|
config {
|
|
var.CWD = "/etc/lighttpd"
|
|
var.PID = 14436
|
|
var.basedir = "/var/www"
|
|
var.logdir = "/var/log/lighttpd"
|
|
var.statedir = "/var/lib/lighttpd"
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
)
|
|
mimetype.assign = (
|
|
".pdf" => "application/pdf",
|
|
".epub" => "application/epub+zip",
|
|
".spl" => "application/futuresplash",
|
|
".jar" => "application/java-archive",
|
|
".class" => "application/java-vm",
|
|
".jsonld" => "application/ld+json",
|
|
".json" => "application/json",
|
|
".mdb" => "application/msaccess",
|
|
".doc" => "application/msword",
|
|
".ogg" => "application/ogg",
|
|
".pgp" => "application/pgp-encrypted",
|
|
".sig" => "application/pgp-signature",
|
|
".ps" => "application/postscript",
|
|
".eps" => "application/postscript",
|
|
".rar" => "applicaion/rar",
|
|
".rdf" => "application/rdf+xml",
|
|
".rss" => "application/rss+xml",
|
|
".rtf" => "application/rtf",
|
|
".azw" => "application/vnd.amazon.ebook",
|
|
".cbz" => "application/vnd.comicbook+zip",
|
|
".cbr" => "application/vnd.comicbook-rar",
|
|
".exe" => "application/vnd.microsoft.portable-executable",
|
|
".xls" => "application/vnd.ms-excel",
|
|
".ppt" => "application/vnd.ms-powerpoint",
|
|
".docm" => "application/vnd.ms-word.document.macroEnabled.12",
|
|
".odt" => "application/vnd.oasis.opendocument.text",
|
|
".ods" => "application/vnd.oasis.opendocument.spreadsheet",
|
|
".odp" => "application/vnd.oasis.opendocument.presentation",
|
|
".odg" => "application/vnd.oasis.opendocument.graphics",
|
|
".odc" => "application/vnd.oasis.opendocument.chart",
|
|
".odf" => "application/vnd.oasis.opendocument.formula",
|
|
".odi" => "application/vnd.oasis.opendocument.image",
|
|
".pptx" => "application/vnd.openxmlformats-officedocument.presentationml.presentation",
|
|
".xlsx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
|
|
".docx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
|
|
".vsd" => "application/vnd.visio",
|
|
".wasm" => "application/wasm",
|
|
".xhtml" => "application/xhtml+xml",
|
|
".zip" => "application/zip",
|
|
".zstd" => "application/zstd",
|
|
".7z" => "application/x-7z-compressed",
|
|
".dmg" => "application/x-apple-diskimage",
|
|
".torrent" => "application/x-bittorrent",
|
|
".bz2" => "application/x-bzip",
|
|
".tbz" => "application/x-bzip-compressed-tar",
|
|
".tar.bz2" => "application/x-bzip-compressed-tar",
|
|
".pgn" => "application/x-chess-pgn",
|
|
".deb" => "application/x-debian-package",
|
|
".dvi" => "application/x-dvi",
|
|
".mm" => "application/x-freemind",
|
|
".gz" => "application/x-gzip",
|
|
".iso" => "application/x-iso9660-image",
|
|
".jnlp" => "application/x-java-jnlp-file",
|
|
".pac" => "application/x-ns-proxy-autoconfig",
|
|
".rpm" => "application/x-redhat-package-manager",
|
|
".swf" => "application/x-shockwave-flash",
|
|
".tar.gz" => "application/x-tgz",
|
|
".tgz" => "application/x-tgz",
|
|
".tar" => "application/x-tar",
|
|
".xz" => "application/x-xz",
|
|
".aac" => "audio/aac",
|
|
