0.QIQp. diff --git a/production/nginx/nginx/scgi_params b/production/nginx/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/production/nginx/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/production/nginx/nginx/security.conf b/production/nginx/nginx/security.conf new file mode 100644 index 0000000..09a0d83 --- /dev/null +++ b/production/nginx/nginx/security.conf @@ -0,0 +1,21 @@ +header_filter_by_lua_block { + if not string.find(ngx.req.get_headers()["Host"], "defaultdrop.net") then + if not string.find(ngx.req.get_headers()["Host"], "talk.hatthieves.es") and not string.find(ngx.req.get_headers()["Host"], "metrics.hatthieves.es") and not string.find(ngx.req.get_headers()["Host"], "meet.hatthieves.es") then + ngx.header["X-Frame-Options"] = "SAMEORIGIN"; + else + ngx.header["X-Frame-Options"] = "ALLOWALL"; + end + if string.find(ngx.req.get_headers()["Host"], "social.hatthieves.es") then + ngx.header["Content-Security-Policy"] = "default-src 'none' 'unsafe-inline' https://talk.hatthieves.es; base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://social.hatthieves.es wss://social.hatthieves.es https://talk.hatthieves.es wss://talk.hatthieves.es; script-src 'self' 'unsafe-inline' https://talk.hatthieves.es wss://talk.hatthieves.es; upgrade-insecure-requests;"; + end + if string.find(ngx.req.get_headers()["Host"], "webmail.hatthieves.es") then + ngx.header["Content-Security-Policy"] = "default-src 'none' 'unsafe-inline' https://metrics.hatthieves.es; base-uri 'self'; frame-ancestors 'none' https://metrics.hatthieves.es; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://social.hatthieves.es wss://social.hatthieves.es https://metrics.hatthieves.es; script-src 'self' 'unsafe-inline' https://metrics.hatthieves.es; upgrade-insecure-requests;"; + end + ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"; + ngx.header["X-Download-Options"] = "noopen"; + ngx.header["X-Content-Type-Options"] = "nosniff"; + ngx.header["Referrer-Policy"] = "same-origin"; + ngx.header["X-XSS-Protection"] = "1; mode=block"; + ngx.header["X-Permitted-Cross-Domain-Policies"] = "none"; + end +} diff --git a/production/nginx/nginx/sites-available/bbb b/production/nginx/nginx/sites-available/bbb new file mode 100644 index 0000000..b53b6f1 --- /dev/null +++ b/production/nginx/nginx/sites-available/bbb @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name bbb.hatthieves.es; + client_max_body_size 20G; + location / { + proxy_pass http://172.51.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/chat b/production/nginx/nginx/sites-available/chat new file mode 100644 index 0000000..68d0992 --- /dev/null +++ b/production/nginx/nginx/sites-available/chat @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name chat.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.4.0.101:1337; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/codimd b/production/nginx/nginx/sites-available/codimd new file mode 100644 index 0000000..26d003e --- /dev/null +++ b/production/nginx/nginx/sites-available/codimd @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name codimd.hatthieves.es hackmd.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.44.0.101:3000; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/crossposter b/production/nginx/nginx/sites-available/crossposter new file mode 100644 index 0000000..7f85d00 --- /dev/null +++ b/production/nginx/nginx/sites-available/crossposter @@ -0,0 +1,21 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name crossposter.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.7.0.101:3000; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +# proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/default b/production/nginx/nginx/sites-available/default new file mode 100644 index 0000000..f52c2c7 --- /dev/null +++ b/production/nginx/nginx/sites-available/default @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + listen 443 ssl http2 default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/production/nginx/nginx/sites-available/defaultdrop b/production/nginx/nginx/sites-available/defaultdrop new file mode 100644 index 0000000..9631588 --- /dev/null +++ b/production/nginx/nginx/sites-available/defaultdrop @@ -0,0 +1,37 @@ +server { + listen 80; + listen [::]:80; + server_name *.defaultdrop.net defaultdrop.net; + return 301 https://$host$request_uri; +} + +#server { +# listen 443 ssl http2; +# server_name www.defaultdrop.net; +# ssl_certificate /etc/nginx/defaultdrop.pem; +# ssl_certificate_key /etc/nginx/defaultdrop.pem; +# location / { +# return 301 https://www.$host$request_uri; +# } +#} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name defaultdrop.net *.defaultdrop.net; + ssl_certificate /etc/nginx/defaultdrop.pem; + ssl_certificate_key /etc/nginx/defaultdrop-privkey.pem; + location / { + proxy_pass http://172.19.0.4:80; +# proxy_pass http://172.19.0.3:80; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } + +} + diff --git a/production/nginx/nginx/sites-available/dvwa b/production/nginx/nginx/sites-available/dvwa new file mode 100644 index 0000000..0c3dc97 --- /dev/null +++ b/production/nginx/nginx/sites-available/dvwa @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name vuln.hatthieves.es vulnerable.