server_tokens off; server { listen 80; listen [::]:80; server_name sg phus.lu cdn.phus.lu; access_log /var/log/nginx/phus_lu.log; error_log /var/log/nginx/phus_lu.error.log; charset utf-8; server_tokens off; client_max_body_size 128M; index index.html index.php; root /home/phuslu/web; disable_symlinks off; add_header Link '; rel="icon"; type="image/png"'; add_header Strict-Transport-Security "max-age=0"; #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header cache-control "no-cache"; add_header access-control-allow-origin "*"; add_header referrer-policy "no-referrer"; add_header x-content-type-options nosniff; add_header x-xss-protection "1; mode=block"; add_header x-frame-options sameorigin; #add_header x-robots-tag "noindex, nofollow"; gzip on; gzip_vary on; gzip_proxied any; gzip_types text/plain text/xml text/css application/javascript application/json; location = / { if ($http_x_forwarded_proto != https) { return 301 https://$http_host$request_uri; } add_header link '; rel="dns-prefetch"'; autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } location = /ssh.pub { default_type text/plain; add_header x-ssh-import "curl -sS phus.lu/ssh.pub | tee -a ~/.ssh/authorized_keys"; try_files /ssh.pub =404; } location = /liner { default_type text/plain; try_files /liner/get.sh =404; } location = /ncsi.txt { return 200 "Microsoft NCSI"; } location = /generate_204 { return 204 ""; } location = /zoom { #return 302 "https://us04web.zoom.us/wc/join/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09"; return 302 "https://us04web.zoom.us/j/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09"; } location = /jsonp { fastcgi_pass unix:/var/run/php/php-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/jsonp.php; include fastcgi_params; } location = /metrics { proxy_pass http://127.0.0.1:9100; proxy_http_version 1.1; } location = /aria2/jsonrpc { rewrite /aria2/(.*) /$1 break; proxy_pass http://127.0.0.1:6800; proxy_http_version 1.1; } location = /derp { proxy_pass http://127.0.0.1:3478; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /grafana/ { proxy_pass http://grafana.internal; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /jellyfin/ { proxy_pass http://jellyfin.internal; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /jupyter/ { proxy_pass http://jupyter.internal; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /metube/ { proxy_pass http://metube.internal; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /navidrome/ { proxy_pass http://navidrome.internal; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ /spdf/ { proxy_pass http://spdf.internal; proxy_http_version 1.1; rewrite /spdf/(.*) /$1 break; sub_filter 'href="/apple-touch-icon.png' 'href="/spdf/apple-touch-icon.png'; sub_filter 'href="/favicon-32x32.png' 'href="/spdf/favicon-32x32.png'; sub_filter 'href="/favicon-16x16.png' 'href="/spdf/favicon-16x16.png'; sub_filter 'href="/site.webmanifest' 'href="/spdf/site.webmanifest'; sub_filter 'href="/safari-pinned-tab.svg' 'href="/spdf/safari-pinned-tab.svg'; sub_filter 'href="/favicon.ico' 'href="/spdf/favicon.ico'; sub_filter 'href="/pdfjs/css/' 'href="pdfjs/css/'; sub_filter 'action="/' 'action="/spdf/'; sub_filter_once off; proxy_redirect https://phus.lu/ https://phus.lu/spdf/; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection Upgrade; } location ~ /ttyd/ { proxy_pass http://ttyd.internal; proxy_http_version 1.1; auth_basic "Log in to continue"; auth_basic_user_file /home/phuslu/web/.htpasswd; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location ~ "^/(get|((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4})$" { fastcgi_pass unix:/var/run/php/php-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/ip.php; include fastcgi_params; } location ~ ^/(.htpasswd|z/)$ { auth_basic "Log in to continue"; auth_basic_user_file /home/phuslu/web/.htpasswd; autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } location /tmp/ { alias /tmp/; autoindex off; } location ~ ^/speech/.+\.md$ { default_type text/html; add_after_body /code/markdown.html; } #location ~* \.(mmdb)$ { # return 403; #} location ~* \.(ico|css|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ { expires 1d; access_log off; add_header Pragma public; } location ~ \.(md|log|pac|keys|lua|json|yaml|toml|conf|cmd|sh|bash|h|c|cpp|hpp|py|go|service|dockerfile)$ { default_type text/plain; } location ~ ^/(bashrc|vimrc|server/ipinfo)$ { default_type text/plain; } location ~ "^/notes/([a-zA-Z0-9_-]{1,})$" { try_files $uri /notes/index.php?note=$1; } location ~ ^/(tz.php|upload/upload.php|notes/index.php)$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } location ~ ^(.*)/$ { autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } }