diff --git a/angie.conf b/angie.conf index ebd58a8..e236f60 100755 --- a/angie.conf +++ b/angie.conf @@ -54,27 +54,6 @@ http { resolver 127.0.0.1 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 valid=10s status_zone=default_resolver; resolver_timeout 2s; - map $sent_http_content_type $compressible_type { - default 0; - ~*text/plain 1; - ~*text/css 1; - ~*text/xml 1; - ~*text/javascript 1; - ~*application/javascript 1; - ~*application/x-javascript 1; - ~*application/json 1; - ~*application/xml 1; - ~*application/xml\+rss 1; - ~*application/rss\+xml 1; - ~*image/svg\+xml 1; - ~*font/truetype 1; - ~*font/opentype 1; - ~*font/woff 1; - ~*font/woff2 1; - ~*application/font-woff 1; - ~*application/font-woff2 1; - } - # Brotli compression brotli on; brotli_static on; @@ -96,13 +75,15 @@ http { gzip_min_length 1000; gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javasc + # Load configs - include /etc/angie/conf.d/*.conf; - include /etc/angie/sites-enabled/*; + include /etc/angie/config/upstreams.conf; +# include /etc/angie/conf.d/*.conf; + include /etc/angie/sites-enabled/*.conf; + more_clear_headers "Server"; set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; real_ip_recursive on; - } diff --git a/conf.d/status.conf b/conf.d/status.conf index 0a1a0f6..74b66f5 100644 --- a/conf.d/status.conf +++ b/conf.d/status.conf @@ -4,7 +4,7 @@ server { listen 84; listen 86; - acceess_log off; + access_log off; error_log off; auto_redirect on; diff --git a/config/upstreams.conf b/config/upstreams.conf index 969e145..e69de29 100644 --- a/config/upstreams.conf +++ b/config/upstreams.conf @@ -1,35 +0,0 @@ -upstream varnish { - zone varnish 1m; - server 127.0.0.1:6081; - keepalive 16; -} - -upstream gitea { - zone gitea 1m; - server 127.0.0.1:3000; - keepalive 16; -} - -upstream adphone_app { - zone adphone_app 1m; - server 127.0.0.1:8001; - keepalive 16; -} - -upstream doh { - zone doh 1m; - server 127.0.0.1:8844; - keepalive 16; -} - -upstream linuxiarz_app { - zone linuxiarz_app 1m; - server 127.0.0.1:8000; - keepalive 16; -} - -upstream redirector_app { - zone redirector_app 1m; - server 127.0.0.1:8282; - keepalive 16; -} diff --git a/off b/off new file mode 100644 index 0000000..e69de29 diff --git a/sites-available/adphone.pl.conf b/sites-available/adphone.pl.conf index 510d944..e6a7b4c 100644 --- a/sites-available/adphone.pl.conf +++ b/sites-available/adphone.pl.conf @@ -1,3 +1,9 @@ +upstream adphone_app { + zone adphone_app 1m; + server 127.0.0.1:8001; + keepalive 16; +} + server { listen 443 quic; listen 443 ssl; diff --git a/sites-available/autodiscover.conf b/sites-available/autodiscover.conf index 430c611..f1db5b5 100644 --- a/sites-available/autodiscover.conf +++ b/sites-available/autodiscover.conf @@ -17,9 +17,10 @@ server { include config/security.conf; # logging - access_log /var/log/nginx/autodiscover.linuxiarz.pl.access.log; - error_log /var/log/nginx/autodiscover.linuxiarz.pl.error.log warn; + access_log /var/log/angie/autodiscover.linuxiarz.pl.access.log; + error_log /var/log/angie/autodiscover.linuxiarz.pl.error.log warn; + status_zone autodiscover; location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml { rewrite .* /autodiscover/autodiscover.php redirect; diff --git a/sites-available/blog.linuxiarz.pl.conf b/sites-available/blog.linuxiarz.pl.conf index 310c924..d8de845 100644 --- a/sites-available/blog.linuxiarz.pl.conf +++ b/sites-available/blog.linuxiarz.pl.conf @@ -1,3 +1,9 @@ +upstream varnish { + zone varnish 1m; + server 127.0.0.1:6081; + keepalive 16; +} + server { listen 8080; server_name blog.linuxiarz.pl; diff --git a/sites-available/default.conf b/sites-available/default.conf index 9536508..e0e91b9 100644 --- a/sites-available/default.conf +++ b/sites-available/default.conf @@ -4,6 +4,7 @@ server { if ($request_method !~ ^(HEAD)$) { return '405'; } + status_zone default; } server { @@ -13,7 +14,9 @@ server { return '405'; } - ssl_certificate /etc/nginx/ssl/nginx.crt; - ssl_certificate_key /etc/nginx/ssl/nginx.key; + status_zone default_ssl; + + ssl_certificate /etc/angie/ssl/angie.crt; + ssl_certificate_key /etc/angie/ssl/angie.key; ssl_stapling off; } diff --git a/sites-available/doh.linuxiarz.pl.conf b/sites-available/doh.linuxiarz.pl.conf new file mode 100644 index 0000000..5dba8f6 --- /dev/null +++ b/sites-available/doh.linuxiarz.pl.conf @@ -0,0 +1,71 @@ +upstream doh { + zone doh 1m; + server 127.0.0.1:8844; + keepalive 16; +} + +server { + listen 443 quic; + listen 443 ssl; + http2 on; + http3 on; + ssl_protocols TLSv1.3 TLSv1.2; + ssl_early_data on; + add_header Alt-Svc 'h3=":$server_port"; ma=86400'; + + + server_name doh.linuxiarz.pl; + + set $base /var/www/dnsdist; + root $base; + + status_zone doh.linuxiarz.pl; + + include config/wildcard.conf; + include config/security.conf; + + # restrict methods + if ($request_method !~ ^(GET|POST|HEAD|PUT)$) { + return '405'; + } + + error_page 400 @echo_400; + + location @echo400 { + add_header Content-Type text/plain; + return 200 "Bad request :)"; + } + + error_page 404 403 500 504 502 =200 /; + + # logging + access_log /var/log/angie/doh.linuxiarz.pl.access.log; + error_log /var/log/angie/doh.linuxiarz.pl.error.log warn; + + # additional config + include config/general.conf; + + location / { + proxy_pass https://doh; + include config/proxy.conf; + } + +} + +# HTTP redirect +server { + listen 80; + server_name doh.linuxiarz.pl; + add_header Alt-Svc 'h3=":443"; ma=86400'; + include config/letsencrypt.conf; + + # restrict methods + if ($request_method !~ ^(GET)$) { + return '405'; + } + + location / { + return 301 https://doh.linuxiarz.pl$request_uri; + } +} + diff --git a/sites-available/gitea.linuxiarz.pl.conf b/sites-available/gitea.linuxiarz.pl.conf index 737118e..851598f 100644 --- a/sites-available/gitea.linuxiarz.pl.conf +++ b/sites-available/gitea.linuxiarz.pl.conf @@ -1,3 +1,9 @@ +upstream gitea { + zone gitea 1m; + server 127.0.0.1:3000; + keepalive 16; +} + server { listen 443 quic; diff --git a/sites-available/gruszczynski.cc.conf b/sites-available/gruszczynski.cc.conf index aa677a0..c99c247 100644 --- a/sites-available/gruszczynski.cc.conf +++ b/sites-available/gruszczynski.cc.conf @@ -11,9 +11,15 @@ server { set $base /var/www/gruszczynski.cc; root $base; - ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem; + ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem; + ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem; + + # logging + access_log /var/log/angie/gruszczynski.cc.access.log; + error_log /var/log/angie/gruszczynski.cc.error.log warn; + + + status_zone gruszczynski.cc; # ssl cfg include config/ssl_cfg.conf; @@ -26,11 +32,11 @@ server { return '405'; } - error_page 404 403 500 504 502 =200 /; + if ($host = 'www.gruszczynski.cc') { + return 301 http://www.linuxiarz.pl$request_uri; + } - # logging - access_log /var/log/nginx/gruszczynski.cc.access.log; - error_log /var/log/nginx/gruszczynski.cc.error.log warn; + error_page 404 403 500 504 502 =200 /; # index.html index index.html; @@ -40,11 +46,6 @@ server { # letsencrypt include config/letsencrypt.conf; - - # handle .php -# location ~ \.php$ { -# include config/php_fastcgi.conf; -# } } # HTTP redirect @@ -76,9 +77,8 @@ server { server_name gruszczynski.cc; - ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem; + ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem; + ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem; # ssl cfg include config/ssl_cfg.conf; diff --git a/sites-available/gruszczynski.eu.org_varnish.conf b/sites-available/gruszczynski.eu.org_varnish.conf index 8723a62..3ab80e0 100644 --- a/sites-available/gruszczynski.eu.org_varnish.conf +++ b/sites-available/gruszczynski.eu.org_varnish.conf @@ -7,15 +7,13 @@ server { # security include config/security.conf; + status_zone gruszczynski.eu.org_backend; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; } - # logging - #access_log /var/log/nginx/gruszczynski.eu.org.access.log; - #error_log /var/log/nginx/gruszczynski.eu.org.error.log warn; - # index.php index index.php index.html; @@ -42,32 +40,27 @@ server { server_name www.gruszczynski.eu.org; - ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem; + ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem; + ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem; # ssl cfg include config/ssl_cfg.conf; - + status_zone gruszczynski.eu.org_frontend; + location / { - proxy_pass http://127.0.0.1:6081/; + proxy_pass http://varnish/; include config/proxy.conf; } } - - - # HTTP redirect server { listen 80; add_header Alt-Svc 'h3=":443"; ma=86400'; server_name gruszczynski.eu.org www.gruszczynski.eu.org; - include config/letsencrypt.conf; - # restrict methods if ($request_method !~ ^(GET)$) { return '405'; @@ -89,9 +82,8 @@ server { server_name gruszczynski.eu.org; - ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem; + ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem; + ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem; # ssl cfg include config/ssl_cfg.conf; diff --git a/sites-available/img.gruszczynski.eu.org.conf b/sites-available/img.gruszczynski.eu.org.conf index 8f7285c..6f10f7a 100644 --- a/sites-available/img.gruszczynski.eu.org.conf +++ b/sites-available/img.gruszczynski.eu.org.conf @@ -21,14 +21,16 @@ server { # security include config/security.conf; + status_zone img.gruszcznski.eu.org; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; } # logging - access_log /var/log/nginx/img.gruszczynski.eu.org.access.log; - error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn; + access_log /var/log/angie/img.gruszczynski.eu.org.access.log; + error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn; include config/general.conf; @@ -49,8 +51,8 @@ server { include config/letsencrypt.conf; # logging - access_log /var/log/nginx/img.gruszczynski.eu.org.access.log; - error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn; + access_log /var/log/angie/img.gruszczynski.eu.org.access.log; + error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn; # restrict methods if ($request_method !~ ^(GET)$) { diff --git a/sites-available/kodi.linuxiarz.pl.conf b/sites-available/kodi.linuxiarz.pl.conf index f049b3d..c9d909c 100644 --- a/sites-available/kodi.linuxiarz.pl.conf +++ b/sites-available/kodi.linuxiarz.pl.conf @@ -25,6 +25,8 @@ server { access_log off; error_log off; + status_zone kodi.linuxiarz.pl; + location / { autoindex on; autoindex_exact_size off; diff --git a/sites-available/kompilacje.linuxiarz.pl.conf b/sites-available/kompilacje.linuxiarz.pl.conf index aed6a43..5c8a41b 100644 --- a/sites-available/kompilacje.linuxiarz.pl.conf +++ b/sites-available/kompilacje.linuxiarz.pl.conf @@ -21,6 +21,8 @@ server { return '405'; } + status_zone kompilacje.linuxiarz.pl; + # logging access_log off; error_log off; diff --git a/sites-available/linuxiarz.pl_new.conf b/sites-available/linuxiarz.pl_new.conf index ee51a9e..db9b0ff 100644 --- a/sites-available/linuxiarz.pl_new.conf +++ b/sites-available/linuxiarz.pl_new.conf @@ -1,3 +1,15 @@ +upstream linuxiarz_app { + zone linuxiarz_app 1m; + server 127.0.0.1:8000; + keepalive 16; +} + +upstream redirector_app { + zone redirector_app 1m; + server 127.0.0.1:8282; + keepalive 16; +} + # Cache (jak w oryginale) proxy_cache_path /var/cache/angie/redirector levels=1:2 diff --git a/sites-available/nginx.linuxiarz.pl.conf b/sites-available/nginx.linuxiarz.pl.conf index 6afa5d2..6b4d72f 100644 --- a/sites-available/nginx.linuxiarz.pl.conf +++ b/sites-available/nginx.linuxiarz.pl.conf @@ -16,6 +16,8 @@ server { # security include config/security.conf; + status_zone nginx.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; diff --git a/sites-available/pa.linuxiarz.pl.conf b/sites-available/pa.linuxiarz.pl.conf index bba10e1..d62b317 100644 --- a/sites-available/pa.linuxiarz.pl.conf +++ b/sites-available/pa.linuxiarz.pl.conf @@ -17,14 +17,16 @@ server { # security include config/security.conf; + status_zone pa.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; } # logging - access_log /var/log/nginx/pa.linuxiarz.pl.access.log; - error_log /var/log/nginx/pa.linuxiarz.pl.error.log warn; + access_log /var/log/angie/pa.linuxiarz.pl.access.log; + error_log /var/log/angie/pa.linuxiarz.pl.error.log warn; # index.php index index.php; diff --git a/sites-available/paste.linuxiarz.pl_varnish.conf b/sites-available/paste.linuxiarz.pl_varnish.conf index ef5202e..aa9f53a 100644 --- a/sites-available/paste.linuxiarz.pl_varnish.conf +++ b/sites-available/paste.linuxiarz.pl_varnish.conf @@ -7,6 +7,8 @@ server { # security include config/security_paste.conf; + status_zone paste.linuxiarz.pl_backend; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; @@ -25,9 +27,6 @@ server { break; } - # additional config - include config/general.conf; - # handle .php location ~ \.php$ { include config/php_fastcgi7_4.conf; @@ -49,12 +48,13 @@ server { include config/wildcard.conf; # logging - access_log /var/log/nginx/paste.linuxiarz.pl.access.log; - error_log /var/log/nginx/paste.linuxiarz.pl.error.log warn; + access_log /var/log/angie/paste.linuxiarz.pl.access.log; + error_log /var/log/angie/paste.linuxiarz.pl.error.log warn; + status_zone paste.linuxiarz.pl_frontend; location / { - proxy_pass http://127.0.0.1:6081/; + proxy_pass http://varnish/; include config/proxy.conf; } diff --git a/sites-available/pliki.linuxiarz.pl.conf b/sites-available/pliki.linuxiarz.pl.conf index 77253ef..ec2462b 100644 --- a/sites-available/pliki.linuxiarz.pl.conf +++ b/sites-available/pliki.linuxiarz.pl.conf @@ -16,6 +16,8 @@ server { # security include config/security.conf; + status_zone pliki.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; diff --git a/sites-available/pma.linuxiarz.pl.conf b/sites-available/pma.linuxiarz.pl.conf index 908e49f..451c9d4 100644 --- a/sites-available/pma.linuxiarz.pl.conf +++ b/sites-available/pma.linuxiarz.pl.conf @@ -16,22 +16,23 @@ server { # security include config/security.conf; + status_zone pma.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; } # logging - access_log /var/log/nginx/pma.linuxiarz.pl.access.log; - error_log /var/log/nginx/pma.linuxiarz.pl.error.log warn; + access_log /var/log/angie/pma.linuxiarz.pl.access.log; + error_log /var/log/angie/pma.linuxiarz.pl.error.log warn; # index.php index index.php; # index.php fallback location / { -# allow 85.221.250.77/32; - allow 85.221.250.159/32; + allow 109.173.163.175/32; deny all; } diff --git a/sites-available/r.linuxiarz.pl.conf b/sites-available/r.linuxiarz.pl.conf index 48959f2..ec5b85c 100644 --- a/sites-available/r.linuxiarz.pl.conf +++ b/sites-available/r.linuxiarz.pl.conf @@ -14,14 +14,16 @@ server { include config/wildcard.conf; include config/security_roundcube.conf; + status_zone r.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; } # logging - access_log /var/log/nginx/r.linuxiarz.pl.access.log; - error_log /var/log/nginx/r.linuxiarz.pl.error.log warn; + access_log /var/log/angie/r.linuxiarz.pl.access.log; + error_log /var/log/angie/r.linuxiarz.pl.error.log warn; # index.php index index.php; diff --git a/sites-available/redirects.conf b/sites-available/redirects.conf index 70dc9fa..f54158e 100644 --- a/sites-available/redirects.conf +++ b/sites-available/redirects.conf @@ -1,7 +1,24 @@ server { - listen 80; + listen 80; + listen 443 quic; + listen 443 ssl; + http2 on; + http3 on; + ssl_protocols TLSv1.3 TLSv1.2; + ssl_early_data on; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + ssl_certificate /etc/ssl/gru.one.pl/fullchain.pem; + ssl_certificate_key /etc/ssl/gru.one.pl/privkey.pem; + + status_zone gru.one.pl; + server_name .gru.one.pl ; + if ($scheme = http) { + return 301 https://$host$request_uri; + } + location / { return 301 https://www.linuxiarz.pl$request_uri; } @@ -11,6 +28,8 @@ server { listen 80; server_name .grucha.eu.org; + status_zone grucha.eu.org; + location / { return 301 https://www.gruszczynski.eu.org$request_uri; } diff --git a/sites-available/repo.linuxiarz.pl.conf b/sites-available/repo.linuxiarz.pl.conf index d2a7581..c2e1e91 100644 --- a/sites-available/repo.linuxiarz.pl.conf +++ b/sites-available/repo.linuxiarz.pl.conf @@ -17,14 +17,16 @@ server { # security include config/security.conf; + status_zone repo.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; } # logging - access_log /var/log/nginx/repo.linuxiarz.pl.access.log; - error_log /var/log/nginx/repo.linuxiarz.pl.error.log warn; + access_log /var/log/angie/repo.linuxiarz.pl.access.log; + error_log /var/log/angie/repo.linuxiarz.pl.error.log warn; location ~* \.(?:tar.gz|zip?)$ { diff --git a/sites-available/rspamd.linuxiarz.pl.conf b/sites-available/rspamd.linuxiarz.pl.conf index 38a5789..6ac7ce4 100644 --- a/sites-available/rspamd.linuxiarz.pl.conf +++ b/sites-available/rspamd.linuxiarz.pl.conf @@ -14,6 +14,8 @@ server { # security include config/security.conf; + status_zone rspamd.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; diff --git a/sites-available/sk.linuxiarz.pl.conf b/sites-available/sk.linuxiarz.pl.conf index cb8f1bb..048ad06 100644 --- a/sites-available/sk.linuxiarz.pl.conf +++ b/sites-available/sk.linuxiarz.pl.conf @@ -16,14 +16,16 @@ server { # security include config/security.conf; + status_zone sk.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET|POST)$) { return '405'; } # logging - access_log /var/log/nginx/sk.linuxiarz.pl.access.log; - error_log /var/log/nginx/sk.linuxiarz.pl.error.log warn; + access_log /var/log/angie/sk.linuxiarz.pl.access.log; + error_log /var/log/angie/sk.linuxiarz.pl.error.log warn; # index.php index index.php; diff --git a/sites-available/ts3stats.linuxiarz.pl.conf b/sites-available/ts3stats.linuxiarz.pl.conf index 0f44758..8ea82d6 100644 --- a/sites-available/ts3stats.linuxiarz.pl.conf +++ b/sites-available/ts3stats.linuxiarz.pl.conf @@ -16,14 +16,16 @@ server { # security include config/security.conf; + status_zone ts3stats.linuxiarz.pl; + # restrict methods if ($request_method !~ ^(GET)$) { return '405'; } # logging - access_log /var/log/nginx/ts3stats.linuxiarz.pl.access.log; - error_log /var/log/nginx/ts3stats.linuxiarz.pl.error.log warn; + access_log /var/log/angie/ts3stats.linuxiarz.pl.access.log; + error_log /var/log/angie/ts3stats.linuxiarz.pl.error.log warn; # index.php index index.php; diff --git a/sites-available/unitraklub.pl.conf b/sites-available/unitraklub.pl.conf index 8cb87cd..aa38cdd 100644 --- a/sites-available/unitraklub.pl.conf +++ b/sites-available/unitraklub.pl.conf @@ -5,6 +5,11 @@ server { root /var/www/503/; index index.html; + + if ($scheme = http) { + return 301 https://$host$request_uri; + } + } server { @@ -18,15 +23,15 @@ server { server_name *.unitraklub.pl unitraklub.pl; + ssl_certificate /etc/ssl/unitraklub.pl/fullchain.pem; + ssl_certificate_key /etc/ssl/unitraklub.pl/privkey.pem; - ssl_certificate /etc/nginx/ssl/nginx.crt; - ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_stapling off; root /var/www/503/; index index.html; -location / { - try_files /index.html =404; -} + location / { + try_files /index.html =404; + } } diff --git a/sites-available/webmail.linuxiarz.pl.conf b/sites-available/webmail.linuxiarz.pl.conf index 7626e9c..9d7f9c7 100644 --- a/sites-available/webmail.linuxiarz.pl.conf +++ b/sites-available/webmail.linuxiarz.pl.conf @@ -20,15 +20,16 @@ server { } # logging - access_log /var/log/nginx/webmail.linuxiarz.pl.access.log; - error_log /var/log/nginx/webmail.linuxiarz.pl.error.log warn; + access_log /var/log/angie/webmail.linuxiarz.pl.access.log; + error_log /var/log/angie/webmail.linuxiarz.pl.error.log warn; + + status_zone webmail.linuxiarz.pl; # index.php index index.php; - # index.php fallback location / { - try_files $uri $uri/ index.php; + try_files $uri $uri/ /index.php; } location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { @@ -48,8 +49,8 @@ server { # additional config include config/general.conf; - # handle .php - location ~ \.php$ { + # handle .php with PATH_INFO support + location ~ \.php(?:$|/) { include config/php_fastcgi_webmail.conf; } } diff --git a/sites-enabled/autodiscover.conf b/sites-enabled/autodiscover.conf deleted file mode 100644 index f1db5b5..0000000 --- a/sites-enabled/autodiscover.conf +++ /dev/null @@ -1,47 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name autodiscover.linuxiarz.pl autodiscover.gruszczynski.eu.org autodiscover.gru.one.pl autodiscover.szczepaniak.eu.org; - set $base /var/www/autodiscover; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - # logging - access_log /var/log/angie/autodiscover.linuxiarz.pl.access.log; - error_log /var/log/angie/autodiscover.linuxiarz.pl.error.log warn; - - status_zone autodiscover; - - location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml { - rewrite .* /autodiscover/autodiscover.php redirect; - } - - # additional config - include config/general.conf; - - # handle .php - location ~* \.php$ { - include config/php_fastcgi.conf; - } - -} - -# HTTP redirect -server { - listen 80; - server_name autodiscover.linuxiarz.pl autodiscover.gruszczynski.eu.org autodiscover.gru.one.pl autodiscover.szczepaniak.eu.org; - add_header Alt-Svc 'h3=":443"; ma=86400'; - location / { - return 301 https://autodiscover.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/autodiscover.conf b/sites-enabled/autodiscover.conf new file mode 120000 index 0000000..9a01284 --- /dev/null +++ b/sites-enabled/autodiscover.conf @@ -0,0 +1 @@ +../sites-available/autodiscover.conf \ No newline at end of file diff --git a/sites-enabled/default.conf b/sites-enabled/default.conf deleted file mode 100644 index e0e91b9..0000000 --- a/sites-enabled/default.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 80 default_server ; - return 403; - if ($request_method !~ ^(HEAD)$) { - return '405'; - } - status_zone default; -} - -server { - listen 443 ssl default_server; - return 403; - if ($request_method !~ ^(HEAD)$) { - return '405'; - } - - status_zone default_ssl; - - ssl_certificate /etc/angie/ssl/angie.crt; - ssl_certificate_key /etc/angie/ssl/angie.key; - ssl_stapling off; -} diff --git a/sites-enabled/default.conf b/sites-enabled/default.conf new file mode 120000 index 0000000..032e6bc --- /dev/null +++ b/sites-enabled/default.conf @@ -0,0 +1 @@ +../sites-available/default.conf \ No newline at end of file diff --git a/sites-enabled/doh.linuxiarz.pl.conf b/sites-enabled/doh.linuxiarz.pl.conf deleted file mode 100644 index 53c368c..0000000 --- a/sites-enabled/doh.linuxiarz.pl.conf +++ /dev/null @@ -1,65 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - - server_name doh.linuxiarz.pl; - - set $base /var/www/dnsdist; - root $base; - - status_zone doh.linuxiarz.pl; - - include config/wildcard.conf; - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET|POST|HEAD|PUT)$) { - return '405'; - } - - error_page 400 @echo_400; - - location @echo400 { - add_header Content-Type text/plain; - return 200 "Bad request :)"; - } - - error_page 404 403 500 504 502 =200 /; - - # logging - access_log /var/log/angie/doh.linuxiarz.pl.access.log; - error_log /var/log/angie/doh.linuxiarz.pl.error.log warn; - - # additional config - include config/general.conf; - - location / { - proxy_pass https://doh; - include config/proxy.conf; - } - -} - -# HTTP redirect -server { - listen 80; - server_name doh.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - include config/letsencrypt.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://doh.linuxiarz.pl$request_uri; - } -} - diff --git a/sites-enabled/doh.linuxiarz.pl.conf b/sites-enabled/doh.linuxiarz.pl.conf new file mode 120000 index 0000000..3360c60 --- /dev/null +++ b/sites-enabled/doh.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/doh.