".adts" => "audio/aac",
|
|
".ac3" => "audio/ac3",
|
|
".snd" => "audio/basic",
|
|
".mid" => "audio/midi",
|
|
".midi" => "audio/midi",
|
|
".m4a" => "audio/mp4",
|
|
".mp1" => "audio/mpeg",
|
|
".mp2" => "audio/mpeg",
|
|
".mp3" => "audio/mpeg",
|
|
".oga" => "audio/ogg",
|
|
".opus" => "audio/ogg",
|
|
".spx" => "audio/ogg",
|
|
".sid" => "audio/prs.sid",
|
|
".mlp" => "audio/vnd.dolby.mlp",
|
|
".dts" => "audio/vnd.dts",
|
|
".dtshd" => "audio/vnd.dts.hd",
|
|
".flac" => "audio/x-flac",
|
|
".mka" => "audio/x-matroska",
|
|
".m3u" => "audio/x-mpegurl",
|
|
".mod" => "audio/x-mod",
|
|
".wma" => "audio/x-ms-wma",
|
|
".wax" => "audio/x-ms-wax",
|
|
".wav" => "audio/x-wav",
|
|
".otf" => "font/otf",
|
|
".ttf" => "font/ttf",
|
|
".woff" => "font/woff",
|
|
".woff2" => "font/woff2",
|
|
".bmp" => "image/bmp",
|
|
".gif" => "image/gif",
|
|
".heic" => "image/heic",
|
|
".heics" => "image/heic-sequence",
|
|
".heif" => "image/heif",
|
|
".heifs" => "image/heif-sequence",
|
|
".jpg" => "image/jpeg",
|
|
".jpeg" => "image/jpeg",
|
|
".png" => "image/png",
|
|
".tif" => "image/tiff",
|
|
".tiff" => "image/tiff",
|
|
".svg" => "image/svg+xml",
|
|
".svgz" => "image/svg+xml",
|
|
".webp" => "image/webp",
|
|
".psd" => "image/vnd.adobe.photoshop",
|
|
".apng" => "image/vnd.mozilla.apng",
|
|
".ico" => "image/x-icon",
|
|
".xbm" => "image/x-xbitmap",
|
|
".xpm" => "image/x-xpixmap",
|
|
".xwd" => "image/x-xwindowdump",
|
|
".ics" => "text/calendar",
|
|
".css" => "text/css",
|
|
".csv" => "text/csv",
|
|
".html" => "text/html",
|
|
".htm" => "text/html",
|
|
".js" => "text/javascript",
|
|
".asc" => "text/plain",
|
|
".c" => "text/plain",
|
|
".h" => "text/plain",
|
|
".cc" => "text/plain",
|
|
".cpp" => "text/plain",
|
|
".hh" => "text/plain",
|
|
".hpp" => "text/plain",
|
|
".conf" => "text/plain",
|
|
".log" => "text/plain",
|
|
".text" => "text/plain",
|
|
".txt" => "text/plain",
|
|
".diff" => "text/plain",
|
|
".patch" => "text/plain",
|
|
".ebuild" => "text/plain",
|
|
".eclass" => "text/plain",
|
|
".vcard" => "text/vcard",
|
|
".vcf" => "text/vcard",
|
|
".dtd" => "text/xml",
|
|
".xml" => "text/xml",
|
|
".vcs" => "text/x-vcalendar",
|
|
".x3db" => "model/x3d+binary",
|
|
".x3dbz" => "model/x3d+binary",
|
|
".x3dv" => "model/x3d+vrml",
|
|
".x3dvz" => "model/x3d+vrml",
|
|
".x3d" => "model/x3d+xml",
|
|
".x3dz" => "model/x3d+xml",
|
|
".ts" => "video/mp2t",
|
|
".m4v" => "video/mp4",
|
|
".mp4" => "video/mp4",
|
|
".mpeg" => "video/mpeg",
|
|
".mpg" => "video/mpeg",
|
|
".ogv" => "video/ogg",
|
|
".mov" => "video/quicktime",
|
|
".qt" => "video/quicktime",
|
|
".webm" => "video/webm",
|
|
".m4u" => "video/vnd.mpegurl",
|
|
".bik" => "video/vnd.radgamettools.bink",
|
|
".bk2" => "video/vnd.radgamettools.bink",
|
|
".smk" => "video/vnd.radgamettools.smacker",
|
|
".flv" => "video/x-flv",
|
|
".mkv" => "video/x-matroska",
|
|
".mk3d" => "video/x-matroska-3d",
|
|
".mng" => "video/x-mng",
|
|
".avi" => "video/x-msvideo",
|
|
".asf" => "video/x-ms-asf",
|
|