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.139.0.101; +# auth_basic "Registry realm"; +# auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/elastic b/production/nginx/nginx/sites-available/elastic new file mode 100644 index 0000000..296a0a7 --- /dev/null +++ b/production/nginx/nginx/sites-available/elastic @@ -0,0 +1,21 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name elastic.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.1.0.101:9200; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/etherpad b/production/nginx/nginx/sites-available/etherpad new file mode 100644 index 0000000..9a7900a --- /dev/null +++ b/production/nginx/nginx/sites-available/etherpad @@ -0,0 +1,17 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name pad.hatthieves.es etherpad.hatthieves.es; + location / { + proxy_pass http://172.112.0.101:9001; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/familyark b/production/nginx/nginx/sites-available/familyark new file mode 100644 index 0000000..28ab98d --- /dev/null +++ b/production/nginx/nginx/sites-available/familyark @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name familyark.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.29.0.101:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/g b/production/nginx/nginx/sites-available/g new file mode 100644 index 0000000..537efcd --- /dev/null +++ b/production/nginx/nginx/sites-available/g @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name g.hatthieves.es gore.hatthieves.es; + + location / { + proxy_pass http://172.166.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + } +} diff --git a/production/nginx/nginx/sites-available/games b/production/nginx/nginx/sites-available/games new file mode 100644 index 0000000..65993e3 --- /dev/null +++ b/production/nginx/nginx/sites-available/games @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name games.hatthieves.es; + location / { + proxy_pass http://172.22.0.101:80; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +# location /dos/ { +# rewrite ^/dos(/.*)$ $1 break; +# proxy_pass http://172.22.0.101:8080; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $host; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_buffering off; +# } +} + diff --git a/production/nginx/nginx/sites-available/gitea b/production/nginx/nginx/sites-available/gitea new file mode 100644 index 0000000..8f87340 --- /dev/null +++ b/production/nginx/nginx/sites-available/gitea @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name git.hatthieves.es gitea.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.102.0.101:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/glances b/production/nginx/nginx/sites-available/glances new file mode 100644 index 0000000..bfb576b --- /dev/null +++ b/production/nginx/nginx/sites-available/glances @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name top.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.26.0.101:61208; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/gnusocial b/production/nginx/nginx/sites-available/gnusocial new file mode 100644 index 0000000..b5ef0aa --- /dev/null +++ b/production/nginx/nginx/sites-available/gnusocial @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name gnusocial.hatthieves.es; + client_max_body_size 2G; + return 301 https://mastodon.madrid$request_uri; +# location / { +# proxy_pass http://172.132.0.101:80; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $host; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# proxy_buffering off; +# proxy_http_version 1.1; +# } +} + diff --git a/production/nginx/nginx/sites-available/gollum b/production/nginx/nginx/sites-available/gollum new file mode 100644 index 0000000..246d5f4 --- /dev/null +++ b/production/nginx/nginx/sites-available/gollum @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name www.hatthieves.es; + location / { + proxy_pass http://172.120.0.102:80; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/grafana b/production/nginx/nginx/sites-available/grafana new file mode 100644 index 0000000..560d859 --- /dev/null +++ b/production/nginx/nginx/sites-available/grafana @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name metrics.hatthieves.es; + location / { + proxy_pass http://172.141.0.102:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/hatthieves.es b/production/nginx/nginx/sites-available/hatthieves.es new file mode 100644 index 0000000..78b2790 --- /dev/null +++ b/production/nginx/nginx/sites-available/hatthieves.es @@ -0,0 +1,9 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name hatthieves.es; + location / { + return 301 https://www.hatthieves.es; +# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent; + } +} diff --git a/production/nginx/nginx/sites-available/icecast2 b/production/nginx/nginx/sites-available/icecast2 new file mode 100644 index 0000000..55453a2 --- /dev/null +++ b/production/nginx/nginx/sites-available/icecast2 @@ -0,0 +1,15 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name icecast.hatthieves.es music.hatthieves.es radio.