modified files
Este commit está contenido en:
Your Name
@@ -9,9 +9,9 @@ module.exports = {
|
||||
mailhtml: verify_link => 'Verify your account visiting next <a href="https://meta.hatthieves.es/verify?link=' + verify_link + '">Verify Link</a>',
|
||||
indexhost: 'https://elastic.hatthieves.es',
|
||||
indexuser: 'docker',
|
||||
indexpass: 'docker',
|
||||
indexpass: 'dockerdocker',
|
||||
index: 'arjion',
|
||||
type: 'user',
|
||||
port: 3000,
|
||||
anonymous: 'anonymous'
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
"connect-ensure-login": "*",
|
||||
"connect-flash": "*",
|
||||
"ejs": "*",
|
||||
"es6": "npm:@elastic/elasticsearch@^6.8.0",
|
||||
"es6": "npm:@elastic/elasticsearch@^7.8.0",
|
||||
"es6-promisify": "*",
|
||||
"express": "*",
|
||||
"express-session": "*",
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
FROM debian:buster-slim
|
||||
FROM debian:sid-slim
|
||||
RUN apt update && apt -y upgrade && apt install -y bind9 ipv6calc curl bc dehydrated dnsutils && apt clean
|
||||
|
||||
@@ -40,7 +40,11 @@ imap IN A $IP
|
||||
* IN CNAME $DOMAIN.
|
||||
$DOMAIN. IN MX 10 mail.$DOMAIN.
|
||||
$DOMAIN. IN TXT \"v=spf1 ip4:172.200.0.0/24 a mx -all\"
|
||||
$DOMAIN. IN TXT \"google-site-verification=OGwhD4vhFpXHvQsbJinxAn5sozl0-R7MiiMt-fcYREY\"
|
||||
_dmarc IN TXT \"v=DMARC1;p=reject;rua=mailto:postmaster@$DOMAIN;pct=100;ruf=mailto:postmaster@$DOMAIN;sp=reject;aspf=s;adkim=s;ri=86400;fo=0;rf=afrf\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip4/82.223.3.135/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip6/2001:ba0:1800:80e0::1/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnslink IN TXT \"dnslink=/ipns/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
$DKIM
|
||||
|
||||
\$INCLUDE K$DOMAIN.+008+10060.key
|
||||
@@ -186,6 +190,18 @@ options {
|
||||
check-names master warn;
|
||||
check-names slave warn;
|
||||
check-names response warn;
|
||||
// querylog yes;
|
||||
};
|
||||
|
||||
logging {
|
||||
channel querylog{
|
||||
file \"/var/log/querylog\";
|
||||
severity debug 10;
|
||||
print-category yes;
|
||||
print-time yes;
|
||||
print-severity yes;
|
||||
};
|
||||
category queries { querylog;};
|
||||
};
|
||||
|
||||
key \"_acme-challenge.$DOMAIN.\" {
|
||||
@@ -219,9 +235,12 @@ echo -e ";
|
||||
$DOMAIN2. IN A $IP
|
||||
$DOMAIN2. IN AAAA $IPV6
|
||||
* IN CNAME $DOMAIN2.
|
||||
$DOMAIN2. IN MX 10 mail.$DOMAIN2.
|
||||
$DOMAIN2. IN MX 10 mail.$DOMAIN.
|
||||
$DOMAIN2. IN TXT \"v=spf1 ip4:172.200.0.0/24 a mx -all\"
|
||||
_dmarc IN TXT \"v=DMARC1;p=reject;rua=mailto:postmaster@$DOMAIN;pct=100;ruf=mailto:postmaster@$DOMAIN;sp=reject;aspf=s;adkim=s;ri=86400;fo=0;rf=afrf\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip4/82.223.3.135/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip6/2001:ba0:1800:80e0::1/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnslink IN TXT \"dnslink=/ipns/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
$DKIM2
|
||||
|
||||
\$INCLUDE K$DOMAIN2.+008+61170.key
|
||||
@@ -244,9 +263,12 @@ echo -e ";
|
||||
$DOMAIN3. IN A $IP
|
||||
$DOMAIN3. IN AAAA $IPV6
|
||||
* IN CNAME $DOMAIN3.
|
||||
$DOMAIN3. IN MX 10 mail.$DOMAIN3.
|
||||
$DOMAIN3. IN MX 10 mail.$DOMAIN.
