gru/linuxiarz_vps_angie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanups

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-11-16 23:04:23 +01:00
parent af14d373fa
commit 4970352314
54 changed files with 183 additions and 4720 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
._config
View File

Binary file not shown.

BIN
._nginx.conf
View File

Binary file not shown.

BIN
._sites-available
View File

Binary file not shown.

BIN
._sites-enabled
View File

Binary file not shown.

53
angie.conf
View File

@@ -51,25 +51,58 @@ http {
# OCSP Stapling # OCSP Stapling
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 valid=60s; resolver 127.0.0.1 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 valid=10s status_zone=default_resolver;
resolver_timeout 2s; resolver_timeout 2s;
brotli off; map $sent_http_content_type $compressible_type {
brotli_comp_level 6; default 0;
brotli_static on; ~*text/plain 1;
brotli_types *; ~*text/css 1;
~*text/xml 1;
~*text/javascript 1;
~*application/javascript 1;
~*application/x-javascript 1;
~*application/json 1;
~*application/xml 1;
~*application/xml\+rss 1;
~*application/rss\+xml 1;
~*image/svg\+xml 1;
~*font/truetype 1;
~*font/opentype 1;
~*font/woff 1;
~*font/woff2 1;
~*application/font-woff 1;
~*application/font-woff2 1;
}
# Brotli compression
brotli on;
brotli_static on;
brotli_comp_level 6;
brotli_min_length 1000;
brotli_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss application/rss+xml image/svg+xml font/truetype font/opentype font/woff font/woff2 application/font-woff application/font-woff2;
# Zstd compression
zstd on; zstd on;
zstd_min_length 256; # no less than 256 bytes zstd_comp_level 3;
zstd_comp_level 3; # set the level to 3 zstd_min_length 256;
zstd_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss application/rss+xml image/svg+xml font/truetype font/opentype font/woff font/woff2 application/font-woff application/font-woff2;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javasc
# Load configs # Load configs
include /etc/angie/conf.d/*.conf; include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*; include /etc/angie/sites-enabled/*;
more_clear_headers "Server"; more_clear_headers "Server";
set_real_ip_from 127.0.0.1; # Zaufane IP (np. Varnish lub inny proxy) set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For; # Użyj nagłówka X-Forwarded-For do określenia prawdziwego IP real_ip_header X-Forwarded-For;
real_ip_recursive on; # Uwzględnij wszystkie adresy IP w X-Forwarded-For real_ip_recursive on;
} }

