gru/linuxiarz_vps_angie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
root
2025-11-16 22:26:59 +01:00
commit af14d373fa
118 changed files with 10255 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
sites-available/._linuxiarz.pl.conf Executable file
View File

Binary file not shown.

75
sites-available/adphone.pl.conf Normal file
View File

@@ -0,0 +1,75 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name www.adphone.pl adphone.pl;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ecdh_curve secp256r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
status_zone adphone.pl;
# SSL
ssl_certificate /etc/ssl/adphone.pl/fullchain.pem;
ssl_certificate_key /etc/ssl/adphone.pl/privkey.pem;
# logging
access_log /var/log/angie/adphone.pl.access.log main;
error_log /var/log/angie/adphone.pl.error.log warn;
if ($host = 'www.adphone.pl') {
return 301 http://adphone.pl$request_uri;
}
if ($request_method !~ ^(GET|HEAD|POST)$) {
return '405';
}
location / {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8001;
proxy_request_buffering off;
client_body_timeout 120s;
proxy_read_timeout 120s;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_http_version 1.1;
}
location /.well-known/acme-challenge/ {
root /var/www/_letsencrypt/;
try_files $uri =404;
}
}
# HTTP redirect
server {
listen 80;
server_name adphone.pl www.adphone.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location /.well-known/acme-challenge/ {
root /var/www/_letsencrypt/;
try_files $uri =404;
}
if ($scheme = 'http') {
return 301 https://adphone.pl$request_uri;
}
}
# mkdir /etc/ssl/adphone.pl
# acme.sh --issue -d example.com -d www.example.com --webroot /var/www/_letsencrypt/ --cert-file /etc/ssl/adphone.pl/cert.pem --key-file /etc/ssl/adphone.pl/privkey.pem --fullchain-file /etc/ssl/adphone.pl/fullchain.pem

46
sites-available/autodiscover.conf Normal file
View File

@@ -0,0 +1,46 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name autodiscover.linuxiarz.pl autodiscover.gruszczynski.eu.org autodiscover.gru.one.pl autodiscover.szczepaniak.eu.org;
set $base /var/www/autodiscover;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# logging
access_log /var/log/nginx/autodiscover.linuxiarz.pl.access.log;
error_log /var/log/nginx/autodiscover.linuxiarz.pl.error.log warn;
location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
rewrite .* /autodiscover/autodiscover.php redirect;
}
# additional config
include config/general.conf;
# handle .php
location ~* \.php$ {
include config/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name autodiscover.linuxiarz.pl autodiscover.gruszczynski.eu.org autodiscover.gru.one.pl autodiscover.szczepaniak.eu.org;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://autodiscover.linuxiarz.pl$request_uri;
}
}

82
sites-available/blog.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,82 @@
server {
listen 8080;
server_name blog.linuxiarz.pl;
set $base /var/www/linuxiarz.pl;
root $base;
# security
# include config/security_wp.conf;
#disable on varnish
include config/wildcard.conf;
include config/security.conf;
include config/non-hotlink.conf;
port_in_redirect off;
# restrict methods
if ($request_method !~ ^(GET|POST|HEAD|PUT|OPTIONS)$) {
return '405';
}
# logging
access_log /var/log/angie/blog.linuxiarz.pl.access.log main;
error_log /var/log/angie/blog.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# additional config
include config/general.conf;
include config/wordpress.conf;
include config/custom_linuxiarz.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
server {
listen 443 quic reuseport;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name blog.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/angie/blog.linuxiarz.pl.access.log main;
error_log /var/log/angie/blog.linuxiarz.pl.error.log warn;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name blog.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://blog.linuxiarz.pl$request_uri;
}
}

91
sites-available/default Normal file
View File

@@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

19
sites-available/default.conf Normal file
View File

@@ -0,0 +1,19 @@
server {
listen 80 default_server ;
return 403;
if ($request_method !~ ^(HEAD)$) {
return '405';
}
}
server {
listen 443 ssl default_server;
return 403;
if ($request_method !~ ^(HEAD)$) {
return '405';
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_stapling off;
}

