Removed cryptpad/unused-nginx-rp-docker

2023-12-06 08:51:54 +00:00 · 2023-12-06 08:51:54 +00:00 · c74bd17530
commit c74bd17530
parent 2187a7ddb0
6 changed files with 1 additions and 353 deletions
--- a/cryptpad/docker-compose.yaml
+++ b/cryptpad/docker-compose.yaml
@ -1,26 +0,0 @@
 services:
  cryptpad:
    image: "cryptpad/cryptpad:version-5.5.0"
    container_name: cryptpad
    restart: always
    hostname: cryptpad
    environment:
      - CPAD_MAIN_DOMAIN=https://cryptpad.viyurz.fr
      - CPAD_SANDBOX_DOMAIN=https://cryptpad-sandbox.viyurz.fr
      - CPAD_CONF=/cryptpad/config/config.js
    volumes:
      - /mnt/cryptpaddata/config/config.js:/cryptpad/config/config.js
      - /mnt/cryptpaddata/blob:/cryptpad/blob
      - /mnt/cryptpaddata/data/block:/cryptpad/block
      - /mnt/cryptpaddata/customize:/cryptpad/customize
      - /mnt/cryptpaddata/data/data:/cryptpad/data
      - /mnt/cryptpaddata/data/files:/cryptpad/datastore
    ports:
      - "[::1]:3000:3000"
      - "[::1]:3001:3001"
      - "[::1]:3003:3003"
    ulimits:
      nofile:
        soft: 1000000
        hard: 1000000
    user: cryptpad # useradd -u 4001 cryptpad
--- a/maj.sh
+++ b/maj.sh
@ -1,7 +1,7 @@
 #!/bin/bash
-services=(cryptpad etebase mc nginx-www searxng synapse syncthing vw)
+services=(etebase nginx-www searxng synapse syncthing vw)
 if [[ ! $(echo "${services[*]} all" | grep -P "\b$1\b" ) ]]; then
--- a/nginx-rp/reverse-proxy.conf
+++ b/nginx-rp/reverse-proxy.conf
@ -136,25 +136,6 @@ server {
 # Cryptpad
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name cryptpad.viyurz.fr cryptpad-sandbox.viyurz.fr;
 	location / {
 		proxy_pass http://localhost:3000;
 		proxy_http_version    1.1;
        proxy_set_header      Upgrade $http_upgrade;
        proxy_set_header      Connection upgrade;
 	    client_max_body_size  150m;
 	}
 }
 # Etebase
 server {
 	listen 443 ssl http2;
--- a/unused-nginx-rp-docker/dhparam.txt
+++ b/unused-nginx-rp-docker/dhparam.txt
@ -1,8 +0,0 @@
 -----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
 +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
 ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----
--- a/unused-nginx-rp-docker/docker-compose.yaml
+++ b/unused-nginx-rp-docker/docker-compose.yaml
@ -1,11 +0,0 @@
 services:  
  nginx-rp:
    image: nginx:latest
    restart: always
    container_name: nginx-rp
    network_mode: host
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./dhparam.txt:/dhparam.txt
      - /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
      - /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr
--- a/unused-nginx-rp-docker/nginx.conf
+++ b/unused-nginx-rp-docker/nginx.conf
@ -1,288 +0,0 @@
 worker_processes auto;
 worker_cpu_affinity auto;
 worker_rlimit_nofile 2048;
 events {
 	worker_connections 1024;
 }
 http {
 	charset utf-8;
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
 	gzip off;
 	# Hide NGINX version in error messages.
 	server_tokens off;
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 	# Logging
 	# log_not_found on;
 	# access_log /var/log/nginx/access.log;
 	# error_log /var/log/nginx/error.log warn;
 	keepalive_timeout 65;
 	ssl_certificate /etc/letsencrypt/live/viyurz.fr/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
 	ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
 	# modern configuration
 	# ssl_protocols TLSv1.3;
 	# intermediate configuration
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 	# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
 	ssl_dhparam /dhparam.txt;
    ssl_prefer_server_ciphers off;
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:MozSSL:10m;
 	ssl_session_tickets off;
 	# HSTS (ngx_http_headers_module is required)
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 	add_header X-Robots-Tag "noindex, nofollow" always;
 	add_header Set-Cookie "Path=/; HttpOnly; Secure";
 	# OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
 	resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1];
 	proxy_set_header Host $host;
 	proxy_set_header X-Real-IP $remote_addr;	
 	proxy_set_header X-Client-Port $remote_port;
 	proxy_set_header X-SSL-Cert $ssl_client_cert;
 	proxy_set_header X-Forwarded-Port $server_port;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
 	proxy_set_header X-Forwarded-Scheme $scheme;