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.129.0.101:8000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/ipfs b/production/nginx/nginx/sites-available/ipfs new file mode 100644 index 0000000..952cf43 --- /dev/null +++ b/production/nginx/nginx/sites-available/ipfs @@ -0,0 +1,15 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ipfs.hatthieves.es; + location / { + proxy_pass http://172.5.0.101:8080; +# proxy_pass http://172.5.0.101:5001/webui; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/jekyll b/production/nginx/nginx/sites-available/jekyll new file mode 100644 index 0000000..0d67b72 --- /dev/null +++ b/production/nginx/nginx/sites-available/jekyll @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name www.hatthieves.es; + location / { + proxy_pass http://172.4.0.101:4000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/jenkins b/production/nginx/nginx/sites-available/jenkins new file mode 100644 index 0000000..75487be --- /dev/null +++ b/production/nginx/nginx/sites-available/jenkins @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name jenkins.hatthieves.es ci.hatthieves.es; + location / { + proxy_pass http://172.102.0.103:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/jitsi b/production/nginx/nginx/sites-available/jitsi new file mode 100644 index 0000000..cd8e492 --- /dev/null +++ b/production/nginx/nginx/sites-available/jitsi @@ -0,0 +1,17 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name meet.hatthieves.es; + location / { + proxy_pass http://172.145.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/kanban b/production/nginx/nginx/sites-available/kanban new file mode 100644 index 0000000..70418d5 --- /dev/null +++ b/production/nginx/nginx/sites-available/kanban @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name kanban.hatthieves.es scrum.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.27.0.101:8080; +# auth_basic "Registry realm"; +# auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/kibana b/production/nginx/nginx/sites-available/kibana new file mode 100644 index 0000000..edc0394 --- /dev/null +++ b/production/nginx/nginx/sites-available/kibana @@ -0,0 +1,21 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name kibana.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.1.0.102:5601; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/magicworld b/production/nginx/nginx/sites-available/magicworld new file mode 100644 index 0000000..9f46c57 --- /dev/null +++ b/production/nginx/nginx/sites-available/magicworld @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mw.hatthieves.es magicworld.hatthieves.es; + + location / { + proxy_pass http://172.100.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + } +} diff --git a/production/nginx/nginx/sites-available/mastodon b/production/nginx/nginx/sites-available/mastodon new file mode 100644 index 0000000..33fc3c3 --- /dev/null +++ b/production/nginx/nginx/sites-available/mastodon @@ -0,0 +1,36 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mastodon.hatthieves.es; + client_max_body_size 2G; + return 301 https://mastodon.madrid$request_uri; + +# location / { +# proxy_pass http://172.1.0.101:3000; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $host; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# proxy_buffering off; +# proxy_http_version 1.1; +# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; +# } +# location /api/v1/streaming { +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header Proxy ""; +# proxy_pass http://172.1.0.101:4000; +# proxy_buffering off; +# proxy_redirect off; +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; +# tcp_nodelay on; +# } +} + diff --git a/production/nginx/nginx/sites-available/meta b/production/nginx/nginx/sites-available/meta new file mode 100644 index 0000000..9175ae7 --- /dev/null +++ b/production/nginx/nginx/sites-available/meta @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name meta.hatthieves.es hatmeta.hatthieves.es metahat.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.134.0.101:3000; +# auth_basic "Registry realm"; +# auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/mumble b/production/nginx/nginx/sites-available/mumble new file mode 100644 index 0000000..5f69c55 --- /dev/null +++ b/production/nginx/nginx/sites-available/mumble @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mumble.hatthieves.es; + location / { + proxy_pass http://172.60.0.101:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/netdata b/production/nginx/nginx/sites-available/netdata new file mode 100644 index 0000000..7354389 --- /dev/null +++ b/production/nginx/nginx/sites-available/netdata @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name netdata.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.43.0.101:19999; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/nextcloud b/production/nginx/nginx/sites-available/nextcloud new file mode 100644 index 0000000..644e744 --- /dev/null +++ b/production/nginx/nginx/sites-available/nextcloud @@ -0,0 +1,21 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name cloud.hatthieves.es nextcloud.hatthieves.es; + client_max_body_size 20G; + location / { + proxy_pass http://172.119.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_buffering off; + proxy_http_version 1.1; + rewrite ^/\.well-known/carddav(.*)$ /remote.php/dav$1 redirect; + rewrite ^/\.well-known/caldav(.