".asx" => "video/x-ms-asf",
|
|
".wmv" => "video/x-ms-wmv",
|
|
)
|
|
server.username = "lighttpd"
|
|
server.groupname = "lighttpd"
|
|
server.document-root = "/var/www/pygos.space/htdocs"
|
|
server.pid-file = "/run/lighttpd.pid"
|
|
server.errorlog = "/var/log/lighttpd/error.log"
|
|
server.indexfiles = ("index.php", "index.html", "index.htm", "default.htm")
|
|
server.tag = ""
|
|
server.follow-symlink = "enable"
|
|
server.feature-flags = (
|
|
"server.h2proto" => "enable",
|
|
"server.h2c" => "enable",
|
|
)
|
|
server.stream-response-body = 2
|
|
server.event-handler = "linux-sysepoll"
|
|
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
|
|
accesslog.filename = "/var/log/lighttpd/access.log"
|
|
url.access-deny = ("~", ".inc", ".htaccess")
|
|
simple-vhost.server-root = "/var/www/servers/"
|
|
simple-vhost.document-root = "/htdocs/"
|
|
simple-vhost.default-host = "pygos.space"
|
|
deflate.mimetypes = ("text/", "image/", "font/")
|
|
deflate.cache-dir = "/var/tmp/lighttpd"
|
|
deflate.allowed-encodings = ("brotli", "gzip", "deflate")
|
|
deflate.max-compress-size = 131072
|
|
deflate.min-compress-size = 256
|
|
deflate.compression-level = 9
|
|
auth.backend = "htdigest"
|
|
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
|
|
auth.require = (
|
|
"/poodle/admin/" => (
|
|
"method" => "digest",
|
|
"algorithm" => "SHA-256",
|
|
"realm" => "Admin Panel",
|
|
"require" => "user=admin",
|
|
),
|
|
)
|
|
expire.mimetypes = (
|
|
"text/" => "access plus 12 hours",
|
|
"image/" => "access plus 12 hours",
|
|
)
|
|
server.modules = (
|
|
"mod_setenv",
|
|
"mod_rewrite",
|
|
"mod_redirect",
|
|
"mod_access",
|
|
"mod_auth",
|
|
"mod_authn_file",
|
|
"mod_proxy",
|
|
"mod_sockproxy",
|
|
"mod_simple_vhost",
|
|
"mod_openssl",
|
|
"mod_expire",
|
|
"mod_deflate",
|
|
"mod_accesslog",
|
|
"mod_fastcgi",
|
|
)
|
|
fastcgi.server = (
|
|
".php" => (
|
|
"localhost" => (
|
|
"host" => "127.0.0.1",
|
|
"port" => "9000",
|
|
),
|
|
),
|
|
)
|
|
|
|
|
|
$HTTP["host"] =~ "^(www\.)?gengenbacher-mixing\.de$" {
|
|
# block 1
|
|
server.error-handler-404 = "/index.php"
|
|
url.access-deny = ("~", ".inc", ".htaccess", "xmlrpc.php")
|
|
url.rewrite-once = (
|
|
"^/(wp-admin|wp-includes|wp-content)/(.*)" => "$0",
|
|
"^/(.*)\.(.+)$" => "$0",
|
|
"^/(.+)/?$" => "/index.php/$1",
|
|
)
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-Download-Options" => "noopen",
|
|
"X-Frame-Options" => "SAMEORIGIN",
|
|
"X-XSS-Protection" => "1; mode=block",
|
|
"Referrer-Policy" => "no-referrer",
|
|
"X-Robots-Tag" => "none",
|
|
"X-Permitted-Cross-Domain-Policies" => "none",
|
|
)
|
|
|
|
} # end of $HTTP["host"] =~ "^(www\.)?gengenbacher-mixing\.de$"
|
|
|
|
$HTTP["host"] == "pygos.space" {
|
|
# block 2
|
|
url.redirect = (
|
|
"^/poodle/admin$" => "/poodle/admin/",
|
|
"^/rspamd$" => "/rspamd/",
|
|
)
|
|
|
|
|
|
$HTTP["url"] =~ "^/poodle/(\..+|composer\.json|composer\.lock|.*\.sh)$" {
|
|
# block 3
|
|
url.access-deny = ("")
|
|
|
|
