diff --git a/cgit/cgit.nginx b/cgit/cgit.nginx index 0f61006..ab22f14 100644 --- a/cgit/cgit.nginx +++ b/cgit/cgit.nginx @@ -1,46 +1,46 @@ server { listen [::]:80; listen 80; - server_name git.xvo.es; + server_name git.yourdomain.com; return 301 https://$server_name$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; - server_name git.xvo.es; + server_name git.yourdomain.com; - # SSL 证书 - ssl_certificate /etc/nginx/cert/git.xvo.es.pem; - ssl_certificate_key /etc/nginx/cert/git.xvo.es.key; + # SSL Certificate Path + ssl_certificate /etc/nginx/cert/git.yourdomain.com.pem; + ssl_certificate_key /etc/nginx/cert/git.yourdomain.com.key; - # SSL 安全套件 + # SSL Security ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; - + ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; - # 日志路径 - access_log /var/log/nginx/cgit-access.log; - error_log /var/log/nginx/cgit-error.log; + # Site Log path + access_log /var/log/nginx/cgit-access.log; + error_log /var/log/nginx/cgit-error.log; root /var/www/cgit; try_files $uri @cgit; client_max_body_size 10m; location @cgit { - include fastcgi_params; - # cgit 的 CGI 脚本路径 - fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; - fastcgi_param DOCUMENT_ROOT /usr/lib/git-core; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /home/git; + include fastcgi_params; + # cgit's CGI script path + fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; + fastcgi_param DOCUMENT_ROOT /usr/lib/git-core; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /home/git; if ($arg_service = git-receive-pack) { rewrite (/.*) /git_write/$1 last; @@ -64,8 +64,8 @@ server { } location ~ /git_write/(.*) { - # HTTP 基本认证 - auth_basic "Require password to push to git.xvo.es:"; + # HTTP Basic Authentication + auth_basic "Authentication Required To Push"; auth_basic_user_file /etc/nginx/.htpasswd; include git-http-backend.conf; } diff --git a/gotosocial/gotosocial.nginx b/gotosocial/gotosocial.nginx index eff683b..cc419e5 100644 --- a/gotosocial/gotosocial.nginx +++ b/gotosocial/gotosocial.nginx @@ -1,82 +1,82 @@ server { - listen 80; - listen [::]:80; - server_name yourdomain.com; - return 301 https://$server_name$request_uri; + listen 80; + listen [::]:80; + server_name yourdomain.com; + return 301 https://$server_name$request_uri; } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name yourdomain.com; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name yourdomain.com; - ssl_certificate /etc/nginx/cert/yourdomain.com.pem; - ssl_certificate_key /etc/nginx/cert/yourdomain.com.key; + ssl_certificate /etc/nginx/cert/yourdomain.com.pem; + ssl_certificate_key /etc/nginx/cert/yourdomain.com.key; + + location ~ /.well-known/(webfinger|host-meta)$ { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; - location ~ /.well-known/(webfinger|host-meta)$ { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri$is_args$query_string; + proxy_cache_valid 200 10m; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri$is_args$query_string; - proxy_cache_valid 200 10m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; + proxy_pass http://127.0.0.1:8788; + } - proxy_pass http://127.0.0.1:8788; - } + location ~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$ { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; - location ~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$ { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache gotosocial_ap_public_responses; + proxy_cache_background_update on; + proxy_cache_key $scheme://$host$uri; + proxy_cache_valid 200 604800s; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; - proxy_cache gotosocial_ap_public_responses; - proxy_cache_background_update on; - proxy_cache_key $scheme://$host$uri; - proxy_cache_valid 200 604800s; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; + proxy_pass http://127.0.0.1:8788; + } - proxy_pass http://127.0.0.1:8788; - } + location /assets/ { + alias web-asset-base-dir/; + autoindex off; + expires 5m; + add_header Cache-Control "public"; + } - location /assets/ { - alias web-asset-base-dir/; - autoindex off; - expires 5m; - add_header Cache-Control "public"; - } + location @fileserver { + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } - location @fileserver { + location /fileserver/ { + proxy_pass http://127.0.0.1:8788/; + alias storage-local-base-path/; + autoindex off; + expires max; + add_header Cache-Control "private, immutable"; + try_files $uri @fileserver; + } - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /fileserver/ { - proxy_pass http://127.0.0.1:8788/; - alias storage-local-base-path/; - autoindex off; - expires max; - add_header Cache-Control "private, immutable"; - try_files $uri @fileserver; - } - - location / { - proxy_pass http://127.0.0.1:8788; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - } - client_max_body_size 40M; + location / { + proxy_pass http://127.0.0.1:8788; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + + client_max_body_size 40M; } \ No newline at end of file diff --git a/plausible/plausible.nginx b/plausible/plausible.nginx index 96baede..b76134a 100644 --- a/plausible/plausible.nginx +++ b/plausible/plausible.nginx @@ -20,7 +20,7 @@ server { ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; - ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+AESGCM:EDH+AESGCM:EECDH+CHACHA20:EDH+CHACHA20:EECDH+AES128:EDH+AES128:EECDH+AES256:EDH+AES256:EECDH+3DES:EDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; location / { proxy_pass http://localhost:8000; @@ -33,4 +33,4 @@ server { add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; } -} \ No newline at end of file +}