*)$ /remote.php/dav$1 redirect; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + } +} + diff --git a/production/nginx/nginx/sites-available/p2p b/production/nginx/nginx/sites-available/p2p new file mode 100644 index 0000000..310c281 --- /dev/null +++ b/production/nginx/nginx/sites-available/p2p @@ -0,0 +1,28 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name p2p.hatthieves.es; + location / { + proxy_pass http://172.136.0.101:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } + location /ws { + proxy_pass http://172.136.0.101:9000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/peertube b/production/nginx/nginx/sites-available/peertube new file mode 100644 index 0000000..0a70200 --- /dev/null +++ b/production/nginx/nginx/sites-available/peertube @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name peertube.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.115.0.101:9000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/pleroma b/production/nginx/nginx/sites-available/pleroma new file mode 100644 index 0000000..138b8c0 --- /dev/null +++ b/production/nginx/nginx/sites-available/pleroma @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name pleroma.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.2.0.101:4000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/pleroma-old b/production/nginx/nginx/sites-available/pleroma-old new file mode 100644 index 0000000..e41e1d4 --- /dev/null +++ b/production/nginx/nginx/sites-available/pleroma-old @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name social.hatthieves.es; + client_max_body_size 2G; + return 301 https://mastodon.madrid$request_uri; +# location / { +# proxy_pass http://172.2.0.101:4000; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $host; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; +# proxy_buffering off; +# proxy_http_version 1.1; +# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; +# } +} + diff --git a/production/nginx/nginx/sites-available/pleroma-test b/production/nginx/nginx/sites-available/pleroma-test new file mode 100644 index 0000000..af53d86 --- /dev/null +++ b/production/nginx/nginx/sites-available/pleroma-test @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name anothersocial.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.7.0.101:4000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + } +} + diff --git a/production/nginx/nginx/sites-available/privatebin b/production/nginx/nginx/sites-available/privatebin new file mode 100644 index 0000000..5f7d060 --- /dev/null +++ b/production/nginx/nginx/sites-available/privatebin @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name private.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.118.0.101:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/prometheus b/production/nginx/nginx/sites-available/prometheus new file mode 100644 index 0000000..6128a1c --- /dev/null +++ b/production/nginx/nginx/sites-available/prometheus @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name prometheus.hatthieves.es; + location / { + proxy_pass http://172.141.0.101:9090; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/registry b/production/nginx/nginx/sites-available/registry new file mode 100644 index 0000000..4c785bb --- /dev/null +++ b/production/nginx/nginx/sites-available/registry @@ -0,0 +1,26 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name docker.hatthieves.es registry.hatthieves.es; + chunked_transfer_encoding on; + client_max_body_size 2G; + location / { +# if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { +# return 404; +# } + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; + proxy_pass http://172.110.0.101:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # Mitigate httpoxy attack (see README for details) + proxy_set_header Proxy ""; + proxy_read_timeout 900; + } +} +map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { + '' 'registry/2.0'; +} diff --git a/production/nginx/nginx/sites-available/rocketchat b/production/nginx/nginx/sites-available/rocketchat new file mode 100644 index 0000000..0b0d012 --- /dev/null +++ b/production/nginx/nginx/sites-available/rocketchat @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name talk.hatthieves.es rocket.hatthieves.es rocketchat.hatthieves.es; + location / { + proxy_pass http://172.133.0.101:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_http_version 1.1; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/sonar b/production/nginx/nginx/sites-available/sonar new file mode 100644 index 0000000..054512c --- /dev/null +++ b/production/nginx/nginx/sites-available/sonar @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name sonar.hatthieves.es; + location / { + proxy_pass http://172.102.0.104:9000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } +} + diff --git a/production/nginx/nginx/sites-available/tail b/production/nginx/nginx/sites-available/tail new file mode 100644 index 0000000..d9f65f9 --- /dev/null +++ b/production/nginx/nginx/sites-available/tail @@ -0,0 +1,25 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name tail.hatthieves.es; + client_max_body_size 2G; + keepalive_timeout 5m; + location / { + proxy_pass http://172.28.0.101; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "Upgrade"; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + http2_push_preload on; + proxy_socket_keepalive on; + proxy_connect_timeout 5m; + proxy_send_timeout 5m; + proxy_read_timeout 