} # end of $HTTP["url"] =~ "^/poodle/(\..+|composer\.json|composer\.lock|.*\.sh)$"
|
|
|
|
$HTTP["url"] =^ "/dns-query" {
|
|
# block 21
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "127.0.0.1",
|
|
"port" => 3000,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/dns-query"
|
|
|
|
$HTTP["url"] =^ "/rspamd" {
|
|
# block 22
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.11",
|
|
"port" => 80,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"map-urlpath" => (
|
|
"/rspamd/" => "/",
|
|
),
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/rspamd"
|
|
|
|
$HTTP["url"] =^ "/grafana" {
|
|
# block 23
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "127.0.0.1",
|
|
"port" => 3030,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"upgrade" => "enable",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/grafana"
|
|
} # end of $HTTP["host"] == "pygos.space"
|
|
|
|
$HTTP["host"] == "nextcloud.pygos.space" {
|
|
# block 4
|
|
url.rewrite-once = (
|
|
"^remote\/[^\?]*\?(.*)$" => "remote.php&$1",
|
|
"^/\.well-known/webfinger$" => "/index.php/.well-known/webfinger",
|
|
"^/\.well-known/webfinger\?(.*)$" => "/index.php/.well-known/webfinger&$1",
|
|
"^/\.well-known/nodeinfo$" => "/index.php/.well-known/nodeinfo",
|
|
"^/\.well-known/nodeinfo\?(.*)$" => "/index.php/.well-known/nodeinfo&$1",
|
|
)
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-Download-Options" => "noopen",
|
|
"X-Frame-Options" => "SAMEORIGIN",
|
|
"X-XSS-Protection" => "1; mode=block",
|
|
"Referrer-Policy" => "no-referrer",
|
|
)
|
|
|
|
|
|
$HTTP["url"] =~ "^/(build|tests|config|lib|3rdparty|templates|data)($|/)" {
|
|
# block 5
|
|
url.access-deny = ("")
|
|
|
|
} # end of $HTTP["url"] =~ "^/(build|tests|config|lib|3rdparty|templates|data)($|/)"
|
|
|
|
$HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)" {
|
|
# block 6
|
|
|
|
|
|
$HTTP["url"] =~ "^/(\.|autotest|occ|issue|indie|db_|console)" {
|
|
# block 7
|
|
url.access-deny = ("")
|
|
|
|
} # end of $HTTP["url"] =~ "^/(\.|autotest|occ|issue|indie|db_|console)"
|
|
} # end of $HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)"
|
|
|
|
$HTTP["url"] == "" {
|
|
# block 29
|
|
url.redirect = (
|
|
"^$" => "/remote.php/webdav/",
|
|
)
|
|
url.redirect-code = 302
|
|
|
|
} # end of $HTTP["url"] == ""
|
|
|
|
$HTTP["url"] =~ "^/\.well-known/(carddav|caldav)" {
|
|
# block 30
|
|
url.redirect = (
|
|
"^/\.well-known/carddav$" => "/remote.php/dav/",
|
|
"^/\.well-known/caldav$" => "/remote.php/dav/",
|
|
)
|
|
url.redirect-code = 301
|
|
|
|
} # end of $HTTP["url"] =~ "^/\.well-known/(carddav|caldav)"
|
|
|
|
$HTTP["url"] =~ "^/.+[^/]\.(css|js|svg|gif|png|woff2|map)$" {
|
|
# block 39
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-Download-Options" => "noopen",
|
|
"X-Frame-Options" => "SAMEORIGIN",
|
|
"X-XSS-Protection" => "1; mode=block",
|
|
"Referrer-Policy" => "no-referrer",
|
|
"X-Permitted-Cross-Domain-Policies" => "none",
|
|
"X-Robots-Tag" => "none",
|
|
