ale/docker-compose-hatthieves
2
Fork 0
Código Incidencias Pull Requests Lanzamientos Wiki Actividad

nginx

Explorar el Código
Este commit está contenido en:
Your Name
2020-05-27 18:27:34 +00:00
padre 85ef25bc4e
commit 317639d496
Se han modificado 134 ficheros con 2237 adiciones y 0 borrados
Descargar archivo de parche Descargar archivo de diferencias Expandir todos los archivos Contraer todos los archivos

246
production/nginx/docker-compose.yml Archivo normal
Ver fichero

@@ -0,0 +1,246 @@
version: '2.1'
services:
nginx:
build: ./docker-nginx-http3
# image: nwtgck/nginx-http3
# image: ranadeeppolavarapu/nginx-http3
# build: ./nginx
hostname: nginx
container_name: nginx
restart: always
# entrypoint:
# - /bin/bash
# - /etc/nginx/entrypoint.sh
volumes:
- ./nginx:/etc/nginx
- /opt/docker/secure/fullchain.pem:/etc/nginx/hatthieves.crt:ro
- /opt/docker/secure/privkey.pem:/etc/nginx/hatthieves.key:ro
- /root/letsencrypt/hatthieves.com/fullchain.pem:/etc/nginx/hatthieves.com.crt:ro
- /root/letsencrypt/hatthieves.com/privkey.pem:/etc/nginx/hatthieves.com.key:ro
- ./nginx/nginx.conf:/usr/local/nginx/conf/nginx.conf
- ./logs:/usr/local/nginx/logs
ports:
- "80:80"
# - "2001:ba0:1800:80e0::1:80:80"
- "443:443"
# - "2001:ba0:1800:80e0::1:443:443"
- "443:443/udp"
# - "2001:ba0:1800:80e0::1:443:443/udp"
# cap_add:
# - NET_BIND_SERVICE
# sysctls:
# - net.ipv6.conf.all.disable_ipv6=0
# - net.ipv6.bindv6only=0
# - net.ipv6.conf.all.forwarding=1
# cap_add:
# - NET_ADMIN
networks:
mynet:
ipv4_address: 172.10.0.101
ipv6_address: 2001:db8:2::101
gollum:
haraka:
gitea:
pad:
rocket:
defaultdrop:
registry:
pleroma:
ipfs:
doom:
nextcloud:
magicworld:
peertube:
g:
pleroma-test:
icecast2:
gnusocial:
jitsi:
tpmw:
wordpress:
familyark:
crossposter:
kamailio:
privatebin:
glances:
tail:
arjion:
kanban:
theia:
nms:
dvwa:
bbb:
traefik:
elk:
codimd:
netdata:
youtube:
mumbleweb:
p2p:
networks:
mynet:
enable_ipv6: true
driver: bridge
ipam:
config:
- subnet: 172.10.0.0/24
- subnet: 2001:db8:2::/64
gollum:
external:
name: gollum_mynet
haraka:
external:
name: harakawildduck_mynet
gitea:
external:
name: gitea_mynet
pad:
external:
name: etherpad_mynet
rocket:
external:
name: rocket_mynet
defaultdrop:
external:
name: bikini
registry:
external:
name: registry_mynet
pleroma:
external:
name: pleroma_mynet
ipfs:
external:
name: ipfs_mynet
doom:
external:
name: web_mynet
nextcloud:
external:
name: nextcloud_mynet
magicworld:
external:
name: magicworld_mynet
peertube:
external:
name: peertube_mynet
g:
external:
name: g_mynet
pleroma-test:
external:
name: pleromatest_mynet
icecast2:
external:
name: icecast2_mynet
gnusocial:
external:
name: gnusocial_mynet
jitsi:
external:
name: jitsimeet_mynet
tpmw:
external:
name: magicworldphoenix_mynet
wordpress:
external:
name: wordpress_mynet
familyark:
external:
name: familyark_mynet
crossposter:
external:
name: crossposter_mynet
kamailio:
external:
name: kamailio_mynet
privatebin:
external:
name: privatebin_mynet
glances:
external:
name: glances_mynet
tail:
external:
name: tail_mynet
arjion:
external:
name: arjion_mynet
kanban:
external:
name: kanban_mynet
theia:
external:
name: theia_mynet
nms:
external:
name: nms_mynet
dvwa:
external:
name: dvwa_mynet
bbb:
external:
name: bigbluebutton_mynet
traefik:
external:
name: traefik_mynet
elk:
external:
name: elk_mynet
codimd:
external:
name: codimd_mynet
netdata:
external:
name: netdata_mynet
youtube:
external:
name: youtube_mynet
mumbleweb:
external:
name: mumbleweb_mynet
p2p:
external:
name: p2p_mynet