44
conf.d/default.conf
View File

@@ -1,44 +0,0 @@
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

32
conf.d/prometheus_all.conf
View File

@@ -20,7 +20,6 @@ angie_connections_idle $p8s_value
type=gauge type=gauge
'help=The current number of idle client connections.'; 'help=The current number of idle client connections.';
'angie_slabs_pages_used{zone="$1"}' $p8s_value 'angie_slabs_pages_used{zone="$1"}' $p8s_value
path=~^/slabs/([^/]+)/pages/used$ path=~^/slabs/([^/]+)/pages/used$
type=gauge type=gauge
@@ -31,7 +30,6 @@ angie_connections_idle $p8s_value
type=gauge type=gauge
'help=The number of currently free memory pages in a slab zone.'; 'help=The number of currently free memory pages in a slab zone.';
'angie_slabs_pages_slots_used{zone="$1",size="$2"}' $p8s_value 'angie_slabs_pages_slots_used{zone="$1",size="$2"}' $p8s_value
path=~^/slabs/([^/]+)/slots/([^/]+)/used$ path=~^/slabs/([^/]+)/slots/([^/]+)/used$
type=gauge type=gauge
@@ -52,7 +50,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The number of unsuccessful attempts to allocate a memory slot of a specific size in a slab zone.'; 'help=The number of unsuccessful attempts to allocate a memory slot of a specific size in a slab zone.';
'angie_resolvers_queries{zone="$1",type="$2"}' $p8s_value 'angie_resolvers_queries{zone="$1",type="$2"}' $p8s_value
path=~^/resolvers/([^/]+)/queries/([^/]+)$ path=~^/resolvers/([^/]+)/queries/([^/]+)$
type=counter type=counter
@@ -68,7 +65,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The number of resolution results with a specific status in a resolver zone.'; 'help=The number of resolution results with a specific status in a resolver zone.';
'angie_http_server_zones_ssl_handshaked{zone="$1"}' $p8s_value 'angie_http_server_zones_ssl_handshaked{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/ssl/handshaked$ path=~^/http/server_zones/([^/]+)/ssl/handshaked$
type=counter type=counter
@@ -89,7 +85,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of failed SSL handshakes in an HTTP server zone.'; 'help=The total number of failed SSL handshakes in an HTTP server zone.';
'angie_http_server_zones_requests_total{zone="$1"}' $p8s_value 'angie_http_server_zones_requests_total{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/requests/total$ path=~^/http/server_zones/([^/]+)/requests/total$
type=counter type=counter
@@ -105,13 +100,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of client requests completed in an HTTP server zone without sending a response.'; 'help=The total number of client requests completed in an HTTP server zone without sending a response.';
'angie_http_server_zones_responses{zone="$1",code="$2"}' $p8s_value 'angie_http_server_zones_responses{zone="$1",code="$2"}' $p8s_value
path=~^/http/server_zones/([^/]+)/responses/([^/]+)$ path=~^/http/server_zones/([^/]+)/responses/([^/]+)$
type=counter type=counter
'help=The number of responses with a specific status in an HTTP server zone.'; 'help=The number of responses with a specific status in an HTTP server zone.';
'angie_http_server_zones_data_received{zone="$1"}' $p8s_value 'angie_http_server_zones_data_received{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/data/received$ path=~^/http/server_zones/([^/]+)/data/received$
type=counter type=counter
@@ -122,7 +115,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes sent to clients in an HTTP server zone.'; 'help=The total number of bytes sent to clients in an HTTP server zone.';
'angie_http_location_zones_requests_total{zone="$1"}' $p8s_value 'angie_http_location_zones_requests_total{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/requests/total$ path=~^/http/location_zones/([^/]+)/requests/total$
type=counter type=counter
@@ -133,13 +125,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of client requests completed in an HTTP location zone without sending a response.'; 'help=The total number of client requests completed in an HTTP location zone without sending a response.';
'angie_http_location_zones_responses{zone="$1",code="$2"}' $p8s_value 'angie_http_location_zones_responses{zone="$1",code="$2"}' $p8s_value
path=~^/http/location_zones/([^/]+)/responses/([^/]+)$ path=~^/http/location_zones/([^/]+)/responses/([^/]+)$
type=counter type=counter
'help=The number of responses with a specific status in an HTTP location zone.'; 'help=The number of responses with a specific status in an HTTP location zone.';
'angie_http_location_zones_data_received{zone="$1"}' $p8s_value 'angie_http_location_zones_data_received{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/data/received$ path=~^/http/location_zones/([^/]+)/data/received$
type=counter type=counter
@@ -150,13 +140,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes sent to clients in an HTTP location zone.'; 'help=The total number of bytes sent to clients in an HTTP location zone.';
'angie_http_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state 'angie_http_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/state$ path=~^/http/upstreams/([^/]+)/peers/([^/]+)/state$
type=gauge type=gauge
'help=The current state of an upstream peer in "HTTP": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.'; 'help=The current state of an upstream peer in "HTTP": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.';
'angie_http_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value 'angie_http_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/selected/current$ path=~^/http/upstreams/([^/]+)/peers/([^/]+)/selected/current$
type=gauge type=gauge
@@ -167,13 +155,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of attempts to use an upstream peer in "HTTP".'; 'help=The total number of attempts to use an upstream peer in "HTTP".';
'angie_http_upstreams_peers_responses{upstream="$1",peer="$2",code="$3"}' $p8s_value 'angie_http_upstreams_peers_responses{upstream="$1",peer="$2",code="$3"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/responses/([^/]+)$ path=~^/http/upstreams/([^/]+)/peers/([^/]+)/responses/([^/]+)$
type=counter type=counter
'help=The number of responses with a specific status received from an upstream peer in "HTTP".'; 'help=The number of responses with a specific status received from an upstream peer in "HTTP".';
'angie_http_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value 'angie_http_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/data/sent$ path=~^/http/upstreams/([^/]+)/peers/([^/]+)/data/sent$
type=counter type=counter
@@ -184,7 +170,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes received from an upstream peer in "HTTP".'; 'help=The total number of bytes received from an upstream peer in "HTTP".';
'angie_http_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value 'angie_http_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/health/fails$ path=~^/http/upstreams/([^/]+)/peers/([^/]+)/health/fails$
type=counter type=counter
@@ -200,13 +185,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total time (in milliseconds) that an upstream peer in "HTTP" was "unavailable".'; 'help=The total time (in milliseconds) that an upstream peer in "HTTP" was "unavailable".';
'angie_http_upstreams_keepalive{upstream="$1"}' $p8s_value 'angie_http_upstreams_keepalive{upstream="$1"}' $p8s_value
path=~^/http/upstreams/([^/]+)/keepalive$ path=~^/http/upstreams/([^/]+)/keepalive$
type=gauge type=gauge
'help=The number of currently cached keepalive connections for an HTTP upstream.'; 'help=The number of currently cached keepalive connections for an HTTP upstream.';
'angie_http_caches_responses{zone="$1",status="$2"}' $p8s_value 'angie_http_caches_responses{zone="$1",status="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/([^/]+)/responses$ path=~^/http/caches/([^/]+)/([^/]+)/responses$
type=counter type=counter
@@ -227,19 +210,16 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes written to an HTTP cache zone with a specific cache status.'; 'help=The total number of bytes written to an HTTP cache zone with a specific cache status.';
'angie_http_caches_size{zone="$1"}' $p8s_value 'angie_http_caches_size{zone="$1"}' $p8s_value
path=~^/http/caches/([^/]+)/size$ path=~^/http/caches/([^/]+)/size$
type=gauge type=gauge
'help=The current size (in bytes) of cached responses in an HTTP cache zone.'; 'help=The current size (in bytes) of cached responses in an HTTP cache zone.';
'angie_http_caches_shards_size{zone="$1",path="$2"}' $p8s_value 'angie_http_caches_shards_size{zone="$1",path="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/shards/([^/]+)/size$ path=~^/http/caches/([^/]+)/shards/([^/]+)/size$
type=gauge type=gauge
'help=The current size (in bytes) of cached responses in a shard path of an HTTP cache zone.'; 'help=The current size (in bytes) of cached responses in a shard path of an HTTP cache zone.';
'angie_http_limit_conns{zone="$1",status="$2"}' $p8s_value 'angie_http_limit_conns{zone="$1",status="$2"}' $p8s_value
path=~^/http/limit_conns/([^/]+)/([^/]+)$ path=~^/http/limit_conns/([^/]+)/([^/]+)$
type=counter type=counter
@@ -250,7 +230,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The number of requests processed by an HTTP limit_reqs zone with a specific result.'; 'help=The number of requests processed by an HTTP limit_reqs zone with a specific result.';
'angie_stream_server_zones_ssl_handshaked{zone="$1"}' $p8s_value 'angie_stream_server_zones_ssl_handshaked{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/ssl/handshaked$ path=~^/stream/server_zones/([^/]+)/ssl/handshaked$
type=counter type=counter
@@ -271,7 +250,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of failed SSL handshakes in a stream server zone.'; 'help=The total number of failed SSL handshakes in a stream server zone.';
'angie_stream_server_zones_connections_total{zone="$1"}' $p8s_value 'angie_stream_server_zones_connections_total{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/connections/total$ path=~^/stream/server_zones/([^/]+)/connections/total$
type=counter type=counter
@@ -292,13 +270,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of client connections in a stream server zone passed for handling to a different listening socket.'; 'help=The total number of client connections in a stream server zone passed for handling to a different listening socket.';
'angie_stream_server_zones_sessions{zone="$1",status="$2"}' $p8s_value 'angie_stream_server_zones_sessions{zone="$1",status="$2"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/sessions/([^/]+)$ path=~^/stream/server_zones/([^/]+)/sessions/([^/]+)$
type=counter type=counter
'help=The number of sessions finished with a specific status in a stream server zone.'; 'help=The number of sessions finished with a specific status in a stream server zone.';
'angie_stream_server_zones_data_received{zone="$1"}' $p8s_value 'angie_stream_server_zones_data_received{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/data/received$ path=~^/stream/server_zones/([^/]+)/data/received$
type=counter type=counter
@@ -309,13 +285,11 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes sent to clients in a stream server zone.'; 'help=The total number of bytes sent to clients in a stream server zone.';
'angie_stream_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state 'angie_stream_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/state$ path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/state$
type=gauge type=gauge
'help=The current state of an upstream peer in "stream": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.'; 'help=The current state of an upstream peer in "stream": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.';
'angie_stream_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value 'angie_stream_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/selected/current$ path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/selected/current$
type=gauge type=gauge
@@ -326,7 +300,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of attempts to use an upstream peer in "stream".'; 'help=The total number of attempts to use an upstream peer in "stream".';
'angie_stream_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value 'angie_stream_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/data/sent$ path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/data/sent$
type=counter type=counter
@@ -337,7 +310,6 @@ angie_connections_idle $p8s_value
type=counter type=counter
'help=The total number of bytes received from an upstream peer in "stream".'; 'help=The total number of bytes received from an upstream peer in "stream".';
'angie_stream_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value 'angie_stream_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/health/fails$ path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/health/fails$
type=counter type=counter
@@ -360,5 +332,9 @@ map $p8s_value $p8st_all_ups_state {
"down" 2; "down" 2;
"unavailable" 3; "unavailable" 3;
"recovering" 4; "recovering" 4;
# "unhealthy" 5;
# "checking" 6;
# "draining" 7;
"busy" 8;
default 0; default 0;
} }

