From 653a086fea18bfb9331cd02c10001b44deb926e9 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Fri, 31 Mar 2023 21:32:29 -0700 Subject: [PATCH] rename files with conf type, cleanup other config files Signed-off-by: Arthur Lu --- nginx.conf | 44 ++++------------------------- sites/{client => client.conf} | 5 ---- sites/{default => default.conf} | 5 ---- sites/{homepage => homepage.conf} | 5 ---- sites/{ldap => ldap.conf} | 5 ---- sites/{mail => mail.conf} | 6 ---- sites/{nextcloud => nextcloud.conf} | 5 ---- sites/{opns => opns.conf} | 6 ---- sites/{pve => pve.conf} | 6 ---- sites/redirect.conf | 5 ++++ sites/{root => root.conf} | 6 ---- sites/{status => status.conf} | 5 ---- sites/{wiki => wiki.conf} | 5 ---- snippets/ssl-params.conf | 1 - 14 files changed, 11 insertions(+), 98 deletions(-) rename sites/{client => client.conf} (77%) rename sites/{default => default.conf} (60%) rename sites/{homepage => homepage.conf} (69%) rename sites/{ldap => ldap.conf} (69%) rename sites/{mail => mail.conf} (67%) rename sites/{nextcloud => nextcloud.conf} (69%) rename sites/{opns => opns.conf} (69%) rename sites/{pve => pve.conf} (70%) create mode 100644 sites/redirect.conf rename sites/{root => root.conf} (68%) rename sites/{status => status.conf} (69%) rename sites/{wiki => wiki.conf} (69%) diff --git a/nginx.conf b/nginx.conf index 8099315..a96a09c 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,59 +1,27 @@ user www-data; worker_processes auto; pid /run/nginx.pid; -# include /etc/nginx/modules/*.conf; - events { worker_connections 768; - # multi_accept on; } http { - ## - # Basic Settings - ## - sendfile on; tcp_nopush on; types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; - ## - # SSL Settings - ## - - # ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - # ssl_prefer_server_ciphers on; - - ## - # Logging Settings - ## - access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; - ## - # Gzip Settings - ## - gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - # include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites/*; } diff --git a/sites/client b/sites/client.conf similarity index 77% rename from sites/client rename to sites/client.conf index 7055b90..5016bf9 100644 --- a/sites/client +++ b/sites/client.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name client.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name client.tronnet.net; diff --git a/sites/default b/sites/default.conf similarity index 60% rename from sites/default rename to sites/default.conf index 3213981..4578c5b 100644 --- a/sites/default +++ b/sites/default.conf @@ -1,8 +1,3 @@ -server { - listen 80 default_server; - server_name *.tronnet.net; - return 301 https://tronnet.net; -} server { listen 443 ssl http2 default_server; server_name *.tronnet.net; diff --git a/sites/homepage b/sites/homepage.conf similarity index 69% rename from sites/homepage rename to sites/homepage.conf index 47ab60f..1b4b918 100644 --- a/sites/homepage +++ b/sites/homepage.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name tronnet.net; diff --git a/sites/ldap b/sites/ldap.conf similarity index 69% rename from sites/ldap rename to sites/ldap.conf index 5f21610..37cbe1d 100644 --- a/sites/ldap +++ b/sites/ldap.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name ldap.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name ldap.tronnet.net; diff --git a/sites/mail b/sites/mail.conf similarity index 67% rename from sites/mail rename to sites/mail.conf index 8471e6a..a4805b6 100644 --- a/sites/mail +++ b/sites/mail.conf @@ -1,9 +1,3 @@ -server { - listen 80; - server_name mail.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} - server { listen 443 ssl http2; server_name mail.tronnet.net; diff --git a/sites/nextcloud b/sites/nextcloud.conf similarity index 69% rename from sites/nextcloud rename to sites/nextcloud.conf index 32d9622..b7eb44b 100644 --- a/sites/nextcloud +++ b/sites/nextcloud.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name nextcloud.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name nextcloud.tronnet.net; diff --git a/sites/opns b/sites/opns.conf similarity index 69% rename from sites/opns rename to sites/opns.conf index 0486c10..623d739 100644 --- a/sites/opns +++ b/sites/opns.conf @@ -1,9 +1,3 @@ -server { - listen 80; - server_name opns.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} - server { listen 443 ssl http2; server_name opns.tronnet.net; diff --git a/sites/pve b/sites/pve.conf similarity index 70% rename from sites/pve rename to sites/pve.conf index 55dad88..6e3149b 100644 --- a/sites/pve +++ b/sites/pve.conf @@ -1,9 +1,3 @@ -server { - listen 80; - server_name pve.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} - server { listen 443 ssl http2; server_name pve.tronnet.net; diff --git a/sites/redirect.conf b/sites/redirect.conf new file mode 100644 index 0000000..32b341c --- /dev/null +++ b/sites/redirect.conf @@ -0,0 +1,5 @@ +server { + listen 80 default_server; + server_name *.tronnet.net; + return 301 https://$host$request_uri; +} \ No newline at end of file diff --git a/sites/root b/sites/root.conf similarity index 68% rename from sites/root rename to sites/root.conf index 9bff0e5..e7ca27e 100644 --- a/sites/root +++ b/sites/root.conf @@ -1,9 +1,3 @@ -server { - listen 80; - server_name root.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} - server { listen 443 ssl http2; server_name root.tronnet.net; diff --git a/sites/status b/sites/status.conf similarity index 69% rename from sites/status rename to sites/status.conf index 0c2f624..e2d52eb 100644 --- a/sites/status +++ b/sites/status.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name status.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name status.tronnet.net; diff --git a/sites/wiki b/sites/wiki.conf similarity index 69% rename from sites/wiki rename to sites/wiki.conf index 7f1a648..6f81253 100644 --- a/sites/wiki +++ b/sites/wiki.conf @@ -1,8 +1,3 @@ -server { - listen 80; - server_name wiki.tronnet.net; - rewrite ^(.*) https://$host$1 permanent; -} server { listen 443 ssl http2; server_name wiki.tronnet.net; diff --git a/snippets/ssl-params.conf b/snippets/ssl-params.conf index f3a5369..8fa9fbd 100644 --- a/snippets/ssl-params.conf +++ b/snippets/ssl-params.conf @@ -9,7 +9,6 @@ ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; -# add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block";