From f2a60f1732afc90aa5865c71b4e842dfd58ba5a0 Mon Sep 17 00:00:00 2001 From: qy117121 Date: Thu, 16 Feb 2023 19:52:41 +0800 Subject: [PATCH] update --- nginx/arm.stpl | 27 ++++++++++++++++- nginx/cloudreve.stpl | 1 - nginx/cloudreve.tpl | 36 ++++++++++------------- nginx/filerun.stpl | 1 - nginx/filerun.tpl | 36 ++++++++++------------- nginx/gitbucket.stpl | 1 - nginx/gitbucket.tpl | 36 ++++++++++------------- nginx/gitea.stpl | 1 - nginx/gitea.tpl | 36 ++++++++++------------- nginx/gitlab.stpl | 1 - nginx/gitlab.tpl | 36 ++++++++++------------- nginx/imgjiji.stpl | 69 ++++++++++++++++++++++++++++++++++++++++++++ nginx/imgjiji.tpl | 39 +++++++++++++++++++++++++ nginx/kallithea.stpl | 44 ++++++++++++++++++++++++++++ nginx/kallithea.tpl | 39 +++++++++++++++++++++++++ nginx/kuma.stpl | 42 +++++++++++++++++++++++++++ nginx/kuma.tpl | 39 +++++++++++++++++++++++++ nginx/mail.stpl | 3 +- nginx/mail.tpl | 21 +++++++------- nginx/mastodon.tpl | 20 ++++++------- nginx/matrix.stpl | 8 ----- nginx/misskey.stpl | 3 +- nginx/misskey.tpl | 2 +- nginx/tz.stpl | 1 - nginx/tz.tpl | 1 - 25 files changed, 403 insertions(+), 140 deletions(-) create mode 100644 nginx/imgjiji.stpl create mode 100644 nginx/imgjiji.tpl create mode 100644 nginx/kallithea.stpl create mode 100644 nginx/kallithea.tpl create mode 100644 nginx/kuma.stpl create mode 100644 nginx/kuma.tpl mode change 100755 => 100644 nginx/matrix.stpl diff --git a/nginx/arm.stpl b/nginx/arm.stpl index 648cb7b..ffe4941 100644 --- a/nginx/arm.stpl +++ b/nginx/arm.stpl @@ -22,6 +22,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_pass https://%ip%:%web_ssl_port%; @@ -34,6 +35,29 @@ server { } } + location /sky { + proxy_redirect off; + proxy_pass http://127.0.0.1:23876; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + + location /a552d878db04/ + { + proxy_redirect off; + proxy_pass http://127.0.0.1:30875; + proxy_http_version 1.1; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } location /portainer/ { proxy_http_version 1.1; proxy_set_header Host $http_host; # required for docker client's sake @@ -54,6 +78,7 @@ location /portainer/ { proxy_pass https://portainer/api/websocket/; } + location /error/ { alias %home%/%user%/web/%domain%/document_errors/; } @@ -67,7 +92,7 @@ location /portainer/ { return 404; } - proxy_hide_header Upgrade; + # proxy_hide_header Upgrade; include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/cloudreve.stpl b/nginx/cloudreve.stpl index 561acc8..733c401 100644 --- a/nginx/cloudreve.stpl +++ b/nginx/cloudreve.stpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/cloudreve.tpl b/nginx/cloudreve.tpl index 31d1673..d657828 100644 --- a/nginx/cloudreve.tpl +++ b/nginx/cloudreve.tpl @@ -1,22 +1,19 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,15 +26,14 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/filerun.stpl b/nginx/filerun.stpl index 648c034..211160a 100644 --- a/nginx/filerun.stpl +++ b/nginx/filerun.stpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/filerun.tpl b/nginx/filerun.tpl index 31d1673..d657828 100644 --- a/nginx/filerun.tpl +++ b/nginx/filerun.tpl @@ -1,22 +1,19 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,15 +26,14 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/gitbucket.stpl b/nginx/gitbucket.stpl index 05eead9..c3eeb21 100644 --- a/nginx/gitbucket.stpl +++ b/nginx/gitbucket.stpl @@ -5,7 +5,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitbucket.tpl b/nginx/gitbucket.tpl index 31d1673..d657828 100644 --- a/nginx/gitbucket.tpl +++ b/nginx/gitbucket.tpl @@ -1,22 +1,19 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,15 +26,14 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/gitea.stpl b/nginx/gitea.stpl index fed5a40..c992efd 100644 --- a/nginx/gitea.stpl +++ b/nginx/gitea.stpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitea.tpl b/nginx/gitea.tpl index 31d1673..d657828 100644 --- a/nginx/gitea.tpl +++ b/nginx/gitea.tpl @@ -1,22 +1,19 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,15 +26,14 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/gitlab.stpl b/nginx/gitlab.stpl index 84af78a..1e93dcb 100644 --- a/nginx/gitlab.stpl +++ b/nginx/gitlab.stpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitlab.tpl b/nginx/gitlab.tpl index 31d1673..d657828 100644 --- a/nginx/gitlab.tpl +++ b/nginx/gitlab.tpl @@ -1,22 +1,19 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,15 +26,14 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/imgjiji.stpl b/nginx/imgjiji.stpl new file mode 100644 index 0000000..71ac22e --- /dev/null +++ b/nginx/imgjiji.stpl @@ -0,0 +1,69 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# +proxy_cache_path /tmp/nginx-cache-jiji levels=1:2 keys_zone=r2_cache:10m max_size=10g inactive=48h use_temp_path=off; + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + root /home/mastodon/public/system; + + set $s3_backend 'https://img-r2.jiji.su'; + + keepalive_timeout 30; + + location = / { + index index.html; + } + location / { + try_files $uri @r2; + } + + location @r2 { + limit_except GET { + deny all; + } + + #resolver 9.9.9.9; + proxy_set_header Host 'img-r2.jiji.su'; + proxy_set_header Connection ''; + proxy_set_header Authorization ''; + proxy_hide_header Set-Cookie; + proxy_hide_header 