31
conf.d/status.conf
View File

@@ -1,26 +1,29 @@
#include conf.d/prometheus_all.conf; include conf.d/prometheus_all.conf;
server { server {
listen 84; listen 84;
listen 86; listen 86;
acceess_log off;
error_log off;
auto_redirect on;
location /nginx_status { location /nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow all; allow all;
} }
auto_redirect on; location /status/ {
api /status/;
api_config_files on;
}
location /status/ { location /console/ {
api /status/; alias /usr/share/angie-console-light/html/;
api_config_files on; index index.html;
} }
location /console/ {
alias /usr/share/angie-console-light/html/;
index index.html;
}
location /console/api/ { location /console/api/ {
api /status/; api /status/;

BIN
config/._general.conf
View File

Binary file not shown.

BIN
config/._letsencrypt.conf
View File

Binary file not shown.

BIN
config/._php_fastcgi.conf
View File

Binary file not shown.

BIN
config/._security.conf
View File

Binary file not shown.

BIN
config/._wordpress.conf
View File

Binary file not shown.

7
config/general.conf
View File

@@ -22,10 +22,3 @@ location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
expires 7d; expires 7d;
access_log off; access_log off;
} }
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

20
config/header.conf
View File

@@ -1,10 +1,10 @@
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always; add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
add_header Referrer-Policy "origin"; add_header Referrer-Policy "origin";
add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()"; add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()";
add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default"; add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default";
add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default"; add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default";
add_header Cross-Origin-Resource-Policy "cross-origin"; add_header Cross-Origin-Resource-Policy "cross-origin";

7
config/non-hotlink.conf
View File

@@ -1,12 +1,5 @@
# Hotlinking dla obrazków/CSS/JS z wp-content
location ~* ^/wp-content/.*\.(?:png|jpe?g|gif|webp|svg|ico|css|js)$ { location ~* ^/wp-content/.*\.(?:png|jpe?g|gif|webp|svg|ico|css|js)$ {
# Jeśli chcesz wpuszczać wejścia bez Referera zostaw 'none'.
# Jeśli chcesz je blokować usuń 'none'.
valid_referers none blocked server_names *.blog.linuxiarz.pl *.linuxiarz.pl; valid_referers none blocked server_names *.blog.linuxiarz.pl *.linuxiarz.pl;
if ($invalid_referer) { return 403; } if ($invalid_referer) { return 403; }
# normalne serwowanie
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }

16
config/php_fastcgi5_6.conf
View File

@@ -1,16 +0,0 @@
# 404
try_files $fastcgi_script_name =404;
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass unix:/run/php/php5.6-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

2
config/php_fastcgi_webmail.conf
View File

@@ -1,7 +1,5 @@
# Split PATH_INFO dla static.php i innych # Split PATH_INFO dla static.php i innych
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# WAŻNE: Przypisz do zmiennej PRZED try_files
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
# 404 # 404

15
config/security_paste.conf
View File

@@ -1,18 +1,5 @@
# security headers
#add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-XSS-Protection "1; mode=block" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
#add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
#add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Permissions-Policy "autoplay=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=()" always;
#add_header Cross-Origin-Embedder-Policy "unsafe-none; report-to=default" always;
#add_header Cross-Origin-Opener-Policy "unsafe-none; report-to=default" always;
#add_header Cross-Origin-Resource-Policy "cross-origin" always;
# . files # . files
location ~ /\.(?!well-known) { location ~ /\.(?!well-known) {
deny all; deny all;

35
config/upstreams.conf Normal file
View File

@@ -0,0 +1,35 @@
upstream varnish {
zone varnish 1m;
server 127.0.0.1:6081;
keepalive 16;
}
upstream gitea {
zone gitea 1m;
server 127.0.0.1:3000;
keepalive 16;
}
upstream adphone_app {
zone adphone_app 1m;
server 127.0.0.1:8001;
keepalive 16;
}
upstream doh {
zone doh 1m;
server 127.0.0.1:8844;
keepalive 16;
}
upstream linuxiarz_app {
zone linuxiarz_app 1m;
server 127.0.0.1:8000;
keepalive 16;
}
upstream redirector_app {
zone redirector_app 1m;
server 127.0.0.1:8282;
keepalive 16;
}

54
nginx.conf
View File

@@ -1,54 +0,0 @@
user www-data;
pid /run/angie.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
log_format main '$remote_addr $remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$http_cookie" "$sent_http_set_cookie" "$http_host" "$http3"';
#charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
client_max_body_size 16M;
client_body_buffer_size 32M;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Mozilla Modern configuration
ssl_protocols TLSv1.3 TLSv1.2;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 valid=60s;
resolver_timeout 2s;
# Load configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

32
nginx.conf.dpkg-dist
View File

@@ -1,32 +0,0 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

3859
off
View File

File diff suppressed because it is too large Load Diff

369
prometheus_all.conf.dpkg-dist
View File

@@ -1,369 +0,0 @@
prometheus_template all {
angie_connections_accepted $p8s_value
path=/connections/accepted
type=counter
'help=The total number of accepted client connections.';
angie_connections_dropped $p8s_value
path=/connections/dropped
type=counter
'help=The total number of dropped client connections.';
angie_connections_active $p8s_value
path=/connections/active
type=gauge
'help=The current number of active client connections.';
angie_connections_idle $p8s_value
path=/connections/idle
type=gauge
'help=The current number of idle client connections.';
'angie_slabs_pages_used{zone="$1"}' $p8s_value
path=~^/slabs/([^/]+)/pages/used$
type=gauge
'help=The number of currently used memory pages in a slab zone.';
'angie_slabs_pages_free{zone="$1"}' $p8s_value
path=~^/slabs/([^/]+)/pages/free$
type=gauge
'help=The number of currently free memory pages in a slab zone.';
'angie_slabs_pages_slots_used{zone="$1",size="$2"}' $p8s_value
path=~^/slabs/([^/]+)/slots/([^/]+)/used$
type=gauge
'help=The number of currently used memory slots of a specific size in a slab zone.';
'angie_slabs_pages_slots_free{zone="$1",size="$2"}' $p8s_value
path=~^/slabs/([^/]+)/slots/([^/]+)/free$
type=gauge
'help=The number of currently free memory slots of a specific size in a slab zone.';
'angie_slabs_pages_slots_reqs{zone="$1",size="$2"}' $p8s_value
path=~^/slabs/([^/]+)/slots/([^/]+)/reqs$
type=counter
'help=The total number of attempts to allocate a memory slot of a specific size in a slab zone.';
'angie_slabs_pages_slots_fails{zone="$1",size="$2"}' $p8s_value
path=~^/slabs/([^/]+)/slots/([^/]+)/fails$
type=counter
'help=The number of unsuccessful attempts to allocate a memory slot of a specific size in a slab zone.';
'angie_resolvers_queries{zone="$1",type="$2"}' $p8s_value
path=~^/resolvers/([^/]+)/queries/([^/]+)$
type=counter
'help=The number of queries of a specific type to resolve in a resolver zone.';
'angie_resolvers_sent{zone="$1",type="$2"}' $p8s_value
path=~^/resolvers/([^/]+)/sent/([^/]+)$
type=counter
'help=The number of sent DNS queries of a specific type to resolve in a resolver zone.';
'angie_resolvers_responses{zone="$1",status="$2"}' $p8s_value
path=~^/resolvers/([^/]+)/responses/([^/]+)$
type=counter
'help=The number of resolution results with a specific status in a resolver zone.';
'angie_http_server_zones_ssl_handshaked{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/ssl/handshaked$
type=counter
'help=The total number of successful SSL handshakes in an HTTP server zone.';
'angie_http_server_zones_ssl_reuses{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/ssl/reuses$
type=counter
'help=The total number of session reuses during SSL handshakes in an HTTP server zone.';
'angie_http_server_zones_ssl_timedout{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/ssl/timedout$
type=counter
'help=The total number of timed-out SSL handshakes in an HTTP server zone.';
'angie_http_server_zones_ssl_failed{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/ssl/failed$
type=counter
'help=The total number of failed SSL handshakes in an HTTP server zone.';
'angie_http_server_zones_requests_total{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/requests/total$
type=counter
'help=The total number of client requests received in an HTTP server zone.';
'angie_http_server_zones_requests_processing{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/requests/processing$
type=gauge
'help=The number of client requests currently being processed in an HTTP server zone.';
'angie_http_server_zones_requests_discarded{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/requests/discarded$
type=counter
'help=The total number of client requests completed in an HTTP server zone without sending a response.';
'angie_http_server_zones_responses{zone="$1",code="$2"}' $p8s_value
path=~^/http/server_zones/([^/]+)/responses/([^/]+)$
type=counter
'help=The number of responses with a specific status in an HTTP server zone.';
'angie_http_server_zones_data_received{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/data/received$
type=counter
'help=The total number of bytes received from clients in an HTTP server zone.';
'angie_http_server_zones_data_sent{zone="$1"}' $p8s_value
path=~^/http/server_zones/([^/]+)/data/sent$
type=counter
'help=The total number of bytes sent to clients in an HTTP server zone.';
'angie_http_location_zones_requests_total{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/requests/total$
type=counter
'help=The total number of client requests in an HTTP location zone.';
'angie_http_location_zones_requests_discarded{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/requests/discarded$
type=counter
'help=The total number of client requests completed in an HTTP location zone without sending a response.';
'angie_http_location_zones_responses{zone="$1",code="$2"}' $p8s_value
path=~^/http/location_zones/([^/]+)/responses/([^/]+)$
type=counter
'help=The number of responses with a specific status in an HTTP location zone.';
'angie_http_location_zones_data_received{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/data/received$
type=counter
'help=The total number of bytes received from clients in an HTTP location zone.';
'angie_http_location_zones_data_sent{zone="$1"}' $p8s_value
path=~^/http/location_zones/([^/]+)/data/sent$
type=counter
'help=The total number of bytes sent to clients in an HTTP location zone.';
'angie_http_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/state$
type=gauge
'help=The current state of an upstream peer in "HTTP": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.';
'angie_http_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/selected/current$
type=gauge
'help=The number of requests currently being processed by an upstream peer in "HTTP".';
'angie_http_upstreams_peers_selected_total{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/selected/total$
type=counter
'help=The total number of attempts to use an upstream peer in "HTTP".';
'angie_http_upstreams_peers_responses{upstream="$1",peer="$2",code="$3"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/responses/([^/]+)$
type=counter
'help=The number of responses with a specific status received from an upstream peer in "HTTP".';
'angie_http_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/data/sent$
type=counter
'help=The total number of bytes sent to an upstream peer in "HTTP".';
'angie_http_upstreams_peers_data_received{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/data/received$
type=counter
'help=The total number of bytes received from an upstream peer in "HTTP".';
'angie_http_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/health/fails$
type=counter