 	# The `upstream` directives ensure that you have a http/1.1 connection
 	# This enables the keepalive option and better performance
 	#
 	# Define the server IP and ports here.
 	upstream vaultwarden-default {
 		zone vaultwarden-default 64k;
 		server localhost:8081;
 		keepalive 2;
 	}
 	# Needed to support websocket connections
 	# See: https://nginx.org/en/docs/http/websocket.html
 	# Instead of "close" as stated in the above link we send an empty value.
 	# Else all keepalive connections will not work.
 	map $http_upgrade $connection_upgrade {
 		default upgrade;
 		''      "";
 	}
 	# Redirect HTTP to HTTPS
 	server {
 		listen 80 default_server;
 		listen [::]:80 default_server;
 		http2 on;
 		server_name _;
 	    return 308 https://$host$request_uri;
 	}
 	server {
 		listen 443 ssl default_server;
 		listen [::]:443 ssl default_server;
 		http2 on;
 		server_name _;
 		server_name_in_redirect off;
 		return 404;
 	}
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		http2 on;
 		# http3 on;
 		# quic_retry on;
 		# add_header Alt-Svc 'h3=":$server_port"; ma=86400';
 		# listen 443 quic reuseport;
 		# listen [::]:443 quic reuseport;
 		server_name nc.viyurz.fr;
 		location / {
 			proxy_pass http://localhost:11000;
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 			# Websocket
 			proxy_http_version 1.1;
 			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection $connection_upgrade;
 			proxy_set_header Accept-Encoding "";
 			client_body_buffer_size 512k;
 			proxy_read_timeout 86400s;
 			client_max_body_size 0;
 		}
 	}
 	server {
 		listen 443 ssl;
 	    listen [::]:443 ssl;	
 		http2 on;
 		server_name vw.viyurz.fr;
 		location / {
 			proxy_pass http://vaultwarden-default;
 			# Websocket
 			proxy_http_version 1.1;
 			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection $connection_upgrade;
 	    	client_max_body_size 525M;
 		}
 	}
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		http2 on;
 		server_name searx.viyurz.fr;
 		location ~ ^/(config|healthz|stats/errors|stats/checker) {
 			proxy_pass http://localhost:8083;
 			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 			# Disable some features
        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 			add_header Access-Control-Allow-Methods "GET, OPTIONS";
 			add_header Access-Control-Allow-Origin "*";
 		}
 		location /static/ {
 			proxy_pass http://localhost:8083;
 			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 			# Disable some features
        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 			add_header Cache-Control "public, max-age=31536000";
 		}
 		location /image_proxy {
 			proxy_pass http://localhost:8083;
 			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 			# Disable some features
        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 			add_header Content-Security-Policy "default-src 'none'; img-src 'self' data:";
 		}
 		location / {
 			proxy_pass http://localhost:8083;
 			add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 			# Disable some features
        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 			# add_header Cache-Control "no-cache, no-store";
 			# add_header Pragma "no-cache";
 			add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
 		}
 	}
 	server {
    	listen 443 ssl;
 	    listen [::]:443 ssl;
 		http2 on;
 	    server_name matrix.viyurz.fr;
    	location ~ ^(/_matrix|/_synapse/client) {
 	        proxy_pass http://localhost:8008;
 	       	# Nginx by default only allows file uploads up to 1M in size
    	    # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        	client_max_body_size 50M;   
 	    }
 	}
 	upstream stdisco.viyurz.fr {
 	    # Local IP address:port for discovery server
    	server localhost:8443;
 	}
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		http2 on;
 		server_name stdisco.viyurz.fr;
 		ssl_verify_client optional_no_ca;
 		location / {
 			proxy_pass http://stdisco.viyurz.fr;
 			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection $http_connection;
 		}
 	}
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		http2 on;
 		server_name www.viyurz.fr;
 		location / {
 			proxy_pass http://localhost:8082;
 		}
 	}
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		http2 on;
 		server_name viyurz.fr;
 		location /.well-known/matrix/server {
 			default_type application/json;
 			return 200 '{ "m.server": "matrix.viyurz.fr:443" }';
 		}
 		location / {
 			return 308 https://www.viyurz.fr$request_uri;
 		}
 	}
 }