"Cache-Control" => "public, must-revalidate, max-age=15768000",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^/.+[^/]\.(css|js|svg|gif|png|woff2|map)$"
|
|
} # end of $HTTP["host"] == "nextcloud.pygos.space"
|
|
|
|
$SERVER["socket"] == "0.0.0.0:443" {
|
|
# block 8
|
|
ssl.engine = "enable"
|
|
ssl.openssl.ssl-conf-cmd = (
|
|
"DHParameters" => "/etc/ssl/certs/dhparam.pem",
|
|
"Curves" => "X448:X25519:P-521:P-384:P-256",
|
|
"MinProtocol" => "TLSv1.2",
|
|
"Options" => "ServerPreference",
|
|
"CipherString" => "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
|
|
)
|
|
ssl.pemfile = "/etc/letsencrypt/live/pygos.space/cert.pem"
|
|
ssl.privkey = "/etc/letsencrypt/live/pygos.space/privkey.pem"
|
|
ssl.verifyclient.ca-file = "/etc/letsencrypt/live/pygos.space/chain.pem"
|
|
ssl.stapling-file = "/etc/letsencrypt/stapling/pygos.space/staple.der"
|
|
|
|
|
|
$HTTP["host"] =~ "^(www\.)?badischblech\.de$" {
|
|
# block 9
|
|
ssl.pemfile = "/etc/letsencrypt/live/badischblech.de/cert.pem"
|
|
ssl.privkey = "/etc/letsencrypt/live/badischblech.de/privkey.pem"
|
|
ssl.verifyclient.ca-file = "/etc/letsencrypt/live/badischblech.de/chain.pem"
|
|
ssl.stapling-file = "/etc/letsencrypt/stapling/badischblech.de/staple.der"
|
|
|
|
} # end of $HTTP["host"] =~ "^(www\.)?badischblech\.de$"
|
|
|
|
$HTTP["host"] =~ "^(www\.)?gengenbacher-mixing\.de$" {
|
|
# block 10
|
|
ssl.pemfile = "/etc/letsencrypt/live/gengenbacher-mixing.de/cert.pem"
|
|
ssl.privkey = "/etc/letsencrypt/live/gengenbacher-mixing.de/privkey.pem"
|
|
ssl.verifyclient.ca-file = "/etc/letsencrypt/live/gengenbacher-mixing.de/chain.pem"
|
|
ssl.stapling-file = "/etc/letsencrypt/stapling/gengenbacher-mixing.de/staple.der"
|
|
|
|
} # end of $HTTP["host"] =~ "^(www\.)?gengenbacher-mixing\.de$"
|
|
} # end of $SERVER["socket"] == "0.0.0.0:443"
|
|
|
|
$SERVER["socket"] == "0.0.0.0:853" {
|
|
# block 11
|
|
ssl.engine = "enable"
|
|
ssl.openssl.ssl-conf-cmd = (
|
|
"DHParameters" => "/etc/ssl/certs/dhparam.pem",
|
|
"Curves" => "X448:X25519:P-521:P-384:P-256",
|
|
"MinProtocol" => "TLSv1.2",
|
|
"Options" => "ServerPreference",
|
|
"CipherString" => "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
|
|
)
|
|
ssl.pemfile = "/etc/letsencrypt/live/pygos.space/cert.pem"
|
|
ssl.privkey = "/etc/letsencrypt/live/pygos.space/privkey.pem"
|
|
ssl.verifyclient.ca-file = "/etc/letsencrypt/live/pygos.space/chain.pem"
|
|
ssl.stapling-file = "/etc/letsencrypt/stapling/pygos.space/staple.der"
|
|
sockproxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.10",
|
|
"port" => 9000,
|
|
),
|
|
),
|
|
)
|
|
|
|
} # end of $SERVER["socket"] == "0.0.0.0:853"
|
|
|
|
$HTTP["host"] == "matrix.pygos.space" {
|
|
# block 12
|
|
url.redirect = (
|
|
"^/stickers$" => "/stickers/",
|
|
"^/etherpad$" => "/etherpad/",
|
|
"^/whiteboard$" => "/whiteboard/",
|
|
)
|
|
|
|
|
|
$HTTP["url"] =~ "^(\/_matrix|\/_synapse\/client|\/health)" {
|
|
# block 13
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 8008,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^(\/_matrix|\/_synapse\/client|\/health)"
