diff --git a/nginx/arm.stpl b/nginx/arm.stpl index ffe4941..648cb7b 100644 --- a/nginx/arm.stpl +++ b/nginx/arm.stpl @@ -22,7 +22,6 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; - add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_pass https://%ip%:%web_ssl_port%; @@ -35,29 +34,6 @@ server { } } - location /sky { - proxy_redirect off; - proxy_pass http://127.0.0.1:23876; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - - location /a552d878db04/ - { - proxy_redirect off; - proxy_pass http://127.0.0.1:30875; - proxy_http_version 1.1; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - } location /portainer/ { proxy_http_version 1.1; proxy_set_header Host $http_host; # required for docker client's sake @@ -78,7 +54,6 @@ location /portainer/ { proxy_pass https://portainer/api/websocket/; } - location /error/ { alias %home%/%user%/web/%domain%/document_errors/; } @@ -92,7 +67,7 @@ location /portainer/ { return 404; } - # proxy_hide_header Upgrade; + proxy_hide_header Upgrade; include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/cloudreve.stpl b/nginx/cloudreve.stpl index 733c401..561acc8 100644 --- a/nginx/cloudreve.stpl +++ b/nginx/cloudreve.stpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/cloudreve.tpl b/nginx/cloudreve.tpl index d657828..31d1673 100644 --- a/nginx/cloudreve.tpl +++ b/nginx/cloudreve.tpl @@ -1,19 +1,22 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + server { - listen %ip%:%proxy_port%; + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; - + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -26,14 +29,15 @@ server { } location @fallback { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/filerun.stpl b/nginx/filerun.stpl index 211160a..648c034 100644 --- a/nginx/filerun.stpl +++ b/nginx/filerun.stpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/filerun.tpl b/nginx/filerun.tpl index d657828..31d1673 100644 --- a/nginx/filerun.tpl +++ b/nginx/filerun.tpl @@ -1,19 +1,22 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + server { - listen %ip%:%proxy_port%; + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; - + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -26,14 +29,15 @@ server { } location @fallback { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/gitbucket.stpl b/nginx/gitbucket.stpl index c3eeb21..05eead9 100644 --- a/nginx/gitbucket.stpl +++ b/nginx/gitbucket.stpl @@ -5,6 +5,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitbucket.tpl b/nginx/gitbucket.tpl index d657828..31d1673 100644 --- a/nginx/gitbucket.tpl +++ b/nginx/gitbucket.tpl @@ -1,19 +1,22 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + server { - listen %ip%:%proxy_port%; + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; - + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -26,14 +29,15 @@ server { } location @fallback { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/gitea.stpl b/nginx/gitea.stpl index c992efd..fed5a40 100644 --- a/nginx/gitea.stpl +++ b/nginx/gitea.stpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitea.tpl b/nginx/gitea.tpl index d657828..31d1673 100644 --- a/nginx/gitea.tpl +++ b/nginx/gitea.tpl @@ -1,19 +1,22 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + server { - listen %ip%:%proxy_port%; + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; - + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -26,14 +29,15 @@ server { } location @fallback { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/gitlab.stpl b/nginx/gitlab.stpl index 1e93dcb..84af78a 100644 --- a/nginx/gitlab.stpl +++ b/nginx/gitlab.stpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/gitlab.tpl b/nginx/gitlab.tpl index d657828..31d1673 100644 --- a/nginx/gitlab.tpl +++ b/nginx/gitlab.tpl @@ -1,19 +1,22 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + server { - listen %ip%:%proxy_port%; + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; - + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -26,14 +29,15 @@ server { } location @fallback { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } diff --git a/nginx/imgjiji.stpl b/nginx/imgjiji.stpl deleted file mode 100644 index 71ac22e..0000000 --- a/nginx/imgjiji.stpl +++ /dev/null @@ -1,69 +0,0 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# -proxy_cache_path /tmp/nginx-cache-jiji levels=1:2 keys_zone=r2_cache:10m max_size=10g inactive=48h use_temp_path=off; - -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - ssl_stapling on; - ssl_stapling_verify on; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; - - root /home/mastodon/public/system; - - set $s3_backend 'https://img-r2.jiji.su'; - - keepalive_timeout 30; - - location = / { - index index.html; - } - location / { - try_files $uri @r2; - } - - location @r2 { - limit_except GET { - deny all; - } - - #resolver 9.9.9.9; - proxy_set_header Host 'img-r2.jiji.su'; - proxy_set_header Connection ''; - proxy_set_header Authorization ''; - proxy_hide_header Set-Cookie; - proxy_hide_header 'Access-Control-Allow-Origin'; - proxy_hide_header 'Access-Control-Allow-Methods'; - proxy_hide_header 'Access-Control-Allow-Headers'; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header x-amz-meta-server-side-encryption; - proxy_hide_header x-amz-server-side-encryption; - proxy_hide_header x-amz-bucket-region; - proxy_hide_header x-amzn-requestid; - proxy_ignore_headers Set-Cookie; - proxy_pass $r2_backend$uri; - proxy_intercept_errors off; - - proxy_cache r2_cache; - proxy_cache_valid 200 304 