chuan/hestiacp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update

Browse source
This commit is contained in:
qy117121 2024-04-30 12:58:13 +08:00
parent f5045b61f6
commit 2832ff81f3
29 changed files with 221 additions and 205 deletions
Download patch file Download diff file Expand all files Collapse all files

20
nginx/app-shlink.stpl
View file

@ -5,13 +5,19 @@
#=========================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/arm.stpl
View file

@ -13,13 +13,18 @@ map $http_upgrade $connection_upgrade {
'' close;
}
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/cloudreve.stpl
View file

@ -5,13 +5,18 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

2
nginx/default.stpl
View file

@ -5,7 +5,7 @@
#=========================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;

21
nginx/dns.stpl
View file

@ -5,14 +5,19 @@
#=========================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

1
nginx/dns.tpl
View file

@ -6,7 +6,6 @@
server {
listen %ip%:%proxy_port%;
listen [::]:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

9
nginx/filerun.stpl
View file

@ -5,13 +5,18 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/gitbucket.stpl
View file

@ -4,13 +4,18 @@
#=======================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/gitea.stpl
View file

@ -5,13 +5,18 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/gitlab.stpl
View file

@ -5,13 +5,18 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

9
nginx/imgjiji.stpl
View file

@ -6,13 +6,18 @@
proxy_cache_path /tmp/nginx-cache-jiji levels=1:2 keys_zone=r2_cache:10m max_size=10g inactive=48h use_temp_path=off;
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

45
nginx/kallithea.stpl
View file

@ -1,45 +0,0 @@
#=======================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
location / {
proxy_pass http://127.0.0.1:2280;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 500m; # Big number is we can post big commits.
client_body_buffer_size 128k;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

40
nginx/kallithea.tpl
View file

@ -1,40 +0,0 @@
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work #
#=========================================================================#
server {
listen %ip%:%proxy_port%;
listen [::]:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
location / {
proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extensions%)$ {
root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass http://%ip%:%web_port%;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

9
nginx/kuma.stpl
View file

@ -5,13 +5,18 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

21
nginx/mail.stpl
View file

@ -5,14 +5,19 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

21
nginx/mail.tpl
View file

@ -1,18 +1,16 @@
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work #
#=========================================================================#
#=======================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#
server {
listen %ip%:%proxy_port%;
listen [::]:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
location / {
proxy_pass http://%ip%:%web_port%;
proxy_pass http://127.0.0.1:8010;
location ~* ^.+\.(%proxy_extensions%)$ {
root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
@ -30,10 +28,11 @@ server {
proxy_pass http://%ip%:%web_port%;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

9
nginx/mastodon.stpl
View file

@ -16,13 +16,18 @@ upstream streaming {
server 127.0.0.1:4000 fail_timeout=0;
}
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

30
nginx/matrix.stpl
View file

@ -5,15 +5,19 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen 8448 ssl default_server;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
@ -25,6 +29,14 @@ server {
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
proxy_pass http://127.0.0.1:6080;
proxy_set_header X-Forwarded-For $remote_addr;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://im.kernel.ws"}}';
default_type application/json;

38
nginx/matrix.tpl
View file

@ -1,22 +1,19 @@
#=======================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work #
#=========================================================================#
server {
listen %ip%:%proxy_port% ;
listen [::]:%proxy_port%;
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
location / {
proxy_pass http://127.0.0.1:8010;
location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%;
proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extensions%)$ {
root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max;
@ -29,15 +26,14 @@ server {
}
location @fallback {
proxy_pass http://127.0.0.1:8010;
proxy_pass http://%ip%:%web_port%;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

9
nginx/mirrors.stpl
View file

@ -5,13 +5,18 @@
#=========================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
root /home/tunasync/mirrors;

9
nginx/misskey.stpl
View file

@ -8,13 +8,18 @@ map $http_upgrade $connection_upgrade {
}
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

21
nginx/portainer.stpl
View file

@ -12,14 +12,19 @@ map $http_upgrade $connection_upgrade {
}
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

1
nginx/portainer.tpl
View file

@ -6,7 +6,6 @@
server {
listen %ip%:%proxy_port%;
listen [::]:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

9
nginx/s3.stpl
View file

@ -7,13 +7,18 @@ proxy_cache_path /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

20
nginx/shlink.stpl
View file

@ -5,13 +5,19 @@
#=========================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

4
nginx/tz.stpl
View file

@ -5,8 +5,8 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;

23
nginx/ws.stpl
View file

@ -4,14 +4,19 @@
#=======================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
@ -26,7 +31,7 @@ server {
}
}
location /sky {
location /sky {
proxy_redirect off;
proxy_pass http://127.0.0.1:23876;
proxy_http_version 1.1;

1
nginx/ws.tpl
View file

@ -5,7 +5,6 @@
server {
listen %ip%:%proxy_port%;
listen [::]:%proxy_port%;
server_name %domain_idn% %alias_idn%;
include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

9
nginx/xray.stpl
View file

@ -4,13 +4,18 @@
#=======================================================================#
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen [::]:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% ssl;
listen [::]:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;