diff --git a/_installs/excalidraw.sh b/_installs/excalidraw.sh new file mode 100755 index 0000000..588d136 --- /dev/null +++ b/_installs/excalidraw.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +mkdir -p /var/www/excalidraw/ +cd /var/www/excalidraw/ +git clone https://github.com/excalidraw/excalidraw.git . + +yarn +yarn start +# OR +docker-compose up --build -d + + +# OR +docker build -t excalidraw/excalidraw . +docker run --rm -dit --name excalidraw -p 5000:80 excalidraw/excalidraw:latest diff --git a/_installs/forgejo.sh b/_installs/forgejo.sh index bd142a1..d17b53a 100755 --- a/_installs/forgejo.sh +++ b/_installs/forgejo.sh @@ -26,6 +26,10 @@ mkdir -p /home/git chown git:git -R /home/git \ && chmod -R 750 /home/git +mkdir /usr/local/bin/data/forgejo-repositories +chown git:git -R /usr/local/bin/data/forgejo-repositories \ + && chmod -R 770 /usr/local/bin/data/forgejo-repositories + mkdir /var/lib/forgejo chown git:git -R /var/lib/forgejo \ && chmod -R 750 /var/lib/forgejo diff --git a/apache/web.apache.conf b/apache/web.apache.conf new file mode 100644 index 0000000..a977967 --- /dev/null +++ b/apache/web.apache.conf @@ -0,0 +1,55 @@ + + ServerAdmin apache+web.dym.sh@dym.sh + ServerName web.dym.sh + + DocumentRoot /var/www/web.dym.sh + + Options FollowSymLinks Indexes MultiViews + AllowOverride All + Order allow,deny + Allow from all + + + DirectoryIndex index.php index.html + AllowEncodedSlashes NoDecode + + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] + + + + + ServerAdmin apache+web.dym.sh@dym.sh + ServerName web.dym.sh + + DocumentRoot /var/www/web.dym.sh + + Options FollowSymLinks Indexes MultiViews + AllowOverride All + Order allow,deny + Allow from all + + + DirectoryIndex index.php index.html + AllowEncodedSlashes NoDecode + + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + + SSLEngine on + Include /etc/letsencrypt/options-ssl-apache.conf + + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] + SSLCertificateFile /etc/letsencrypt/live/dym.sh/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/dym.sh/privkey.pem + diff --git a/apache/zen.actor.conf b/apache/zen.actor.conf new file mode 100644 index 0000000..c11d472 --- /dev/null +++ b/apache/zen.actor.conf @@ -0,0 +1,57 @@ + + ServerAdmin apache+zen.actor@dym.sh + ServerName zen.actor + ServerAlias www.zen.actor + + DocumentRoot /var/www/zen.actor + + Options FollowSymLinks Indexes MultiViews + AllowOverride All + Order allow,deny + Allow from all + + + DirectoryIndex index.php index.html + AllowEncodedSlashes NoDecode + + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] + + + + + ServerAdmin apache+zen.actor@dym.sh + ServerName zen.actor + ServerAlias www.zen.actor + + DocumentRoot /var/www/zen.actor + + Options FollowSymLinks Indexes MultiViews + AllowOverride All + Order allow,deny + Allow from all + + + DirectoryIndex index.php index.html + AllowEncodedSlashes NoDecode + + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + + SSLEngine on + Include /etc/letsencrypt/options-ssl-apache.conf + + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] + SSLCertificateFile /etc/letsencrypt/live/zen.actor/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/zen.actor/privkey.pem + diff --git a/nginx/gts.conf b/nginx/gts.conf new file mode 100644 index 0000000..4e11c7f --- /dev/null +++ b/nginx/gts.conf @@ -0,0 +1,56 @@ +server { + server_name dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + location / { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name$request_uri; + } +} + +server { + server_name dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; + + + location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name/rss; + } + + location ~* \/\.?rss$ { + types { } default_type "application/rss+xml; charset=utf-8"; + root /var/www/dym.sh/; + } + + location / { + root /var/www/dym.sh/; + try_files + $uri + $uri/ + @gts; + } + + client_max_body_size 2000M; + proxy_pass_request_headers on; + + location @gts { + # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758 + proxy_pass http://127.0.0.1:10099; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + +} diff --git a/nginx/mail.conf b/nginx/mail.conf new file mode 100644 index 0000000..3168090 --- /dev/null +++ b/nginx/mail.conf @@ -0,0 +1,39 @@ +server { + server_name mail.dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + + location / { + proxy_pass http://127.0.0.1:11080; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + server_name mail.dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:11443; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + + client_max_body_size 2000M; +} diff --git a/nginx/penpot.conf b/nginx/penpot.conf new file mode 100644 index 0000000..5df4bc9 --- /dev/null +++ b/nginx/penpot.conf @@ -0,0 +1,38 @@ +server { + server_name penpot.dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + location / { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name$request_uri; + } +} + +server { + server_name penpot.dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; + + + client_max_body_size 2000M; + proxy_pass_request_headers on; + + location / { + proxy_pass http://127.0.0.1:9001; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; +# add_header Content-Security-Policy "default-src 'self'; object-src 'none'; img-src 'self' blob: data:; media-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; + } + +} diff --git a/nginx/web.conf b/nginx/web.conf new file mode 100644 index 0000000..502cdcb --- /dev/null +++ b/nginx/web.conf @@ -0,0 +1,27 @@ +server { + server_name web.dym.sh; + listen 80; + listen [::]:80; + + location ~ /\.well-known/acme-challenge { + root /var/lib/letsencrypt/; + } + location / { + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; + return 301 https://$server_name$request_uri; + } +} + +server { + server_name web.dym.sh; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; + ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; + + location / { + root /var/www/web.dym.sh/; + } +}