5m; + } +} diff --git a/production/nginx/nginx/sites-available/theia b/production/nginx/nginx/sites-available/theia new file mode 100644 index 0000000..4cdabc2 --- /dev/null +++ b/production/nginx/nginx/sites-available/theia @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name edit.hatthieves.es code.hatthieves.es; + location / { + proxy_pass http://172.18.0.101:3000; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/tpmw b/production/nginx/nginx/sites-available/tpmw new file mode 100644 index 0000000..64e06ca --- /dev/null +++ b/production/nginx/nginx/sites-available/tpmw @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name tpmw.hatthieves.es; + + location / { + proxy_pass http://172.95.0.101:4000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + } +} diff --git a/production/nginx/nginx/sites-available/traefik b/production/nginx/nginx/sites-available/traefik new file mode 100644 index 0000000..21d96c3 --- /dev/null +++ b/production/nginx/nginx/sites-available/traefik @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name traefik.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.99.0.101:8080; + auth_basic "Registry realm"; + auth_basic_user_file /etc/nginx/registry.htpasswd; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available/video b/production/nginx/nginx/sites-available/video new file mode 100644 index 0000000..0070b11 --- /dev/null +++ b/production/nginx/nginx/sites-available/video @@ -0,0 +1,17 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name video.hatthieves.es; + location / { + proxy_pass http://172.14.0.101:8000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/voip b/production/nginx/nginx/sites-available/voip new file mode 100644 index 0000000..bae66bf --- /dev/null +++ b/production/nginx/nginx/sites-available/voip @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name voip.hatthieves.es; + location / { + proxy_pass http://172.127.0.101:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/webmail b/production/nginx/nginx/sites-available/webmail new file mode 100644 index 0000000..187d954 --- /dev/null +++ b/production/nginx/nginx/sites-available/webmail @@ -0,0 +1,15 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name webmail.hatthieves.es mail.hatthieves.es; + location / { + proxy_pass http://172.200.0.104:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} + diff --git a/production/nginx/nginx/sites-available/wordpress b/production/nginx/nginx/sites-available/wordpress new file mode 100644 index 0000000..e3bc932 --- /dev/null +++ b/production/nginx/nginx/sites-available/wordpress @@ -0,0 +1,18 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name www.hatthieves.es; + client_max_body_size 2G; + location / { + proxy_pass http://172.126.0.101; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_buffering off; + proxy_http_version 1.1; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } +} diff --git a/production/nginx/nginx/sites-available2.tar.xz b/production/nginx/nginx/sites-available2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..23ef2bdf3d253465b12132ad3df283d6abf1a3fe GIT binary patch literal 3968 zcmV-`4}b9eH+ooF000E$*0e?f03iVu0001VFXf}*7yl1FT>v?nO77-cA;^%X-Xf)E zC&z_p2S`*sKv42kT}B(!rOkN=EgH_&Rx=MOtg)HtAK)ELCz_MaM;a1`x>O|k6o9M3 z?P)zGj|ml*+(IV5ALH474!z&=Fpk)0n8ElyY0m#p`>VN zCHa-G7l!??Ok!tWIy7-CJx=t}0fGIhjuSGE56Ug>C3&T=c|T;m6yXn2dMPW8Nox?B z9itA?GKjoK-PqZTr|~}T|A`(E&LzC>Ak+qL?vZ;EJPZDKi0rHbjD?iu@rQ;n9*t%A z4=$2AjZWfNJ)X)t4H|};Sg0m!2JFzZPcr2Zfwh;OjOe->t&){ep-(j*{o4o~L7qQs z0}3qyUB0zQ!Zr5E&_=hl8fY&`f^E|tAPCm&Zb%99xN$?#GQ|Z~^T0niAjZCa^{-N$ zm}XNwo-fx_nS5`9tT)p`qJ@1Uz*+1-MRQzjbR;vRcAR(nzDYynj->ZRr?u_(Gk>;}RW2W6z!cOP2AE@4cFi*3=^-~45BO-9nPb?|Dw-FwqliU4XQP2Od8LoyD` z6zIl^RSKUsgI|wtFUC{AZJV9ck9?=15QRE`ojj3E@91*nLQfk8s=F7cDID9C3J@BCwm3yFp)Rn0ml4(I^l2aOysc z73^?#lqfe3h$TcB&@@K7p;_=pz8<=^H^FBxEw+A>&6%gZh?dI0C@Z3jSid8--&f+E z;eF-^|o?Cf{M*7VZRrg?al&dp|Xo7Js2DBTr$ zQAXKeJGP2UAx4vO+3@~{Ku%t{>jV8Zgb zHozQJMrw51x`4~)8>0$?4>1vIs7qA`8%z~jey>st=xxT49@}LrgvKQPTN}G?1#|p# zFtn8XjijJj1Qe5whMX&W+brJUt5#H~>U-`Xc(=Z3{ttFv6b!}Zzi1r>U%qT>$|p=Ou3 z53E6x_yQvZFZPIIcFgbRZsY2KL#Hc!_Mv6FO?maqE~M6idSS@D0sC2lQ!hrPu0qYx z)$MqU2r`dpvtr&t(Jzjo4@+37Sna%+rVs|&rRSY@Neo*`zdW#UOcz*oPY>VFQbGnsJl}6Q z&CiWenT7>Go-4NV!zS5UA4Bs3ba8&+PWQ;>7I?W0$S}f(*Dc?4)=P-+ptB%ww_7x70=*EPgIMWq2LgeHGYY2{h^9KY zKJo*OS*ms7!q)$n#8#T9BMEHp3;Lic=+(elmg7<997i0hUkt*oj~o6)G_b_Tq7Hr# zPji#+qIk(${&6C_q|!2j^j|g}lv(sY+}WAK`Ik#r{$N~wm>(5RiMtRG#Q8cptku8; zbxciL(-(ZlrV&XT&;)n5QLOjNzwz%wr@hd_wq+_OhckoDhim+PnO;m2r=CO?l4Lus z@^TK7UYBZvG%n|)@IffPtJc1^mQJpV3H&NH5&84gZ>b3Wl?mu+CBqE0O*V!?&5zZZ z&<%ffv#ZL{jllv%{-2sqo`qj{F2HFx!0xJ?r!RXdPIM|#@^cF%zV2v^wc^f@z|eE3 zuS*=;bj8x;=RfHNfc_a1a9ris^nJ_~qpb0);a${S`#|Bg+1+A$>X=F*eTHo&w$?}23rI01#GAiratZ})R!~#SGRort#X7&*M z7*jF%F%C*A;xJNi(dHK^s7kzcUV#PAP@4!b=~rGkD*OKHx^zYr0V~U_x7owZ@DUda zc`{jdV$;Bv?_=5oZ>9N=-|C+m5M?;4eNm=Y^2deR${wdnxUlRE`?nWLv&y|k)SFgV z>o~!|8K|In0b-qj!{M3taxZ)Sc?VB;6gj6XB`8fod05(V!+klY!PV{0r|+IEJUb zrl;TZohUoH=SmVV-`=4DkmBr}%&)}+@`I5j48@sPeds`UW?kQJwGT9VDz=Y8f$bG1 z)@Nt$v&|gZb@F};HZvgK^l?3hR8$%KO9l1%GUXcEN+K17tl8vo!*a^T*KkJ5%Erzi zAuZ?K7B9YN4JF%y1Hc3c0`a|Uj3ML}E{Pp? zjl&%y=iiKDRw!?a%<4xx4Y$#v=?vg1|~o#kT0I{Vc(744m%j(?0+ zW@X;C!P(#$%i^sST3JxJ@jeU573dLNSmmO@PX?_N|Ku;YeZKhr-a<1A4=WGACblD2zs;5GnfLyB zKR?JiWH4S-(87h-<^E=T)EWWCjVLT{aECChiEhqL;4sla;(R8WoAL>+$!n?