tengel/www
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

initial import

Browse source
This commit is contained in:
tengel 2024-03-17 12:53:54 -05:00
parent 3ed58b0021
commit 4b70c0023c
48 changed files with 1540 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
etc/nginx/sites-available/git.xyzzy.ee.conf Normal file
View file

@ -0,0 +1,61 @@
# git.xyzzy.ee
server {
server_name git.xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location ~ ^\/(robots\.txt|\.well-known\/security\.txt)$ {
try_files $uri $uri/ =404;
}
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.xyzzy.ee/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.xyzzy.ee/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# https://ssl-config.mozilla.org/
add_header Strict-Transport-Security "max-age=15724800" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/git.xyzzy.ee/chain.pem;
resolver 9.9.9.9 8.8.8.8 1.1.1.1;
resolver_timeout 5s;
# https://observatory.mozilla.org
# gitea already adds X-Frame-Options SAMEORIGIN
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# https://csp-evaluator.withgoogle.com/
# https://github.com/go-gitea/gitea/issues/305
# add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-src 'self'; frame-ancestors 'self'; manifest-src 'self' data:;";
}
server {
if ($host = git.xyzzy.ee) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name git.xyzzy.ee;
return 301 https://git.xyzzy.ee$request_uri;
return 404; # managed by Certbot
}

15
etc/nginx/sites-available/git.xyzzy.ee.conf.bootstrap Normal file
View file

@ -0,0 +1,15 @@
# git.xyzzy.ee
server {
listen 80;
listen [::]:80;
server_name git.xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}

108
etc/nginx/sites-available/xyzzy.ee.conf Normal file
View file

@ -0,0 +1,108 @@
# xyzzy.ee
# www.xyzzy.ee
server {
server_name xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl default_server; # managed by Certbot
listen 443 ssl default_server; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xyzzy.ee/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xyzzy.ee/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# https://ssl-config.mozilla.org/
add_header Strict-Transport-Security "max-age=15724800" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/xyzzy.ee/chain.pem;
resolver 9.9.9.9 8.8.8.8 1.1.1.1;
resolver_timeout 5s;
# https://observatory.mozilla.org
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
}
server {
server_name www.xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location ~ /\.well-known {
allow all;
}
location ~ / {
return 301 $scheme://xyzzy.ee$request_uri;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xyzzy.ee/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xyzzy.ee/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# https://ssl-config.mozilla.org/
add_header Strict-Transport-Security "max-age=15724800" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/xyzzy.ee/chain.pem;
resolver 9.9.9.9 8.8.8.8 1.1.1.1;
resolver_timeout 5s;
# https://observatory.mozilla.org
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
}
server {
if ($host = xyzzy.ee) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name xyzzy.ee;
root /var/xyzzy/html;
index index.html;
return 404; # managed by Certbot
}
server {
if ($host = www.xyzzy.ee) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name www.xyzzy.ee;
root /var/xyzzy/html;
index index.html;
return 404; # managed by Certbot
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://xyzzy.ee$request_uri;
}

32
etc/nginx/sites-available/xyzzy.ee.conf.bootstrap Normal file
View file

@ -0,0 +1,32 @@
# xyzzy.ee
# www.xyzzy.ee
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name www.xyzzy.ee;
root /var/xyzzy/html;
index index.html;
location ~ /\.well-known {
allow all;
}
location ~ / {
return 301 $scheme://xyzzy.ee$request_uri;
}
}

101
etc/nginx/sites-available/xyzzy.fi.conf Normal file
View file

@ -0,0 +1,101 @@
# xyzzy.fi
# www.xyzzy.fi
server {
server_name xyzzy.fi;
root /var/xyzzy/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xyzzy.fi/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xyzzy.fi/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# https://ssl-config.mozilla.org/
add_header Strict-Transport-Security "max-age=15724800" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/xyzzy.fi/chain.pem;
resolver 9.9.9.9 8.8.8.8 1.1.1.1;
resolver_timeout 5s;
# https://observatory.mozilla.org
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
}
server {
server_name www.xyzzy.fi;
root /var/xyzzy/html;
index index.html;
location ~ /\.well-known {
allow all;
}
location ~ / {
return 301 $scheme://xyzzy.fi$request_uri;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xyzzy.fi/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xyzzy.fi/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# https://ssl-config.mozilla.org/
add_header Strict-Transport-Security "max-age=15724800" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/xyzzy.fi/chain.pem;
resolver 9.9.9.9 8.8.8.8 1.1.1.1;
resolver_timeout 5s;
# https://observatory.mozilla.org
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
}
server {
if ($host = xyzzy.fi) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name xyzzy.fi;
root /var/xyzzy/html;
index index.html;
return 404; # managed by Certbot
}
server {
if ($host = www.xyzzy.fi) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name www.xyzzy.fi;
root /var/xyzzy/html;
index index.html;
return 404; # managed by Certbot
}

32
etc/nginx/sites-available/xyzzy.fi.conf.bootstrap Normal file
View file

@ -0,0 +1,32 @@
# xyzzy.fi
# www.xyzzy.fi
server {
listen 80;
listen [::]:80;
server_name xyzzy.fi;
root /var/xyzzy/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name www.xyzzy.fi;
root /var/xyzzy/html;
index index.html;
location ~ /\.well-known {
allow all;
}
location ~ / {
return 301 $scheme://xyzzy.fi$request_uri;
}
}