66
sites-available/doh.conf Normal file
View File

@@ -0,0 +1,66 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name doh.linuxiarz.pl;
set $base /var/www/dnsdist;
root $base;
include config/wildcard.conf;
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST|HEAD|PUT)$) {
return '405';
}
error_page 400 @echo_400;
location @echo400 {
add_header Content-Type text/plain;
return 200 "Bad request :)";
}
error_page 404 403 500 504 502 =200 /;
# logging
access_log /var/log/nginx/doh.linuxiarz.pl.access.log;
error_log /var/log/nginx/doh.linuxiarz.pl.error.log warn;
# additional config
include config/general.conf;
location / {
proxy_pass https://127.0.0.1:8844/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name doh.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://doh.linuxiarz.pl$request_uri;
}
}

32
sites-available/gitea.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=10000';
server_name gitea.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/angie/gitea.linuxiarz.pl.access.log;
error_log /var/log/angie/gitea.linuxiarz.pl.error.log warn;
location / {
proxy_pass http://127.0.0.1:3000/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name gitea.linuxiarz.pl;
location / {
return 301 https://gitea.linuxiarz.pl$request_uri;
}
}

97
sites-available/gruszczynski.cc.conf Normal file
View File

@@ -0,0 +1,97 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name www.gruszczynski.cc;
set $base /var/www/gruszczynski.cc;
root $base;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
error_page 404 403 500 504 502 =200 /;
# logging
access_log /var/log/nginx/gruszczynski.cc.access.log;
error_log /var/log/nginx/gruszczynski.cc.error.log warn;
# index.html
index index.html;
# additional config
include config/general.conf;
# letsencrypt
include config/letsencrypt.conf;
# handle .php
# location ~ \.php$ {
# include config/php_fastcgi.conf;
# }
}
# HTTP redirect
server {
listen 80;
server_name gruszczynski.cc www.gruszczynski.cc;
add_header Alt-Svc 'h3=":443"; ma=86400';
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.cc$request_uri;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name gruszczynski.cc;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.cc$request_uri;
}
}

80
sites-available/gruszczynski.eu.org.conf Normal file
View File

@@ -0,0 +1,80 @@
server {
listen 443 ssl http2;
server_name www.gruszczynski.eu.org;
set $base /var/www/gruszczynski.eu.org;
root $base;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/gruszczynski.eu.org.access.log;
error_log /var/log/nginx/gruszczynski.eu.org.error.log warn;
# index.php
index index.php index.html;
# additional config
include config/general.conf;
# letsencrypt
include config/letsencrypt.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name gruszczynski.eu.org www.gruszczynski.eu.org;
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}
}
server {
listen 443 ssl http2;
server_name gruszczynski.eu.org;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}
}

110
sites-available/gruszczynski.eu.org_varnish.conf Normal file
View File

@@ -0,0 +1,110 @@
server {
listen 8080;
server_name www.gruszczynski.eu.org;
set $base /var/www/gruszczynski.eu.org;
root $base;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
#access_log /var/log/nginx/gruszczynski.eu.org.access.log;
#error_log /var/log/nginx/gruszczynski.eu.org.error.log warn;
# index.php
index index.php index.html;
# additional config
include config/general.conf;
# letsencrypt
include config/letsencrypt.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name www.gruszczynski.eu.org;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
add_header Alt-Svc 'h3=":443"; ma=86400';
server_name gruszczynski.eu.org www.gruszczynski.eu.org;
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name gruszczynski.eu.org;
ssl_certificate /etc/letsencrypt/live/gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}
}

