diff --git a/sites-available/asxp.io b/sites-available/asxp.io index f1e632e..9353b3a 100644 --- a/sites-available/asxp.io +++ b/sites-available/asxp.io @@ -1,77 +1,33 @@ #asxp.io server { - if ($host = www.asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name www.asxp.io asxp.io; - listen [::]:80; - server_name www.asxp.io asxp.io; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name asxp.io www.asxp.io; root /srv/http/asxpio; - #root /srv/http/photos; index index.html; - server_name _; - return 444; - - location / { - try_files $uri $uri/ =404; - } -} -server { - - root /srv/http/asxpio; - #root /srv/http/photos; - - index index.html; - - server_name asxp.io www.asxp.io; # managed by Certbot - - location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - root /srv/http/asxpio; - include fastcgi.conf; - } - - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - - - #listen [::]:443 ssl ipv6only=on; # managed by Certbot - #listen [::]:443; - #ssl on; - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + location ~ \.php$ { + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + root /srv/http/asxpio; + include fastcgi.conf; + } + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ## # Nginx Bad Bot Blocker Includes # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker ## #include /etc/nginx/bots.d/ddos.conf; #include /etc/nginx/bots.d/blockbots.conf; -} +} \ No newline at end of file diff --git a/sites-available/gitea b/sites-available/gitea index 83b0aeb..c96b4b3 100644 --- a/sites-available/gitea +++ b/sites-available/gitea @@ -1,39 +1,7 @@ -server { - if ($host = www.git.asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = git.asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name www.git.asxp.io git.asxp.io; - listen [::]:80; - server_name www.git.asxp.io git.asxp.io; - - server_name _; - return 444; - - location / { - proxy_pass http://localhost:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - -} - server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name git.asxp.io; - - ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot + server_name git.asxp.io www.git.asxp.io; location / { proxy_pass http://localhost:3000; @@ -42,4 +10,9 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } -} + + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} \ No newline at end of file diff --git a/sites-available/https b/sites-available/https new file mode 100644 index 0000000..901003c --- /dev/null +++ b/sites-available/https @@ -0,0 +1,20 @@ +server { + + listen 80; + server_name _; + listen [::]:80; + server_name _; + + if ($host = http://$host$request_uri) { + return 301 https://$host$request_uri; + } + + + if ($host = http://www.$host$request_uri;) { + return 301 https://$host$request_uri; + } + + location / { + try_files $uri $uri/ =404; + } +} \ No newline at end of file diff --git a/sites-available/photos b/sites-available/photos new file mode 100644 index 0000000..56c5f5f --- /dev/null +++ b/sites-available/photos @@ -0,0 +1,34 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name photos.asxp.io www.photos.asxp.io; + + root /srv/http/photos; + index index.html; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + root /srv/http/photos; + include fastcgi.conf; + } + + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + ## + # Nginx Bad Bot Blocker Includes + # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker + ## + #include /etc/nginx/bots.d/ddos.conf; + #include /etc/nginx/bots.d/blockbots.conf; +} diff --git a/sites-available/photos.asxp.io b/sites-available/photos.asxp.io deleted file mode 100644 index 6ba6caa..0000000 --- a/sites-available/photos.asxp.io +++ /dev/null @@ -1,75 +0,0 @@ -#asxp.io -server { - if ($host = www.photos.asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = photos.asxp.io) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name www.photos.asxp.io photos.asxp.io; - listen [::]:80; - server_name www.photos.asxp.io photos.asxp.io; - - root /srv/http/photos; - index index.html; - - server_name _; - return 444; - - location / { - try_files $uri $uri/ =404; - } -} -server { - - root /srv/http/photos; - - index index.html; - - server_name photos.asxp.io www.photos.asxp.io; # managed by Certbot - - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - root /srv/http/photos; - include fastcgi.conf; - } - - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - - - #listen [::]:443 ssl ipv6only=on; # managed by Certbot - #listen [::]:443; - #ssl on; - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - ## - # Nginx Bad Bot Blocker Includes - # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker - ## - include /etc/nginx/bots.d/ddos.conf; - include /etc/nginx/bots.d/blockbots.conf; -} diff --git a/sites-available/upload.asxp.io b/sites-available/upload similarity index 100% rename from sites-available/upload.asxp.io rename to sites-available/upload diff --git a/sites-available/uptime b/sites-available/uptime new file mode 100644 index 0000000..17b038d --- /dev/null +++ b/sites-available/uptime @@ -0,0 +1,21 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name uptime.asxp.io www.uptime.asxp.io; + + +location / { + proxy_pass http://localhost:3001/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} diff --git a/sites-available/uptime.asxp.io b/sites-available/uptime.asxp.io deleted file mode 100644 index 03591bd..0000000 --- a/sites-available/uptime.asxp.io +++ /dev/null @@ -1,18 +0,0 @@ -server { - listen 443 ssl http2; - # Remove '#' in the next line to enable IPv6 - # listen [::]:443 ssl http2; - server_name uptime.asxp.io; - ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot - - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://localhost:3001/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} diff --git a/sites-enabled/asxp.io b/sites-enabled/asxp.io deleted file mode 120000 index 7d3f4b2..0000000 --- a/sites-enabled/asxp.io +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/asxp.io \ No newline at end of file diff --git a/sites-enabled/gitea b/sites-enabled/gitea deleted file mode 120000 index 5087df8..0000000 --- a/sites-enabled/gitea +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/gitea \ No newline at end of file diff --git a/sites-enabled/uptime.asxp.io b/sites-enabled/uptime.asxp.io deleted file mode 120000 index 729f073..0000000 --- a/sites-enabled/uptime.asxp.io +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/uptime.asxp.io \ No newline at end of file