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/gruszczynski.cc.conf b/sites-enabled/gruszczynski.cc.conf deleted file mode 100644 index f08a57f..0000000 --- a/sites-enabled/gruszczynski.cc.conf +++ /dev/null @@ -1,99 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name www.gruszczynski.cc; - set $base /var/www/gruszczynski.cc; - root $base; - - ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem; - ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem; - - # logging - access_log /var/log/angie/gruszczynski.cc.access.log; - error_log /var/log/angie/gruszczynski.cc.error.log warn; - - - status_zone gruszczynski.cc; - - # ssl cfg - include config/ssl_cfg.conf; - - # security - include config/security.conf; - - status_zone gruszczynski.cc; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - if ($host = 'www.gruszczynski.cc') { - return 301 http://www.linuxiarz.pl$request_uri; - } - - error_page 404 403 500 504 502 =200 /; - - # index.html - index index.html; - - # additional config - include config/general.conf; - - # letsencrypt - include config/letsencrypt.conf; -} - -# HTTP redirect -server { - listen 80; - server_name gruszczynski.cc www.gruszczynski.cc; - add_header Alt-Svc 'h3=":443"; ma=86400'; - include config/letsencrypt.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://www.gruszczynski.cc$request_uri; - } -} - -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - - server_name gruszczynski.cc; - - ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem; - ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem; - - # ssl cfg - include config/ssl_cfg.conf; - - # security - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://www.gruszczynski.cc$request_uri; - } -} diff --git a/sites-enabled/gruszczynski.cc.conf b/sites-enabled/gruszczynski.cc.conf new file mode 120000 index 0000000..b80d763 --- /dev/null +++ b/sites-enabled/gruszczynski.cc.conf @@ -0,0 +1 @@ +../sites-available/gruszczynski.cc.conf \ No newline at end of file diff --git a/sites-enabled/gruszczynski.eu.org_varnish.conf b/sites-enabled/gruszczynski.eu.org_varnish.conf deleted file mode 100644 index 3ab80e0..0000000 --- a/sites-enabled/gruszczynski.eu.org_varnish.conf +++ /dev/null @@ -1,102 +0,0 @@ -server { - listen 8080; - server_name www.gruszczynski.eu.org; - set $base /var/www/gruszczynski.eu.org; - root $base; - - # security - include config/security.conf; - - status_zone gruszczynski.eu.org_backend; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # index.php - index index.php index.html; - - # additional config - include config/general.conf; - - # letsencrypt - include config/letsencrypt.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi.conf; - } -} - -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name www.gruszczynski.eu.org; - - ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem; - - # ssl cfg - include config/ssl_cfg.conf; - - status_zone gruszczynski.eu.org_frontend; - - location / { - proxy_pass http://varnish/; - include config/proxy.conf; - } - -} - -# HTTP redirect -server { - listen 80; - add_header Alt-Svc 'h3=":443"; ma=86400'; - server_name gruszczynski.eu.org www.gruszczynski.eu.org; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://www.gruszczynski.eu.org$request_uri; - } -} - -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name gruszczynski.eu.org; - - ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem; - - # ssl cfg - include config/ssl_cfg.conf; - - # security - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://www.gruszczynski.eu.org$request_uri; - } -} diff --git a/sites-enabled/gruszczynski.eu.org_varnish.conf b/sites-enabled/gruszczynski.eu.org_varnish.conf new file mode 120000 index 0000000..c0215ba --- /dev/null +++ b/sites-enabled/gruszczynski.eu.org_varnish.conf @@ -0,0 +1 @@ +../sites-available/gruszczynski.eu.org_varnish.conf \ No newline at end of file diff --git a/sites-enabled/img.gruszczynski.eu.org.conf b/sites-enabled/img.gruszczynski.eu.org.conf deleted file mode 100644 index 6f10f7a..0000000 --- a/sites-enabled/img.gruszczynski.eu.org.conf +++ /dev/null @@ -1,65 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name img.gruszczynski.eu.org; - set $base /var/www/img.gruszczynski.eu.org; - root $base/img; - - ssl_certificate /etc/letsencrypt/live/img.gruszczynski.eu.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/img.gruszczynski.eu.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/img.gruszczynski.eu.org/chain.pem; - - # ssl cfg - include config/ssl_cfg.conf; - - # security - include config/security.conf; - - status_zone img.gruszcznski.eu.org; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log /var/log/angie/img.gruszczynski.eu.org.access.log; - error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn; - - include config/general.conf; - - # letsencrypt - include config/letsencrypt.conf; - -} - -# HTTP redirect -server { - listen 80; - server_name img.gruszczynski.eu.org; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - set $base /var/www/img.gruszczynski.eu.org; - root $base/img; - - include config/letsencrypt.conf; - - # logging - access_log /var/log/angie/img.gruszczynski.eu.org.access.log; - error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://img.gruszczynski.eu.org$request_uri; - } -} diff --git a/sites-enabled/kodi.linuxiarz.pl.conf b/sites-enabled/kodi.linuxiarz.pl.conf deleted file mode 100644 index c9d909c..0000000 --- a/sites-enabled/kodi.linuxiarz.pl.conf +++ /dev/null @@ -1,56 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name kodi.linuxiarz.pl; - set $base /var/www/kodi.linuxiarz.pl/; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log off; - error_log off; - - status_zone kodi.linuxiarz.pl; - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime off; - autoindex_format html; - } - - # additional config - include config/general.conf; - -} - -# HTTP redirect -server { - listen 80; - server_name kodi.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://kodi.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/kodi.linuxiarz.pl.conf b/sites-enabled/kodi.linuxiarz.pl.conf new file mode 120000 index 0000000..93b01b6 --- /dev/null +++ b/sites-enabled/kodi.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/kodi.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/kompilacje.linuxiarz.pl.conf b/sites-enabled/kompilacje.linuxiarz.pl.conf deleted file mode 100644 index 5c8a41b..0000000 --- a/sites-enabled/kompilacje.linuxiarz.pl.conf +++ /dev/null @@ -1,56 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name kompilacje.linuxiarz.pl; - set $base /var/www/kompilacje.linuxiarz.pl/; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - status_zone kompilacje.linuxiarz.pl; - - # logging - access_log off; - error_log off; - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime off; - autoindex_format html; - } - - # additional config - include config/general.conf; - -} - -# HTTP redirect -server { - listen 80; - server_name kompilacje.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://kompilacje.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/kompilacje.linuxiarz.pl.conf b/sites-enabled/kompilacje.linuxiarz.pl.conf new file mode 120000 index 0000000..21a944d --- /dev/null +++ b/sites-enabled/kompilacje.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/kompilacje.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/nginx.linuxiarz.pl.conf b/sites-enabled/nginx.linuxiarz.pl.conf deleted file mode 100644 index 6b4d72f..0000000 --- a/sites-enabled/nginx.linuxiarz.pl.conf +++ /dev/null @@ -1,56 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name nginx.linuxiarz.pl; - set $base /var/www/nginx.linuxiarz.pl/; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone nginx.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log off; - error_log off; - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime off; - autoindex_format html; - } - - # additional config - include config/general.conf; - -} - -# HTTP redirect -server { - listen 80; - server_name nginx.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://nginx.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/nginx.linuxiarz.pl.conf b/sites-enabled/nginx.linuxiarz.pl.conf new file mode 120000 index 0000000..27eae5e --- /dev/null +++ b/sites-enabled/nginx.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/nginx.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/pa.linuxiarz.pl.conf b/sites-enabled/pa.linuxiarz.pl.conf deleted file mode 100644 index d62b317..0000000 --- a/sites-enabled/pa.linuxiarz.pl.conf +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name pa.linuxiarz.pl; - set $base /var/www/postfixadmin; -# set $base /var/www/postfixadmin-postfixadmin-cc23eba; - root $base/public; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone pa.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log /var/log/angie/pa.linuxiarz.pl.access.log; - error_log /var/log/angie/pa.linuxiarz.pl.error.log warn; - - # index.php - index index.php; - - # index.php fallback - location / { - try_files $uri $uri/ login.php; - } - - # additional config - include config/general.conf; - - # handle .php - location ~* \.php$ { - include config/php_fastcgi7_4.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name pa.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://pa.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/pa.linuxiarz.pl.conf b/sites-enabled/pa.linuxiarz.pl.conf new file mode 120000 index 0000000..ecf82cc --- /dev/null +++ b/sites-enabled/pa.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/pa.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/paste.linuxiarz.pl_varnish.conf b/sites-enabled/paste.linuxiarz.pl_varnish.conf deleted file mode 100644 index aa9f53a..0000000 --- a/sites-enabled/paste.linuxiarz.pl_varnish.conf +++ /dev/null @@ -1,72 +0,0 @@ -server { - listen 8080; - server_name paste.linuxiarz.pl; - set $base /var/www/paste.linuxiarz.pl; - root $base; - - # security - include config/security_paste.conf; - - status_zone paste.linuxiarz.pl_backend; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # index.php - index index.php; - - # index.php fallback - location / { - try_files $uri /index.php; - } - - if ($request_uri !~* ^/(static|favicon\.ico|robots\.txt)) { - rewrite ^/(.*)$ /index.php?/$1 last; - break; - } - - # handle .php - location ~ \.php$ { - include config/php_fastcgi7_4.conf; - } -} - - -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name paste.linuxiarz.pl; - - include config/wildcard.conf; - - # logging - access_log /var/log/angie/paste.linuxiarz.pl.access.log; - error_log /var/log/angie/paste.linuxiarz.pl.error.log warn; - - status_zone paste.linuxiarz.pl_frontend; - - location / { - proxy_pass http://varnish/; - include config/proxy.conf; - } - -} - -# HTTP redirect -server { - listen 80; - server_name paste.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://paste.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/paste.linuxiarz.pl_varnish.conf b/sites-enabled/paste.linuxiarz.pl_varnish.conf new file mode 120000 index 0000000..1e777e8 --- /dev/null +++ b/sites-enabled/paste.linuxiarz.pl_varnish.conf @@ -0,0 +1 @@ +../sites-available/paste.linuxiarz.pl_varnish.conf \ No newline at end of file diff --git a/sites-enabled/pliki.linuxiarz.pl.conf b/sites-enabled/pliki.linuxiarz.pl.conf deleted file mode 100644 index ec2462b..0000000 --- a/sites-enabled/pliki.linuxiarz.pl.conf +++ /dev/null @@ -1,56 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name pliki.linuxiarz.pl; - set $base /var/www/linuxiarz.pl/pliki; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone pliki.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log off; - error_log off; - - location / { - autoindex on; - autoindex_exact_size off; - autoindex_localtime off; - autoindex_format html; - } - - # additional config - include config/general.conf; - -} - -# HTTP redirect -server { - listen 80; - server_name pliki.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://pliki.