AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Moving from openresty to nginx+modsec for HTTP/2 Rapid Reset reasons

Browse Source
This commit is contained in:
DarkFeather
2023-11-09 13:03:06 -06:00
parent 444b8171f5
commit 5fa67890c2
24 changed files with 1149 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/WebServer/files/conf.d/Core/aaa_default.conf
View File

@@ -2,10 +2,10 @@ server {
listen 443 ssl http2;
server_name default_server;
include sec.conf;
include default.csp.conf;
include conf/sec.conf;
include conf/default.csp.conf;
include letsencrypt.conf;
include conf/letsencrypt.conf;
location / {
@@ -31,7 +31,7 @@ server {
}
location /whatismyip {
include ../conf.d/fastcgi.config;
include conf.d/fastcgi.config;
root /usr/share/webapps/aninix/;
location ~* whatismyip {
try_files $uri /whatismyip.php;
@@ -49,9 +49,9 @@ server {
server {
listen 443 ssl http2;
server_name foundation.aninix.net;
include sec.conf;
include letsencrypt.conf;
include default.csp.conf;
include conf/sec.conf;
include conf/letsencrypt.conf;
include conf/default.csp.conf;
location / {
rewrite ^/(.*)$ https://aninix.net/$1 permanent;

4
roles/WebServer/files/conf.d/Core/adhan.conf
View File

@@ -2,8 +2,8 @@ server {
listen 443 ssl http2;
server_name adhan.aninix.net;
include sec.conf;
include default.csp.conf;
include conf/sec.conf;
include conf/default.csp.conf;
location /
{

6
roles/WebServer/files/conf.d/Core/cyberbrain.conf
View File

@@ -2,14 +2,14 @@ server {
listen 443 ssl;
server_name cyberbrain.aninix.net;
include local.conf;
include conf/local.conf;
root /usr/share/webapps/;
client_max_body_size 5m;
client_body_timeout 60;
include ../conf.d/fastcgi7.config;
include conf.d/fastcgi.config;
location /mediawiki-gb/ {
try_files $uri $uri/ @rewrite;
@@ -43,6 +43,6 @@ server {
deny all;
}
include letsencrypt.conf;
include conf/letsencrypt.conf;
}

8
roles/WebServer/files/conf.d/Core/geth.conf
View File

@@ -8,10 +8,10 @@ server {
listen 443 ssl;
server_name geth.aninix.net;
include sec.conf;
# include default.csp.conf;
# include local.conf;
include letsencrypt.conf;
include conf/sec.conf;
# include conf/default.csp.conf;
# include conf/local.conf;
include conf/letsencrypt.conf;
location /
{

4
roles/WebServer/files/conf.d/Core/graylog.conf
View File

@@ -3,8 +3,8 @@ server {
listen 444 ssl http2;
server_name sharingan.aninix.net;
include sec.conf;
# include default.csp.conf;
include conf/sec.conf;
# include conf/default.csp.conf;
location /
{

6
roles/WebServer/files/conf.d/Core/irc.conf
View File

@@ -2,9 +2,9 @@ server {
listen 443 ssl http2;
server_name irc.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
include conf/sec.conf;
include conf/default.csp.conf;
include conf/letsencrypt.conf;
location /
{

6
roles/WebServer/files/conf.d/Core/lykos-wiki.conf
View File

@@ -2,14 +2,14 @@ server {
listen 443 ssl;
server_name lykos.aninix.net;
# include local.conf;
# include conf/local.conf;
root /usr/share/webapps/;
client_max_body_size 5m;
client_body_timeout 60;
include ../conf.d/fastcgi.config;
include conf.d/fastcgi.config;
location / {
try_files $uri $uri/ @rewrite;
@@ -34,6 +34,6 @@ server {
deny all;
}
include letsencrypt.conf;
include conf/letsencrypt.conf;
}

7
roles/WebServer/files/conf.d/Core/maat.conf
View File

@@ -2,13 +2,12 @@ server {
listen 443 ssl http2;
server_name maat.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
include conf/sec.conf;
include conf/default.csp.conf;
include conf/letsencrypt.conf;
location /
{
try_files $uri /index.html
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;

10
roles/WebServer/files/conf.d/Core/password.conf
View File

@@ -2,14 +2,14 @@ server {
listen 443 ssl http2;
server_name password.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
include conf/sec.conf;
include conf/default.csp.conf;
include conf/letsencrypt.conf;
location / {
root /usr/share/webapps/self-service-password/htdocs/;
# https://ltb-project.org/documentation/self-service-password/1.3/config_nginx
# https://ltb-project.org/documentation/self-service-password/1config_nginx
index index.php index.html index.htm;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
@@ -28,7 +28,7 @@ server {
#error_log /dev/stdout warn;
#access_log /dev/stdout info;
include ../conf.d/fastcgi.config;
include conf.d/fastcgi.config;
}
# deny access to . files, for security

8
roles/WebServer/files/conf.d/Core/sharingan.conf
View File

@@ -3,10 +3,10 @@ server {
listen 443 ssl http2;
server_name sharingan.aninix.net;
include sec.conf;
# include default.csp.conf;
include local.conf;
include letsencrypt.conf;
include conf/sec.conf;
# include conf/default.csp.conf;
include conf/local.conf;
include conf/letsencrypt.conf;
location /

8
roles/WebServer/files/conf.d/Core/singularity.conf
View File

@@ -2,11 +2,11 @@ server {
listen 443 ssl;
server_name singularity.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
include conf/sec.conf;
include conf/default.csp.conf;
include conf/letsencrypt.conf;
include ../conf.d/fastcgi.config;
include conf.d/fastcgi.config;
root /usr/share/webapps/tt-rss/;

6
roles/WebServer/files/conf.d/Core/travelpawscvt.com.conf
View File

@@ -2,9 +2,9 @@ server {
listen 443 ssl;
server_name travelpawscvt.com;
#include local.conf;
include letsencrypt.conf;
include ../conf.d/fastcgi.config;
#include conf/local.conf;
include conf/letsencrypt.conf;
include conf.d/fastcgi.config;
root /opt/travelpawscvt;

6
roles/WebServer/files/conf.d/Core/wolfpack.conf
View File

@@ -2,8 +2,8 @@ server {
listen 443 ssl http2;
server_name wolfpack.aninix.net;
include sec.conf;
include default.csp.conf;
include conf/sec.conf;
include conf/default.csp.conf;
location /
{
@@ -12,5 +12,5 @@ server {
autoindex_format html;
}
include letsencrypt.conf;
include conf/letsencrypt.conf;
}

6
roles/WebServer/files/conf.d/Core/yggdrasil.conf
View File

@@ -3,9 +3,9 @@ server {
listen 443 ssl http2;
server_name yggdrasil.aninix.net;
include sec.conf;
include letsencrypt.conf;
# include default.csp.conf;
include conf/sec.conf;
include conf/letsencrypt.conf;
# include conf/default.csp.conf;
location /
{