63
sites-available/img.gruszczynski.eu.org.conf Normal file
View File

@@ -0,0 +1,63 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name img.gruszczynski.eu.org;
set $base /var/www/img.gruszczynski.eu.org;
root $base/img;
ssl_certificate /etc/letsencrypt/live/img.gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/img.gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/img.gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/img.gruszczynski.eu.org.access.log;
error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn;
include config/general.conf;
# letsencrypt
include config/letsencrypt.conf;
}
# HTTP redirect
server {
listen 80;
server_name img.gruszczynski.eu.org;
add_header Alt-Svc 'h3=":443"; ma=86400';
set $base /var/www/img.gruszczynski.eu.org;
root $base/img;
include config/letsencrypt.conf;
# logging
access_log /var/log/nginx/img.gruszczynski.eu.org.access.log;
error_log /var/log/nginx/img.gruszczynski.eu.org.error.log warn;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://img.gruszczynski.eu.org$request_uri;
}
}

54
sites-available/kodi.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,54 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name kodi.linuxiarz.pl;
set $base /var/www/kodi.linuxiarz.pl/;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_localtime off;
autoindex_format html;
}
# additional config
include config/general.conf;
}
# HTTP redirect
server {
listen 80;
server_name kodi.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://kodi.linuxiarz.pl$request_uri;
}
}

54
sites-available/kompilacje.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,54 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name kompilacje.linuxiarz.pl;
set $base /var/www/kompilacje.linuxiarz.pl/;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_localtime off;
autoindex_format html;
}
# additional config
include config/general.conf;
}
# HTTP redirect
server {
listen 80;
server_name kompilacje.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://kompilacje.linuxiarz.pl$request_uri;
}
}

133
sites-available/kutagroup.pl.conf Normal file
View File

@@ -0,0 +1,133 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name *.kutagroup.pl www.kutagroup.pl kutagroup.pl;
set $base /var/www/kutagroup.pl/;
root $base;
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem; # managed by Certbot
if ($host = kutagroup.pl) {
return 301 https://www.kutagroup.pl$request_uri;
}
# ssl cfg
include config/ssl_cfg.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/kutagroup.pl.log;
error_log /var/log/nginx/kutagroup.pl.error.log warn;
# index.html
index index.html;
# additional config
include config/general.conf;
}
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem;
server_name kutaadmin.kutagroup.pl;
return 301 $scheme://www.kutagroup.pl/kutaadmin$request_uri;
}
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem;
server_name kutanet.kutagroup.pl;
return 301 $scheme://www.kutagroup.pl/kutanet$request_uri;
}
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem;
server_name kutasort.kutagroup.pl;
return 301 $scheme://www.kutagroup.pl/kutasort$request_uri;
}
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem;
server_name kutafalcon.kutagroup.pl;
return 301 $scheme://www.kutagroup.pl/kutafalcon$request_uri;
}
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":443"; ma=86400';
ssl_certificate /etc/letsencrypt/live/kutagroup.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kutagroup.pl/privkey.pem;
server_name kutaserwis.kutagroup.pl;
return 301 $scheme://www.kutagroup.pl/kutaserwis$request_uri;
}
# HTTP redirect
server {
server_name kutagroup.pl *.kutagroup.pl;
listen 80;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://www.kutagroup.pl$request_uri;
}
}

82
sites-available/linuxiarz.pl.conf Executable file
View File

@@ -0,0 +1,82 @@
server {
listen 443 ssl http2;
server_name www.linuxiarz.pl;
set $base /var/www/linuxiarz.pl;
root $base;
# security
#disable on varnish
include config/security_wp.conf;
#disable on varnish
include config/wildcard.conf;
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST|HEAD|PUT)$) {
return '405';
}
# logging
access_log /var/log/nginx/linuxiarz.pl.access.log;
error_log /var/log/nginx/linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# additional config
include config/general.conf;
include config/wordpress.conf;
include config/custom_linuxiarz.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
server {
listen 8442 ssl http2;
server_name www.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/nginx/linuxiarz.pl.access.log;
error_log /var/log/nginx/linuxiarz.pl.error.log warn;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name www.linuxiarz.pl linuxiarz.pl;
location / {
return 301 https://www.linuxiarz.pl$request_uri;
}
}
server {
listen 443 ssl http2;
server_name linuxiarz.pl;
include config/wildcard.conf;
include config/security.conf;
location / {
return 301 https://www.linuxiarz.pl$request_uri;
}
}