~O(c4h(U&JEj zfy9sdCl=i20ProkU1e@ud)hT;;_%jIYe=r!U;>BrILOSHOZ2{NV*yVlBSxe(l z?bsbRfcxqdCz&0eo2=YJt(3*6H!P2*J0Fh=e|0ec94^4sj%!9x+J|FzV5Kly8xor| zwBIkHft>xnxD{3tw8^?^fyS^$>AkFmSOw)%q$^zvCw)S#(Nsk?8?5EJ)AO2i&`>`{M%~UKTg8nh#RI*;@GB z&bx|lJtyuAiDqMi{>uye8v3S+vQ2%A@csheN__Vgc0e4BM3pad1{sCy;7q*bdOepC z;%2p1h1H0J-9CPmSvqyx^!jj`$s-QFn3X~Q}sWQB=wT>dK=urz}k`Uz%%Axfj~Jx z%8QMy>uo}^o+D52&xJ8JE50I)w{Q($4Kr}$Xv`j_Uvd)V7vAh^++AsS-*qAL`f$CV zfqG;}l;k=b?Rwa+u8|wD8%~2JW^`28Bx`DYl1xrzSOTYq^&Qf02F z*&u0OLk)r#vB{S`XFCpH4JSUST}V0yEWGVx=Jgm)>WYnI&(1}Njcs@;fsylwFyu`F z^3=|1-=s#o&k=T5yS~B?i@*$Y0pIcouu~dj_9Dp!cmTra7VU6!aC4L>`*$uvQaHO_ zxwBi!=v8|!qAU&u#5p3sD#&FXEPeJfUBVwoTD5M{hk&gwvAhCkO0<582CBsV~Y8tj< zd9ZZ%quc6epP}Kjl!p~KW1zu=b6GOPx;P@K=h%z3Az>VJZ8EmHvegU{NcaxED1b$kurL#%kQ z6W@&t8gMSndN1GsN&>&^sSaPaFg4(&DC&Uf^_#AP1@p^EphIl28}{q;dFhFs85w9A zbT6dsS^jSp6FJOJ&PzX3J^7%HFmj_g>a%E2CmA)jKeX5%ME6x#05dA$NnmoxvaKX- zR%HJ#>X|>&UdW=eR?WCDm6;3V#B=neWVW#qUM_`f@aziwMRgqj0001D);wn;^2VJ2 a0oopbumk{DPfO#m#Ao{g000001X)@~KdX)a literal 0 HcmV?d00001 diff --git a/production/nginx/nginx/sites-enabled/bbb b/production/nginx/nginx/sites-enabled/bbb new file mode 120000 index 0000000..21784d0 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/bbb @@ -0,0 +1 @@ +../sites-available/bbb \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/chat b/production/nginx/nginx/sites-enabled/chat new file mode 120000 index 0000000..abb419a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/chat @@ -0,0 +1 @@ +../sites-available/chat \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/codimd b/production/nginx/nginx/sites-enabled/codimd new file mode 120000 index 0000000..6b9545e --- /dev/null +++ b/production/nginx/nginx/sites-enabled/codimd @@ -0,0 +1 @@ +../sites-available/codimd \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/crossposter b/production/nginx/nginx/sites-enabled/crossposter new file mode 120000 index 0000000..932e8d6 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/crossposter @@ -0,0 +1 @@ +../sites-available/crossposter \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/defaultdrop b/production/nginx/nginx/sites-enabled/defaultdrop new file mode 120000 index 0000000..0ab00dd --- /dev/null +++ b/production/nginx/nginx/sites-enabled/defaultdrop @@ -0,0 +1 @@ +../sites-available/defaultdrop \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/dvwa b/production/nginx/nginx/sites-enabled/dvwa new file mode 120000 index 0000000..53c8520 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/dvwa @@ -0,0 +1 @@ +../sites-available/dvwa \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/elastic b/production/nginx/nginx/sites-enabled/elastic new file mode 120000 index 0000000..5c0e113 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/elastic @@ -0,0 +1 @@ +../sites-available/elastic \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/etherpad b/production/nginx/nginx/sites-enabled/etherpad new file mode 120000 index 0000000..d6f2d02 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/etherpad @@ -0,0 +1 @@ +../sites-available/etherpad \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/familyark b/production/nginx/nginx/sites-enabled/familyark new file mode 120000 index 0000000..5a7e918 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/familyark @@ -0,0 +1 @@ +../sites-available/familyark \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/g b/production/nginx/nginx/sites-enabled/g new file mode 120000 index 0000000..b482f9d --- /dev/null +++ b/production/nginx/nginx/sites-enabled/g @@ -0,0 +1 @@ +../sites-available/g \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/games b/production/nginx/nginx/sites-enabled/games new file mode 120000 index 0000000..2195f65 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/games @@ -0,0 +1 @@ +../sites-available/games \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/gitea b/production/nginx/nginx/sites-enabled/gitea new file mode 120000 index 0000000..7eeccfb --- /dev/null +++ b/production/nginx/nginx/sites-enabled/gitea @@ -0,0 +1 @@ +../sites-available/gitea \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/glances b/production/nginx/nginx/sites-enabled/glances new file mode 120000 index 0000000..b3da89c --- /dev/null +++ b/production/nginx/nginx/sites-enabled/glances @@ -0,0 +1 @@ +../sites-available/glances \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/gnusocial b/production/nginx/nginx/sites-enabled/gnusocial new file mode 120000 index 0000000..75fdc4c --- /dev/null +++ b/production/nginx/nginx/sites-enabled/gnusocial @@ -0,0 +1 @@ +../sites-available/gnusocial \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/grafana b/production/nginx/nginx/sites-enabled/grafana new file mode 120000 index 0000000..4ef0c3e --- /dev/null +++ b/production/nginx/nginx/sites-enabled/grafana @@ -0,0 +1 @@ +../sites-available/grafana \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/hatthieves.es b/production/nginx/nginx/sites-enabled/hatthieves.es new file mode 120000 index 0000000..0d3cf7d --- /dev/null +++ b/production/nginx/nginx/sites-enabled/hatthieves.es @@ -0,0 +1 @@ +../sites-available/hatthieves.es \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/icecast2 b/production/nginx/nginx/sites-enabled/icecast2 new file mode 120000 index 