48h; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_lock on; - proxy_cache_revalidate on; - - expires 1y; - add_header Cache-Control public; - add_header 'Access-Control-Allow-Origin' '*'; - add_header X-Cache-Status $upstream_cache_status; - } - - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; -} - diff --git a/nginx/imgjiji.tpl b/nginx/imgjiji.tpl deleted file mode 100644 index d657828..0000000 --- a/nginx/imgjiji.tpl +++ /dev/null @@ -1,39 +0,0 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# - -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - - include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } - - include %home%/%user%/conf/web/%domain%/nginx.conf_*; -} - diff --git a/nginx/kallithea.stpl b/nginx/kallithea.stpl deleted file mode 100644 index 6aac1af..0000000 --- a/nginx/kallithea.stpl +++ /dev/null @@ -1,44 +0,0 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - ssl_stapling on; - ssl_stapling_verify on; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; - - location / { - proxy_pass http://127.0.0.1:2280; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_redirect off; - proxy_connect_timeout 150; - proxy_send_timeout 100; - proxy_read_timeout 100; - proxy_buffers 4 32k; - client_max_body_size 500m; # Big number is we can post big commits. - client_body_buffer_size 128k; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; -} - diff --git a/nginx/kallithea.tpl b/nginx/kallithea.tpl deleted file mode 100644 index d657828..0000000 --- a/nginx/kallithea.tpl +++ /dev/null @@ -1,39 +0,0 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# - -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - - include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extensions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } - - include %home%/%user%/conf/web/%domain%/nginx.conf_*; -} - diff --git a/nginx/mail.stpl b/nginx/mail.stpl index f53f7ca..d72568e 100644 --- a/nginx/mail.stpl +++ b/nginx/mail.stpl @@ -3,10 +3,9 @@ # DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # #=======================================================================# - server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [2603:c022:8007:9122::8888]:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/mail.tpl b/nginx/mail.tpl index 4fa2b39..3a7fba1 100644 --- a/nginx/mail.tpl +++ b/nginx/mail.tpl @@ -1,18 +1,16 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# server { listen %ip%:%proxy_port%; - listen [2603:c022:8007:9122::8888]:80; server_name %domain_idn% %alias_idn%; include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; location ~* ^.+\.(%proxy_extensions%)$ { root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; @@ -30,10 +28,11 @@ server { proxy_pass http://%ip%:%web_port%; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/mastodon.tpl b/nginx/mastodon.tpl index d657828..3a7fba1 100644 --- a/nginx/mastodon.tpl +++ b/nginx/mastodon.tpl @@ -1,8 +1,7 @@ -#=========================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # -#=========================================================================# +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# server { listen %ip%:%proxy_port%; @@ -11,7 +10,7 @@ server { include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { - proxy_pass http://%ip%:%web_port%; + proxy_pass http://127.0.0.1:8010; location ~* ^.+\.(%proxy_extensions%)$ { root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; @@ -29,10 +28,11 @@ server { proxy_pass http://%ip%:%web_port%; } - location ~ /\.(?!well-known\/|file) { - deny all; - return 404; - } + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/matrix.stpl b/nginx/matrix.stpl old mode 100644 new mode 100755 index dfa03ec..1b13d65 --- a/nginx/matrix.stpl +++ b/nginx/matrix.stpl @@ -24,6 +24,14 @@ server { gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + location / { + proxy_pass http://127.0.0.1:6080; + proxy_set_header X-Forwarded-For $remote_addr; + # Nginx by default only allows file uploads up to 1M in size + # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml + } + location /.well-known/matrix/client { return 200 '{"m.homeserver": {"base_url": "https://im.kernel.ws"}}'; default_type application/json; diff --git a/nginx/misskey.stpl b/nginx/misskey.stpl index 0885c68..42a9b30 100644 --- a/nginx/misskey.stpl +++ b/nginx/misskey.stpl @@ -10,7 +10,7 @@ proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache1:16m max_size=1g in server { listen %ip%:%proxy_ssl_port% ssl http2; - listen [2603:c022:8007:9122::8888]:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; @@ -50,3 +50,4 @@ server { include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; } + diff --git a/nginx/misskey.tpl b/nginx/misskey.tpl index 39148d4..9fe897b 100644 --- a/nginx/misskey.tpl +++ b/nginx/misskey.tpl @@ -1,6 +1,6 @@ server { listen %ip%:%proxy_port%; - listen [2603:c022:8007:9122::8888]:%proxy_port%; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { rewrite ^(.*) https://%domain_idn%$1 permanent; diff --git a/nginx/tz.stpl b/nginx/tz.stpl index 64c8542..dc7a090 100644 --- a/nginx/tz.stpl +++ b/nginx/tz.stpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/nginx/tz.tpl b/nginx/tz.tpl index 8c196f5..31d1673 100644 --- a/nginx/tz.tpl +++ b/nginx/tz.tpl @@ -6,6 +6,7 @@ server { listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; server_name %domain_idn% %alias_idn%; error_log /var/log/%web_system%/domains/%domain%.error.log error;