|
|
|
|
$HTTP["url"] =~ "^\/slack\/oauth" {
|
|
# block 14
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 8432,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^\/slack\/oauth"
|
|
|
|
$HTTP["url"] =~ "^\/go-neb" {
|
|
# block 15
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 4050,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^\/go-neb"
|
|
|
|
$HTTP["url"] =~ "^\/stickers/" {
|
|
# block 16
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 8082,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"map-urlpath" => (
|
|
"/stickers/" => "/",
|
|
),
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^\/stickers/"
|
|
|
|
$HTTP["url"] =~ "^\/etherpad\/" {
|
|
# block 17
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 9001,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"map-urlpath" => (
|
|
"/etherpad/" => "/",
|
|
),
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^\/etherpad\/"
|
|
|
|
$HTTP["url"] =~ "^\/whiteboard/" {
|
|
# block 18
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 9002,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"map-urlpath" => (
|
|
"/whiteboard/" => "/",
|
|
),
|
|
"upgrade" => "enable",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^\/whiteboard/"
|
|
} # end of $HTTP["host"] == "matrix.pygos.space"
|
|
|
|
$HTTP["host"] == "dimension.pygos.space" {
|
|
# block 19
|
|
|
|
|
|
$HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)" {
|
|
# block 20
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.13",
|
|
"port" => 8184,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
|
|
} # end of $HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)"
|
|
} # end of $HTTP["host"] == "dimension.pygos.space"
|
|
|
|
$HTTP["host"] == "status.pygos.space" {
|
|
# block 24
|
|
|
|
|
|
$HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)" {
|
|
# block 25
|
|
proxy.server = (
|
|
"" => (
|
|
(
|
|
"host" => "192.168.157.10",
|
|
"port" => 3001,
|
|
),
|
|
),
|
|
)
|
|
proxy.forwarded = (
|
|
"for" => 1,
|
|
"proto" => 1,
|
|
"host" => 1,
|
|
)
|
|
proxy.header = (
|
|
"upgrade" => "enable",
|
|
)
|
|
|
|
} # end of $HTTP["url"] !~ "^/\.well-known/(acme-challenge|pki-validation)"
|
|
} # end of $HTTP["host"] == "status.pygos.space"
|
|
|
|
$HTTP["host"] =~ "^(www\.)?pygos\.space$" {
|
|
# block 26
|
|
url.rewrite-once = (
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9-]+)$" => "/poodle/studs.php?poll=$1",
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$" => "/poodle/studs.php?poll=$1&$2=$3",
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" => "/poodle/studs.php?poll=$1&vote=$2",
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9]{24})/admin$" => "/poodle/adminstuds.php?poll=$1",
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$" => "/poodle/adminstuds.php?poll=$1&vote=$2",
|
|
"^/poodle/(?!admin$)([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/([A-Za-z0-9]+))?$" => "/poodle/adminstuds.php?poll=$1&$2=$4",