156
sites-available/linuxiarz.pl_new.conf Normal file
View File

@@ -0,0 +1,156 @@
# Cache (jak w oryginale)
proxy_cache_path /var/cache/angie/redirector
levels=1:2
keys_zone=redirect_cache:10m
max_size=100m
inactive=24h
use_temp_path=off;
##############################
# 1) Blok tylko do redirectów
##############################
# HTTP -> HTTPS + normalizacja do www
server {
listen 80;
server_name linuxiarz.pl www.linuxiarz.pl;
# Ścieżkowe redirecty z HTTP prosto do docelowych hostów
rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
# Reszta na HTTPS z www
return 301 https://www.linuxiarz.pl$request_uri;
}
# HTTPS nonwww -> www (tylko redirect)
server {
listen 443 ssl;
server_name linuxiarz.pl;
include config/wildcard.conf;
ssl_protocols TLSv1.3 TLSv1.2;
# Bez Alt-Svc tutaj: ten blok tylko przekierowuje
return 301 https://www.linuxiarz.pl$request_uri;
}
#########################################
# 2) Główny vhost treści: www + HTTP/3
#########################################
server {
# TCP (HTTP/1.1 + HTTP/2)
listen 443 ssl;
http2 on;
# UDP (QUIC + HTTP/3)
listen 443 quic;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
# Alt-Svc tylko tu, gdzie serwowana jest treść
add_header Alt-Svc 'h3=":443"; ma=86400';
server_name www.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/angie/linuxiarz.pl.access.log main;
error_log /var/log/angie/linuxiarz.pl.error.log warn;
status_zone www.linuxiarz.pl;
# Dozwolone metody
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 405;
}
# Ścieżkowe redirecty również z HTTPS na www
rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
# Główne proxy do Varnish na 6081
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
# Przykład ads.txt (opcjonalnie):
# location = /ads.txt { root /var/www/ads; }
}
##################################
# 3) Backend HTTP na porcie 8080
##################################
server {
listen 8080;
server_name www.linuxiarz.pl linuxiarz.pl;
# Domyślna ścieżka: pliki -> fallback do aplikacji na :8000
error_page 404 = @redirect_check;
location / {
try_files $uri $uri/ @to8000;
}
location @to8000 {
proxy_intercept_errors on; # pozwala przechwycić 404/5xx i skierować do @redirect_check
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8000;
proxy_request_buffering off;
client_body_timeout 120s;
proxy_read_timeout 120s;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_http_version 1.1;
error_page 404 = @redirect_check;
}
location @redirect_check {
add_header Cache-Control "no-cache, max-age=0, no-store";
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
proxy_pass http://127.0.0.1:8282;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Endpointy bez cache
location ~ ^/(stats|user-info|health)$ {
add_header Cache-Control "no-cache, max-age=0, no-store";
proxy_cache off;
proxy_pass http://127.0.0.1:8282;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Pliki RBL z lokalnego root
location ~ ^/(id-rbl\.txt|domain-rbl\.txt)$ {
add_header Cache-Control "no-cache, no-store";
root /var/www/www.linuxiarz.pl;
try_files $uri =404;
}
# Stały redirect do osobnej subdomeny
location /listapp/ {
return 301 https://listapp.linuxiarz.pl$request_uri;
}
# PHP przez FastCGI
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}

60
sites-available/listapp.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,60 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
listen 80;
server_name listapp.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/angie/listapp.linuxiarz.pl.access.log main;
error_log /var/log/angie/listapp.linuxiarz.pl.error.log warn;
if ($request_method !~ ^(GET|HEAD)$) {
return '405';
}
if ($scheme = 'http') {
return 301 https://listapp.linuxiarz.pl$request_uri;
}
location / {
proxy_pass http://127.0.0.1:6081/;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
server {
listen 8080;
server_name listapp.linuxiarz.pl;
location / {
proxy_pass http://127.0.0.1:8283;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

