summaryrefslogtreecommitdiff
path: root/roles/webservers/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/webservers/files')
-rw-r--r--roles/webservers/files/levi/http.rainrain.xyz.conf5
-rw-r--r--roles/webservers/files/levi/http.rainrainra.in.conf13
-rw-r--r--roles/webservers/files/levi/https.ntfy.simponic.hatecomputers.club.conf2
-rw-r--r--roles/webservers/files/levi/https.party.simponic.xyz.conf2
-rw-r--r--roles/webservers/files/levi/https.rainrain.xyz.servconf19
-rw-r--r--roles/webservers/files/levi/https.rainrainra.in.conf25
-rw-r--r--roles/webservers/files/levi/https.secure.tunnel.simponic.xyz.conf2
-rw-r--r--roles/webservers/files/levi/https.simponic.hatecomputers.club.conf2
-rw-r--r--roles/webservers/files/levi/https.simponic.xyz.conf2
-rw-r--r--roles/webservers/files/levi/https.static.simponic.xyz.conf2
-rw-r--r--roles/webservers/files/levi/https.tunnel.simponic.xyz.conf2
-rw-r--r--roles/webservers/files/nginx.conf7
12 files changed, 35 insertions, 48 deletions
diff --git a/roles/webservers/files/levi/http.rainrain.xyz.conf b/roles/webservers/files/levi/http.rainrain.xyz.conf
new file mode 100644
index 0000000..de7a872
--- /dev/null
+++ b/roles/webservers/files/levi/http.rainrain.xyz.conf
@@ -0,0 +1,5 @@
+server {
+ listen 80;
+ server_name *.rainrain.xyz;
+ return 301 https://$server_name$request_uri?;
+}
diff --git a/roles/webservers/files/levi/http.rainrainra.in.conf b/roles/webservers/files/levi/http.rainrainra.in.conf
deleted file mode 100644
index 5681819..0000000
--- a/roles/webservers/files/levi/http.rainrainra.in.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- server_name rainrainra.in;
-
- location /.well-known/acme-challenge {
- root /var/www/letsencrypt;
- try_files $uri $uri/ =404;
- }
-
- location / {
- rewrite ^ https://rainrainra.in$request_uri? permanent;
- }
-}
diff --git a/roles/webservers/files/levi/https.ntfy.simponic.hatecomputers.club.conf b/roles/webservers/files/levi/https.ntfy.simponic.hatecomputers.club.conf
index 9a0c818..d532ee1 100644
--- a/roles/webservers/files/levi/https.ntfy.simponic.hatecomputers.club.conf
+++ b/roles/webservers/files/levi/https.ntfy.simponic.hatecomputers.club.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
allow 10.0.0.0/8;
allow 100.64.0.0/12;
diff --git a/roles/webservers/files/levi/https.party.simponic.xyz.conf b/roles/webservers/files/levi/https.party.simponic.xyz.conf
index 1896024..b0f85d7 100644
--- a/roles/webservers/files/levi/https.party.simponic.xyz.conf
+++ b/roles/webservers/files/levi/https.party.simponic.xyz.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name party.simponic.xyz;
ssl_certificate /etc/letsencrypt/live/party.simponic.xyz/fullchain.pem;
diff --git a/roles/webservers/files/levi/https.rainrain.xyz.servconf b/roles/webservers/files/levi/https.rainrain.xyz.servconf
new file mode 100644
index 0000000..5485af1
--- /dev/null
+++ b/roles/webservers/files/levi/https.rainrain.xyz.servconf
@@ -0,0 +1,19 @@
+stream {
+ map $ssl_preread_server_name $name {
+ *.rainrain.xyz rainrainxyz;
+ default proxy;
+ }
+
+ upstream rainrainxyz {
+ server tailscale.rain.internal.simponic.xyz:443;
+ }
+ upstream proxy {
+ server 127.0.0.1:4443;
+ }
+
+ server {
+ listen 443;
+ proxy_pass $name;
+ ssl_preread on;
+ }
+}
diff --git a/roles/webservers/files/levi/https.rainrainra.in.conf b/roles/webservers/files/levi/https.rainrainra.in.conf
deleted file mode 100644
index 84249dc..0000000
--- a/roles/webservers/files/levi/https.rainrainra.in.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
- listen 443 ssl;