|
|
)
|
|
|
|
|
|
$HTTP["url"] !~ "^/(\.well-known/(acme-challenge|pki-validation)|rspamd|grafana)" {
|
|
# block 31
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Cache-Control" => "public, must-revalidate, max-age=15768000",
|
|
)
|
|
|
|
} # end of $HTTP["url"] !~ "^/(\.well-known/(acme-challenge|pki-validation)|rspamd|grafana)"
|
|
|
|
$HTTP["url"] =^ "/grafana" {
|
|
# block 32
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Cache-Control" => "no-cache, no-store, must-revalidate",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/grafana"
|
|
|
|
$HTTP["url"] =^ "/rspamd" {
|
|
# block 33
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Cache-Control" => "no-cache, no-store, must-revalidate",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/rspamd"
|
|
|
|
$HTTP["url"] =~ "^/\.well-known/matrix/client$" {
|
|
# block 34
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Access-Control-Allow-Origin" => "*",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^/\.well-known/matrix/client$"
|
|
|
|
$HTTP["url"] =^ "/poodle" {
|
|
# block 35
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'; media-src 'self' data:",
|
|
"Referrer-Policy" => "strict-origin",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-XSS-Protection" => "1; mode=block",
|
|
"X-Robots-Tag" => "none",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =^ "/poodle"
|
|
} # end of $HTTP["host"] =~ "^(www\.)?pygos\.space$"
|
|
|
|
$HTTP["host"] =~ "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$" {
|
|
# block 27
|
|
url.redirect = (
|
|
"" => "https://pygos.space${url.path}${qsa}",
|
|
)
|
|
|
|
} # end of $HTTP["host"] =~ "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$"
|
|
|
|
$HTTP["scheme"] == "http" {
|
|
# block 28
|
|
url.redirect = (
|
|
"" => "https://${url.authority}${url.path}${qsa}",
|
|
)
|
|
|
|
} # end of $HTTP["scheme"] == "http"
|
|
|
|
$HTTP["host"] =~ "^(www\.)?badischblech\.de$" {
|
|
# block 36
|
|
|
|
|
|
$HTTP["url"] =~ "^/.+[^/]\.ics$" {
|
|
# block 37
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Cache-Control" => "no-cache, no-store, must-revalidate",
|
|
)
|
|
|
|
} # end of $HTTP["url"] =~ "^/.+[^/]\.ics$"
|
|
else {
|
|
# block 38
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"Cache-Control" => "public, must-revalidate, max-age=15768000",
|
|
)
|
|
|
|
} # end of else
|
|
} # end of $HTTP["host"] =~ "^(www\.)?badischblech\.de$"
|
|
|
|
$HTTP["host"] == "element.pygos.space" {
|
|
# block 40
|
|
setenv.set-response-header = (
|
|
"Strict-Transport-Security" => "max-age=31536000; includeSubdomains; preload",
|
|
"X-Content-Type-Options" => "nosniff",
|
|
"X-Download-Options" => "noopen",
|
|
"X-Frame-Options" => "SAMEORIGIN",
|
|
"X-XSS-Protection" => "1; mode=block",
|
|
"Referrer-Policy" => "no-referrer",
|
|
"Content-Security-Policy" => "frame-ancestors 'none'",
|
|
"Cache-Control" => "no-cache, no-store, must-revalidate",
|
|
)
|
|
|
|
} # end of $HTTP["host"] == "element.pygos.space"
|
|
}
|