2
production/nginx/nginx/Dockerfile Archivo normal
Ver fichero

@@ -0,0 +1,2 @@
FROM debian:sid-slim
RUN apt update && apt -y upgrade && apt -y install nginx nginx-extras && apt clean

50
production/nginx/nginx/conf.d/hatthieves.conf Archivo normal
Ver fichero

@@ -0,0 +1,50 @@
server {
listen 80 default_server;
listen 80 default_server quic reuseport;
listen [::]:80 default_server;
listen [::]:80 default_server quic reuseport;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name _;
# index index.html index.htm;
ssl_certificate /etc/nginx/hatthieves.crt;
ssl_certificate_key /etc/nginx/hatthieves.key;
ssl_dhparam /etc/nginx/dhparam.pem;
# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
server {
listen 443 ssl http2;
listen 443 default_server quic reuseport;
listen [::]:443 ssl http2;
listen [::]:443 default_server quic reuseport;
server_name hatthieves.com *.hatthieves.com;
# index index.html index.htm;
ssl_certificate /etc/nginx/hatthieves.com.crt;
ssl_certificate_key /etc/nginx/hatthieves.com.key;
ssl_dhparam /etc/nginx/dhparam.pem;
# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
location / {
return 301 https://www.hatthieves.es;
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
}
}

28
production/nginx/nginx/defaultdrop-privkey.pem Archivo normal
Ver fichero

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtYhU7lRu3xOwl
LlbK1GwZJoHHsL9k+J5b9WRtBt6/oUB00eK6XyNFrpazhw/H+ycXXiSETiNvvrwX
NzLY1AIHk/uTgBNT76zfqARFyUhg0bvXM0Hk+3vuLDw8FEySnz2W5oGBpNu3KnGp
jIEMKGgm9g0j5Xj4bZzeGxKNgrcCAmXg2WEyxTBkdMkIA4sBaR75r30y6hol7Flr
2hjuVoIj4gbM/m8U9leTnOJ1vOeBGm0rPYLoDGUvhG4L876Ho1r5eB3hq6U8PJBm
rSugl56XyXzTf2X5XmT1GDRTCQqN+xWG3SCS71v4oGYBAxgkD54SABavxhKPio9R
lhJQzOvnAgMBAAECggEBAIT6LP69pbyUM+lwWPDHawD/H5pgXOq8I/izhIp6Mm0W
57CxKQt33D2dYcffVqMyZRDvC2LN6y/RQcEsfLsAH25geRrvp+NAd34yBtTfQ7u+
ICs1DNzqZGqPUsNhbjkmGL6bm8grALjCvNolAPSqKPd4zysw3E7tAtr2OIyALIxE
t0keTI5IXaAFkkemH62QiKt0AIsxEnOPpg8qmW++9awEudVFQagU16d/cbpOimED
8EUEfU3r2vS5xzdQhP8m3mHNhvbfKSI51wcH+3gx2tPCJYG6pBxjK+y1EoQTvFbg
pf8eQV29RedNDf8thNIPs5nNEYRqTfm+6u/lf2NiFcECgYEA2AUKoio7iq8CHqiT
Enljb54pHQFGQSJA0ubvScgVzTJz5xQZS7ffje2xHrhpp/l1yu16oW9qPYCtgDHx
x2OjI+7G4jBC30/FLUcV7mgep6Q3PsaU1Mb2woOy0W1SkObYXyaCeh0rlHQ12ABX
FZehUkjA1p55JkCf/p1dCuEnplsCgYEAzXjuntzArHhvwssLYuCE29Sitr132vJN
UKkYZk0KNA1JljK6E4cF67BQw8/nSoiB3zDSJfN5KUTg+RdzyNsrihOOBpR9bkZA
vfB0OgA3rQ1rPjwEP1hsZm0nS4tuWsuy9xSWdhNVBCm+a+CrVnHCuzc2zJbNTEhU
2EINrh5u/mUCgYB/ACfKQ04SMOXsJGujFt7RBolhVhh5vquh0sen9wxqQVlG59gf
XhD+nlndl8n2SYFpNsk8FAa/9eELV1GwSfHl9EHVRU5rf7iK8BoCuhAbuz4HmDR0
DC2TGl6NJdq++hkHh9p59KBkfRYS0dBhD252s/M7upu7U4884EONW+Y1tQKBgFUQ
h9mFEs9UXRCL9v7MbLSF54c4EXK3dYK7Prq7kknSZnCkN5z1/WGB8S3f2KVmtj2s
fJPxpGuNdIYrS2gQNIpJZjcbKoKI2yzHa5bHmEUwlQGC309KUDZnYilIZDt6sXDR
OSlQ/5VloswOi2CSYEgZp7ozhHLcTyPo1LkNKG5xAoGBAIk1BD3X4Reey+yg24J8
wNeRrD8TkvQNFTxRsOIFiuuFUA1c9lOJAEGj+/MIpQEB3HVklbMYI5MLt64m+Fze
dGRTl1stQ1XeyqisE3YJ3mwcXgwBi2vuX8Hi9b6QquMWvNV8Gbss7LOVaXTLfqa2
JUU+wsKZFFi2ffB67VPeKjbh
-----END PRIVATE KEY-----

58
production/nginx/nginx/defaultdrop.pem Archivo normal
Ver fichero

@@ -0,0 +1,58 @@
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISA60nQCGaO0x4aNwAtDacXhFmMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMTcxOTIwMjZaFw0y
MDA2MTUxOTIwMjZaMBwxGjAYBgNVBAMMESouZGVmYXVsdGRyb3AubmV0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWIVO5Ubt8TsJS5WytRsGSaBx7C/
ZPieW/VkbQbev6FAdNHiul8jRa6Ws4cPx/snF14khE4jb768Fzcy2NQCB5P7k4AT
U++s36gERclIYNG71zNB5Pt77iw8PBRMkp89luaBgaTbtypxqYyBDChoJvYNI+V4
+G2c3hsSjYK3AgJl4NlhMsUwZHTJCAOLAWke+a99MuoaJexZa9oY7laCI+IGzP5v
FPZXk5zidbzngRptKz2C6AxlL4RuC/O+h6Na+Xgd4aulPDyQZq0roJeel8l8039l
+V5k9Rg0UwkKjfsVht0gku9b+KBmAQMYJA+eEgAWr8YSj4qPUZYSUMzr5wIDAQAB
o4ICdTCCAnEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSD3Nre/viHhFe4gOcJCclU
3elQwDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMC0GA1UdEQQmMCSCESouZGVmYXVsdGRyb3AubmV0gg9kZWZhdWx0ZHJv
cC5uZXQwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggr
BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5
AgQCBIHzBIHwAO4AdQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AXDqJ5AdAAAEAwBGMEQCIGqLWqENQc/8h3QmK+k+TYsV8etQQgbcMYBIbj4nZ7Mz
AiBfIzRoRUmUoFcW/Z88Uh3LQ1rBn3Zuk/SoS7enWmCvswB1ALIeBcyLos2KIE6H
ZvkruYolIGdr2vpw57JJUy3vi5BeAAABcOonkAoAAAQDAEYwRAIgHH11ABo+SUo2
G/k9GmNZk5Ubq+awToZPVvBvJpTDR0MCIELd7gwq2Nw7SSf2oUZVMk1rnOO/fnrK
LJR+9L2/xnMBMA0GCSqGSIb3DQEBCwUAA4IBAQCHBiFuDFA16/SzQzbtRZm1TRLK
2SktOndgZkzir36tBttAyGGuz4t8KGO1CPBbCi3l0eBr7I/pnfx9c5MP04478em4
cCGqWjyhvKjNPprNsjwCt7paqQtmoHqbCWogGCsDim8NgWSA+qx+PHWBjVGr3L2r
2Bu6fBGQb1edSmrtKrxr6YUDVeOf6T0LfCttgGpu5fcIw7ScjPH2/uQrV5u2g6Ze
ydct7HLBu+bsbXxjjRhGUQZ7Szu0hP2YzyXZhwWFtA+F0wdqAJXWrJbtv2zENqMe
QfPQamnoyjMLkF0b3tlt37tMvK83PkG9/WD/qqHuYkiv+K7/aPKENgUzF4ps
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

13
production/nginx/nginx/dhparam.pem Archivo normal
Ver fichero

@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA57hgX4cjMTAsXfuMi1DBzfe6ueq77w0aqFSRlPOSsyCjDNIF3jJ2
cHmhODLeZi5dDde6eGkNjVuBleWUoJhUqC/8eWHOJtWyEcJ98ACK/vgCJbYQ9Z7y
eBK4hp4PwJKD2jTCzb55qMw7pXVaxptoY488nmIURkZRBImPMkJBzUhlg+p2NzgJ
KP9DVBzaOZIRv7suSD90DP2xTImA/nE6rSBrLrmIHVdB3QJ/nw+E8U/p1sGxDuPG
XUoqhUMckczMAqVjg/VnG91bkfXZi0AOvTz48wK1jLYku/DK+WUczJw9qmIyYCBG
h+JdYIJaUJc5R1nwS20AtkNmpGSZll4XfHshB5eOEdgr9fxPsY27pKuQVnslAEqU
psfUHSrKEgadohNapiPQH9DyuXCqiifp5fdHyK9nob2OYsYsZzSebzvCDiNA1Hu7
8st30JB3EHAb6qVLcqYQuS6qhKMPLhzp4KK5J/GwotwqNRZpS4eKa8lO1tOm/mVI
7rSW2Hg3ZzsL0nr7sKb3p5gRyhKz80j5whrxRAwIVmeWHJrebPbA3gMpGdF4kiPA
HB05kED1USqmhnZv1T1oCYr3p6UawrK6+3b/6SxLV06p+cfI0ypoW8ExMpE9ynxF
/koOqNbjqK2M3cvyLhDS8ikK1238HP5q/e+G0fQ5YFWKcuPQi6ZSVfsCAQI=
-----END DH PARAMETERS-----

3
production/nginx/nginx/entrypoint.sh Archivo normal
Ver fichero

@@ -0,0 +1,3 @@
#!/bin/bash
/etc/init.d/nginx start
/bin/sleep infinity

26
production/nginx/nginx/fastcgi.conf Archivo normal
Ver fichero

@@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
production/nginx/nginx/fastcgi_params Archivo normal
Ver fichero

@@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

109
production/nginx/nginx/koi-utf Archivo normal
Ver fichero

@@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
production/nginx/nginx/koi-win Archivo normal
Ver fichero

@@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
production/nginx/nginx/mime.types Archivo normal
Ver fichero

@@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

1
production/nginx/nginx/modules-enabled/10-mod-http-ndk.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-ndk.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-auth-pam.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-auth-pam.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-cache-purge.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-cache-purge.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-dav-ext.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-dav-ext.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-echo.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-echo.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-fancyindex.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-fancyindex.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-geoip.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-headers-more-filter.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-headers-more-filter.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-image-filter.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-image-filter.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-lua.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-lua.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-perl.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-perl.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-subs-filter.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-subs-filter.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-uploadprogress.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-uploadprogress.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-upstream-fair.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf

1
production/nginx/nginx/modules-enabled/50-mod-http-xslt-filter.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf

1
production/nginx/nginx/modules-enabled/50-mod-mail.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-mail.conf

1
production/nginx/nginx/modules-enabled/50-mod-nchan.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-nchan.conf

1
production/nginx/nginx/modules-enabled/50-mod-stream.conf Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream.conf

92
production/nginx/nginx/nginx.conf Archivo normal
Ver fichero

@@ -0,0 +1,92 @@
#user www-data;
worker_processes 4;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 256;
# multi_accept on;
}
http {
##
# Basic Settings
##
client_max_body_size 10M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /usr/local/nginx/logs/access.log main;
# error_log /usr/local/nginx/logs/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_tokens off;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

4
production/nginx/nginx/proxy_params Archivo normal
Ver fichero

@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

1
production/nginx/nginx/registry.htpasswd Archivo normal
Ver fichero

@@ -0,0 +1 @@
docker:$apr1$/l68L6xX$mymg9DNDAxQDs5S0.QIQp.

17
production/nginx/nginx/scgi_params Archivo normal
Ver fichero

@@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

21
production/nginx/nginx/security.conf Archivo normal
Ver fichero

@@ -0,0 +1,21 @@
header_filter_by_lua_block {
if not string.find(ngx.req.get_headers()["Host"], "defaultdrop.net") then
if not string.find(ngx.req.get_headers()["Host"], "talk.hatthieves.es") and not string.find(ngx.req.get_headers()["Host"], "metrics.hatthieves.es") and not string.find(ngx.req.get_headers()["Host"], "meet.hatthieves.es") then
ngx.header["X-Frame-Options"] = "SAMEORIGIN";
else
ngx.header["X-Frame-Options"] = "ALLOWALL";
end
if string.find(ngx.req.get_headers()["Host"], "social.hatthieves.es") then
ngx.header["Content-Security-Policy"] = "default-src 'none' 'unsafe-inline' https://talk.hatthieves.es; base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://social.hatthieves.es wss://social.hatthieves.es https://talk.hatthieves.es wss://talk.hatthieves.es; script-src 'self' 'unsafe-inline' https://talk.hatthieves.es wss://talk.hatthieves.es; upgrade-insecure-requests;";
end
if string.find(ngx.req.get_headers()["Host"], "webmail.hatthieves.es") then
ngx.header["Content-Security-Policy"] = "default-src 'none' 'unsafe-inline' https://metrics.hatthieves.es; base-uri 'self'; frame-ancestors 'none' https://metrics.hatthieves.es; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://social.hatthieves.es wss://social.hatthieves.es https://metrics.hatthieves.es; script-src 'self' 'unsafe-inline' https://metrics.hatthieves.es; upgrade-insecure-requests;";
end
ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains";
ngx.header["X-Download-Options"] = "noopen";
ngx.header["X-Content-Type-Options"] = "nosniff";
ngx.header["Referrer-Policy"] = "same-origin";
ngx.header["X-XSS-Protection"] = "1; mode=block";
ngx.header["X-Permitted-Cross-Domain-Policies"] = "none";
end
}

19
production/nginx/nginx/sites-available/bbb Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bbb.hatthieves.es;
client_max_body_size 20G;
location / {
proxy_pass http://172.51.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/chat Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.4.0.101:1337;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/codimd Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name codimd.hatthieves.es hackmd.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.44.0.101:3000;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

21
production/nginx/nginx/sites-available/crossposter Archivo normal
Ver fichero

@@ -0,0 +1,21 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name crossposter.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.7.0.101:3000;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

91
production/nginx/nginx/sites-available/default Archivo normal
Ver fichero

@@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
listen 443 ssl http2 default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

37
production/nginx/nginx/sites-available/defaultdrop Archivo normal
Ver fichero

@@ -0,0 +1,37 @@
server {
listen 80;
listen [::]:80;
server_name *.defaultdrop.net defaultdrop.net;
return 301 https://$host$request_uri;
}
#server {
# listen 443 ssl http2;
# server_name www.defaultdrop.net;
# ssl_certificate /etc/nginx/defaultdrop.pem;
# ssl_certificate_key /etc/nginx/defaultdrop.pem;
# location / {
# return 301 https://www.$host$request_uri;
# }
#}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name defaultdrop.net *.defaultdrop.net;
ssl_certificate /etc/nginx/defaultdrop.pem;
ssl_certificate_key /etc/nginx/defaultdrop-privkey.pem;
location / {
proxy_pass http://172.19.0.4:80;
# proxy_pass http://172.19.0.3:80;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

20
production/nginx/nginx/sites-available/dvwa Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vuln.hatthieves.es vulnerable.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.139.0.101;
# auth_basic "Registry realm";
# auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

21
production/nginx/nginx/sites-available/elastic Archivo normal
Ver fichero

@@ -0,0 +1,21 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name elastic.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.1.0.101:9200;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

17
production/nginx/nginx/sites-available/etherpad Archivo normal
Ver fichero

@@ -0,0 +1,17 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pad.hatthieves.es etherpad.hatthieves.es;
location / {
proxy_pass http://172.112.0.101:9001;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

18
production/nginx/nginx/sites-available/familyark Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name familyark.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.29.0.101:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

16
production/nginx/nginx/sites-available/g Archivo normal
Ver fichero

@@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name g.hatthieves.es gore.hatthieves.es;
location / {
proxy_pass http://172.166.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
}
}

23
production/nginx/nginx/sites-available/games Archivo normal
Ver fichero

@@ -0,0 +1,23 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name games.hatthieves.es;
location / {
proxy_pass http://172.22.0.101:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
# location /dos/ {
# rewrite ^/dos(/.*)$ $1 break;
# proxy_pass http://172.22.0.101:8080;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_buffering off;
# }
}

16
production/nginx/nginx/sites-available/gitea Archivo normal
Ver fichero

@@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.hatthieves.es gitea.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.102.0.101:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

20
production/nginx/nginx/sites-available/glances Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name top.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.26.0.101:61208;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/gnusocial Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gnusocial.hatthieves.es;
client_max_body_size 2G;
return 301 https://mastodon.madrid$request_uri;
# location / {
# proxy_pass http://172.132.0.101:80;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_buffering off;
# proxy_http_version 1.1;
# }
}

14
production/nginx/nginx/sites-available/gollum Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.hatthieves.es;
location / {
proxy_pass http://172.120.0.102:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

14
production/nginx/nginx/sites-available/grafana Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name metrics.hatthieves.es;
location / {
proxy_pass http://172.141.0.102:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

9
production/nginx/nginx/sites-available/hatthieves.es Archivo normal
Ver fichero

@@ -0,0 +1,9 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hatthieves.es;
location / {
return 301 https://www.hatthieves.es;
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
}
}

15
production/nginx/nginx/sites-available/icecast2 Archivo normal
Ver fichero

@@ -0,0 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name icecast.hatthieves.es music.hatthieves.es radio.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.129.0.101:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

15
production/nginx/nginx/sites-available/ipfs Archivo normal
Ver fichero

@@ -0,0 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ipfs.hatthieves.es;
location / {
proxy_pass http://172.5.0.101:8080;
# proxy_pass http://172.5.0.101:5001/webui;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