54
sites-available/nginx.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,54 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name nginx.linuxiarz.pl;
set $base /var/www/nginx.linuxiarz.pl/;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_localtime off;
autoindex_format html;
}
# additional config
include config/general.conf;
}
# HTTP redirect
server {
listen 80;
server_name nginx.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://nginx.linuxiarz.pl$request_uri;
}
}

55
sites-available/pa.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,55 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name pa.linuxiarz.pl;
set $base /var/www/postfixadmin;
# set $base /var/www/postfixadmin-postfixadmin-cc23eba;
root $base/public;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/pa.linuxiarz.pl.access.log;
error_log /var/log/nginx/pa.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ login.php;
}
# additional config
include config/general.conf;
# handle .php
location ~* \.php$ {
include config/php_fastcgi7_4.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name pa.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://pa.linuxiarz.pl$request_uri;
}
}

52
sites-available/paste.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,52 @@
server {
listen 443 ssl http2;
server_name paste.linuxiarz.pl;
set $base /var/www/paste.linuxiarz.pl;
root $base;
include config/wildcard.conf;
# security
# include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/paste.linuxiarz.pl.access.log;
error_log /var/log/nginx/paste.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri /index.php;
}
if ($request_uri !~* ^/(static|favicon\.ico|robots\.txt)) {
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
# include config/php_fastcgi.conf;
include config/php_fastcgi8_1.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name paste.linuxiarz.pl;
location / {
return 301 https://paste.linuxiarz.pl$request_uri;
}
}

72
sites-available/paste.linuxiarz.pl_varnish.conf Normal file
View File

@@ -0,0 +1,72 @@
server {
listen 8080;
server_name paste.linuxiarz.pl;
set $base /var/www/paste.linuxiarz.pl;
root $base;
# security
include config/security_paste.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri /index.php;
}
if ($request_uri !~* ^/(static|favicon\.ico|robots\.txt)) {
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi7_4.conf;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name paste.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/nginx/paste.linuxiarz.pl.access.log;
error_log /var/log/nginx/paste.linuxiarz.pl.error.log warn;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name paste.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://paste.linuxiarz.pl$request_uri;
}
}

54
sites-available/pliki.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,54 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name pliki.linuxiarz.pl;
set $base /var/www/linuxiarz.pl/pliki;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_localtime off;
autoindex_format html;
}
# additional config
include config/general.conf;
}
# HTTP redirect
server {
listen 80;
server_name pliki.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://pliki.linuxiarz.pl$request_uri;
}
}

56
sites-available/pma.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,56 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name pma.linuxiarz.pl;
set $base /var/www/pma.linuxiarz.pl/pma;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/pma.linuxiarz.pl.access.log;
error_log /var/log/nginx/pma.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
# allow 85.221.250.77/32;
allow 85.221.250.159/32;
deny all;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name pma.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://pma.linuxiarz.pl$request_uri;
}
}

44
sites-available/quarantine.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,44 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name quarantine.linuxiarz.pl;
include config/wildcard.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:9000;
allow 85.221.253.162;
allow 127.0.0.1;
deny all;
}
}
# HTTP redirect
server {
listen 80;
server_name quarantine.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://quarantine.linuxiarz.pl$request_uri;
}
}

66
sites-available/r.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,66 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name r.linuxiarz.pl;
set $base /var/www/rainloop;
root $base;
include config/wildcard.conf;
include config/security_roundcube.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/r.linuxiarz.pl.access.log;
error_log /var/log/nginx/r.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
error_page 403 =404 / ;
}
location ~ ^/(data)/ {
deny all;
}
location ~\.(ini|log|conf|MD|md|json)$ {
deny all;
error_page 403 =404 / ;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi_webmail.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name r.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://r.linuxiarz.pl$request_uri;
}
}

