Natsue

old-frontend.conf 30/11/2021 [INSTALLER]

Jan 4th, 2020 (edited)
1,240
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. limit_req_zone $binary_remote_addr zone=flood:10m rate=7r/s;
  2. limit_req zone=flood burst=10 nodelay;
  3.  
  4. limit_conn_zone $binary_remote_addr zone=ddos:10m;
  5. limit_conn ddos 5;
  6.  
  7. charset UTF-8;
  8.  
  9. # Hanayo frontend
  10. server {
  11.     listen 80;
  12.     listen [::]:80;
  13.     server_name DOMAIN;
  14.     server_name osu.DOMAIN;
  15.     return 301 https://$server_name$request_uri;
  16. }
  17.  
  18. server {
  19.     listen 443 ssl;
  20.     listen [::]:443 ssl;
  21.     server_name DOMAIN;
  22.     server_name osu.DOMAIN;
  23.  
  24.     #Certificate pathes
  25.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  26.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  27.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  28.  
  29.     #Headers
  30.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  31.     add_header X-Content-Type-Options nosniff;
  32.     add_header X-Frame-Options "SAMEORIGIN";
  33.    
  34.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  35.     ssl_protocols TLSv1.2;
  36.     ssl_prefer_server_ciphers on;
  37.  
  38.     #hanayo
  39.     location / {
  40.         proxy_set_header X-Real-IP $remote_addr;
  41.         proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for;
  42.         proxy_set_header X-Forwarded-Proto https;
  43.         proxy_redirect off;
  44.         proxy_pass http://127.0.0.1:6969;
  45.     }
  46.  
  47.     #rippleapi
  48.     location /api {
  49.         proxy_set_header X-Real-IP $remote_addr;
  50.         proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for;
  51.         proxy_set_header X-Forwarded-Proto https;
  52.         proxy_redirect off;
  53.         proxy_pass http://127.0.0.1:40001;
  54.     }
  55.  
  56.     #lets
  57.     location ~ ^/(web|ss|d)/ {
  58.         proxy_set_header X-Real-IP $remote_addr;
  59.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  60.         proxy_set_header X-Forwarded-Proto https;
  61.         proxy_set_header Host $http_host;
  62.         proxy_redirect off;
  63.         proxy_pass http://127.0.0.1:5002;
  64.     }
  65.  
  66.     #star rating
  67.     location /difficulty-rating {
  68.         return 307 https://osu.ppy.sh/difficulty-rating;
  69.     }
  70. }
  71.  
  72. # Avatar server
  73. server {
  74.     listen 80;
  75.     listen [::]:80;
  76.     server_name a.DOMAIN;
  77.     return 301 https://$server_name$request_uri;
  78. }
  79.  
  80. server {
  81.     listen 443 ssl;
  82.     listen [::]:443 ssl;
  83.     server_name a.DOMAIN;
  84.  
  85.     #Certificate pathes
  86.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  87.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  88.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  89.  
  90.     #Headers
  91.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  92.     add_header X-Content-Type-Options nosniff;
  93.     add_header X-Frame-Options "SAMEORIGIN";
  94.     add_header X-Robots-Tag none;
  95.  
  96.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  97.     ssl_protocols TLSv1.2;
  98.     ssl_prefer_server_ciphers on;
  99.  
  100.     location / {
  101.         proxy_set_header X-Real-IP $remote_addr;
  102.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  103.         proxy_set_header X-Forwarded-Proto https;
  104.         proxy_set_header Host $http_host;
  105.         proxy_redirect off;
  106.         proxy_pass http://127.0.0.1:5000;    # default port is 5000
  107.     }
  108. }
  109.  
  110. #Bancho server
  111. server {
  112.     listen 80;
  113.     listen [::]:80;
  114.     server_name c.DOMAIN;
  115.     server_name c4.DOMAIN;
  116.     return 301 https://$server_name$request_uri;
  117. }
  118.  
  119. server {
  120.     listen 443 ssl;
  121.     listen [::]:443 ssl;
  122.     server_name c.DOMAIN;
  123.     server_name c4.DOMAIN;
  124.  
  125.     #Certificate pathes
  126.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  127.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  128.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  129.  
  130.     #Headers
  131.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  132.     add_header X-Content-Type-Options nosniff;
  133.     add_header X-Frame-Options "SAMEORIGIN";
  134.     add_header X-Robots-Tag none;
  135.  
  136.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  137.     ssl_protocols TLSv1.2;
  138.     ssl_prefer_server_ciphers on;
  139.  
