AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Starting Foundation automation

Browse Source
This commit is contained in:
DarkFeather
2022-07-02 10:24:10 -05:00
parent 59b54619f7
commit 94f546a7be
90 changed files with 4162 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
roles/WebServer/files/conf.d/aaa_default.conf
View File

@@ -1,6 +1,5 @@
server {
#listen 443 ssl http2;
listen 444 ssl http2;
listen 443 ssl http2;
server_name default_server;
include sec.conf;
@@ -8,10 +7,39 @@ server {
location /
{
rewrite ^/martialarts(\/*)$ /assets/martialarts/index.html;
location /aninix.xml {
proxy_hide_header Content-Type;
add_header content-type "application/atom+xml";
rewrite /aninix.xml /AniNIX/Wiki/raw/branch/main/rss/aninix.xml;
}
location /martialarts/maqotw.xml {
proxy_hide_header Content-Type;
add_header content-type "application/atom+xml";
rewrite /martialarts/maqotw.xml /AniNIX/Wiki/raw/branch/main/rss/maqotw.xml;
}
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000;
}
location /whatismyip
{
include ../conf.d/fastcgi.config;
root /usr/share/webapps/aninix/;
location ~* whatismyip {
try_files $uri /whatismyip.php;
expires max;
}
}
location /blackpage
{
root /usr/share/webapps/aninix/;
try_files $uri /blackpage.html;
}
include letsencrypt.conf;
}

2
roles/WebServer/files/conf.d/adhan.conf
View File

@@ -1,5 +1,5 @@
server {
listen 444 ssl http2;
listen 443 ssl http2;
server_name adhan.aninix.net;
include sec.conf;

13
roles/WebServer/files/conf.d/fastcgi.config Normal file
View File

@@ -0,0 +1,13 @@
location ~ \.php$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}

13
roles/WebServer/files/conf.d/fastcgi7.config Normal file
View File

@@ -0,0 +1,13 @@
location ~ \.php$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm7/php-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}

27
roles/WebServer/files/conf.d/fastcgi_params Normal file
View File

@@ -0,0 +1,27 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

29
roles/WebServer/files/conf.d/geth.conf Normal file
View File

@@ -0,0 +1,29 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
#listen 443 ssl http2;
listen 443 ssl;
server_name geth.aninix.net;
include sec.conf;
# include default.csp.conf;
# include local.conf;
include letsencrypt.conf;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://geth.msn0.aninix.net:8123;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 86400;
}
}

17
roles/WebServer/files/conf.d/irc.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
listen 443 ssl http2;
server_name irc.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:7778;
}
}

55
roles/WebServer/files/conf.d/lykos-wiki.conf
View File

@@ -1,46 +1,37 @@
server {
listen 444 ssl;
server_name lykos.aninix.net;
listen 443 ssl;
server_name lykos.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
root /usr/share/webapps/;
root /usr/share/webapps/;
location ~ ^/$ {
return 302 https://lykos.aninix.net:444/lykos-wiki/Main_Page;
}
client_max_body_size 5m;
client_body_timeout 60;
location ~ ^/lykos-wiki/ {
index /mediawiki/index.php;
try_files $uri $uri/ @mediawiki;
include ../conf.d/fastcgi7.config;
location / {
try_files $uri $uri/ @rewrite;
rewrite ^/lykos-wiki/(.*)$ /mediawiki/index.php?title=$1&$args;
rewrite ^$ /lykos-wiki/Main_Page;
rewrite ^/$ /lykos-wiki/Main_Page;
rewrite ^lykos-wiki$ /lykos-wiki/Main_Page;
rewrite ^lykos-wiki/$ /lykos-wiki/Main_Page;
}
location @mediawiki {
rewrite ^/lykos-wiki/(.*)$ /mediawiki/index.php?title=$1;
}
location ~ \.php?$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index /mediawiki/index.php;
try_files $uri @mediawiki;
location ^~ /maintenance/ {
return 403;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
try_files $uri /lykos-wiki/index.php;
try_files $uri /mediawiki/index.php;
expires max;
log_not_found off;
}
# Restrictions based on the .htaccess files
location ~ ^/lykos-wiki/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/ {
deny all;
}
location ~ ^/lykos-wiki/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/ {
internal;
}
location ^~ /images/ {
try_files $uri /index.php;
}
location ~ /\. {
access_log off;
log_not_found off;
location ^~ /cache/ {
deny all;
}
}

19
roles/WebServer/files/conf.d/maat.conf Normal file
View File

@@ -0,0 +1,19 @@
server {
listen 443 ssl http2;
server_name maat.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
location /
{
try_files $uri /index.html
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://maat.msn0.aninix.net:80;
proxy_force_ranges on;
}
}

40
roles/WebServer/files/conf.d/password.conf
View File

@@ -1,12 +1,44 @@
server {
listen 444 ssl http2;
listen 443 ssl http2;
server_name password.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
location /
{
root /usr/share/webapps/self-service-password/;
root /usr/share/webapps/self-service-password/htdocs/;
# https://ltb-project.org/documentation/self-service-password/1.3/config_nginx
index index.php index.html index.htm;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_vary on;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Add stdout logging
#error_log /dev/stdout warn;
#access_log /dev/stdout info;
include ../conf.d/fastcgi.config;
# deny access to . files, for security
#
location ~ /\.\. {
log_not_found off;
deny all;
}
location ~ /scripts {
log_not_found off;
deny all;
}
}

21
roles/WebServer/files/conf.d/sharingan.conf Normal file
View File

@@ -0,0 +1,21 @@
server {
listen 443 ssl http2;
server_name sharingan.aninix.net;
include sec.conf;
# include default.csp.conf;
include local.conf;
include letsencrypt.conf;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://sharingan.msn0.aninix.net:9000;
}
}

16
roles/WebServer/files/conf.d/singularity.conf Normal file
View File

@@ -0,0 +1,16 @@
server {
listen 443 ssl;
server_name singularity.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
include ../conf.d/fastcgi.config;
root /usr/share/webapps/tt-rss/;
index index.php;
try_files $uri $uri/ =404;
}

15
roles/WebServer/files/conf.d/wolfpack.conf Normal file
View File

@@ -0,0 +1,15 @@
server {
listen 443 ssl http2;
server_name wolfpack.aninix.net;
include sec.conf;
include default.csp.conf;
include letsencrypt.conf;
location /
{
root /srv/wolfpack;
autoindex on;
autoindex_format html;
}
}

20
roles/WebServer/files/conf.d/yggdrasil.conf Normal file
View File

@@ -0,0 +1,20 @@
server {
#listen 443 ssl http2;
listen 443 ssl http2;
server_name yggdrasil.aninix.net;
include sec.conf;
include letsencrypt.conf;
# include default.csp.conf;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:8096;
proxy_force_ranges on;
}
}

9
roles/WebServer/files/nginx.conf
View File

@@ -24,10 +24,13 @@ http {
# Redirect all HTTP to HTTPS
server {
listen 81 default_server;
listen [::]:81 default_server;
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
location / {
return 301 https://$host$request_uri;
}
}
include ../conf.d/*.conf;