17
sites-available/redirects.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
listen 80;
server_name .gru.one.pl ;
location / {
return 301 https://www.linuxiarz.pl$request_uri;
}
}
server {
listen 80;
server_name .grucha.eu.org;
location / {
return 301 https://www.gruszczynski.eu.org$request_uri;
}
}

64
sites-available/repo.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,64 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name repo.linuxiarz.pl;
set $base /var/www/repo.linuxiarz.pl;
root $base;
include config/wildcard.conf;
index index.php;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/repo.linuxiarz.pl.access.log;
error_log /var/log/nginx/repo.linuxiarz.pl.error.log warn;
location ~* \.(?:tar.gz|zip?)$ {
rewrite ^/(.*)$ https://objectstorage.eu-frankfurt-1.oraclecloud.com/n/frhsuwgawuyg/b/linuxiarz-repo/o/$1 permanent;
}
location / {
# try_files $uri $uri/ /index.php?dl=$uri;
try_files $uri $uri/ /index.php?$uri;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name repo.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://repo.linuxiarz.pl$request_uri;
}
}

49
sites-available/rspamd.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,49 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name rspamd.linuxiarz.pl;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log off;
error_log off;
location / {
proxy_pass http://127.0.0.1:11334/;
include config/proxy.conf;
}
# additional config
# include config/general.conf;
}
# HTTP redirect
server {
listen 80;
server_name rspamd.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://rspamd.linuxiarz.pl$request_uri;
}
}

49
sites-available/sk.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,49 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name sk.linuxiarz.pl;
set $base /var/www/sk.linuxiarz.pl;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/sk.linuxiarz.pl.access.log;
error_log /var/log/nginx/sk.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi8_1.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name sk.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://sk.linuxiarz.pl$request_uri;
}
}

32
sites-available/sogo.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 443 ssl http2;
server_name sogo.linuxiarz.pl;
include config/wildcard.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/sogo.linuxiarz.pl.access.log;
error_log /var/log/nginx/sogo.linuxiarz.pl.error.log warn;
# additional config
# include config/general.conf;
# include config/security.conf;
include config/sogo.conf;
}
# HTTP redirect
server {
listen 80;
# listen [::]:80;
server_name sogo.linuxiarz.pl;
location / {
return 301 https://sogo.linuxiarz.pl$request_uri;
}
}

67
sites-available/ts3stats.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,67 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name ts3stats.linuxiarz.pl;
set $base /var/www/ts3stats;
root $base;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# logging
access_log /var/log/nginx/ts3stats.linuxiarz.pl.access.log;
error_log /var/log/nginx/ts3stats.linuxiarz.pl.error.log warn;
# index.php
index index.php;
location / {
try_files $uri $uri/ /index.php;
}
location /rrd {
rewrite ^ $scheme://$host permanent;
deny all;
}
location ~ /graph {
allow all;
}
location /libraries {
rewrite ^ $scheme://$host permanent;
deny all;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name ts3stats.linuxiarz.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://ts3stats.linuxiarz.pl$request_uri;
}
}

32
sites-available/unitraklub.pl.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 80;
server_name *.unitraklub.pl unitraklub.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
root /var/www/503/;
index index.html;
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name *.unitraklub.pl unitraklub.pl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_stapling off;
root /var/www/503/;
index index.html;
location / {
try_files /index.html =404;
}
}

60
sites-available/webmail-beta.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,60 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name webmail-beta.linuxiarz.pl;
set $base /var/www/webmail-beta;
root $base;
include config/wildcard.conf;
include config/security_wp.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
# logging
access_log /var/log/nginx/webmail-beta.linuxiarz.pl.access.log;
error_log /var/log/nginx/webmail-beta.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location /x {
try_files $uri $uri/ index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
error_page 403 =404 / ;
}
location ~ ^/(bin|SQL|config|temp|logs)/ {
deny all;
}
location ~\.(ini|log|conf|MD|md|json)$ {
deny all;
error_page 403 =404 / ;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi_webmail.conf;
}
}