'Access-Control-Allow-Origin'; + proxy_hide_header 'Access-Control-Allow-Methods'; + proxy_hide_header 'Access-Control-Allow-Headers'; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header x-amz-meta-server-side-encryption; + proxy_hide_header x-amz-server-side-encryption; + proxy_hide_header x-amz-bucket-region; + proxy_hide_header x-amzn-requestid; + proxy_ignore_headers Set-Cookie; + proxy_pass $r2_backend$uri; + proxy_intercept_errors off; + + proxy_cache r2_cache; + proxy_cache_valid 200 304 48h; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_lock on; + proxy_cache_revalidate on; + + expires 1y; + add_header Cache-Control public; + add_header 'Access-Control-Allow-Origin' '*'; + add_header X-Cache-Status $upstream_cache_status; + } + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/imgjiji.tpl b/nginx/imgjiji.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/imgjiji.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/kallithea.stpl b/nginx/kallithea.stpl new file mode 100644 index 0000000..6aac1af --- /dev/null +++ b/nginx/kallithea.stpl @@ -0,0 +1,44 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass http://127.0.0.1:2280; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_redirect off; + proxy_connect_timeout 150; + proxy_send_timeout 100; + proxy_read_timeout 100; + proxy_buffers 4 32k; + client_max_body_size 500m; # Big number is we can post big commits. + client_body_buffer_size 128k; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/kallithea.tpl b/nginx/kallithea.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/kallithea.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/kuma.stpl b/nginx/kuma.stpl new file mode 100644 index 0000000..8d33534 --- /dev/null +++ b/nginx/kuma.stpl @@ -0,0 +1,42 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + listen [2603:c022:8007:9122::8888]:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3001/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/kuma.tpl b/nginx/kuma.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/kuma.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/mail.stpl b/nginx/mail.stpl index d72568e..f53f7ca 100644 --- a/nginx/mail.stpl +++ b/nginx/mail.stpl @@ -3,9 +3,10 @@ # DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # #=======================================================================# + server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; + listen [2603:c022:8007:9122::8888]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/mail.tpl b/nginx/mail.tpl index 3a7fba1..4fa2b39 100644 --- a/nginx/mail.tpl +++ b/nginx/mail.tpl @@ -1,16 +1,18 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { listen %ip%:%proxy_port%; + listen [2603:c022:8007:9122::8888]:80; server_name %domain_idn% %alias_idn%; include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extensions%)$ { root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; @@ -28,11 +30,10 @@ server { proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/mastodon.tpl b/nginx/mastodon.tpl index 3a7fba1..d657828 100644 --- a/nginx/mastodon.tpl +++ b/nginx/mastodon.tpl @@ -1,7 +1,8 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# server { listen %ip%:%proxy_port%; @@ -10,7 +11,7 @@ server { include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extensions%)$ { root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; @@ -28,11 +29,10 @@ server { proxy_pass http://%ip%:%web_port%; } - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/matrix.stpl b/nginx/matrix.stpl old mode 100755 new mode 100644 index 1b13d65..dfa03ec --- a/nginx/matrix.stpl +++ b/nginx/matrix.stpl @@ -24,14 +24,6 @@ server { gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - location / { - proxy_pass http://127.0.0.1:6080; - proxy_set_header X-Forwarded-For $remote_addr; - # Nginx by default only allows file uploads up to 1M in size - # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml - } - location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://im.kernel.ws"}}'; default_type application/json; diff --git a/nginx/misskey.stpl b/nginx/misskey.stpl index 42a9b30..0885c68 100644 --- a/nginx/misskey.stpl +++ b/nginx/misskey.stpl @@ -10,7 +10,7 @@ proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache1:16m max_size=1g in server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; + listen [2603:c022:8007:9122::8888]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; @@ -50,4 +50,3 @@ server { include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } - diff --git a/nginx/misskey.tpl b/nginx/misskey.tpl index 9fe897b..39148d4 100644 --- a/nginx/misskey.tpl +++ b/nginx/misskey.tpl @@ -1,6 +1,6 @@ server { listen %ip%:%proxy_port%; - listen [::]:%proxy_port%; + listen [2603:c022:8007:9122::8888]:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { rewrite ^(.*) https://%domain_idn%$1 permanent; diff --git a/nginx/tz.stpl b/nginx/tz.stpl index dc7a090..64c8542 100644 --- a/nginx/tz.stpl +++ b/nginx/tz.stpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/tz.tpl b/nginx/tz.tpl index 31d1673..8c196f5 100644 --- a/nginx/tz.tpl +++ b/nginx/tz.tpl @@ -6,7 +6,6 @@ server { listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; error_log /var/log/%web_system%/domains/%domain%.error.log error;