  140.     location / {
  141.         proxy_set_header X-Real-IP $remote_addr;
  142.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  143.         proxy_set_header X-Forwarded-Proto https;
  144.         proxy_set_header Host $http_host;
  145.         proxy_redirect off;
  146.         proxy_pass http://127.0.0.1:5001;    # default port is 5001
  147.     }
  148. }
  149.  
  150.  
  151.  
  152. # Old frontend
  153. server {
  154.     listen 80;
  155.     listen [::]:80;
  156.     server_name old.DOMAIN;
  157.     return 301 https://$server_name$request_uri;
  158. }
  159.  
  160. server {
  161.     listen 443 ssl;
  162.     listen [::]:443 ssl;
  163.     server_name old.DOMAIN;
  164.  
  165.     root /var/www/osu.ppy.sh;
  166.     index index.php index.html;
  167.  
  168.     #Certificate pathes
  169.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  170.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  171.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  172.  
  173.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  174.     ssl_protocols TLSv1.2;
  175.     ssl_prefer_server_ciphers on;
  176.  
  177.     #Headers
  178.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  179.     add_header X-Content-Type-Options nosniff;
  180.     add_header X-Frame-Options "SAMEORIGIN";
  181.     add_header X-Robots-Tag none;
  182.  
  183.     location ~ \.php$ {
  184.         try_files $uri =404;
  185.         fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
  186.         fastcgi_index index.php;
  187.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  188.         include /etc/nginx/fastcgi_params;
  189.     }
  190.    
  191.     #lets
  192.     location ~ ^/(web|ss|s|b|letsapi)/ {
  193.         proxy_set_header X-Real-IP $remote_addr;
  194.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  195.         proxy_set_header X-Forwarded-Proto https;
  196.         proxy_set_header Host $http_host;
  197.         proxy_redirect off;
  198.         proxy_pass http://127.0.0.1:5002;
  199.     }
  200.    
  201.     location / {
  202.         #autoindex on;
  203.         index index.php;
  204.         rewrite ^/(u|d)/[0-9]+$ /rewrite.php;
  205.     }
  206. }
  207.  
  208. # S?
  209. server {
  210.     listen 80;
  211.     listen [::]:80;
  212.     server_name s.DOMAIN;
  213.     return 301 https://$server_name$request_uri;
  214. }
  215.  
  216. server {
  217.     listen 443 ssl;
  218.     listen [::]:443 ssl;
  219.     server_name s.DOMAIN;
  220.  
  221.     #Certificate pathes
  222.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  223.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  224.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  225.  
  226.     #Headers
  227.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  228.     add_header X-Content-Type-Options nosniff;
  229.     add_header X-Frame-Options "SAMEORIGIN";
  230.     add_header X-Robots-Tag none;
  231.  
  232.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  233.     ssl_protocols TLSv1.2;
  234.     ssl_prefer_server_ciphers on;
  235.  
  236.     location / {
  237.         return 307 https://s.ppy.sh$request_uri;
  238.     }
  239. }
  240.  
  241. # Assets?
  242. server {
  243.     listen 80;
  244.     listen [::]:80;
  245.     server_name assets.DOMAIN;
  246.     return 301 https://$server_name$request_uri;
  247. }
  248.  
  249. server {
  250.     listen 443 ssl;
  251.     listen [::]:443 ssl;
  252.     server_name assets.DOMAIN;
  253.  
  254.     #Certificate pathes
  255.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  256.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  257.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  258.  
  259.     #Headers
  260.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  261.     add_header X-Content-Type-Options nosniff;
  262.     add_header X-Frame-Options "SAMEORIGIN";
  263.     add_header X-Robots-Tag none;
  264.  
  265.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  266.     ssl_protocols TLSv1.2;
  267.     ssl_prefer_server_ciphers on;
  268.  
  269.     location / {
  270.         return 307 https://assets.ppy.sh$request_uri;
  271.     }
  272. }
  273.  
  274. # b?
  275. server {
  276.     listen 80;
  277.     listen [::]:80;
  278.     server_name b.DOMAIN;
  279.     return 301 https://$server_name$request_uri;
  280. }
  281.  
  282. server {
  283.     listen 443 ssl;
  284.     listen [::]:443 ssl;
  285.     server_name b.DOMAIN;
  286.  
  287.     #Certificate pathes
  288.     ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
  289.     ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
  290.     ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
  291.  
  292.     #Headers
  293.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
  294.     add_header X-Content-Type-Options nosniff;
  295.     add_header X-Frame-Options "SAMEORIGIN";
  296.     add_header X-Robots-Tag none;
  297.  
  298.     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  299.     ssl_protocols TLSv1.2;
  300.     ssl_prefer_server_ciphers on;
  301.  
  302.     location / {
  303.         return 307 https://b.ppy.sh$request_uri;
  304.     }
  305. }
Add Comment
Please, Sign In to add comment