92
sites-available/webmail.linuxiarz.pl.conf Normal file
View File

@@ -0,0 +1,92 @@
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name webmail.linuxiarz.pl;
set $base /var/www/webmail;
root $base;
include config/wildcard.conf;
include config/security_roundcube.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# logging
access_log /var/log/nginx/webmail.linuxiarz.pl.access.log;
error_log /var/log/nginx/webmail.linuxiarz.pl.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
error_page 403 =404 / ;
}
location ~ ^/(bin|SQL|config|temp|logs)/ {
deny all;
}
location ~\.(ini|log|conf|MD|md|json)$ {
deny all;
error_page 403 =404 / ;
}
# additional config
include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi_webmail.conf;
}
}
# HTTP redirect
server {
listen 80;
server_name webmail.linuxiarz.pl poczta.linuxiarz.pl poczta.gru.one.pl;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
}
# Other redirects
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name poczta.linuxiarz.pl;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
}

93
sites-available/webmail.linuxiarz.pl_varnish.conf Normal file
View File

@@ -0,0 +1,93 @@
server {
listen 8080;
server_name webmail.linuxiarz.pl;
set $base /var/www/webmail;
root $base;
# include config/security_roundcube.conf;
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ index.php;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
error_page 403 =404 / ;
}
location ~ ^/(bin|SQL|config|temp|logs)/ {
deny all;
}
location ~\.(ini|log|conf|MD|md|json)$ {
deny all;
error_page 403 =404 / ;
}
# additional config
# include config/general.conf;
# handle .php
location ~ \.php$ {
include config/php_fastcgi_webmail.conf;
}
}
server {
listen 443 ssl http2;
server_name webmail.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/nginx/webmail.linuxiarz.pl.access.log;
error_log /var/log/nginx/webmail.linuxiarz.pl.error.log warn;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
}
}
# HTTP redirect
server {
listen 80;
# listen [::]:80;
server_name webmail.linuxiarz.pl poczta.linuxiarz.pl poczta.gru.one.pl;
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
}
# Other redirects
server {
listen 443 ssl http2;
server_name poczta.linuxiarz.pl;
include config/wildcard.conf;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://webmail.linuxiarz.pl$request_uri;
}
}

87
sites-available/z.gruszczynski.eu.org_varnish.conf Normal file
View File

@@ -0,0 +1,87 @@
server {
listen 8080;
server_name z.gruszczynski.eu.org;
set $base /var/www/z.gruszczynski.eu.org;
root $base;
# security
include config/security.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
# index.php
index index.php;
# additional config
include config/general.conf;
port_in_redirect off;
location / {
}
# handle .php
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
server {
listen 443 quic;
listen 443 ssl;
http2 on;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
server_name z.gruszczynski.eu.org;
access_log /var/log/nginx/z.gruszczynski.eu.org.access.log main;
error_log /var/log/nginx/z.gruszczynski.eu.org.error.log warn;
ssl_certificate /etc/letsencrypt/live/z.gruszczynski.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/z.gruszczynski.eu.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/z.gruszczynski.eu.org/chain.pem;
# ssl cfg
include config/ssl_cfg.conf;
include config/letsencrypt.conf;
location / {
proxy_pass http://127.0.0.1:6081/;
include config/proxy.conf;
add_header X-Robots-Tag "noindex, follow" always;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
# HTTP redirect
server {
listen 80;
server_name z.gruszczynski.eu.org;
add_header Alt-Svc 'h3=":443"; ma=86400';
include config/letsencrypt.conf;
# restrict methods
if ($request_method !~ ^(GET)$) {
return '405';
}
location / {
return 301 https://z.gruszczynski.eu.org$request_uri;
}
}