'help=The total number of unsuccessful attempts to communicate with an upstream peer in "HTTP".';
'angie_http_upstreams_peers_health_unavailable{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/health/unavailable$
type=counter
'help=The number of times when an upstream peer in "HTTP" became "unavailable" due to reaching the max_fails limit.';
'angie_http_upstreams_peers_health_downtime{upstream="$1",peer="$2"}' $p8s_value
path=~^/http/upstreams/([^/]+)/peers/([^/]+)/health/downtime$
type=counter
'help=The total time (in milliseconds) that an upstream peer in "HTTP" was "unavailable".';
'angie_http_upstreams_keepalive{upstream="$1"}' $p8s_value
path=~^/http/upstreams/([^/]+)/keepalive$
type=gauge
'help=The number of currently cached keepalive connections for an HTTP upstream.';
'angie_http_caches_responses{zone="$1",status="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/([^/]+)/responses$
type=counter
'help=The total number of responses processed in an HTTP cache zone with a specific cache status.';
'angie_http_caches_bytes{zone="$1",status="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/([^/]+)/bytes$
type=counter
'help=The total number of bytes processed in an HTTP cache zone with a specific cache status.';
'angie_http_caches_responses_written{zone="$1",status="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/([^/]+)/responses_written$
type=counter
'help=The total number of responses written to an HTTP cache zone with a specific cache status.';
'angie_http_caches_bytes_written{zone="$1",status="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/([^/]+)/bytes_written$
type=counter
'help=The total number of bytes written to an HTTP cache zone with a specific cache status.';
'angie_http_caches_size{zone="$1"}' $p8s_value
path=~^/http/caches/([^/]+)/size$
type=gauge
'help=The current size (in bytes) of cached responses in an HTTP cache zone.';
'angie_http_caches_shards_size{zone="$1",path="$2"}' $p8s_value
path=~^/http/caches/([^/]+)/shards/([^/]+)/size$
type=gauge
'help=The current size (in bytes) of cached responses in a shard path of an HTTP cache zone.';
'angie_http_limit_conns{zone="$1",status="$2"}' $p8s_value
path=~^/http/limit_conns/([^/]+)/([^/]+)$
type=counter
'help=The number of requests processed by an HTTP limit_conn zone with a specific result.';
'angie_http_limit_reqs{zone="$1",status="$2"}' $p8s_value
path=~^/http/limit_reqs/([^/]+)/([^/]+)$
type=counter
'help=The number of requests processed by an HTTP limit_reqs zone with a specific result.';
'angie_stream_server_zones_ssl_handshaked{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/ssl/handshaked$
type=counter
'help=The total number of successful SSL handshakes in a stream server zone.';
'angie_stream_server_zones_ssl_reuses{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/ssl/reuses$
type=counter
'help=The total number of session reuses during SSL handshakes in a stream server zone.';
'angie_stream_server_zones_ssl_timedout{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/ssl/timedout$
type=counter
'help=The total number of timed-out SSL handshakes in a stream server zone.';
'angie_stream_server_zones_ssl_failed{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/ssl/failed$
type=counter
'help=The total number of failed SSL handshakes in a stream server zone.';
'angie_stream_server_zones_connections_total{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/connections/total$
type=counter
'help=The total number of client connections received in a stream server zone.';
'angie_stream_server_zones_connections_processing{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/connections/processing$
type=gauge
'help=The number of client connections currently being processed in a stream server zone.';
'angie_stream_server_zones_connections_discarded{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/connections/discarded$
type=counter
'help=The total number of client connections completed in a stream server zone without establishing a session.';
'angie_stream_server_zones_connections_passed{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/connections/passed$
type=counter
'help=The total number of client connections in a stream server zone passed for handling to a different listening socket.';
'angie_stream_server_zones_sessions{zone="$1",status="$2"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/sessions/([^/]+)$
type=counter
'help=The number of sessions finished with a specific status in a stream server zone.';
'angie_stream_server_zones_data_received{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/data/received$
type=counter
'help=The total number of bytes received from clients in a stream server zone.';
'angie_stream_server_zones_data_sent{zone="$1"}' $p8s_value
path=~^/stream/server_zones/([^/]+)/data/sent$
type=counter
'help=The total number of bytes sent to clients in a stream server zone.';
'angie_stream_upstreams_peers_state{upstream="$1",peer="$2"}' $p8st_all_ups_state
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/state$
type=gauge
'help=The current state of an upstream peer in "stream": 1 - up, 2 - down, 3 - unavailable, or 4 - recovering.';
'angie_stream_upstreams_peers_selected_current{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/selected/current$
type=gauge
'help=The number of sessions currently being processed by an upstream peer in "stream".';
'angie_stream_upstreams_peers_selected_total{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/selected/total$
type=counter
'help=The total number of attempts to use an upstream peer in "stream".';
'angie_stream_upstreams_peers_data_sent{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/data/sent$
type=counter
'help=The total number of bytes sent to an upstream peer in "stream".';
'angie_stream_upstreams_peers_data_received{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/data/received$
type=counter
'help=The total number of bytes received from an upstream peer in "stream".';
'angie_stream_upstreams_peers_health_fails{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/health/fails$
type=counter
'help=The total number of unsuccessful attempts to communicate with an upstream peer in "stream".';
'angie_stream_upstreams_peers_health_unavailable{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/health/unavailable$
type=counter
'help=The number of times when an upstream peer in "stream" became "unavailable" due to reaching the max_fails limit.';
'angie_stream_upstreams_peers_health_downtime{upstream="$1",peer="$2"}' $p8s_value
path=~^/stream/upstreams/([^/]+)/peers/([^/]+)/health/downtime$
type=counter
'help=The total time (in milliseconds) that an upstream peer in "stream" was "unavailable".';
}
map $p8s_value $p8st_all_ups_state {
volatile;
"up" 1;
"down" 2;
"unavailable" 3;
"recovering" 4;
# "unhealthy" 5;
# "checking" 6;
# "draining" 7;
"busy" 8;
default 0;
}

BIN
sites-available/._linuxiarz.pl.conf
View File

Binary file not shown.

2
sites-available/adphone.pl.conf
View File

@@ -38,7 +38,7 @@ server {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8001; proxy_pass http://adphone_app;
proxy_request_buffering off; proxy_request_buffering off;
client_body_timeout 120s; client_body_timeout 120s;
proxy_read_timeout 120s; proxy_read_timeout 120s;

11
sites-available/blog.linuxiarz.pl.conf
View File

@@ -5,14 +5,16 @@ server {
root $base; root $base;
# security # security
# include config/security_wp.conf; # include config/security_wp.conf;
status_zone blog.linuxiarz.pl_backend;
#disable on varnish
include config/wildcard.conf; include config/wildcard.conf;
include config/security.conf; include config/security.conf;
include config/non-hotlink.conf; include config/non-hotlink.conf;
port_in_redirect off; port_in_redirect off;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST|HEAD|PUT|OPTIONS)$) { if ($request_method !~ ^(GET|POST|HEAD|PUT|OPTIONS)$) {
return '405'; return '405';
@@ -26,7 +28,6 @@ server {
index index.php; index index.php;
# index.php fallback # index.php fallback
location / { location / {
try_files $uri $uri/ /index.php?$query_string; try_files $uri $uri/ /index.php?$query_string;
@@ -55,16 +56,16 @@ server {
add_header Alt-Svc 'h3=":$server_port"; ma=86400'; add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name blog.linuxiarz.pl; server_name blog.linuxiarz.pl;
include config/wildcard.conf; include config/wildcard.conf;
# logging # logging
access_log /var/log/angie/blog.linuxiarz.pl.access.log main; access_log /var/log/angie/blog.linuxiarz.pl.access.log main;
error_log /var/log/angie/blog.linuxiarz.pl.error.log warn; error_log /var/log/angie/blog.linuxiarz.pl.error.log warn;
status_zone blog.linuxiarz.pl_front;
location / { location / {
proxy_pass http://127.0.0.1:6081/; proxy_pass http://varnish;
include config/proxy.conf; include config/proxy.conf;
} }

4
sites-available/gitea.linuxiarz.pl.conf
View File

@@ -14,8 +14,10 @@ server {
access_log /var/log/angie/gitea.linuxiarz.pl.access.log; access_log /var/log/angie/gitea.linuxiarz.pl.access.log;
error_log /var/log/angie/gitea.linuxiarz.pl.error.log warn; error_log /var/log/angie/gitea.linuxiarz.pl.error.log warn;
status_zone gitea.linuxiarz.pl;
location / { location / {
proxy_pass http://127.0.0.1:3000/; proxy_pass http://gitea;
include config/proxy.conf; include config/proxy.conf;
} }

26
sites-available/linuxiarz.pl_new.conf
View File

@@ -6,24 +6,17 @@ proxy_cache_path /var/cache/angie/redirector
inactive=24h inactive=24h
use_temp_path=off; use_temp_path=off;
##############################
# 1) Blok tylko do redirectów
##############################
# HTTP -> HTTPS + normalizacja do www # HTTP -> HTTPS + normalizacja do www
server { server {
listen 80; listen 80;
server_name linuxiarz.pl www.linuxiarz.pl; server_name linuxiarz.pl www.linuxiarz.pl;
# Ścieżkowe redirecty z HTTP prosto do docelowych hostów
rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent; rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent; rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
# Reszta na HTTPS z www
return 301 https://www.linuxiarz.pl$request_uri; return 301 https://www.linuxiarz.pl$request_uri;
} }
# HTTPS nonwww -> www (tylko redirect)
server { server {
listen 443 ssl; listen 443 ssl;
server_name linuxiarz.pl; server_name linuxiarz.pl;
@@ -31,14 +24,9 @@ server {
include config/wildcard.conf; include config/wildcard.conf;
ssl_protocols TLSv1.3 TLSv1.2; ssl_protocols TLSv1.3 TLSv1.2;
# Bez Alt-Svc tutaj: ten blok tylko przekierowuje
return 301 https://www.linuxiarz.pl$request_uri; return 301 https://www.linuxiarz.pl$request_uri;
} }
#########################################
# 2) Główny vhost treści: www + HTTP/3
#########################################
server { server {
# TCP (HTTP/1.1 + HTTP/2) # TCP (HTTP/1.1 + HTTP/2)
listen 443 ssl; listen 443 ssl;
@@ -62,7 +50,7 @@ server {
access_log /var/log/angie/linuxiarz.pl.access.log main; access_log /var/log/angie/linuxiarz.pl.access.log main;
error_log /var/log/angie/linuxiarz.pl.error.log warn; error_log /var/log/angie/linuxiarz.pl.error.log warn;
status_zone www.linuxiarz.pl; status_zone www.linuxiarz.pl_frontend;
# Dozwolone metody # Dozwolone metody
if ($request_method !~ ^(GET|HEAD|POST)$) { if ($request_method !~ ^(GET|HEAD|POST)$) {
return 405; return 405;
@@ -74,12 +62,10 @@ server {
# Główne proxy do Varnish na 6081 # Główne proxy do Varnish na 6081
location / { location / {
proxy_pass http://127.0.0.1:6081/; proxy_pass http://varnish/;
include config/proxy.conf; include config/proxy.conf;
} }
# Przykład ads.txt (opcjonalnie):
# location = /ads.txt { root /var/www/ads; }
} }
################################## ##################################
@@ -92,6 +78,8 @@ server {
# Domyślna ścieżka: pliki -> fallback do aplikacji na :8000 # Domyślna ścieżka: pliki -> fallback do aplikacji na :8000
error_page 404 = @redirect_check; error_page 404 = @redirect_check;
status_zone www.linuxiarz.pl_backend;
location / { location / {
try_files $uri $uri/ @to8000; try_files $uri $uri/ @to8000;
} }
@@ -102,7 +90,7 @@ server {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8000; proxy_pass http://linuxiarz_app;
proxy_request_buffering off; proxy_request_buffering off;
client_body_timeout 120s; client_body_timeout 120s;
@@ -119,7 +107,7 @@ server {
set_real_ip_from 127.0.0.1; set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
proxy_pass http://127.0.0.1:8282; proxy_pass http://redirector_app;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -130,7 +118,7 @@ server {
location ~ ^/(stats|user-info|health)$ { location ~ ^/(stats|user-info|health)$ {
add_header Cache-Control "no-cache, max-age=0, no-store"; add_header Cache-Control "no-cache, max-age=0, no-store";
proxy_cache off; proxy_cache off;
proxy_pass http://127.0.0.1:8282; proxy_pass http://redirector_app;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

BIN
sites-enabled/._linuxiarz.pl.conf
View File

Binary file not shown.

1
sites-enabled/autodiscover.conf
View File

@@ -20,6 +20,7 @@ server {
access_log /var/log/angie/autodiscover.linuxiarz.pl.access.log; access_log /var/log/angie/autodiscover.linuxiarz.pl.access.log;
error_log /var/log/angie/autodiscover.linuxiarz.pl.error.log warn; error_log /var/log/angie/autodiscover.linuxiarz.pl.error.log warn;
status_zone autodiscover;
location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml { location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
rewrite .* /autodiscover/autodiscover.php redirect; rewrite .* /autodiscover/autodiscover.php redirect;

3
sites-enabled/default.conf
View File

@@ -4,6 +4,7 @@ server {
if ($request_method !~ ^(HEAD)$) { if ($request_method !~ ^(HEAD)$) {
return '405'; return '405';
} }
status_zone default;
} }
server { server {
@@ -13,6 +14,8 @@ server {
return '405'; return '405';
} }
status_zone default_ssl;
ssl_certificate /etc/angie/ssl/angie.crt; ssl_certificate /etc/angie/ssl/angie.crt;
ssl_certificate_key /etc/angie/ssl/angie.key; ssl_certificate_key /etc/angie/ssl/angie.key;
ssl_stapling off; ssl_stapling off;

5
sites-enabled/doh.conf → sites-enabled/doh.linuxiarz.pl.conf
View File

@@ -13,6 +13,7 @@ server {
set $base /var/www/dnsdist; set $base /var/www/dnsdist;
root $base; root $base;
status_zone doh.linuxiarz.pl;
include config/wildcard.conf; include config/wildcard.conf;
include config/security.conf; include config/security.conf;
@@ -29,7 +30,6 @@ server {
return 200 "Bad request :)"; return 200 "Bad request :)";
} }
error_page 404 403 500 504 502 =200 /; error_page 404 403 500 504 502 =200 /;
# logging # logging
@@ -40,11 +40,10 @@ server {
include config/general.conf; include config/general.conf;
location / { location / {
proxy_pass https://127.0.0.1:8844/; proxy_pass https://doh;
include config/proxy.conf; include config/proxy.conf;
} }
} }
# HTTP redirect # HTTP redirect

20
sites-enabled/gruszczynski.cc.conf
View File

@@ -14,29 +14,32 @@ server {
ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem; ssl_certificate /etc/ssl/gruszczynski.cc/fullchain.pem;
ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem; ssl_certificate_key /etc/ssl/gruszczynski.cc/privkey.pem;
# logging
access_log /var/log/angie/gruszczynski.cc.access.log;
error_log /var/log/angie/gruszczynski.cc.error.log warn;
status_zone gruszczynski.cc;
# ssl cfg # ssl cfg
include config/ssl_cfg.conf; include config/ssl_cfg.conf;
# security # security
include config/security.conf; include config/security.conf;
status_zone gruszczynski.cc;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';
} }
if ($host = 'www.gruszczynski.cc') { if ($host = 'www.gruszczynski.cc') {
return 301 http://www.linuxiarz.pl$request_uri; return 301 http://www.linuxiarz.pl$request_uri;
} }
error_page 404 403 500 504 502 =200 /; error_page 404 403 500 504 502 =200 /;
# logging
access_log /var/log/angie/gruszczynski.cc.access.log;
error_log /var/log/angie/gruszczynski.cc.error.log warn;
# index.html # index.html
index index.html; index index.html;
@@ -45,11 +48,6 @@ server {
# letsencrypt # letsencrypt
include config/letsencrypt.conf; include config/letsencrypt.conf;
# handle .php
# location ~ \.php$ {
# include config/php_fastcgi.conf;
# }
} }
# HTTP redirect # HTTP redirect

14
sites-enabled/gruszczynski.eu.org_varnish.conf
View File

@@ -7,15 +7,13 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone gruszczynski.eu.org_backend;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';
} }
# logging
#access_log /var/log/angie/gruszczynski.eu.org.access.log;
#error_log /var/log/angie/gruszczynski.eu.org.error.log warn;
# index.php # index.php
index index.php index.html; index index.php index.html;
@@ -48,25 +46,21 @@ server {
# ssl cfg # ssl cfg
include config/ssl_cfg.conf; include config/ssl_cfg.conf;
status_zone gruszczynski.eu.org_frontend;
location / { location / {
proxy_pass http://127.0.0.1:6081/; proxy_pass http://varnish/;
include config/proxy.conf; include config/proxy.conf;
} }
} }
# HTTP redirect # HTTP redirect
server { server {
listen 80; listen 80;
add_header Alt-Svc 'h3=":443"; ma=86400'; add_header Alt-Svc 'h3=":443"; ma=86400';
server_name gruszczynski.eu.org www.gruszczynski.eu.org; server_name gruszczynski.eu.org www.gruszczynski.eu.org;
# include config/letsencrypt.conf;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

2
sites-enabled/img.gruszczynski.eu.org.conf
View File

@@ -21,6 +21,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone img.gruszcznski.eu.org;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

2
sites-enabled/kodi.linuxiarz.pl.conf
View File

@@ -25,6 +25,8 @@ server {
access_log off; access_log off;
error_log off; error_log off;
status_zone kodi.linuxiarz.pl;
location / { location / {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;

2
sites-enabled/kompilacje.linuxiarz.pl.conf
View File

@@ -21,6 +21,8 @@ server {
return '405'; return '405';
} }
status_zone kompilacje.linuxiarz.pl;
# logging # logging
access_log off; access_log off;
error_log off; error_log off;

2
sites-enabled/nginx.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone nginx.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

2
sites-enabled/pa.linuxiarz.pl.conf
View File

@@ -17,6 +17,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone pa.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';

8
sites-enabled/paste.linuxiarz.pl_varnish.conf
View File

@@ -7,6 +7,8 @@ server {
# security # security
include config/security_paste.conf; include config/security_paste.conf;
status_zone paste.linuxiarz.pl_backend;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';
@@ -25,9 +27,6 @@ server {
break; break;
} }
# additional config
#g.lin include config/general.conf;
# handle .php # handle .php
location ~ \.php$ { location ~ \.php$ {
include config/php_fastcgi7_4.conf; include config/php_fastcgi7_4.conf;
@@ -52,9 +51,10 @@ server {
access_log /var/log/angie/paste.linuxiarz.pl.access.log; access_log /var/log/angie/paste.linuxiarz.pl.access.log;
error_log /var/log/angie/paste.linuxiarz.pl.error.log warn; error_log /var/log/angie/paste.linuxiarz.pl.error.log warn;
status_zone paste.linuxiarz.pl_frontend;
location / { location / {
proxy_pass http://127.0.0.1:6081/; proxy_pass http://varnish/;
include config/proxy.conf; include config/proxy.conf;
} }

2
sites-enabled/pliki.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone pliki.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

2
sites-enabled/pma.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone pma.linuxiarz.pl
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';

44
sites-enabled/quarantine.linuxiarz.pl.conf
View File

@@ -1,44 +0,0 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name quarantine.linuxiarz.pl;
include config/wildcard.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:9000;
allow 85.221.253.162;
allow 127.0.0.1;
deny all;
}
}
# HTTP redirect
server {
listen 80;
server_name quarantine.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://quarantine.linuxiarz.pl$request_uri;
}
}

2
sites-enabled/r.linuxiarz.pl.conf
View File

@@ -14,6 +14,8 @@ server {
include config/wildcard.conf; include config/wildcard.conf;
include config/security_roundcube.conf; include config/security_roundcube.conf;
status_zone r.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';

4
sites-enabled/redirects.conf
View File

@@ -11,6 +11,8 @@ server {
ssl_certificate /etc/ssl/gru.one.pl/fullchain.pem; ssl_certificate /etc/ssl/gru.one.pl/fullchain.pem;
ssl_certificate_key /etc/ssl/gru.one.pl/privkey.pem; ssl_certificate_key /etc/ssl/gru.one.pl/privkey.pem;
status_zone gru.one.pl;
server_name .gru.one.pl ; server_name .gru.one.pl ;
if ($scheme = http) { if ($scheme = http) {
@@ -26,6 +28,8 @@ server {
listen 80; listen 80;
server_name .grucha.eu.org; server_name .grucha.eu.org;
status_zone grucha.eu.org;
location / { location / {
return 301 https://www.gruszczynski.eu.org$request_uri; return 301 https://www.gruszczynski.eu.org$request_uri;
} }

2
sites-enabled/repo.linuxiarz.pl.conf
View File

@@ -17,6 +17,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone repo.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

2
sites-enabled/rspamd.linuxiarz.pl.conf
View File

@@ -14,6 +14,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone rspamd.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';

2
sites-enabled/sk.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone sk.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET|POST)$) { if ($request_method !~ ^(GET|POST)$) {
return '405'; return '405';

2
sites-enabled/ts3stats.linuxiarz.pl.conf
View File

@@ -16,6 +16,8 @@ server {
# security # security
include config/security.conf; include config/security.conf;
status_zone ts3stats.linuxiarz.pl;
# restrict methods # restrict methods
if ($request_method !~ ^(GET)$) { if ($request_method !~ ^(GET)$) {
return '405'; return '405';

1
sites-enabled/unitraklub.pl.conf
View File

@@ -10,7 +10,6 @@ server {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
server { server {

60
sites-enabled/webmail-beta.linuxiarz.pl.conf
View File

@@ -1,60 +0,0 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name webmail-beta.linuxiarz.pl;
set $base /var/www/webmail-beta;
root $base;
include config/wildcard.conf;
include config/security_wp.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
# logging
access_log /var/log/angie/webmail-beta.linuxiarz.pl.access.log;
error_log /var/log/angie/webmail-beta.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location /x {
try_files $uri $uri/ index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
error_page 403 =404 / ;
}
location ~ ^/(bin|SQL|config|temp|logs)/ {
deny all;
}
location ~\.(ini|log|conf|MD|md|json)$ {
deny all;
error_page 403 =404 / ;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi_webmail.conf;
}
}

7
sites-enabled/webmail.linuxiarz.pl.conf
View File

@@ -23,14 +23,11 @@ server {
access_log /var/log/angie/webmail.linuxiarz.pl.access.log; access_log /var/log/angie/webmail.linuxiarz.pl.access.log;
error_log /var/log/angie/webmail.linuxiarz.pl.error.log warn; error_log /var/log/angie/webmail.linuxiarz.pl.error.log warn;
status_zone webmail.linuxiarz.pl;
# index.php # index.php
index index.php; index index.php;
# index.php fallback
# location / {
# try_files $uri $uri/ index.php;
# }
location / { location / {
try_files $uri $uri/ /index.php; try_files $uri $uri/ /index.php;
} }

87
sites-enabled/z.gruszczynski.eu.org_varnish.conf
View File

@@ -1,87 +0,0 @@
server {
listen 8080;
server_name z.gruszczynski.eu.org;
set $base /var/www/z.gruszczynski.eu.org;
root $base;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# index.php
index index.php;
# additional config
include config/general.conf;
port_in_redirect off;
location / {
}
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name z.gruszczynski.eu.org;
access_log /var/log/angie/z.gruszczynski.eu.org.access.log main;
error_log /var/log/angie/z.gruszczynski.eu.org.error.log warn;
ssl_certificate /etc/letsencrypt/live/z.gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/z.gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/z.gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
include config/letsencrypt.conf;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
add_header X-Robots-Tag "noindex, follow" always;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
# HTTP redirect
server {
listen 80;
server_name z.gruszczynski.eu.org;
add_header Alt-Svc 'h3=":443"; ma=86400';
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://z.gruszczynski.eu.org$request_uri;
}
}