0000000..a31e5c8 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/icecast2 @@ -0,0 +1 @@ +../sites-available/icecast2 \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/ipfs b/production/nginx/nginx/sites-enabled/ipfs new file mode 120000 index 0000000..e09d4fd --- /dev/null +++ b/production/nginx/nginx/sites-enabled/ipfs @@ -0,0 +1 @@ +../sites-available/ipfs \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/jitsi b/production/nginx/nginx/sites-enabled/jitsi new file mode 120000 index 0000000..2024762 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/jitsi @@ -0,0 +1 @@ +../sites-available/jitsi \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/kanban b/production/nginx/nginx/sites-enabled/kanban new file mode 120000 index 0000000..e5fa89f --- /dev/null +++ b/production/nginx/nginx/sites-enabled/kanban @@ -0,0 +1 @@ +../sites-available/kanban \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/kibana b/production/nginx/nginx/sites-enabled/kibana new file mode 120000 index 0000000..dcd0d0a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/kibana @@ -0,0 +1 @@ +../sites-available/kibana \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/magicworld b/production/nginx/nginx/sites-enabled/magicworld new file mode 120000 index 0000000..e5ec20b --- /dev/null +++ b/production/nginx/nginx/sites-enabled/magicworld @@ -0,0 +1 @@ +../sites-available/magicworld \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/mastodon b/production/nginx/nginx/sites-enabled/mastodon new file mode 120000 index 0000000..be97a3a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/mastodon @@ -0,0 +1 @@ +../sites-available/mastodon \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/meta b/production/nginx/nginx/sites-enabled/meta new file mode 120000 index 0000000..c60863b --- /dev/null +++ b/production/nginx/nginx/sites-enabled/meta @@ -0,0 +1 @@ +../sites-available/meta \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/modernxsdepueblo b/production/nginx/nginx/sites-enabled/modernxsdepueblo new file mode 100644 index 0000000..5dd738a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/modernxsdepueblo @@ -0,0 +1,37 @@ +server { + listen 80; + listen [::]:80; + server_name *.modernxsdepueblo.com modernxsdepueblo.com; + return 301 https://$host$request_uri; +} + +#server { +# listen 443 ssl http2; +# server_name www.defaultdrop.net; +# ssl_certificate /etc/nginx/defaultdrop.pem; +# ssl_certificate_key /etc/nginx/defaultdrop.pem; +# location / { +# return 301 https://www.$host$request_uri; +# } +#} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.modernxsdepueblo.com modernxsdepueblo.com; + ssl_certificate /etc/nginx/modernxsdepueblo.cert; + ssl_certificate_key /etc/nginx/modernxsdepueblo.key; + location / { + proxy_pass http://172.19.0.4:80; +# proxy_pass http://172.19.0.3:80; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } + +} + diff --git a/production/nginx/nginx/sites-enabled/mumble b/production/nginx/nginx/sites-enabled/mumble new file mode 120000 index 0000000..f124650 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/mumble @@ -0,0 +1 @@ +../sites-available/mumble \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/netdata b/production/nginx/nginx/sites-enabled/netdata new file mode 120000 index 0000000..db91f7a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/netdata @@ -0,0 +1 @@ +../sites-available/netdata \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/nextcloud b/production/nginx/nginx/sites-enabled/nextcloud new file mode 120000 index 0000000..091cd47 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/nextcloud @@ -0,0 +1 @@ +../sites-available/nextcloud \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/p2p b/production/nginx/nginx/sites-enabled/p2p new file mode 120000 index 0000000..2abc682 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/p2p @@ -0,0 +1 @@ +../sites-available/p2p \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/panycirco b/production/nginx/nginx/sites-enabled/panycirco new file mode 100644 index 0000000..03e0f0a --- /dev/null +++ b/production/nginx/nginx/sites-enabled/panycirco @@ -0,0 +1,37 @@ +server { + listen 80; + listen [::]:80; + server_name panycirco.es; + return 301 https://$host$request_uri; +} + +#server { +# listen 443 ssl http2; +# server_name www.defaultdrop.net; +# ssl_certificate /etc/nginx/defaultdrop.pem; +# ssl_certificate_key /etc/nginx/defaultdrop.pem; +# location / { +# return 301 https://www.$host$request_uri; +# } +#} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name panycirco.es; + ssl_certificate /etc/nginx/panycirco.cert; + ssl_certificate_key /etc/nginx/panycirco.key; + location / { + proxy_pass http://172.19.0.4:80; +# proxy_pass http://172.19.0.3:80; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } + +} + diff --git a/production/nginx/nginx/sites-enabled/peertube b/production/nginx/nginx/sites-enabled/peertube new file mode 120000 index 0000000..1a5bc31 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/peertube @@ -0,0 +1 @@ +../sites-available/peertube \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/pleroma b/production/nginx/nginx/sites-enabled/pleroma new file mode 120000 index 0000000..cecba4c --- /dev/null +++ b/production/nginx/nginx/sites-enabled/pleroma @@ -0,0 +1 @@ +../sites-available/pleroma \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/pleroma-old b/production/nginx/nginx/sites-enabled/pleroma-old new file mode 120000 index 0000000..68a9fb2 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/pleroma-old @@ -0,0 +1 @@ +../sites-available/pleroma-old \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/privatebin b/production/nginx/nginx/sites-enabled/privatebin new file mode 120000 index 0000000..7bc5dcb --- /dev/null +++ b/production/nginx/nginx/sites-enabled/privatebin @@ -0,0 +1 @@ +../sites-available/privatebin \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/radioelliptica b/production/nginx/nginx/sites-enabled/radioelliptica new file mode 100644 index 0000000..469d4b4 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/radioelliptica @@ -0,0 +1,54 @@ +server { + listen 80; + listen [::]:80; + server_name stream.radioelliptica.org; + location / { + proxy_pass http://172.129.0.101:8000; +# proxy_pass http://172.19.0.3:80; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + } + +} + +server { + listen 80; + listen [::]:80; + server_name radioelliptica.org; + return 301 https://$host$request_uri; +} + +#server { +# listen 443 ssl http2; +# server_name www.defaultdrop.net; +# ssl_certificate /etc/nginx/defaultdrop.pem; +# ssl_certificate_key /etc/nginx/defaultdrop.pem; +# location / { +# return 301 https://www.$host$request_uri; +# } +#} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name radioelliptica.org; + ssl_certificate /etc/nginx/radioelliptica.cert; + ssl_certificate_key /etc/nginx/radioelliptica.key; + location / { + proxy_pass http://172.19.0.4:80; +# proxy_pass http://172.19.0.3:80; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"'; + } + +} + diff --git a/production/nginx/nginx/sites-enabled/registry b/production/nginx/nginx/sites-enabled/registry new file mode 120000 index 0000000..695a76d --- /dev/null +++ b/production/nginx/nginx/sites-enabled/registry @@ -0,0 +1 @@ +../sites-available/registry \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/rocketchat b/production/nginx/nginx/sites-enabled/rocketchat new file mode 120000 index 0000000..466bea4 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/rocketchat @@ -0,0 +1 @@ +../sites-available/rocketchat \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/tail b/production/nginx/nginx/sites-enabled/tail new file mode 120000 index 0000000..d84b3f2 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/tail @@ -0,0 +1 @@ +../sites-available/tail \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/theia b/production/nginx/nginx/sites-enabled/theia new file mode 120000 index 0000000..cb39935 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/theia @@ -0,0 +1 @@ +../sites-available/theia \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/tpmw b/production/nginx/nginx/sites-enabled/tpmw new file mode 120000 index 0000000..0ef3173 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/tpmw @@ -0,0 +1 @@ +../sites-available/tpmw \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/traefik b/production/nginx/nginx/sites-enabled/traefik new file mode 120000 index 0000000..ea11af1 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/traefik @@ -0,0 +1 @@ +../sites-available/traefik \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/video b/production/nginx/nginx/sites-enabled/video new file mode 120000 index 0000000..6dc9cac --- /dev/null +++ b/production/nginx/nginx/sites-enabled/video @@ -0,0 +1 @@ +../sites-available/video \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/voip b/production/nginx/nginx/sites-enabled/voip new file mode 120000 index 0000000..d97f472 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/voip @@ -0,0 +1 @@ +../sites-available/voip \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/webmail b/production/nginx/nginx/sites-enabled/webmail new file mode 120000 index 0000000..557fc24 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/webmail @@ -0,0 +1 @@ +../sites-available/webmail \ No newline at end of file diff --git a/production/nginx/nginx/sites-enabled/wordpress b/production/nginx/nginx/sites-enabled/wordpress new file mode 120000 index 0000000..aa8b411 --- /dev/null +++ b/production/nginx/nginx/sites-enabled/wordpress @@ -0,0 +1 @@ +../sites-available/wordpress \ No newline at end of file diff --git a/production/nginx/nginx/snippets/fastcgi-php.conf b/production/nginx/nginx/snippets/fastcgi-php.conf new file mode 100644 index 0000000..467a9e7 --- /dev/null +++ b/production/nginx/nginx/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?\.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/production/nginx/nginx/snippets/snakeoil.conf b/production/nginx/nginx/snippets/snakeoil.conf new file mode 100644 index 0000000..ad26c3e --- /dev/null +++ b/production/nginx/nginx/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/production/nginx/nginx/uwsgi_params b/production/nginx/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/production/nginx/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/production/nginx/nginx/win-utf b/production/nginx/nginx/win-utf new file mode 100644 index 0000000..774fd9f --- /dev/null +++ b/production/nginx/nginx/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +}