modified
Este commit está contenido en:
Your Name
@@ -9,23 +9,28 @@ services:
|
||||
hostname: nginx
|
||||
container_name: nginx
|
||||
restart: always
|
||||
# entrypoint:
|
||||
# - /bin/bash
|
||||
# - /etc/nginx/entrypoint.sh
|
||||
entrypoint:
|
||||
- /bin/bash
|
||||
- /etc/nginx/entrypoint.sh
|
||||
volumes:
|
||||
- ./nginx:/etc/nginx
|
||||
- /opt/docker/secure/fullchain.pem:/etc/nginx/hatthieves.crt:ro
|
||||
- /opt/docker/secure/privkey.pem:/etc/nginx/hatthieves.key:ro
|
||||
- /root/letsencrypt/hatthieves.com/fullchain.pem:/etc/nginx/hatthieves.com.crt:ro
|
||||
- /root/letsencrypt/hatthieves.com/privkey.pem:/etc/nginx/hatthieves.com.key:ro
|
||||
- ./nginx/nginx.conf:/usr/local/nginx/conf/nginx.conf
|
||||
- /root/letsencrypt/hatthieves.co/fullchain.pem:/etc/nginx/hatthieves.co.crt:ro
|
||||
- /root/letsencrypt/hatthieves.co/privkey.pem:/etc/nginx/hatthieves.co.key:ro
|
||||
- ./nginx/nginx.conf:/usr/local/nginx/conf/nginx.conf:ro
|
||||
- ./logs:/usr/local/nginx/logs
|
||||
- ./html:/usr/local/nginx/html:ro
|
||||
ports:
|
||||
- "80:80"
|
||||
# - "2001:ba0:1800:80e0::1:80:80"
|
||||
- "443:443"
|
||||
# - "2001:ba0:1800:80e0::1:443:443"
|
||||
- "443:443/udp"
|
||||
- "1936:1936"
|
||||
- "1936:1936/udp"
|
||||
# - "2001:ba0:1800:80e0::1:443:443/udp"
|
||||
# cap_add:
|
||||
# - NET_BIND_SERVICE
|
||||
@@ -39,7 +44,6 @@ services:
|
||||
mynet:
|
||||
ipv4_address: 172.10.0.101
|
||||
ipv6_address: 2001:db8:2::101
|
||||
gollum:
|
||||
haraka:
|
||||
gitea:
|
||||
pad:
|
||||
@@ -48,19 +52,14 @@ services:
|
||||
registry:
|
||||
pleroma:
|
||||
ipfs:
|
||||
doom:
|
||||
nextcloud:
|
||||
magicworld:
|
||||
peertube:
|
||||
g:
|
||||
pleroma-test:
|
||||
icecast2:
|
||||
gnusocial:
|
||||
jitsi:
|
||||
tpmw:
|
||||
wordpress:
|
||||
familyark:
|
||||
crossposter:
|
||||
kamailio:
|
||||
privatebin:
|
||||
glances:
|
||||
@@ -71,14 +70,16 @@ services:
|
||||
nms:
|
||||
dvwa:
|
||||
bbb:
|
||||
traefik:
|
||||
elk:
|
||||
codimd:
|
||||
netdata:
|
||||
youtube:
|
||||
mumbleweb:
|
||||
p2p:
|
||||
webdav:
|
||||
igunublue:
|
||||
salva:
|
||||
doom:
|
||||
wtorrent:
|
||||
|
||||
networks:
|
||||
mynet:
|
||||
@@ -89,10 +90,6 @@ networks:
|
||||
- subnet: 172.10.0.0/24
|
||||
- subnet: 2001:db8:2::/64
|
||||
|
||||
gollum:
|
||||
external:
|
||||
name: gollum_mynet
|
||||
|
||||
haraka:
|
||||
external:
|
||||
name: harakawildduck_mynet
|
||||
@@ -125,10 +122,6 @@ networks:
|
||||
external:
|
||||
name: ipfs_mynet
|
||||
|
||||
doom:
|
||||
external:
|
||||
name: web_mynet
|
||||
|
||||
nextcloud:
|
||||
external:
|
||||
name: nextcloud_mynet
|
||||
@@ -145,26 +138,14 @@ networks:
|
||||
external:
|
||||
name: g_mynet
|
||||
|
||||
pleroma-test:
|
||||
external:
|
||||
name: pleromatest_mynet
|
||||
|
||||
icecast2:
|
||||
external:
|
||||
name: icecast2_mynet
|
||||
|
||||
gnusocial:
|
||||
external:
|
||||
name: gnusocial_mynet
|
||||
|
||||
jitsi:
|
||||
external:
|
||||
name: jitsimeet_mynet
|
||||
|
||||
tpmw:
|
||||
external:
|
||||
name: magicworldphoenix_mynet
|
||||
|
||||
wordpress:
|
||||
external:
|
||||
name: wordpress_mynet
|
||||
@@ -173,10 +154,6 @@ networks:
|
||||
external:
|
||||
name: familyark_mynet
|
||||
|
||||
crossposter:
|
||||
external:
|
||||
name: crossposter_mynet
|
||||
|
||||
kamailio:
|
||||
external:
|
||||
name: kamailio_mynet
|
||||
@@ -217,10 +194,6 @@ networks:
|
||||
external:
|
||||
name: bigbluebutton_mynet
|
||||
|
||||
traefik:
|
||||
external:
|
||||
name: traefik_mynet
|
||||
|
||||
elk:
|
||||
external:
|
||||
name: elk_mynet
|
||||
@@ -229,10 +202,6 @@ networks:
|
||||
external:
|
||||
name: codimd_mynet
|
||||
|
||||
netdata:
|
||||
external:
|
||||
name: netdata_mynet
|
||||
|
||||
youtube:
|
||||
external:
|
||||
name: youtube_mynet
|
||||
@@ -248,3 +217,19 @@ networks:
|
||||
webdav:
|
||||
external:
|
||||
name: webdav_mynet
|
||||
|
||||
igunublue:
|
||||
external:
|
||||
name: igunublue_mynet
|
||||
|
||||
salva:
|
||||
external:
|
||||
name: salva_mynet
|
||||
|
||||
doom:
|
||||
external:
|
||||
name: web_mynet
|
||||
|
||||
wtorrent:
|
||||
external:
|
||||
name: wtorrent_mynet
|
||||
|
||||
@@ -45,6 +45,25 @@ server {
|
||||
return 301 https://www.hatthieves.es;
|
||||
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name hatthieves.co *.hatthieves.co;
|
||||
# index index.html index.htm;
|
||||
ssl_certificate /etc/nginx/hatthieves.co.crt;
|
||||
ssl_certificate_key /etc/nginx/hatthieves.co.key;
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
|
||||
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
location / {
|
||||
return 301 https://www.hatthieves.es;
|
||||
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
#!/bin/bash
|
||||
/etc/init.d/nginx start
|
||||
/bin/sleep infinity
|
||||
/bin/rm -rf /etc/nginx/hls/* /etc/nginx/live/* /etc/nginx/cache/*
|
||||
/bin/bash /etc/nginx/script-hls.sh &
|
||||
/usr/local/nginx/sbin/nginx -g 'daemon off;'
|
||||
|
||||
@@ -1,92 +1,126 @@
|
||||
#user www-data;
|
||||
worker_processes 4;
|
||||
pid /run/nginx.pid;
|
||||
#include /etc/nginx/modules-enabled/*.conf;
|
||||
# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that
|
||||
worker_processes 6; #some last versions calculate it automatically
|
||||
|
||||
# number of file descriptors used for nginx
|
||||
# the limit for the maximum FDs on the server is usually set by the OS.
|
||||
# if you don't set FD's then OS settings will be used which is by default 2000
|
||||
worker_rlimit_nofile 100000;
|
||||
|
||||
# provides the configuration file context in which the directives that affect connection processing are specified.
|
||||
events {
|
||||
worker_connections 256;
|
||||
# multi_accept on;
|
||||
# determines how much clients will be served per worker
|
||||
# max clients = worker_connections * worker_processes
|
||||
# max clients is also limited by the number of socket connections available on the system (~64k)
|
||||
worker_connections 4000;
|
||||
|
||||
# optimized to serve many clients with each thread, essential for linux -- for testing environment
|
||||
use epoll;
|
||||
|
||||
# accept as many connections as possible, may flood worker connections if set too low -- for testing environment
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
# cache informations about FDs, frequently accessed files
|
||||
# can boost performance, but you need to test those values
|
||||
open_file_cache max=200000 inactive=20s;
|
||||
open_file_cache_valid 30s;
|
||||
open_file_cache_min_uses 2;
|
||||
open_file_cache_errors on;
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
client_max_body_size 10M;
|
||||
# only log critical errors
|
||||
access_log /usr/local/nginx/logs/access.log;
|
||||
error_log /usr/local/nginx/logs/error.log;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
# server_tokens off;
|
||||
# copies data between one FD and other from within the kernel
|
||||
# faster than read() + write()
|
||||
sendfile on;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
# send headers in one piece, it is better than sending them one by one
|
||||
tcp_nopush on;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
# don't buffer data sent, good for small data bursts in real time
|
||||
tcp_nodelay on;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
# reduce the data that needs to be sent over network -- for testing environment
|
||||
gzip on;
|
||||
# gzip_static on;
|
||||
gzip_min_length 10240;
|
||||
gzip_comp_level 1;
|
||||
gzip_vary on;
|
||||
gzip_disable msie6;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
gzip_types
|
||||
# text/html is always compressed by HttpGzipModule
|
||||
text/css
|
||||
text/javascript
|
||||
text/xml
|
||||
text/plain
|
||||
text/x-component
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/rss+xml
|
||||
application/atom+xml
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# access_log /var/log/nginx/access.log;
|
||||
# error_log /var/log/nginx/error.log;
|
||||
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
# '$status $body_bytes_sent "$http_referer" '
|
