server_tokens off; server { listen 80; listen [::]:80; server_name sg phus.lu cloud.phus.lu; access_log /var/log/nginx/phus_lu.log; error_log /var/log/nginx/phus_lu.error.log; charset utf-8; server_tokens off; client_max_body_size 128M; index index.html index.php; root /home/phuslu/web; disable_symlinks off; add_header Link '; rel="icon"; type="image/png"'; add_header Strict-Transport-Security "max-age=0"; #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header cache-control "no-cache"; add_header access-control-allow-origin "*"; add_header referrer-policy "no-referrer"; add_header x-content-type-options nosniff; add_header x-xss-protection "1; mode=block"; add_header x-frame-options sameorigin; #add_header x-robots-tag "noindex, nofollow"; gzip on; gzip_vary on; gzip_proxied any; gzip_types text/plain text/xml text/css application/javascript application/json; location = / { #if ($http_x_forwarded_proto != https) { # return 301 https://$http_host$request_uri; #} add_header link '; rel="dns-prefetch"'; autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } location = /pub { default_type text/plain; add_header x-ssh-import "curl -sS phus.lu/pub | tee -a ~/.ssh/authorized_keys"; try_files /pub =404; } location = /liner { default_type text/plain; try_files /liner/get.sh =404; } location = /ncsi.txt { return 200 "Microsoft NCSI"; } location = /generate_204 { return 204 ""; } location = /zoom { #return 302 "https://us04web.zoom.us/wc/join/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09"; return 302 "https://us04web.zoom.us/j/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09"; } location = /jsonp { fastcgi_pass unix:/var/run/php/php-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/jsonp.php; include fastcgi_params; } location = /metrics { proxy_pass http://127.0.0.1:9100; proxy_http_version 1.1; } location = /aria2/jsonrpc { rewrite /aria2/(.*) /$1 break; proxy_pass http://127.0.0.1:6800; proxy_http_version 1.1; } location = /derp { proxy_pass http://127.0.0.1:3478; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location /todd/.well-known/ { default_type 'application/json; charset=utf-8'; } location ~ ^/(grafana|jellyfin|jupyter|lxde|metube|navidrome|webshell)/ { proxy_pass http://$1.internal; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 180; proxy_connect_timeout 180; proxy_send_timeout 180; send_timeout 180; } location ~ ^/(yt-dlp)/(.*)$ { proxy_pass http://$1.internal/$2; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 180; proxy_connect_timeout 180; proxy_send_timeout 180; send_timeout 180; } location ~ ^/(.htpasswd|z/)$ { auth_basic "Log in to continue"; auth_basic_user_file /home/phuslu/web/.htpasswd; autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } location /tmp/ { alias /tmp/; } location ~ ^/speech/.+\.md$ { default_type text/html; add_after_body /code/markdown.html; } #location ~* \.(mmdb)$ { # return 403; #} location ~* \.(ico|css|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ { expires 1d; access_log off; add_header Pragma public; } location ~ \.(md|log|pac|keys|lua|json|yaml|toml|conf|cmd|sh|bash|h|c|cpp|hpp|py|go|service|dockerfile)$ { default_type text/plain; } location ~ ^/(bashrc|vimrc|server/ipinfo)$ { default_type text/plain; } location ~ "^/notes/([a-zA-Z0-9_-]{1,})$" { try_files $uri /notes/index.php?note=$1; } location ~ ^/(tz.php|upload/upload.php|notes/index.php)$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } location ~ ^/(github.com)/(.+?)$ { proxy_pass https://$1/$2; proxy_http_version 1.1; proxy_set_header Host $1; proxy_read_timeout 180; proxy_connect_timeout 180; proxy_send_timeout 180; send_timeout 180; } location ~ ^(.*)/$ { add_header cache-control "no-cache"; autoindex on; autoindex_localtime on; autoindex_exact_size off; add_after_body /autoindex.html; } } server { listen 80; listen [::]:80; server_name ip.phus.lu; location = /favicon.ico { default_type "image/svg+xml"; return 200 '🎯'; } location / { fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/ip.php; include fastcgi_params; } }