diff --git a/files/neocities b/files/neocities deleted file mode 100644 index 30ab3282..00000000 --- a/files/neocities +++ /dev/null @@ -1,73 +0,0 @@ - server { - listen 80; - listen 443 ssl; - ssl_certificate /etc/nginx/certs/neocities.org.crt; - ssl_certificate_key /etc/nginx/certs/neocities.org.key; - server_name www.neocities.org; - rewrite ^(.*)$ $scheme://neocities.org$1 permanent; - } - - server { - listen 80; - listen 443 ssl; - ssl_certificate /etc/nginx/certs/neocities.org.crt; - ssl_certificate_key /etc/nginx/certs/neocities.org.key; - - set $ssl off; - if ($scheme = https) { - set $ssl on; - } - - root /home/web/neocities-web/public; - server_name neocities.org; - access_log /var/log/nginx/neocities-web.log; - - error_page 500 = /gateway_error.html; - -# location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { -# expires 60s; -# log_not_found off; -# } - - try_files $uri @neocities; - - location @neocities { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Ssl $ssl; - proxy_max_temp_file_size 0; - - # proxy_pass http://127.0.0.1:20000; - proxy_pass http://unix:/var/run/neocities/neocities.sock; - break; - } - } - - server { - listen 80; - listen 443 ssl; - ssl_certificate /etc/nginx/certs/neocities.org.crt; - ssl_certificate_key /etc/nginx/certs/neocities.org.key; - - server_name ~^(?.+)\.neocities.org$; - access_log /var/log/nginx/neocities-sites.log neocities; - root /home/web/neocities-web/public/sites/$subdomain; - index /index.html; - - error_page 404 = @notfound; - - location @notfound { - try_files /not_found.html @notfound_root; - } - - location @notfound_root { - root /home/web/neocities-web/public; - try_files /web_site_not_found.html =404; - } - - location ~* \.(html|jpg|jpeg|png|gif|ico|css|js)$ { - # expires 20s; - log_not_found off; - } - } diff --git a/files/neocities-site-logrotate b/files/neocities-site-logrotate deleted file mode 100644 index 0a3f89b6..00000000 --- a/files/neocities-site-logrotate +++ /dev/null @@ -1,7 +0,0 @@ -/var/log/nginx/neocities-sites.log { - rotate 14 - create 0640 www-data adm - postrotate - [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` - endscript -} diff --git a/files/nginx.conf b/files/nginx.conf deleted file mode 100644 index c045205f..00000000 --- a/files/nginx.conf +++ /dev/null @@ -1,111 +0,0 @@ -user www-data www-data; -worker_processes 8; -pid /var/run/nginx.pid; - -events { - worker_connections 4000; - multi_accept on; - use epoll; -} - -http { - - root /home/web/neocities-web/public; - error_page 404 = /not_found.html; - - log_format neocities '$time_iso8601 $subdomain $bytes_sent $request_uri '; - - ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH; - ssl_prefer_server_ciphers on; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - reset_timedout_connection on; - charset utf-8; - client_max_body_size 20m; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - open_file_cache max=200000 inactive=20s; - open_file_cache_valid 30s; - open_file_cache_min_uses 2; - open_file_cache_errors on; - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - gzip_min_length 1024; - - # gzip_vary on; - # gzip_proxied any; - gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # nginx-naxsi config - ## - # Uncomment it if you installed nginx-naxsi - ## - - #include /etc/nginx/naxsi_core.rules; - - ## - # nginx-passenger config - ## - # Uncomment it if you installed nginx-passenger - ## - - #passenger_root /usr; - #passenger_ruby /usr/bin/ruby; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/files/sysctl.conf b/files/sysctl.conf deleted file mode 100644 index f9ea3438..00000000 --- a/files/sysctl.conf +++ /dev/null @@ -1,70 +0,0 @@ -# -# /etc/sysctl.conf - Configuration file for setting system variables -# See /etc/sysctl.d/ for additional system variables -# See sysctl.conf (5) for information. -# - -#kernel.domainname = example.com - -# Uncomment the following to stop low-level messages on console -#kernel.printk = 3 4 1 3 - -##############################################################3 -# Functions previously found in netbase -# - -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -#net.ipv4.conf.default.rp_filter=1 -#net.ipv4.conf.all.rp_filter=1 - -# Uncomment the next line to enable TCP/IP SYN cookies -# See http://lwn.net/Articles/277146/ -# Note: This may impact IPv6 TCP sessions too -#net.ipv4.tcp_syncookies=1 - -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 - -# Uncomment the next line to enable packet forwarding for IPv6 -# Enabling this option disables Stateless Address Autoconfiguration -# based on Router Advertisements for this host -#net.ipv6.conf.all.forwarding=1 - - -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Do not accept ICMP redirects (prevent MITM attacks) -#net.ipv4.conf.all.accept_redirects = 0 -#net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# net.ipv4.conf.all.secure_redirects = 1 -# -# Do not send ICMP redirects (we are not a router) -#net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -#net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# - -net.ipv4.tcp_max_syn_backlog = 3240000 -net.core.somaxconn = 3240000 -net.ipv4.tcp_max_tw_buckets = 1440000 -net.core.rmem_default = 8388608 -net.core.rmem_max = 16777216 -net.core.wmem_max = 16777216 -net.ipv4.tcp_rmem = 4096 87380 16777216 -net.ipv4.tcp_wmem = 4096 65536 16777216 -net.ipv4.tcp_congestion_control = cubic