diff options
author | sijanec <sijanecantonluka@gmail.com> | 2020-09-26 21:42:10 +0200 |
---|---|---|
committer | sijanec <sijanecantonluka@gmail.com> | 2020-09-26 21:42:10 +0200 |
commit | 3a3246dfecab404df90513989bf84a270e17d1f1 (patch) | |
tree | 629eb2d4f82d561fa709150742bb64c0bef54759 /server/proxy | |
parent | unset tracking vars are now not reported to the spyware server (diff) | |
download | beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.gz beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.bz2 beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.lz beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.xz beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.zst beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.zip |
Diffstat (limited to 'server/proxy')
-rw-r--r-- | server/proxy/apache.conf | 99 | ||||
-rw-r--r-- | server/proxy/lopolis.conf | 55 | ||||
-rw-r--r-- | server/proxy/nginx.conf | 133 | ||||
-rw-r--r-- | server/proxy/zgimsis.conf | 51 |
4 files changed, 106 insertions, 232 deletions
diff --git a/server/proxy/apache.conf b/server/proxy/apache.conf deleted file mode 100644 index e0c49a5..0000000 --- a/server/proxy/apache.conf +++ /dev/null @@ -1,99 +0,0 @@ -<VirtualHost *:27443> - SSLEngine On - SSLCertificateFile /etc/ssl/sslforfree/sg.crt - SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key - SSLProxyEngine On - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - # The ServerName directive sets the request scheme, hostname and port that - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - #ServerAdmin webmaster@localhost - #DocumentRoot /var/www/apache2 - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - RequestHeader unset Accept-Encoding - ProxyPreserveHost Off - ProxyPass "/" "https://zgimsis.gimb.org:443/" - ProxyPassReverse "/" "https://zgimsis.gimb.org:443/" - AddOutputFilterByType SUBSTITUTE text/html - Substitute "s|zgimsis.gimb.org|zgimsis.gimb.tk:27443|i" - Substitute "s/window.location.replace/console.log/i" - DumpIOInput Off - DumpIOOutput On - LogLevel dumpio:trace7 - LogLevel debug - -</VirtualHost> -<VirtualHost *:2780> -# ServerName cargova.xn--pga.ga -# SSLEngine On -# SSLCertificateFile /etc/ssl/sslforfree/sg.crt -# SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key - SSLProxyEngine On - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - # The ServerName directive sets the request scheme, hostname and port that - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - #ServerName www.example.com - - #ServerAdmin webmaster@localhost - #DocumentRoot /var/www/apache2 - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - RequestHeader unset Accept-Encoding - ProxyPreserveHost Off - ProxyPass "/" "https://zgimsis.gimb.org:443/" - ProxyPassReverse "/" "https://zgimsis.gimb.org:443/" - AddOutputFilterByType SUBSTITUTE text/html - Substitute "s/zgimsis.gimb.org/zgimsis.gimb.tk:2780/i" - Substitute "s/window.location.replace/console.log/i" - DumpIOInput Off - DumpIOOutput On - LogLevel dumpio:trace7 - LogLevel debug - -</VirtualHost> - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/server/proxy/lopolis.conf b/server/proxy/lopolis.conf new file mode 100644 index 0000000..66f2d94 --- /dev/null +++ b/server/proxy/lopolis.conf @@ -0,0 +1,55 @@ +# /etc/nginx/sites-enabled/lopolis +server { + listen 0.0.0.0:80; + listen [::]:80; + server_name .lopolis.gimb.tk; + return 301 https://lopolis.gimb.tk/; +} +server { + listen 0.0.0.0:443 http2 ssl; + listen [::]:443 http2 ssl; + ssl_certificate /etc/ssl/sslforfree/gimb.tk.crtca; + ssl_certificate_key /etc/ssl/sslforfree/gimb.tk.key; + server_name .lopolis.gimb.tk; + location / { + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($http_origin ~ \.?beziapp\.github\.io$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + set $both_conditions "${both_conditions}D"; + } + if ($both_conditions = PD) { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Max-Age' -1; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + access_log /var/log/nginx/lopolis/access.log postdata; + proxy_set_header Host www.lopolis.si; + proxy_set_header X-Real-IP $remote_addr; + proxy_redirect off; + proxy_ssl_server_name on; + proxy_pass https://www.lopolis.si; + # try_files $uri $uri/ =404; + } +} + diff --git a/server/proxy/nginx.conf b/server/proxy/nginx.conf deleted file mode 100644 index 222b8d2..0000000 --- a/server/proxy/nginx.conf +++ /dev/null @@ -1,133 +0,0 @@ -#server { -# server_name _; -# listen 80 default_server; -# # listen 443 default_server; -# listen [::]:80 default_server; -# # listen [::]:443 default_server; -# return 444; -#} -server { - listen 93.103.156.37:80; - listen [::]:80; - server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; - return 301 https://zgimsis.gimb.tk$request_uri; - port_in_redirect off; - server_name_in_redirect off; -} -server { - listen 93.103.156.37:443 ssl http2; - listen [::]:443 ssl http2; - ssl_certificate /etc/ssl/sslforfree/sg.crt; - ssl_certificate_key /etc/ssl/sslforfree/sg.key; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=604800"; - #root /var/www/html; - index index.php index.html index.htm index.nginx-debian.html; - server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; - location /gse/ { - #try_files $uri $uri/ =404; - proxy_pass https://localhost:27443; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $cors ''; - set $both_conditions ""; - add_header "x-debug-location-gse" "triggered"; - if ($http_origin ~ \.?gimb\.tk$) { - set $cors 'true'; - set $both_conditions "P"; - add_header "x-debug-http-origin-check" "passed"; - } - if ($cors = 'true') { - add_header "Access-Control-Allow-Origin" $http_origin always; - add_header "Access-Control-Allow-Credentials" "true" always; - add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; - add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - } - if ($request_method = 'OPTIONS') { - set $both_conditions "${both_conditions}D"; - } - if ($both_conditions = PD) { - add_header "Access-Control-Allow-Origin" $http_origin always; - add_header "Access-Control-Allow-Credentials" "true" always; - add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; - add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - add_header 'Access-Control-Max-Age' -1; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - } - location / { - set $cors ''; - if ($http_origin ~ \.?gimb\.tk$) { - set $cors 'true'; - } - if ($cors = 'true') { - add_header "Access-Control-Allow-Origin" $http_origin always; - add_header "Access-Control-Allow-Credentials" "true" always; - add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; - add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; - } - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Max-Age' 300; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - return 301 https://zgimsis.gimb.tk/gse/; - } - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # fastcgi_pass unix:/run/php/php7.3-fpm.sock; - #} - location ~ /\.ht { - deny all; - } - port_in_redirect off; - server_name_in_redirect off; -} -server { - listen 93.103.156.37:80; - listen [::]:80; - server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; - return 301 https://lopolis-api.gimb.tk$request_uri; - port_in_redirect off; - server_name_in_redirect off; -} -server { - listen 93.103.156.37:443 ssl http2; - listen [::]:443 ssl http2; - ssl_certificate /etc/ssl/sslforfree/sg.crt; - ssl_certificate_key /etc/ssl/sslforfree/sg.key; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=604800"; - #root /var/www/html; - index index.php index.html index.htm index.nginx-debian.html; - server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; - location / { - #try_files $uri $uri/ =404; - proxy_pass http://localhost:44625; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } - #location / { -# return 301 https://zgimsis.gimb.tk/gse/; -# } - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # fastcgi_pass unix:/run/php/php7.3-fpm.sock; - #} - location ~ /\.ht { - deny all; - } - add_header X-This-Is-Definetley-Not-Flask I-Really-Care-If-Someone-DoSes-This-/s; - add_header X-I-Mean-If-Someone-Wants-To-DoS-Me They-Have-The-Power-To-Do-It; - add_header X-Although-It-Is-Illegal-And-I Will-Report-You-To-SiCert-And-They-Will-Bit-Your-Ass; - port_in_redirect off; - server_name_in_redirect off; -} diff --git a/server/proxy/zgimsis.conf b/server/proxy/zgimsis.conf new file mode 100644 index 0000000..72a5974 --- /dev/null +++ b/server/proxy/zgimsis.conf @@ -0,0 +1,51 @@ +# /etc/nginx/sites-enabled/zgimsis +server { + listen 0.0.0.0:80; + listen [::]:80; + server_name .zgimsis.gimb.tk; + return 301 https://zgimsis.gimb.tk/gse/; +} +server { + listen 0.0.0.0:443 http2 ssl; + listen [::]:443 http2 ssl; + ssl_certificate /etc/ssl/sslforfree/gimb.tk.crtca; + ssl_certificate_key /etc/ssl/sslforfree/gimb.tk.key; + server_name .zgimsis.gimb.tk; + location / { + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($http_origin ~ \.?beziapp\.github\.io$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + set $both_conditions "${both_conditions}D"; + } + if ($both_conditions = PD) { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Max-Age' -1; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + access_log /var/log/nginx/zgimsis/access.log postdata; + proxy_pass https://zgimsis.gimb.org/; + # try_files $uri $uri/ =404; + } +} + |