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/pliki.linuxiarz.pl.conf b/sites-enabled/pliki.linuxiarz.pl.conf new file mode 120000 index 0000000..870a780 --- /dev/null +++ b/sites-enabled/pliki.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/pliki.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/pma.linuxiarz.pl.conf b/sites-enabled/pma.linuxiarz.pl.conf deleted file mode 100644 index be45379..0000000 --- a/sites-enabled/pma.linuxiarz.pl.conf +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name pma.linuxiarz.pl; - set $base /var/www/pma.linuxiarz.pl/pma; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone pma.linuxiarz.pl - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log /var/log/angie/pma.linuxiarz.pl.access.log; - error_log /var/log/angie/pma.linuxiarz.pl.error.log warn; - - # index.php - index index.php; - - # index.php fallback - location / { - allow 109.173.163.175/32; - deny all; - } - - # additional config - include config/general.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name pma.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://pma.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/pma.linuxiarz.pl.conf b/sites-enabled/pma.linuxiarz.pl.conf new file mode 120000 index 0000000..b4b0e17 --- /dev/null +++ b/sites-enabled/pma.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/pma.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/r.linuxiarz.pl.conf b/sites-enabled/r.linuxiarz.pl.conf deleted file mode 100644 index ec5b85c..0000000 --- a/sites-enabled/r.linuxiarz.pl.conf +++ /dev/null @@ -1,68 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name r.linuxiarz.pl; - set $base /var/www/rainloop; - root $base; - - include config/wildcard.conf; - include config/security_roundcube.conf; - - status_zone r.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log /var/log/angie/r.linuxiarz.pl.access.log; - error_log /var/log/angie/r.linuxiarz.pl.error.log warn; - - # index.php - index index.php; - - # index.php fallback - location / { - try_files $uri $uri/ index.php; - } - - location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { - deny all; - error_page 403 =404 / ; - } - - location ~ ^/(data)/ { - deny all; - } - - location ~\.(ini|log|conf|MD|md|json)$ { - deny all; - error_page 403 =404 / ; - } - - # additional config - include config/general.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi_webmail.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name r.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://r.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/r.linuxiarz.pl.conf b/sites-enabled/r.linuxiarz.pl.conf new file mode 120000 index 0000000..28b9455 --- /dev/null +++ b/sites-enabled/r.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/r.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/redirects.conf b/sites-enabled/redirects.conf deleted file mode 100644 index f54158e..0000000 --- a/sites-enabled/redirects.conf +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen 80; - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - ssl_certificate /etc/ssl/gru.one.pl/fullchain.pem; - ssl_certificate_key /etc/ssl/gru.one.pl/privkey.pem; - - status_zone gru.one.pl; - - server_name .gru.one.pl ; - - if ($scheme = http) { - return 301 https://$host$request_uri; - } - - location / { - return 301 https://www.linuxiarz.pl$request_uri; - } -} - -server { - listen 80; - server_name .grucha.eu.org; - - status_zone grucha.eu.org; - - location / { - return 301 https://www.gruszczynski.eu.org$request_uri; - } -} diff --git a/sites-enabled/redirects.conf b/sites-enabled/redirects.conf new file mode 120000 index 0000000..0829812 --- /dev/null +++ b/sites-enabled/redirects.conf @@ -0,0 +1 @@ +../sites-available/redirects.conf \ No newline at end of file diff --git a/sites-enabled/repo.linuxiarz.pl.conf b/sites-enabled/repo.linuxiarz.pl.conf deleted file mode 100644 index c2e1e91..0000000 --- a/sites-enabled/repo.linuxiarz.pl.conf +++ /dev/null @@ -1,66 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name repo.linuxiarz.pl; - set $base /var/www/repo.linuxiarz.pl; - root $base; - - include config/wildcard.conf; - - index index.php; - # security - include config/security.conf; - - status_zone repo.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log /var/log/angie/repo.linuxiarz.pl.access.log; - error_log /var/log/angie/repo.linuxiarz.pl.error.log warn; - - - location ~* \.(?:tar.gz|zip?)$ { - rewrite ^/(.*)$ https://objectstorage.eu-frankfurt-1.oraclecloud.com/n/frhsuwgawuyg/b/linuxiarz-repo/o/$1 permanent; - } - - - location / { -# try_files $uri $uri/ /index.php?dl=$uri; - try_files $uri $uri/ /index.php?$uri; - } - - # additional config - include config/general.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi.conf; - } - -} - -# HTTP redirect -server { - listen 80; - server_name repo.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://repo.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/repo.linuxiarz.pl.conf b/sites-enabled/repo.linuxiarz.pl.conf new file mode 120000 index 0000000..1b25628 --- /dev/null +++ b/sites-enabled/repo.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/repo.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/rspamd.linuxiarz.pl.conf b/sites-enabled/rspamd.linuxiarz.pl.conf deleted file mode 100644 index 6ac7ce4..0000000 --- a/sites-enabled/rspamd.linuxiarz.pl.conf +++ /dev/null @@ -1,51 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name rspamd.linuxiarz.pl; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone rspamd.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log off; - error_log off; - - location / { - proxy_pass http://127.0.0.1:11334/; - include config/proxy.conf; - } - - # additional config -# include config/general.conf; -} - -# HTTP redirect -server { - listen 80; - server_name rspamd.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://rspamd.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/rspamd.linuxiarz.pl.conf b/sites-enabled/rspamd.linuxiarz.pl.conf new file mode 120000 index 0000000..84a04e7 --- /dev/null +++ b/sites-enabled/rspamd.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/rspamd.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/sk.linuxiarz.pl.conf b/sites-enabled/sk.linuxiarz.pl.conf deleted file mode 100644 index 048ad06..0000000 --- a/sites-enabled/sk.linuxiarz.pl.conf +++ /dev/null @@ -1,51 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name sk.linuxiarz.pl; - set $base /var/www/sk.linuxiarz.pl; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone sk.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log /var/log/angie/sk.linuxiarz.pl.access.log; - error_log /var/log/angie/sk.linuxiarz.pl.error.log warn; - - # index.php - index index.php; - - # additional config - include config/general.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi8_1.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name sk.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://sk.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/sk.linuxiarz.pl.conf b/sites-enabled/sk.linuxiarz.pl.conf new file mode 120000 index 0000000..f448304 --- /dev/null +++ b/sites-enabled/sk.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/sk.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/ts3stats.linuxiarz.pl.conf b/sites-enabled/ts3stats.linuxiarz.pl.conf deleted file mode 100644 index 8ea82d6..0000000 --- a/sites-enabled/ts3stats.linuxiarz.pl.conf +++ /dev/null @@ -1,69 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name ts3stats.linuxiarz.pl; - set $base /var/www/ts3stats; - root $base; - - include config/wildcard.conf; - - # security - include config/security.conf; - - status_zone ts3stats.linuxiarz.pl; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - # logging - access_log /var/log/angie/ts3stats.linuxiarz.pl.access.log; - error_log /var/log/angie/ts3stats.linuxiarz.pl.error.log warn; - - # index.php - index index.php; - - location / { - try_files $uri $uri/ /index.php; - } - - location /rrd { - rewrite ^ $scheme://$host permanent; - deny all; - } - - location ~ /graph { - allow all; - } - - location /libraries { - rewrite ^ $scheme://$host permanent; - deny all; - } - - # additional config - include config/general.conf; - - # handle .php - location ~ \.php$ { - include config/php_fastcgi.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name ts3stats.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://ts3stats.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/ts3stats.linuxiarz.pl.conf b/sites-enabled/ts3stats.linuxiarz.pl.conf new file mode 120000 index 0000000..6d8acd2 --- /dev/null +++ b/sites-enabled/ts3stats.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/ts3stats.linuxiarz.pl.conf \ No newline at end of file diff --git a/sites-enabled/unitraklub.pl.conf b/sites-enabled/unitraklub.pl.conf deleted file mode 100644 index aa38cdd..0000000 --- a/sites-enabled/unitraklub.pl.conf +++ /dev/null @@ -1,37 +0,0 @@ -server { - listen 80; - server_name *.unitraklub.pl unitraklub.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - root /var/www/503/; - index index.html; - - if ($scheme = http) { - return 301 https://$host$request_uri; - } - -} - -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name *.unitraklub.pl unitraklub.pl; - - ssl_certificate /etc/ssl/unitraklub.pl/fullchain.pem; - ssl_certificate_key /etc/ssl/unitraklub.pl/privkey.pem; - - ssl_stapling off; - - root /var/www/503/; - index index.html; - - location / { - try_files /index.html =404; - } -} diff --git a/sites-enabled/unitraklub.pl.conf b/sites-enabled/unitraklub.pl.conf new file mode 120000 index 0000000..5084fd3 --- /dev/null +++ b/sites-enabled/unitraklub.pl.conf @@ -0,0 +1 @@ +../sites-available/unitraklub.pl.conf \ No newline at end of file diff --git a/sites-enabled/webmail.linuxiarz.pl.conf b/sites-enabled/webmail.linuxiarz.pl.conf deleted file mode 100644 index 9d7f9c7..0000000 --- a/sites-enabled/webmail.linuxiarz.pl.conf +++ /dev/null @@ -1,93 +0,0 @@ -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name webmail.linuxiarz.pl; - set $base /var/www/webmail; - root $base; - - include config/wildcard.conf; - include config/security_roundcube.conf; - - # restrict methods - if ($request_method !~ ^(GET|POST)$) { - return '405'; - } - - # logging - access_log /var/log/angie/webmail.linuxiarz.pl.access.log; - error_log /var/log/angie/webmail.linuxiarz.pl.error.log warn; - - status_zone webmail.linuxiarz.pl; - - # index.php - index index.php; - - location / { - try_files $uri $uri/ /index.php; - } - - location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { - deny all; - error_page 403 =404 / ; - } - - location ~ ^/(bin|SQL|config|temp|logs)/ { - deny all; - } - - location ~\.(ini|log|conf|MD|md|json)$ { - deny all; - error_page 403 =404 / ; - } - - # additional config - include config/general.conf; - - # handle .php with PATH_INFO support - location ~ \.php(?:$|/) { - include config/php_fastcgi_webmail.conf; - } -} - -# HTTP redirect -server { - listen 80; - server_name webmail.linuxiarz.pl poczta.linuxiarz.pl poczta.gru.one.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://webmail.linuxiarz.pl$request_uri; - } -} - -# Other redirects -server { - listen 443 quic; - listen 443 ssl; - http2 on; - http3 on; - ssl_protocols TLSv1.3 TLSv1.2; - ssl_early_data on; - add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - - server_name poczta.linuxiarz.pl; - include config/wildcard.conf; - - # security - include config/security.conf; - - # restrict methods - if ($request_method !~ ^(GET)$) { - return '405'; - } - - location / { - return 301 https://webmail.linuxiarz.pl$request_uri; - } -} diff --git a/sites-enabled/webmail.linuxiarz.pl.conf b/sites-enabled/webmail.linuxiarz.pl.conf new file mode 120000 index 0000000..8cb4339 --- /dev/null +++ b/sites-enabled/webmail.linuxiarz.pl.conf @@ -0,0 +1 @@ +../sites-available/webmail.linuxiarz.pl.conf \ No newline at end of file