Newer
Older
# Before changing this, please make sure that the DNS entries exist, otherwise
# acmetool will fail horribly!
acmetool_cert_domains:
- gabriel.c3heaven.de
- c3heaven.de
- lists.c3heaven.de
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
nginx_https_sites:
- name: "c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- location: "~ /wiki(.*)$"
config: "return 301 https://wiki.c3heaven.de$1?$args;"
- location: "~ /kanboard(.*)$"
config: "return 301 https://kanboard.c3heaven.de$1?$args;"
- name: "gabriel.c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- name: "kanboard.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/kanboard;"
- "index index.php;"
locations:
- location: "/"
config: "try_files $uri $uri/ /index.php$is_args$args;"
- location: '~ \.php$'
config: |-
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
- location: '~* ^.+\.(log|sqlite)$'
config: "return 404;"
- location: '~ /\.ht'
config: "return 404;"
- location: '~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$'
config: |-
log_not_found off;
expires 7d;
etag on;
- name: "lists.c3heaven.de"
locations:
- location: "/cgi-bin/mailman"
config: |-
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
- location: "/images/mailman"
config: "alias /usr/share/images/mailman;"
- location: "= /"
config: "return 301 https://lists.c3heaven.de/cgi-bin/mailman/listinfo/;"
- name: "md.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3000;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
- name: "sso.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
- location: "= /"
config: "return 301 https://sso.c3heaven.de/auth/realms/master/account;"
- name: "wiki.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/dokuwiki;"
- "index doku.php;"
locations:
- location: "~ /(conf/|bin/|inc/|install.php)"
config: "deny all;"
- location: "~ ^/data/"
config: "internal;"
- location: '~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$'
config: "expires 365d;"
- location: "/"
config: "try_files $uri $uri/ @dokuwiki;"
- location: "@dokuwiki"
config: |-
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
- location: '~ \.php$'
config: |-
try_files $uri $uri/ /doku.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
access_log off;
log_not_found off;
return 301 https://$host$request_uri;
nginx_https_default_headers:
- 'Strict-Transport-Security "max-age=31536000; includeSubDomains"'
- 'X-XSS-Protection "1; mode=block"'
- 'X-Frame-Options "DENY"'
- 'X-Content-Type-Options "nosniff"'
- 'Referrer-Policy "same-origin"'
rspamd_enabled: true
postfix_mydestination: "localhost, $myhostname, c3heaven.de"
postfix_myorigin: "c3heaven.de"
postfix_generic_map:
- "www-data@c3heaven.de noreply@c3heaven.de"
postfix_additional_admin_aliases:
- shift
- shifts
- ticket
postfix_alias_maps:
- "hash:/etc/aliases"
- "hash:/var/lib/mailman/data/aliases"
postfix_virtual_alias_domains:
- "lists.c3heaven.de"
postfix_virtual_alias_maps:
- "hash:/var/lib/mailman/data/virtual-mailman"