|
||||
$DOMAIN3. IN TXT \"v=spf1 ip4:172.200.0.0/24 a mx -all\"
|
||||
_dmarc IN TXT \"v=DMARC1;p=reject;rua=mailto:postmaster@$DOMAIN;pct=100;ruf=mailto:postmaster@$DOMAIN;sp=reject;aspf=s;adkim=s;ri=86400;fo=0;rf=afrf\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip4/82.223.3.135/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnsaddr IN TXT \"dnsaddr=/ip6/2001:ba0:1800:80e0::1/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
_dnslink IN TXT \"dnslink=/ipns/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
|
||||
$DKIM3
|
||||
|
||||
\$INCLUDE K$DOMAIN3.+008+03409.key
|
||||
@@ -261,4 +283,4 @@ cd /etc/bind
|
||||
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT $DOMAIN
|
||||
dnssec-signzone -P -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT $DOMAIN2
|
||||
dnssec-signzone -P -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT $DOMAIN3
|
||||
named -c named.conf -g -u bind
|
||||
named -c named.conf -f -u bind
|
||||
|
||||
@@ -13,6 +13,7 @@ services:
|
||||
- ./bind:/etc/bind
|
||||
- ./dehydrated:/etc/dehydrated
|
||||
- ./letsencrypt:/root/letsencrypt
|
||||
- ./querylog:/var/log/querylog
|
||||
ports:
|
||||
- "53:53/tcp"
|
||||
- "53:53/udp"
|
||||
|
||||
@@ -8,11 +8,11 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
|
||||
apt-get update && \
|
||||
apt-get install -y build-essential git debhelper dpkg-dev libssl-dev libevent-dev sqlite3 libsqlite3-dev postgresql-client libpq-dev default-mysql-client default-libmysqlclient-dev libhiredis-dev libmongoc-dev libbson-dev
|
||||
|
||||
# Clone coTURN
|
||||
# Clone Coturn
|
||||
WORKDIR ${BUILD_PREFIX}
|
||||
RUN git clone https://github.com/coturn/coturn.git
|
||||
|
||||
# Build coTURN
|
||||
# Build Coturn
|
||||
WORKDIR coturn
|
||||
RUN ./configure
|
||||
RUN make
|
||||
@@ -35,16 +35,16 @@ COPY --from=coturn-build ${BUILD_PREFIX}/coturn/turndb ${INSTALL_PREFIX}/turndb
|
||||
RUN export DEBIAN_FRONTEND=noninteractive && \
|
||||
apt-get update && \
|
||||
apt-get install -y libc6>=2.15 libevent-core-2.1-6>=libevent-core-2.1-6 libevent-extra-2.1-6>=2.1.8-stable-4 libevent-openssl-2.1-6>=2.1.8-stable-4 libevent-pthreads-2.1-6>=2.1.8-stable-4 libhiredis0.14>=0.14.0 libmariadbclient-dev>=10.3.17 libpq5>=8.4~ libsqlite3-0>=3.6.0 libssl1.1>=1.1.0 libmongoc-1.0 libbson-1.0
|
||||
RUN apt-get install -y default-mysql-client postgresql-client redis-tools rsyslog
|
||||
#RUN apt-get install -y default-mysql-client postgresql-client redis-tools
|
||||
|
||||
# Install MongoDB
|
||||
RUN apt-get update && \
|
||||
apt-get install -y wget gnupg && \
|
||||
wget -qO - https://www.mongodb.org/static/pgp/server-4.0.asc | apt-key add - && \
|
||||
echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list && \
|
||||
echo "deb http://deb.debian.org/debian/ stretch main" | tee /etc/apt/sources.list.d/debian-stretch.list && \
|
||||
apt-get update && \
|
||||
apt-get install -y libcurl3 mongodb-org mongodb-org-server mongodb-org
|
||||
# wget -qO - https://www.mongodb.org/static/pgp/server-4.0.asc | apt-key add - && \
|
||||
# echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list && \
|
||||
echo "deb http://deb.debian.org/debian/ stretch main" | tee /etc/apt/sources.list.d/debian-stretch.list
