Removed cryptpad/unused-nginx-rp-docker

This commit is contained in:
Viyurz 2023-12-06 08:51:54 +00:00
parent 2187a7ddb0
commit c74bd17530
6 changed files with 1 additions and 353 deletions

View file

@ -1,26 +0,0 @@
services:
cryptpad:
image: "cryptpad/cryptpad:version-5.5.0"
container_name: cryptpad
restart: always
hostname: cryptpad
environment:
- CPAD_MAIN_DOMAIN=https://cryptpad.viyurz.fr
- CPAD_SANDBOX_DOMAIN=https://cryptpad-sandbox.viyurz.fr
- CPAD_CONF=/cryptpad/config/config.js
volumes:
- /mnt/cryptpaddata/config/config.js:/cryptpad/config/config.js
- /mnt/cryptpaddata/blob:/cryptpad/blob
- /mnt/cryptpaddata/data/block:/cryptpad/block
- /mnt/cryptpaddata/customize:/cryptpad/customize
- /mnt/cryptpaddata/data/data:/cryptpad/data
- /mnt/cryptpaddata/data/files:/cryptpad/datastore
ports:
- "[::1]:3000:3000"
- "[::1]:3001:3001"
- "[::1]:3003:3003"
ulimits:
nofile:
soft: 1000000
hard: 1000000
user: cryptpad # useradd -u 4001 cryptpad

2
maj.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
services=(cryptpad etebase mc nginx-www searxng synapse syncthing vw)
services=(etebase nginx-www searxng synapse syncthing vw)
if [[ ! $(echo "${services[*]} all" | grep -P "\b$1\b" ) ]]; then

View file

@ -136,25 +136,6 @@ server {
# Cryptpad
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cryptpad.viyurz.fr cryptpad-sandbox.viyurz.fr;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
client_max_body_size 150m;
}
}
# Etebase
server {
listen 443 ssl http2;

View file

@ -1,8 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

View file

@ -1,11 +0,0 @@
services:
nginx-rp:
image: nginx:latest
restart: always
container_name: nginx-rp
network_mode: host
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./dhparam.txt:/dhparam.txt
- /etc/letsencrypt/live/viyurz.fr:/etc/letsencrypt/live/viyurz.fr
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr

View file

@ -1,288 +0,0 @@
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 2048;
events {
worker_connections 1024;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip off;
# Hide NGINX version in error messages.
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
# log_not_found on;
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log warn;
keepalive_timeout 65;
ssl_certificate /etc/letsencrypt/live/viyurz.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
# modern configuration
# ssl_protocols TLSv1.3;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /dhparam.txt;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1];
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Client-Port $remote_port;
proxy_set_header X-SSL-Cert $ssl_client_cert;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Scheme $scheme;
# The `upstream` directives ensure that you have a http/1.1 connection
# This enables the keepalive option and better performance
#
# Define the server IP and ports here.
upstream vaultwarden-default {
zone vaultwarden-default 64k;
server localhost:8081;
keepalive 2;
}
# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
# Redirect HTTP to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
http2 on;
server_name _;
return 308 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
server_name _;
server_name_in_redirect off;
return 404;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# http3 on;
# quic_retry on;
# add_header Alt-Svc 'h3=":$server_port"; ma=86400';
# listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
server_name nc.viyurz.fr;
location / {
proxy_pass http://localhost:11000;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Accept-Encoding "";
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name vw.viyurz.fr;
location / {
proxy_pass http://vaultwarden-default;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
client_max_body_size 525M;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name searx.viyurz.fr;
location ~ ^/(config|healthz|stats/errors|stats/checker) {
proxy_pass http://localhost:8083;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Disable some features
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Origin "*";
}
location /static/ {
proxy_pass http://localhost:8083;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Disable some features
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
add_header Cache-Control "public, max-age=31536000";
}
location /image_proxy {
proxy_pass http://localhost:8083;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Disable some features
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
add_header Content-Security-Policy "default-src 'none'; img-src 'self' data:";
}
location / {
proxy_pass http://localhost:8083;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Disable some features
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
# add_header Cache-Control "no-cache, no-store";
# add_header Pragma "no-cache";
add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name matrix.viyurz.fr;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://localhost:8008;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
}
upstream stdisco.viyurz.fr {
# Local IP address:port for discovery server
server localhost:8443;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name stdisco.viyurz.fr;
ssl_verify_client optional_no_ca;
location / {
proxy_pass http://stdisco.viyurz.fr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name www.viyurz.fr;
location / {
proxy_pass http://localhost:8082;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name viyurz.fr;
location /.well-known/matrix/server {
default_type application/json;
return 200 '{ "m.server": "matrix.viyurz.fr:443" }';
}
location / {
return 308 https://www.viyurz.fr$request_uri;
}
}
}