||||
# '"$http_user_agent" "$http_x_forwarded_for"';
|
||||
# access_log /usr/local/nginx/logs/access.log main;
|
||||
# error_log /usr/local/nginx/logs/error.log;
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
# allow the server to close connection on non responding client, this will free up memory
|
||||
reset_timedout_connection on;
|
||||
|
||||
gzip on;
|
||||
# request timed out -- default 60
|
||||
client_body_timeout 10;
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
# if client stop responding, free up memory -- default 60
|
||||
send_timeout 2;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
# server will close connection after this time -- default 75
|
||||
keepalive_timeout 30;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
# number of requests client can make over keep-alive -- for testing environment
|
||||
keepalive_requests 100000;
|
||||
|
||||
server_tokens off;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
|
||||
server_tokens off;
|
||||
|
||||
root /usr/local/nginx/html;
|
||||
}
|
||||
|
||||
rtmp {
|
||||
server {
|
||||
listen 1936;
|
||||
application hls {
|
||||
live on;
|
||||
hls on;
|
||||
hls_path /etc/nginx/hls;
|
||||
hls_fragment 30s;
|
||||
hls_playlist_length 3m;
|
||||
allow publish 172.51.0.1;
|
||||
deny publish all;
|
||||
allow play all;
|
||||
# exec_publish ffmpeg -loglevel quiet -re -i async:cache:rtmp://172.10.0.101:1936/hls/streaming -threads 1 -async 1 -codec copy -f flv rtmp://a.rtmp.youtube.com/live2/4qye-a4f7-9zfy-eq2u-30yz;
|
||||
}
|
||||
application live {
|
||||
live on;
|
||||
hls on;
|
||||
hls_path /etc/nginx/live;
|
||||
hls_fragment 30s;
|
||||
hls_playlist_length 3m;
|
||||
allow publish 78.30.47.115;
|
||||
deny publish all;
|
||||
allow play all;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
||||
|
||||
@@ -5,8 +5,6 @@ server {
|
||||
client_max_body_size 2G;
|
||||
location / {
|
||||
proxy_pass http://172.44.0.101:3000;
|
||||
auth_basic "Registry realm";
|
||||
auth_basic_user_file /etc/nginx/registry.htpasswd;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
@@ -3,7 +3,7 @@ server {
|
||||
listen [::]:443 ssl http2;
|
||||
server_name games.hatthieves.es;
|
||||
location / {
|
||||
proxy_pass http://172.22.0.101:80;
|
||||
proxy_pass http://172.23.0.101:80;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
@@ -2,14 +2,81 @@ server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name ipfs.hatthieves.es;
|
||||
proxy_pass_request_headers on;
|
||||
location / {
|
||||
proxy_pass http://172.5.0.101:8080;
|
||||
# proxy_pass http://172.5.0.101:5001/webui;
|
||||
proxy_pass http://172.105.0.101:5001;
|
||||
auth_basic "Registry realm";
|
||||
auth_basic_user_file /etc/nginx/registry.htpasswd;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
}
|
||||
location /ipfs {
|
||||
proxy_pass http://172.105.0.101:8080/ipfs;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
}
|
||||
location /ipns {
|
||||
proxy_pass http://172.105.0.101:8080/ipns;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
}
|
||||
# location /p2p {
|
||||
# proxy_pass http://172.105.0.101:4002;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# }
|
||||
# location /ws {
|
||||
# proxy_pass http://172.105.0.101:4003;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# }
|
||||
# location /api {
|
||||
# proxy_pass http://172.105.0.101:5001/ipfs/api/v0;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Access-Control-Allow-Origin '*';
|
||||
# add_header Access-Control-Allow-Methods '*';
|
||||
# }
|
||||
}
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header 'Access-Control-Allow-Origin' $http_origin;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
}
|
||||
location /ws {
|
||||
proxy_pass http://172.136.0.101:9000;
|
||||
|
||||
@@ -8,7 +8,10 @@ server {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,6 @@ server {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
}
|
||||
|
||||
Referencia en una nueva incidencia
Block a user