14
production/nginx/nginx/sites-available/jekyll Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.hatthieves.es;
location / {
proxy_pass http://172.4.0.101:4000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

14
production/nginx/nginx/sites-available/jenkins Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jenkins.hatthieves.es ci.hatthieves.es;
location / {
proxy_pass http://172.102.0.103:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

17
production/nginx/nginx/sites-available/jitsi Archivo normal
Ver fichero

@@ -0,0 +1,17 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name meet.hatthieves.es;
location / {
proxy_pass http://172.145.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

20
production/nginx/nginx/sites-available/kanban Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kanban.hatthieves.es scrum.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.27.0.101:8080;
# auth_basic "Registry realm";
# auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

21
production/nginx/nginx/sites-available/kibana Archivo normal
Ver fichero

@@ -0,0 +1,21 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kibana.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.1.0.102:5601;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

16
production/nginx/nginx/sites-available/magicworld Archivo normal
Ver fichero

@@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mw.hatthieves.es magicworld.hatthieves.es;
location / {
proxy_pass http://172.100.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
}
}

36
production/nginx/nginx/sites-available/mastodon Archivo normal
Ver fichero

@@ -0,0 +1,36 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mastodon.hatthieves.es;
client_max_body_size 2G;
return 301 https://mastodon.madrid$request_uri;
# location / {
# proxy_pass http://172.1.0.101:3000;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_buffering off;
# proxy_http_version 1.1;
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
# }
# location /api/v1/streaming {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Proxy "";
# proxy_pass http://172.1.0.101:4000;
# proxy_buffering off;
# proxy_redirect off;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
# tcp_nodelay on;
# }
}

20
production/nginx/nginx/sites-available/meta Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name meta.hatthieves.es hatmeta.hatthieves.es metahat.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.134.0.101:3000;
# auth_basic "Registry realm";
# auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

18
production/nginx/nginx/sites-available/mumble Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mumble.hatthieves.es;
location / {
proxy_pass http://172.60.0.101:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/netdata Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name netdata.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.43.0.101:19999;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

21
production/nginx/nginx/sites-available/nextcloud Archivo normal
Ver fichero

@@ -0,0 +1,21 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.hatthieves.es nextcloud.hatthieves.es;
client_max_body_size 20G;
location / {
proxy_pass http://172.119.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
rewrite ^/\.well-known/carddav(.*)$ /remote.php/dav$1 redirect;
rewrite ^/\.well-known/caldav(.*)$ /remote.php/dav$1 redirect;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
}

28
production/nginx/nginx/sites-available/p2p Archivo normal
Ver fichero

@@ -0,0 +1,28 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name p2p.hatthieves.es;
location / {
proxy_pass http://172.136.0.101:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
location /ws {
proxy_pass http://172.136.0.101:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/peertube Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name peertube.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.115.0.101:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

19
production/nginx/nginx/sites-available/pleroma Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pleroma.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.2.0.101:4000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

20
production/nginx/nginx/sites-available/pleroma-old Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name social.hatthieves.es;
client_max_body_size 2G;
return 301 https://mastodon.madrid$request_uri;
# location / {
# proxy_pass http://172.2.0.101:4000;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_buffering off;
# proxy_http_version 1.1;
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
# }
}

18
production/nginx/nginx/sites-available/pleroma-test Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name anothersocial.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.7.0.101:4000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
}
}

19
production/nginx/nginx/sites-available/privatebin Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name private.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.118.0.101:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

14
production/nginx/nginx/sites-available/prometheus Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name prometheus.hatthieves.es;
location / {
proxy_pass http://172.141.0.101:9090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

26
production/nginx/nginx/sites-available/registry Archivo normal
Ver fichero

@@ -0,0 +1,26 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name docker.hatthieves.es registry.hatthieves.es;
chunked_transfer_encoding on;
client_max_body_size 2G;
location / {
# if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
# return 404;
# }
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass http://172.110.0.101:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
proxy_read_timeout 900;
}
}
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}

18
production/nginx/nginx/sites-available/rocketchat Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name talk.hatthieves.es rocket.hatthieves.es rocketchat.hatthieves.es;
location / {
proxy_pass http://172.133.0.101:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

14
production/nginx/nginx/sites-available/sonar Archivo normal
Ver fichero

@@ -0,0 +1,14 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sonar.hatthieves.es;
location / {
proxy_pass http://172.102.0.104:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}

25
production/nginx/nginx/sites-available/tail Archivo normal
Ver fichero

@@ -0,0 +1,25 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tail.hatthieves.es;
client_max_body_size 2G;
keepalive_timeout 5m;
location / {
proxy_pass http://172.28.0.101;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
http2_push_preload on;
proxy_socket_keepalive on;
proxy_connect_timeout 5m;
proxy_send_timeout 5m;
proxy_read_timeout 5m;
}
}

19
production/nginx/nginx/sites-available/theia Archivo normal
Ver fichero

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name edit.hatthieves.es code.hatthieves.es;
location / {
proxy_pass http://172.18.0.101:3000;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

16
production/nginx/nginx/sites-available/tpmw Archivo normal
Ver fichero

@@ -0,0 +1,16 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tpmw.hatthieves.es;
location / {
proxy_pass http://172.95.0.101:4000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
}
}

20
production/nginx/nginx/sites-available/traefik Archivo normal
Ver fichero

@@ -0,0 +1,20 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name traefik.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.99.0.101:8080;
auth_basic "Registry realm";
auth_basic_user_file /etc/nginx/registry.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

17
production/nginx/nginx/sites-available/video Archivo normal
Ver fichero

@@ -0,0 +1,17 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name video.hatthieves.es;
location / {
proxy_pass http://172.14.0.101:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

18
production/nginx/nginx/sites-available/voip Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name voip.hatthieves.es;
location / {
proxy_pass http://172.127.0.101:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

15
production/nginx/nginx/sites-available/webmail Archivo normal
Ver fichero

@@ -0,0 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webmail.hatthieves.es mail.hatthieves.es;
location / {
proxy_pass http://172.200.0.104:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

18
production/nginx/nginx/sites-available/wordpress Archivo normal
Ver fichero

@@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.hatthieves.es;
client_max_body_size 2G;
location / {
proxy_pass http://172.126.0.101;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
}
}

BIN
production/nginx/nginx/sites-available2.tar.xz Archivo normal
Ver fichero

Archivo binario no mostrado.

1
production/nginx/nginx/sites-enabled/bbb Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/bbb

1
production/nginx/nginx/sites-enabled/chat Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/chat

1
production/nginx/nginx/sites-enabled/codimd Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/codimd

1
production/nginx/nginx/sites-enabled/crossposter Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/crossposter

1
production/nginx/nginx/sites-enabled/defaultdrop Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/defaultdrop

1
production/nginx/nginx/sites-enabled/dvwa Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/dvwa

1
production/nginx/nginx/sites-enabled/elastic Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/elastic

1
production/nginx/nginx/sites-enabled/etherpad Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/etherpad

1
production/nginx/nginx/sites-enabled/familyark Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/familyark

1
production/nginx/nginx/sites-enabled/g Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/g

1
production/nginx/nginx/sites-enabled/games Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/games

1
production/nginx/nginx/sites-enabled/gitea Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/gitea

1
production/nginx/nginx/sites-enabled/glances Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/glances

1
production/nginx/nginx/sites-enabled/gnusocial Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/gnusocial

1
production/nginx/nginx/sites-enabled/grafana Enlace simbólico
Ver fichero

@@ -0,0 +1 @@
../sites-available/grafana

Algunos archivos no se mostraron porque demasiados archivos han cambiado en esta diferencia Ver más