|
||||
# apt-get update && \
|
||||
# apt-get install -y libcurl3 mongodb-org mongodb-org-server mongodb-org
|
||||
|
||||
RUN if ! getent group "$TURNSERVER_GROUP" >/dev/null; then \
|
||||
addgroup --system "$TURNSERVER_GROUP" || exit 1 ;\
|
||||
@@ -77,4 +77,3 @@ EXPOSE 49152-65535 49152-65535/udp
|
||||
|
||||
WORKDIR ${INSTALL_PREFIX}
|
||||
CMD ${INSTALL_PREFIX}/bin/turnserver
|
||||
|
||||
|
||||
@@ -49,8 +49,8 @@ tls-listening-port=5349
|
||||
# If no IP(s) specified in the config file or in the command line options,
|
||||
# then all IPv4 and IPv6 system IPs will be used for listening.
|
||||
#
|
||||
#listening-ip=82.223.3.135
|
||||
listening-ip=172.12.0.101
|
||||
listening-ip=82.223.3.135
|
||||
#listening-ip=172.12.0.101
|
||||
#listening-ip=10.207.21.238
|
||||
#listening-ip=2607:f0d0:1002:51::4
|
||||
|
||||
@@ -97,8 +97,8 @@ listening-ip=172.12.0.101
|
||||
#
|
||||
#relay-ip=172.17.19.105
|
||||
#relay-ip=2607:f0d0:1002:51::5
|
||||
#relay-ip=82.223.3.135
|
||||
relay-ip=172.12.0.101
|
||||
relay-ip=82.223.3.135
|
||||
#relay-ip=172.12.0.101
|
||||
|
||||
# For Amazon EC2 users:
|
||||
#
|
||||
@@ -128,7 +128,7 @@ relay-ip=172.12.0.101
|
||||
#external-ip=60.70.80.91/172.17.19.101
|
||||
#external-ip=60.70.80.92/172.17.19.102
|
||||
#external-ip=60.70.80.92/172.17.19.102
|
||||
external-ip=82.223.3.135/172.12.0.101
|
||||
#external-ip=82.223.3.135/172.12.0.101
|
||||
|
||||
|
||||
# Number of the relay threads to handle the established connections
|
||||
|
||||
@@ -16,23 +16,23 @@ services:
|
||||
# - ./coturn/turndb:/usr/local/var/db/turndb
|
||||
- /opt/docker/secure/privkey.pem:/etc/ssl/private/privkey.pem:ro
|
||||
- /opt/docker/secure/fullchain.pem:/etc/ssl/certs/cert.pem:ro
|
||||
ports:
|
||||
## STUN/TURN
|
||||
- "3478:3478"
|
||||
- "3478:3478/udp"
|
||||
## STUN/TURN SSL
|
||||
- "5349:5349"
|
||||
- "5349:5349/udp"
|
||||
# Relay Ports
|
||||
- "39000-39500:39000-39500/udp"
|
||||
# network_mode: host
|
||||
networks:
|
||||
mynet:
|
||||
ipv4_address: 172.12.0.101
|
||||
|
||||
networks:
|
||||
mynet:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.12.0.0/24
|
||||
# ports:
|
||||
### STUN/TURN
|
||||
# - "3478:3478"
|
||||
# - "3478:3478/udp"
|
||||
### STUN/TURN SSL
|
||||
# - "5349:5349"
|
||||
# - "5349:5349/udp"
|
||||
## Relay Ports
|
||||
# - "39000-39500:39000-39500/udp"
|
||||
network_mode: host
|
||||
# networks:
|
||||
# mynet:
|
||||
# ipv4_address: 172.12.0.101
|
||||
#
|
||||
#networks:
|
||||
# mynet:
|
||||
# driver: bridge
|
||||
# ipam:
|
||||
# config:
|
||||
# - subnet: 172.12.0.0/24
|
||||
|
||||
@@ -2,7 +2,7 @@ version: '2'
|
||||
|
||||
services:
|
||||
elasticsearch:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:7.7.1
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
|
||||
hostname: elasticsearch
|
||||
container_name: elasticsearch
|
||||
restart: always
|
||||
@@ -10,10 +10,10 @@ services:
|
||||
- node.name=elastic
|
||||
- cluster.name=cluster01
|
||||
- cluster.initial_master_nodes=elastic
|
||||
- cluster.routing.allocation.disk.threshold_enabled=false
|
||||
- cluster.routing.allocation.disk.watermark.flood_stage=1%
|
||||
- cluster.routing.allocation.disk.watermark.high=1%
|
||||
- cluster.routing.allocation.disk.watermark.low=0%
|
||||
# - cluster.routing.allocation.disk.threshold_enabled=false
|
||||
- cluster.routing.allocation.disk.watermark.flood_stage=100%
|
||||
- cluster.routing.allocation.disk.watermark.high=100%
|
||||
- cluster.routing.allocation.disk.watermark.low=99%
|
||||
- bootstrap.memory_lock=true
|
||||
- ES_JAVA_OPTS=-Xms1g -Xmx1g
|
||||
ulimits:
|
||||
@@ -31,7 +31,7 @@ services:
|
||||
ipv4_address: 172.1.0.101
|
||||
|
||||
kibana:
|
||||
image: docker.elastic.co/kibana/kibana:7.7.1
|
||||
image: docker.elastic.co/kibana/kibana:7.8.0
|
||||
hostname: kibana
|
||||
container_name: kibana
|
||||
restart: always
|
||||
@@ -45,7 +45,7 @@ services:
|
||||
ipv4_address: 172.1.0.102
|
||||
|
||||
logstash:
|
||||
image: docker.elastic.co/logstash/logstash:7.7.1
|
||||
image: docker.elastic.co/logstash/logstash:7.8.0
|
||||
hostname: logstash
|
||||
container_name: logstash
|
||||
restart: always
|
||||
@@ -64,7 +64,7 @@ services:
|
||||
ipv4_address: 172.1.0.103
|
||||
|
||||
# filebeat:
|
||||
# image: docker.elastic.co/beats/filebeat:7.7.1
|
||||
# image: docker.elastic.co/beats/filebeat:7.8.0
|
||||
# hostname: filebeat
|
||||
# container_name: filebeat
|
||||
# restart: always
|
||||
|
||||
@@ -2,6 +2,7 @@ input {
|
||||
file {
|
||||
path => "/access.log"
|
||||
# start_position => "beginning"
|
||||
# start_position => "end"
|
||||
mode => "tail"
|
||||
file_completed_action => "log"
|
||||
file_completed_log_path => "/dev/null"
|
||||
|
||||
@@ -51,7 +51,7 @@ The following intrusion attempts were detected by our systems:
|
||||
from postmaster@$DOMAIN
|
||||
https://gitea.hatthieves.es/cloud/fail2ban by www.$DOMAIN\"
|
||||
#curl -H \"Authorization: Bearer \$ACCESS_TOKEN\" -X POST --data-urlencode \"status=\$STATUS\" -Ss \$DOMAINSOCIAL/api/v1/statuses
|
||||
##curl -X POST --data-urlencode \"status=\$STATUS\" -Ss https://\$USERNAME:\$PASSWORD@social.hatthieves.es/api/v1/statuses
|
||||
curl -X POST --data-urlencode \"status=\$STATUS\" -Ss https://\$USERNAME:\$PASSWORD@pleroma.hatthieves.es/api/v1/statuses
|
||||
|
||||
swaks -f \$SENDER_MAIL -t \"\$ABUSE_ADDR,webmaster@$DOMAIN\" -tlsc -a -au $USER -ap $PASS -s $SMTP -p 587 \\
|
||||
--h-Subject \"[Urgent]: Automatic abuse report for IP address \$REMOTE_IP from $DOMAIN\" --h-From \"Fail2Ban $DOMAIN <\$SENDER_MAIL>\" \\
|
||||
@@ -143,7 +143,7 @@ echo "[sshd]
|
||||
enabled = true
|
||||
bantime = 10800
|
||||
findtime = 1800
|
||||
maxretry = 3
|
||||
maxretry = 1
|
||||
ignoreip = $DOMAIN
|
||||
backend = pyinotify
|
||||
filter = sshd
|
||||
|
||||
@@ -15,8 +15,8 @@ TEMP_PATH = /data/gitea/uploads
|
||||
APP_DATA_PATH = /data/gitea
|
||||
SSH_DOMAIN = localhost
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = http://gitea.hatthieves.es/
|
||||
DISABLE_SSH = false
|
||||
ROOT_URL = https://gitea.hatthieves.es/
|
||||
DISABLE_SSH = true
|
||||
SSH_PORT = 22
|
||||
LFS_CONTENT_PATH = /data/git/lfs
|
||||
DOMAIN = localhost
|
||||
|
||||
@@ -10,5 +10,8 @@
|
||||
},
|
||||
"root@hatthieves.es": {
|
||||
"action": "alias", "to": ["webmaster@hatthieves.es"]
|
||||
},
|
||||
"@social.hatthieves.es": {
|
||||
"action": "alias", "to": ["webmaster@hatthieves.es"]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,6 +47,8 @@ sender:
|
||||
# by default the main wildduck database is used
|
||||
collection: 'zone-queue'
|
||||
|
||||
loopSecret: 'hat secrets values'
|
||||
|
||||
srs:
|
||||
# must be shared with ZoneMTA SRS config, otherwise messages sent from ZoneMTA are not recognized by Haraka
|
||||
secret: 'a secret hat'
|
||||
@@ -87,6 +89,5 @@ rspamd:
|
||||
|
||||
# define special responses
|
||||
responses:
|
||||
DMARC_POLICY_REJECT: 'Unauthenticated email from {host} is not accepted due to domain''s DMARC policy'
|
||||
DMARC_POLICY_REJECT: "Unauthenticated email from {host} is not accepted due to domain's DMARC policy"
|
||||
RBL_ZONE: '[{host}] was found from Zone RBL'
|
||||
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
FROM node:8-slim
|
||||
RUN apt update && apt -y install git python make sudo
|
||||
FROM node:10-slim
|
||||
RUN apt update && apt -y install git python build-essential
|
||||
RUN git clone https://github.com/nodemailer/wildduck-webmail /webmail
|
||||
RUN chown node.node -R /webmail
|
||||
WORKDIR /webmail
|
||||
RUN sudo -u node npm i
|
||||
RUN sudo -u node npm run bowerdeps
|
||||
USER node
|
||||
RUN npm i
|
||||
RUN npm run bowerdeps
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
# plugins/zonemta-limiter.toml
|
||||
["modules/zonemta-limiter"]
|
||||
enabled = ["sender"]
|
||||
prefix = "zl:"
|
||||
|
||||
debug = false # if true, then errors are only logged but messages are not dropped
|
||||
|
||||
# max 250 messages in half an hour
|
||||
limit = 250
|
||||
windowSize = 1800
|
||||
## plugins/zonemta-limiter.toml
|
||||
#["modules/zonemta-limiter"]
|
||||
#enabled = ["sender"]
|
||||
#prefix = "zl:"
|
||||
#
|
||||
#debug = false # if true, then errors are only logged but messages are not dropped
|
||||
#
|
||||
## max 250 messages in half an hour
|
||||
#limit = 500
|
||||
#windowSize = 3600
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
ident="wildduck"
|
||||
|
||||
# how many processes to start
|
||||
processes=2
|
||||
processes=4
|
||||
|
||||
# default quota storage in MB (can be overriden per user)
|
||||
maxStorage=1024
|
||||
|
||||
@@ -8,3 +8,8 @@ gfs="mail"
|
||||
# see [dbs].sender option for choosing correct database to use for ZoneMTA queues
|
||||
# by default the main wildduck database is used
|
||||
collection="zone-queue"
|
||||
|
||||
# Hashing secret for loop detection
|
||||
# Must be shared with haraka-plugin-wildduck
|
||||
# If not set then looping is not tracked
|
||||
loopSecret="hat secrets values"
|
||||
|
||||
@@ -13,7 +13,8 @@
|
||||
|
||||
; Path to database. If blank, will search for
|
||||
; murmur.sqlite in default locations or create it if not found.
|
||||
database=/var/lib/mumble-server/mumble-server.sqlite
|
||||
;database=/var/lib/mumble-server/mumble-server.sqlite
|
||||
database=/var/lib/murmur/murmur.sqlite
|
||||
|
||||
; Murmur defaults to using SQLite with its default rollback journal.
|
||||
; In some situations, using SQLite's write-ahead log (WAL) can be
|
||||
@@ -77,7 +78,7 @@ database=/var/lib/mumble-server/mumble-server.sqlite
|
||||
; access will be denied.
|
||||
|
||||
;icesecretread=
|
||||
icesecretwrite=
|
||||
;icesecretwrite=
|
||||
|
||||
; If you want to expose Murmur's experimental gRPC API, you
|
||||
; need to specify an address to bind on.
|
||||
@@ -97,6 +98,7 @@ icesecretwrite=
|
||||
;autobanAttempts = 10
|
||||
;autobanTimeframe = 120
|
||||
;autobanTime = 300
|
||||
autobanSuccessfulConnections=false
|
||||
|
||||
; Specifies the file Murmur should log to. By default, Murmur
|
||||
; logs to the file 'murmur.log'. If you leave this field blank
|
||||
@@ -202,16 +204,17 @@ logdays=0
|
||||
; Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
|
||||
;
|
||||
registerName=HatThieves
|
||||
;registerPassword=secret
|
||||
registerUrl=https://www.hatthieves.es
|
||||
;registerHostname=
|
||||
registerPassword=h4tth13v3s.
|
||||
registerUrl=https://mumble.hatthieves.es
|
||||
registerHostname=mumble.hatthieves.es
|
||||
registerLocation=ES
|
||||
|
||||
; If this option is enabled, the server will announce its presence via the
|
||||
; bonjour service discovery protocol. To change the name announced by bonjour
|
||||
; adjust the registerName variable.
|
||||
; See http://developer.apple.com/networking/bonjour/index.html for more information
|
||||
; about bonjour.
|
||||
bonjour=True
|
||||
bonjour=false
|
||||
|
||||
; If you have a proper SSL certificate, you can provide the filenames here.
|
||||
; Otherwise, Murmur will create its own certificate automatically.
|
||||
@@ -270,6 +273,12 @@ sendversion=False
|
||||
; overrides the automatic benchmark and forces a specific number of iterations.
|
||||
; (Note that you should only change this value if you know what you are doing)
|
||||
;kdfIterations=-1
|
||||
suggestVersion=1.3.0
|
||||
suggestPositional=false
|
||||
suggestPushToTalk=true
|
||||
|
||||
loggroupchanges=true
|
||||
logaclchanges=true
|
||||
|
||||
; You can configure any of the configuration options for Ice here. We recommend
|
||||
; leave the defaults as they are.
|
||||
|
||||
@@ -2,18 +2,21 @@ version: '2'
|
||||
|
||||
services:
|
||||
mumble:
|
||||
build: ./data
|
||||
# build: ./data
|
||||
build: ./mumble.git
|
||||
hostname: mumble
|
||||
container_name: mumble
|
||||
restart: always
|
||||
entrypoint:
|
||||
- murmurd
|
||||
- -fg
|
||||
# entrypoint:
|
||||
# - murmurd
|
||||
# - -fg
|
||||
volumes:
|
||||
- ./data/mumble-server.ini:/etc/mumble-server.ini:ro
|
||||
- ./data/mumble-server.ini:/etc/murmur/murmur.ini:ro
|
||||
# - ./data/mumble-server.ini:/etc/mumble-server.ini:ro
|
||||
- /opt/docker/secure/privkey.pem:/etc/mumble-ssl/privkey.pem:ro
|
||||
- /opt/docker/secure/fullchain.pem:/etc/mumble-ssl/fullchain.pem:ro
|
||||
- ./data/lib:/var/lib/mumble-server
|
||||
# - ./data/lib:/var/lib/mumble-server
|
||||
- ./data/lib/mumble-server.sqlite:/var/lib/murmur/murmur.sqlite
|
||||
network_mode: host
|
||||
# ports:
|
||||
# - 64738:64738
|
||||
|
||||
@@ -27,7 +27,7 @@ $CONFIG = array (
|
||||
),
|
||||
'datadirectory' => '/var/www/html/data',
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '19.0.0.12',
|
||||
'version' => '19.0.1.1',
|
||||
'overwrite.cli.url' => 'https://cloud.hatthieves.es',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'mariadb-nextcloud',
|
||||
|
||||
@@ -80,6 +80,7 @@ services:
|
||||
salva:
|
||||
doom:
|
||||
wtorrent:
|
||||
g-plv:
|
||||
|
||||
networks:
|
||||
mynet:
|
||||
@@ -233,3 +234,7 @@ networks:
|
||||
wtorrent:
|
||||
external:
|
||||
name: wtorrent_mynet
|
||||
|
||||
g-plv:
|
||||
external:
|
||||
name: gplv_mynet
|
||||
|
||||
@@ -21,7 +21,7 @@ server {
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
|
||||
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -40,7 +40,7 @@ server {
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
|
||||
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
location / {
|
||||
return 301 https://www.hatthieves.es;
|
||||
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
|
||||
@@ -61,7 +61,7 @@ server {
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=86400';
|
||||
add_header alt-svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
location / {
|
||||
return 301 https://www.hatthieves.es;
|
||||
# rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,6 +12,6 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ server {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,6 +15,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,6 +13,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ server {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,6 +15,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,6 @@ server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name ipfs.hatthieves.es;
|
||||
proxy_pass_request_headers on;
|
||||
location / {
|
||||
proxy_pass http://172.105.0.101:5001;
|
||||
auth_basic "Registry realm";
|
||||
@@ -15,8 +14,26 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# add_header 'Access-Control-Allow-Origin' $http_origin;
|
||||
# add_header 'Access-Control-Allow-Methods' '*';
|
||||
# add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
add_header 'Vary' 'Origin';
|
||||
}
|
||||
# location /webui {
|
||||
# proxy_pass http://172.105.0.101:5001/webui;
|
||||
# auth_basic "Registry realm";
|
||||
# auth_basic_user_file /etc/nginx/registry.htpasswd;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# }
|
||||
location /ipfs {
|
||||
proxy_pass http://172.105.0.101:8080/ipfs;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
@@ -27,7 +44,11 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' '*';
|
||||
# add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
# add_header 'Vary' 'Origin';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
location /ipns {
|
||||
proxy_pass http://172.105.0.101:8080/ipns;
|
||||
@@ -39,7 +60,11 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' '*';
|
||||
# add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
# add_header 'Vary' 'Origin';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
# location /p2p {
|
||||
# proxy_pass http://172.105.0.101:4002;
|
||||
@@ -51,10 +76,10 @@ server {
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# }
|
||||
# location /ws {
|
||||
# proxy_pass http://172.105.0.101:4003;
|
||||
# proxy_pass http://172.105.0.101:8081;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -63,7 +88,7 @@ server {
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# }
|
||||
# location /api {
|
||||
# proxy_pass http://172.105.0.101:5001/ipfs/api/v0;
|
||||
@@ -75,7 +100,7 @@ server {
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# add_header Access-Control-Allow-Origin '*';
|
||||
# add_header Access-Control-Allow-Methods '*';
|
||||
# }
|
||||
|
||||
@@ -11,7 +11,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,6 +15,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ server {
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# }
|
||||
# location /api/v1/streaming {
|
||||
# proxy_set_header Host $host;
|
||||
@@ -29,7 +29,7 @@ server {
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# tcp_nodelay on;
|
||||
# }
|
||||
}
|
||||
|
||||
@@ -15,6 +15,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -14,6 +14,6 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ server {
|
||||
proxy_http_version 1.1;
|
||||
rewrite ^/\.well-known/carddav(.*)$ /remote.php/dav$1 redirect;
|
||||
rewrite ^/\.well-known/caldav(.*)$ /remote.php/dav$1 redirect;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,9 +11,11 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
add_header 'Access-Control-Allow-Origin' $http_origin;
|
||||
add_header 'Access-Control-Allow-Methods' '*';
|
||||
add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
add_header 'Vary' 'Origin';
|
||||
}
|
||||
location /ws {
|
||||
proxy_pass http://172.136.0.101:9000;
|
||||
@@ -24,7 +26,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ server {
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_buffering off;
|
||||
# proxy_http_version 1.1;
|
||||
# add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
# }
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_http_version 1.1;
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ server {
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
http2_push_preload on;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_connect_timeout 5m;
|
||||
|
||||
@@ -13,7 +13,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,6 +15,6 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ server {
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ server {
|
||||
listen [::]:443 ssl http2;
|
||||
server_name www.hatthieves.es;
|
||||
client_max_body_size 2G;
|
||||
proxy_pass_request_headers on;
|
||||
location / {
|
||||
proxy_pass http://172.126.0.101;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
@@ -10,8 +11,9 @@ server {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Connection 'Upgrade';
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
add_header Alt-Svc 'h3-25=":443"; h3-24=":443"; ma=86400, h3-23=":443"';
|
||||
add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,24 +2,32 @@ version: '2'
|
||||
|
||||
services:
|
||||
pleroma:
|
||||
build: ./pleroma
|
||||
build: ./pleroma.git
|
||||
hostname: pleroma
|
||||
container_name: pleroma
|
||||
restart: always
|
||||
command: mix phx.server
|
||||
# entrypoint:
|
||||
# - /bin/sleep
|
||||
# - infinity
|
||||
volumes:
|
||||
- ./pleroma/config:/pleroma/config
|
||||
- ./pleroma/uploads:/pleroma/uploads
|
||||
- ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex
|
||||
- ./pleroma/terms-of-service.html:/pleroma/priv/static/static/terms-of-service.html:ro
|
||||
# - ./pleroma/config:/etc/pleroma
|
||||
- ./pleroma/uploads:/var/lib/pleroma/uploads
|
||||
- ./pleroma/config.exs:/etc/pleroma/config.exs:ro
|
||||
# - ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex
|
||||
- ./pleroma/terms-of-service.html:/var/lib/pleroma/static/static/terms-of-service.html:ro
|
||||
# - ./pleroma/emojis:/pleroma/priv/static/emoji/custom/images:ro
|
||||
# - ./pleroma/images:/pleroma/priv/static/static/images:ro
|
||||
# - ./pleroma/custom_emoji.txt:/pleroma/config/custom_emoji.txt:ro
|
||||
# - ./pleroma/index.html:/pleroma/priv/static/index.html:ro
|
||||
expose:
|
||||
- 4000
|
||||
ports:
|
||||
- "9999:9999/tcp"
|
||||
# expose:
|
||||
# - 4000
|
||||
# ports:
|
||||
# - "9999:9999/tcp"
|
||||
environment:
|
||||
- DB_HOST=postgres-pleroma
|
||||
- DB_NAME=pleroma
|
||||
- DB_USER=postgres
|
||||
- DB_PASS=pl3r0m4.
|
||||
networks:
|
||||
mynet:
|
||||
ipv4_address: 172.2.0.101
|
||||
@@ -31,7 +39,7 @@ services:
|
||||
restart: always
|
||||
shm_size: '1gb'
|
||||
command: >
|
||||
-c 'max_connections=150'
|
||||
-c 'max_connections=250'
|
||||
-c 'shared_buffers=512MB'
|
||||
-c 'effective_cache_size=1536MB'
|
||||
-c 'maintenance_work_mem=128MB'
|
||||
|
||||
@@ -109,7 +109,7 @@ config :pleroma, Pleroma.Repo,
|
||||
password: "pl3r0m4.",
|
||||
database: "pleroma",
|
||||
hostname: "172.2.0.102",
|
||||
pool_size: 130
|
||||
pool_size: 200
|
||||
# timeout: 50000
|
||||
|
||||
# Configure web push notifications
|
||||
|
||||
@@ -2,7 +2,8 @@ version: '2'
|
||||
|
||||
services:
|
||||
prosody:
|
||||
image: 'prosody/prosody'
|
||||
build: ./prosody
|
||||
# image: 'prosody/prosody'
|
||||
hostname: prosody
|
||||
container_name: prosody
|
||||
restart: always
|
||||
@@ -10,12 +11,19 @@ services:
|
||||
- 5001:5001
|
||||
- 5222:5222
|
||||
- 5269:5269
|
||||
- 5280:5280
|
||||
- 5281:5281
|
||||
- 5289:5289
|
||||
volumes:
|
||||
- ./prosody/prosody:/etc/prosody
|
||||
- /opt/docker/secure/privkey.pem:/etc/prosody/certs/hatthieves.es.key:ro
|
||||
- /opt/docker/secure/fullchain.pem:/etc/prosody/certs/hatthieves.es.crt:ro
|
||||
- ./prosody/pid:/var/run/prosody
|
||||
- ./mod_http_upload.lua:/usr/lib/prosody/modules/mod_http_upload.lua:ro
|
||||
# - ./mod_register.lua:/usr/lib/prosody/modules/mod_register.lua:ro
|
||||
# - ./captcha.lua:/usr/lib/prosody/captcha.lua:ro
|
||||
# - ./dataforms.lua:/usr/lib/prosody/util/dataforms.lua:ro
|
||||
# - ./FiraSans-Regular.ttf:/usr/lib/prosody/FiraSans-Regular.ttf:ro
|
||||
networks:
|
||||
mynet:
|
||||
ipv4_address: 172.111.0.101
|
||||
|
||||
@@ -21,7 +21,7 @@ daemonize = false;
|
||||
-- for the server. Note that you must create the accounts separately
|
||||
-- (see https://prosody.im/doc/creating_accounts for info)
|
||||
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||
admins = { }
|
||||
admins = { "ale@hatthieves.es" }
|
||||
|
||||
-- Enable use of libevent for better performance under high load
|
||||
-- For more information see: https://prosody.im/doc/libevent
|
||||
@@ -67,8 +67,9 @@ modules_enabled = {
|
||||
|
||||
-- HTTP modules
|
||||
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||
--"websocket"; -- XMPP over WebSockets
|
||||
"websocket"; -- XMPP over WebSockets
|
||||
--"http_files"; -- Serve static files from a directory over HTTP
|
||||
"http_upload";
|
||||
|
||||
-- Other specific functionality
|
||||
--"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||
@@ -93,7 +94,11 @@ modules_disabled = {
|
||||
|
||||
-- Disable account creation by default, for security
|
||||
-- For more information see https://prosody.im/doc/creating_accounts
|
||||
registration_title = "Crear cuenta en HatThieves"
|
||||
registration_instructions = "Cree su cuenta libremente sin abusar, gracias"
|
||||
allow_registration = true
|
||||
min_seconds_between_registrations = 3600
|
||||
registration_throttle_cache_size = 1000
|
||||
|
||||
-- Force clients to use encrypted connections? This option will
|
||||
-- prevent clients from authenticating unless they are using encryption.
|
||||
@@ -176,12 +181,29 @@ certificates = "certs"
|
||||
-- HTTPS currently only supports a single certificate, specify it here:
|
||||
--https_certificate = "/etc/prosody/certs/localhost.crt"
|
||||
|
||||
http_upload_path = "/etc/prosody/upload"
|
||||
https_ssl = {
|
||||
certificate = "/etc/prosody/certs/hatthieves.es.crt";
|
||||
key = "/etc/prosody/certs/hatthieves.es.key";
|
||||
}
|
||||
consider_websocket_secure = true
|
||||
disco_items = {
|
||||
{ "upload.hatthieves.es" },
|
||||
}
|
||||
http_upload_file_size_limit = 10485760
|
||||
----------- Virtual hosts -----------
|
||||
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
|
||||
-- Settings under each VirtualHost entry apply *only* to that host.
|
||||
|
||||
VirtualHost "hatthieves.es"
|
||||
|
||||
--captcha_config = {
|
||||
-- dir = "/tmp"; -- Directory used to storage captcha images. Please make sure prosody user allowed to write there.
|
||||
-- timeout = 60; -- Timeout when captcha will expire
|
||||
-- web_path = "challenge"; -- Web path used to separate main prosody site from itself modules.
|
||||
-- font = "/usr/lib/prosody/FiraSans-Regular.ttf" -- Font used for captcha text
|
||||
--}
|
||||
|
||||
--VirtualHost "example.com"
|
||||
-- certificate = "/path/to/example.crt"
|
||||
|
||||
@@ -203,3 +225,5 @@ Component "conference.hatthieves.es" "muc"
|
||||
--
|
||||
--Component "gateway.example.com"
|
||||
-- component_secret = "password"
|
||||
|
||||
Component "upload.hatthieves.es" "http_upload"
|
||||
|
||||
@@ -18,6 +18,7 @@ services:
|
||||
- ./wordpress/functions.php:/usr/src/wordpress/wp-includes/functions.php:ro
|
||||
- ./wordpress/header.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/header.php
|
||||
- ./wordpress/footer.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/footer.php
|
||||
- ./wordpress/google258093a68d45ac64.html:/var/www/html/google258093a68d45ac64.html
|
||||
- ./wordpress/htaccess:/var/www/html/.htaccess
|
||||
- ./wordpress/wp-content:/var/www/html/wp-content
|
||||
- ./wordpress/apache2.conf:/etc/apache2/apache2.conf:ro
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
RUTE=/opt/docker
|
||||
tar -Jcpf $RUTE/backups/backup-dbs-$(date +%d%m%Y).tar.xz \
|
||||
tar --same-owner -Jcpf $RUTE/backups/backup-dbs-$(date +%d%m%Y).tar.xz \
|
||||
$RUTE/testing/kanban/data \
|
||||
$RUTE/production/gitea/data \
|
||||
$RUTE/production/gitea/db \
|
||||
@@ -8,14 +8,10 @@ $RUTE/production/pleroma/data \
|
||||
$RUTE/testing/crossposter/redis \
|
||||
$RUTE/testing/crossposter/data \
|
||||
$RUTE/production/mumble/data \
|
||||
#$RUTE/production/mastodon/redis \
|
||||
#$RUTE/production/mastodon/data \
|
||||
#$RUTE/production/mastodon/elastic/nodes \
|
||||
$RUTE/production/peertube/redis \
|
||||
$RUTE/production/peertube/data \
|
||||
$RUTE/production/familyark/mongodb \
|
||||
$RUTE/production/etherpad/mysql \
|
||||
#$RUTE/production/gnusocial/mariadb \
|
||||
$RUTE/production/wordpress/mysql \
|
||||
$RUTE/production/haraka-wildduck/mongodb \
|
||||
$RUTE/production/haraka-wildduck/redis \
|
||||
@@ -23,7 +19,14 @@ $RUTE/production/haraka-wildduck/attachments \
|
||||
$RUTE/production/privatebin/data \
|
||||
$RUTE/production/rocket/redis \
|
||||
$RUTE/production/rocket/mongo \
|
||||
$RUTE/production/wp_multisite/db_data \
|
||||
$RUTE/testing/bigbluebutton/db \
|
||||
$RUTE/production/elk/elastic \
|
||||
$RUTE/production/elk/file
|
||||
$RUTE/production/wp_multisite/db_data
|
||||
|
||||
|
||||
#$RUTE/production/elk/elastic \
|
||||
#$RUTE/production/elk/file
|
||||
|
||||
#$RUTE/production/mastodon/redis \
|
||||
#$RUTE/production/mastodon/data \
|
||||
#$RUTE/production/mastodon/elastic/nodes \
|
||||
#$RUTE/production/gnusocial/mariadb \
|
||||
#$RUTE/testing/bigbluebutton/db \
|
||||
|
||||
Submodule testing/bigbluebutton/docker deleted from b0345cb587
Submodule testing/doom/web/web deleted from 00a52b2655
@@ -20,7 +20,7 @@
|
||||
"qrcode-terminal": "*",
|
||||
"request": "*",
|
||||
"sync-request": "*",
|
||||
"whatsapp-web.js": "^1.5.1",
|
||||
"whatsapp-web.js": "*",
|
||||
"wikiquote": "*",
|
||||
"ytsr": "*"
|
||||
}
|
||||
|
||||
La diferencia del archivo ha sido suprimido porque es demasiado grande
Cargar Diff
Referencia en una nueva incidencia
Block a user