- server_name rainrainra.in;
-
- ssl_certificate /etc/letsencrypt/live/rainrainra.in/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/rainrainra.in/privkey.pem;
- ssl_trusted_certificate /etc/letsencrypt/live/rainrainra.in/fullchain.pem;
-
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 5m;
- ssl_stapling on;
- ssl_stapling_verify on;
-
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
- ssl_dhparam /etc/nginx/dhparams.pem;
- ssl_prefer_server_ciphers on;
-
- root /var/www/html/rainrainra.in;
-
- location / {
- try_files $uri $uri/ $uri.html =404;
- }
-}
diff --git a/roles/webservers/files/levi/https.secure.tunnel.simponic.xyz.conf b/roles/webservers/files/levi/https.secure.tunnel.simponic.xyz.conf
index 2b8b350..707f12f 100644
--- a/roles/webservers/files/levi/https.secure.tunnel.simponic.xyz.conf
+++ b/roles/webservers/files/levi/https.secure.tunnel.simponic.xyz.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name secure.tunnel.simponic.xyz;
ssl_certificate /etc/letsencrypt/live/secure.tunnel.simponic.xyz/fullchain.pem;
diff --git a/roles/webservers/files/levi/https.simponic.hatecomputers.club.conf b/roles/webservers/files/levi/https.simponic.hatecomputers.club.conf
index fa0f6ab..16f31ed 100644
--- a/roles/webservers/files/levi/https.simponic.hatecomputers.club.conf
+++ b/roles/webservers/files/levi/https.simponic.hatecomputers.club.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name simponic.hatecomputers.club;
ssl_certificate /etc/letsencrypt/live/simponic.hatecomputers.club/fullchain.pem;
diff --git a/roles/webservers/files/levi/https.simponic.xyz.conf b/roles/webservers/files/levi/https.simponic.xyz.conf
index 8930168..e9b32e7 100644
--- a/roles/webservers/files/levi/https.simponic.xyz.conf
+++ b/roles/webservers/files/levi/https.simponic.xyz.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name simponic.xyz;
ssl_certificate /etc/letsencrypt/live/simponic.xyz/fullchain.pem;
diff --git a/roles/webservers/files/levi/https.static.simponic.xyz.conf b/roles/webservers/files/levi/https.static.simponic.xyz.conf
index ca72805..01719c0 100644
--- a/roles/webservers/files/levi/https.static.simponic.xyz.conf
+++ b/roles/webservers/files/levi/https.static.simponic.xyz.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name static.simponic.xyz;
ssl_certificate /etc/letsencrypt/live/static.simponic.xyz/fullchain.pem;
diff --git a/roles/webservers/files/levi/https.tunnel.simponic.xyz.conf b/roles/webservers/files/levi/https.tunnel.simponic.xyz.conf
index 5660f29..deee0b7 100644
--- a/roles/webservers/files/levi/https.tunnel.simponic.xyz.conf
+++ b/roles/webservers/files/levi/https.tunnel.simponic.xyz.conf
@@ -1,5 +1,5 @@
server {
- listen 443 ssl;
+ listen 4443 ssl;
server_name tunnel.simponic.xyz;
ssl_certificate /etc/letsencrypt/live/tunnel.simponic.xyz/fullchain.pem;
diff --git a/roles/webservers/files/nginx.conf b/roles/webservers/files/nginx.conf
index 2e36cdd..e4f4987 100644
--- a/roles/webservers/files/nginx.conf
+++ b/roles/webservers/files/nginx.conf
@@ -1,8 +1,8 @@
user www-data;
worker_processes 4;
pid /run/nginx.pid;
-load_module modules/ndk_http_module.so;
-load_module modules/ngx_http_set_misc_module.so;
+# load_module modules/ndk_http_module.so;
+# load_module modules/ngx_http_set_misc_module.so;
events {
worker_connections 768;
@@ -25,5 +25,6 @@ http {
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
+ include /etc/nginx/sites-enabled/*.conf;
}
+include /etc/nginx/sites-enabled/*.servconf;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-21 06:44:40 +0000