config
/
server-debian
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

forgejo indexing fix

This commit is contained in:
Dym Sohin 2024-04-23 14:37:32 +02:00
parent c5e39d6ecf
commit 216e6f5dc2
8 changed files with 291 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
_installs/excalidraw.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
mkdir -p /var/www/excalidraw/
cd /var/www/excalidraw/
git clone https://github.com/excalidraw/excalidraw.git .
yarn
yarn start
# OR
docker-compose up --build -d
# OR
docker build -t excalidraw/excalidraw .
docker run --rm -dit --name excalidraw -p 5000:80 excalidraw/excalidraw:latest

4
_installs/forgejo.sh
View File

@ -26,6 +26,10 @@ mkdir -p /home/git
chown git:git -R /home/git \
&& chmod -R 750 /home/git
mkdir /usr/local/bin/data/forgejo-repositories
chown git:git -R /usr/local/bin/data/forgejo-repositories \
&& chmod -R 770 /usr/local/bin/data/forgejo-repositories
mkdir /var/lib/forgejo
chown git:git -R /var/lib/forgejo \
&& chmod -R 750 /var/lib/forgejo

55
apache/web.apache.conf Normal file
View File

@ -0,0 +1,55 @@
<VirtualHost *:80>
ServerAdmin apache+web.dym.sh@dym.sh
ServerName web.dym.sh
DocumentRoot /var/www/web.dym.sh
<Directory "/var/www/web.dym.sh">
Options FollowSymLinks Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.php index.html
AllowEncodedSlashes NoDecode
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin apache+web.dym.sh@dym.sh
ServerName web.dym.sh
DocumentRoot /var/www/web.dym.sh
<Directory "/var/www/web.dym.sh">
Options FollowSymLinks Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.php index.html
AllowEncodedSlashes NoDecode
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/dym.sh/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dym.sh/privkey.pem
</VirtualHost>

57
apache/zen.actor.conf Normal file
View File

@ -0,0 +1,57 @@
<VirtualHost *:80>
ServerAdmin apache+zen.actor@dym.sh
ServerName zen.actor
ServerAlias www.zen.actor
DocumentRoot /var/www/zen.actor
<Directory "/var/www/zen.actor">
Options FollowSymLinks Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.php index.html
AllowEncodedSlashes NoDecode
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin apache+zen.actor@dym.sh
ServerName zen.actor
ServerAlias www.zen.actor
DocumentRoot /var/www/zen.actor
<Directory "/var/www/zen.actor">
Options FollowSymLinks Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.php index.html
AllowEncodedSlashes NoDecode
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/zen.actor/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zen.actor/privkey.pem
</VirtualHost>

56
nginx/gts.conf Normal file
View File

@ -0,0 +1,56 @@
server {
server_name dym.sh;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name$request_uri;
}
}
server {
server_name dym.sh;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem;
ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem;
location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name/rss;
}
location ~* \/\.?rss$ {
types { } default_type "application/rss+xml; charset=utf-8";
root /var/www/dym.sh/;
}
location / {
root /var/www/dym.sh/;
try_files
$uri
$uri/
@gts;
}
client_max_body_size 2000M;
proxy_pass_request_headers on;
location @gts {
# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
proxy_pass http://127.0.0.1:10099;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

39
nginx/mail.conf Normal file
View File

@ -0,0 +1,39 @@
server {
server_name mail.dym.sh;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
proxy_pass http://127.0.0.1:11080;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name mail.dym.sh;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem;
ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem;
location / {
proxy_pass http://127.0.0.1:11443;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
client_max_body_size 2000M;
}

38
nginx/penpot.conf Normal file
View File

@ -0,0 +1,38 @@
server {
server_name penpot.dym.sh;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name$request_uri;
}
}
server {
server_name penpot.dym.sh;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem;
ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem;
client_max_body_size 2000M;
proxy_pass_request_headers on;
location / {
proxy_pass http://127.0.0.1:9001;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# add_header Content-Security-Policy "default-src 'self'; object-src 'none'; img-src 'self' blob: data:; media-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';";
}
}

27
nginx/web.conf Normal file
View File

@ -0,0 +1,27 @@
server {
server_name web.dym.sh;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name$request_uri;
}
}
server {
server_name web.dym.sh;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem;
ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem;
location / {
root /var/www/web.dym.sh/;
}
}