gru/linuxiarz_vps_angie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

work in progress

Browse Source
This commit is contained in:
root
2025-11-16 23:45:16 +01:00
parent 4970352314
commit 24c11e8810
50 changed files with 243 additions and 1413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sites-available/adphone.pl.conf
View File

@@ -1,3 +1,9 @@
upstream adphone_app {
zone adphone_app 1m;
server 127.0.0.1:8001;
keepalive 16;
}
server {
listen 443 quic;
listen 443 ssl;

5
sites-available/autodiscover.conf
View File

@@ -17,9 +17,10 @@ server {
include config/security.conf;
# logging
access_log /var/log/nginx/autodiscover.linuxiarz.pl.access.log;
error_log /var/log/nginx/autodiscover.linuxiarz.pl.error.log warn;
access_log /var/log/angie/autodiscover.linuxiarz.pl.access.log;
error_log /var/log/angie/autodiscover.linuxiarz.pl.error.log warn;
status_zone autodiscover;
location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
rewrite .* /autodiscover/autodiscover.php redirect;

6
sites-available/blog.linuxiarz.pl.conf
View File

@@ -1,3 +1,9 @@
upstream varnish {
zone varnish 1m;
server 127.0.0.1:6081;
keepalive 16;
}
server {
listen 8080;
server_name blog.linuxiarz.pl;

7
sites-available/default.conf
View File

@@ -4,6 +4,7 @@ server {
if ($request_method !~ ^(HEAD)$) {
return '405';
}
status_zone default;
}
server {
@@ -13,7 +14,9 @@ server {
return '405';
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
status_zone default_ssl;
ssl_certificate /etc/angie/ssl/angie.crt;
ssl_certificate_key /etc/angie/ssl/angie.key;
ssl_stapling off;
}

71
sites-available/doh.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,71 @@
upstream doh {
zone doh 1m;
server 127.0.0.1:8844;
keepalive 16;
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name doh.linuxiarz.pl;
set $base /var/www/dnsdist;
root $base;
status_zone doh.linuxiarz.pl;
include config/wildcard.conf;
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST|HEAD|PUT)$) {
return '405';
}
error_page 400 @echo_400;
location @echo400 {
add_header Content-Type text/plain;
return 200 "Bad request :)";
}
error_page 404 403 500 504 502 =200 /;
# logging
access_log /var/log/angie/doh.linuxiarz.pl.access.log;
error_log /var/log/angie/doh.linuxiarz.pl.error.log warn;
# additional config
include config/general.conf;
location / {
proxy_pass https://doh;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name doh.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://doh.linuxiarz.pl$request_uri;
}
}

6
sites-available/gitea.linuxiarz.pl.conf
View File

@@ -1,3 +1,9 @@
upstream gitea {
zone gitea 1m;
server 127.0.0.1:3000;
keepalive 16;
}
server {
listen 443 quic;

30
sites-available/gruszczynski.cc.conf
View File

@@ -11,9 +11,15 @@ server {
set $base /var/www/gruszczynski.cc;
root $base;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem;
ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem;
# logging
access_log /var/log/angie/gruszczynski.cc.access.log;
error_log /var/log/angie/gruszczynski.cc.error.log warn;
status_zone gruszczynski.cc;
# ssl cfg
include config/ssl_cfg.conf;
@@ -26,11 +32,11 @@ server {
return '405';
}
error_page 404 403 500 504 502 =200 /;
if ($host = 'www.gruszczynski.cc') {
return 301 http://www.linuxiarz.pl$request_uri;
}
# logging
access_log /var/log/nginx/gruszczynski.cc.access.log;
error_log /var/log/nginx/gruszczynski.cc.error.log warn;
error_page 404 403 500 504 502 =200 /;
# index.html
index index.html;
@@ -40,11 +46,6 @@ server {
# letsencrypt
include config/letsencrypt.conf;
# handle .php
# location ~ \.php$ {
# include config/php_fastcgi.conf;
# }
}
# HTTP redirect
@@ -76,9 +77,8 @@ server {
server_name gruszczynski.cc;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem;
ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem;
# ssl cfg
include config/ssl_cfg.conf;

26
sites-available/gruszczynski.eu.org_varnish.conf
View File

@@ -7,15 +7,13 @@ server {
# security
include config/security.conf;
status_zone gruszczynski.eu.org_backend;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
#access_log /var/log/nginx/gruszczynski.eu.org.access.log;
#error_log /var/log/nginx/gruszczynski.eu.org.error.log warn;
# index.php
index index.php index.html;
@@ -42,32 +40,27 @@ server {
server_name www.gruszczynski.eu.org;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem;
# ssl cfg
include config/ssl_cfg.conf;
status_zone gruszczynski.eu.org_frontend;
location / {
proxy_pass http://127.0.0.1:6081/;
proxy_pass http://varnish/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
add_header Alt-Svc 'h3=":443"; ma=86400';
server_name gruszczynski.eu.org www.gruszczynski.eu.org;
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
@@ -89,9 +82,8 @@ server {
server_name gruszczynski.eu.org;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
ssl_certificate /etc/ssl/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/ssl/gruszczynski.eu.org/privkey.pem;
# ssl cfg
include config/ssl_cfg.conf;

10
sites-available/img.gruszczynski.eu.org.conf
View File

@@ -21,14 +21,16 @@ server {
# security
include config/security.conf;
status_zone img.gruszcznski.eu.org;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/img.gruszczynski.eu.org.access.log;
error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn;
access_log /var/log/angie/img.gruszczynski.eu.org.access.log;
error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn;
include config/general.conf;
@@ -49,8 +51,8 @@ server {
include config/letsencrypt.conf;
# logging
access_log /var/log/nginx/img.gruszczynski.eu.org.access.log;
error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn;
access_log /var/log/angie/img.gruszczynski.eu.org.access.log;
error_log /var/log/angie/img.gruszczynski.eu.org.error.log warn;
# restrict methods
if ($request_method !~ ^(GET)$) {

2
sites-available/kodi.linuxiarz.pl.conf
View File

@@ -25,6 +25,8 @@ server {
access_log off;
error_log off;
status_zone kodi.linuxiarz.pl;
location / {
autoindex on;
autoindex_exact_size off;

2
sites-available/kompilacje.linuxiarz.pl.conf
View File

@@ -21,6 +21,8 @@ server {
return '405';
}
status_zone kompilacje.linuxiarz.pl;
# logging
access_log off;
error_log off;

12
sites-available/linuxiarz.pl_new.conf
View File

@@ -1,3 +1,15 @@
upstream linuxiarz_app {
zone linuxiarz_app 1m;
server 127.0.0.1:8000;
keepalive 16;
}
upstream redirector_app {
zone redirector_app 1m;
server 127.0.0.1:8282;
keepalive 16;
}
# Cache (jak w oryginale)
proxy_cache_path /var/cache/angie/redirector
levels=1:2

2
sites-available/nginx.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security
include config/security.conf;
status_zone nginx.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';

6
sites-available/pa.linuxiarz.pl.conf
View File

@@ -17,14 +17,16 @@ server {
# security
include config/security.conf;
status_zone pa.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/pa.linuxiarz.pl.access.log;
error_log /var/log/nginx/pa.linuxiarz.pl.error.log warn;
access_log /var/log/angie/pa.linuxiarz.pl.access.log;
error_log /var/log/angie/pa.linuxiarz.pl.error.log warn;
# index.php
index index.php;

12
sites-available/paste.linuxiarz.pl_varnish.conf
View File

@@ -7,6 +7,8 @@ server {
# security
include config/security_paste.conf;
status_zone paste.linuxiarz.pl_backend;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
@@ -25,9 +27,6 @@ server {
break;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi7_4.conf;
@@ -49,12 +48,13 @@ server {
include config/wildcard.conf;
# logging
access_log /var/log/nginx/paste.linuxiarz.pl.access.log;
error_log /var/log/nginx/paste.linuxiarz.pl.error.log warn;
access_log /var/log/angie/paste.linuxiarz.pl.access.log;
error_log /var/log/angie/paste.linuxiarz.pl.error.log warn;
status_zone paste.linuxiarz.pl_frontend;
location / {
proxy_pass http://127.0.0.1:6081/;
proxy_pass http://varnish/;
include config/proxy.conf;
}

2
sites-available/pliki.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security
include config/security.conf;
status_zone pliki.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';

9
sites-available/pma.linuxiarz.pl.conf
View File

@@ -16,22 +16,23 @@ server {
# security
include config/security.conf;
status_zone pma.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/pma.linuxiarz.pl.access.log;
error_log /var/log/nginx/pma.linuxiarz.pl.error.log warn;
access_log /var/log/angie/pma.linuxiarz.pl.access.log;
error_log /var/log/angie/pma.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
# allow 85.221.250.77/32;
allow 85.221.250.159/32;
allow 109.173.163.175/32;
deny all;
}

6
sites-available/r.linuxiarz.pl.conf
View File

@@ -14,14 +14,16 @@ server {
include config/wildcard.conf;
include config/security_roundcube.conf;
status_zone r.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/r.linuxiarz.pl.access.log;
error_log /var/log/nginx/r.linuxiarz.pl.error.log warn;
access_log /var/log/angie/r.linuxiarz.pl.access.log;
error_log /var/log/angie/r.linuxiarz.pl.error.log warn;
# index.php
index index.php;

21
sites-available/redirects.conf
View File

@@ -1,7 +1,24 @@
server {
listen 80;
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/ssl/gru.one.pl/fullchain.pem;
ssl_certificate_key /etc/ssl/gru.one.pl/privkey.pem;
status_zone gru.one.pl;
server_name .gru.one.pl ;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
location / {
return 301 https://www.linuxiarz.pl$request_uri;
}
@@ -11,6 +28,8 @@ server {
listen 80;
server_name .grucha.eu.org;
status_zone grucha.eu.org;
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}

6
sites-available/repo.linuxiarz.pl.conf
View File

@@ -17,14 +17,16 @@ server {
# security
include config/security.conf;
status_zone repo.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/repo.linuxiarz.pl.access.log;
error_log /var/log/nginx/repo.linuxiarz.pl.error.log warn;
access_log /var/log/angie/repo.linuxiarz.pl.access.log;
error_log /var/log/angie/repo.linuxiarz.pl.error.log warn;
location ~* \.(?:tar.gz|zip?)$ {

2
sites-available/rspamd.linuxiarz.pl.conf
View File

@@ -14,6 +14,8 @@ server {
# security
include config/security.conf;
status_zone rspamd.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';

6
sites-available/sk.linuxiarz.pl.conf
View File

@@ -16,14 +16,16 @@ server {
# security
include config/security.conf;
status_zone sk.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/sk.linuxiarz.pl.access.log;
error_log /var/log/nginx/sk.linuxiarz.pl.error.log warn;
access_log /var/log/angie/sk.linuxiarz.pl.access.log;
error_log /var/log/angie/sk.linuxiarz.pl.error.log warn;
# index.php
index index.php;

6
sites-available/ts3stats.linuxiarz.pl.conf
View File

@@ -16,14 +16,16 @@ server {
# security
include config/security.conf;
status_zone ts3stats.linuxiarz.pl;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/ts3stats.linuxiarz.pl.access.log;
error_log /var/log/nginx/ts3stats.linuxiarz.pl.error.log warn;
access_log /var/log/angie/ts3stats.linuxiarz.pl.access.log;
error_log /var/log/angie/ts3stats.linuxiarz.pl.error.log warn;
# index.php
index index.php;

15
sites-available/unitraklub.pl.conf
View File

@@ -5,6 +5,11 @@ server {
root /var/www/503/;
index index.html;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
}
server {
@@ -18,15 +23,15 @@ server {
server_name *.unitraklub.pl unitraklub.pl;
ssl_certificate /etc/ssl/unitraklub.pl/fullchain.pem;
ssl_certificate_key /etc/ssl/unitraklub.pl/privkey.pem;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_stapling off;
root /var/www/503/;
index index.html;
location / {
try_files /index.html =404;
}
location / {
try_files /index.html =404;
}
}

13
sites-available/webmail.linuxiarz.pl.conf
View File

@@ -20,15 +20,16 @@ server {
}
# logging
access_log /var/log/nginx/webmail.linuxiarz.pl.access.log;
error_log /var/log/nginx/webmail.linuxiarz.pl.error.log warn;
access_log /var/log/angie/webmail.linuxiarz.pl.access.log;
error_log /var/log/angie/webmail.linuxiarz.pl.error.log warn;
status_zone webmail.linuxiarz.pl;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ index.php;
try_files $uri $uri/ /index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
@@ -48,8 +49,8 @@ server {
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
# handle .php with PATH_INFO support
location ~ \.php(?:$|/) {
include config/php_fastcgi_webmail.conf;
}
}