Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nginx -T
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- # configuration file /etc/nginx/nginx.conf:
- user www-data;
- worker_processes auto;
- pid /run/nginx.pid;
- include /etc/nginx/modules-enabled/*.conf;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
- # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
- load_module modules/ngx_http_geoip_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
- load_module modules/ngx_http_image_filter_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
- load_module modules/ngx_http_xslt_filter_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
- load_module modules/ngx_mail_module.so;
- # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
- load_module modules/ngx_stream_module.so;
- # configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip.conf:
- load_module modules/ngx_stream_geoip_module.so;
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- }
- # configuration file /etc/nginx/conf.d/jellyfin.conf:
- server {
- listen 80;
- listen [::]:80;
- #server_name media.exzibyte.com;
- # Uncomment to redirect HTTP to HTTPS
- # return 301 https://$host$request_uri;
- #}
- #server {
- # listen 443 ssl http2;
- # listen [::]:443 ssl http2;
- server_name media.exzibyte.com;
- ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
- client_max_body_size 20M;
- # use a variable to store the upstream proxy
- # in this example we are using a hostname which is resolved via DNS
- # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
- set $jellyfin jellyfin;
- resolver 192.168.0.15 valid=30;
- ssl_certificate /etc/letsencrypt/live/media.exzibyte.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/media.exzibyte.com/privkey.pem;
- include /etc/letsencrypt/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
- add_header Strict-Transport-Security "max-age=31536000" always;
- ssl_trusted_certificate /etc/letsencrypt/live/media.exzibyte.com/chain.pem;
- ssl_stapling on;
- ssl_stapling_verify on;
- # Security / XSS Mitigation Headers
- # NOTE: X-Frame-Options may cause issues with the webOS app
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Content-Type-Options "nosniff";
- # Content Security Policy
- # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- # Enforces https content and restricts JS/CSS to origin
- # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
- # NOTE: The default CSP headers may cause issues with the webOS app
- #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
- location = / {
- return 302 http://$host/web/;
- #return 302 https://$host/web/;
- }
- location / {
- # Proxy main Jellyfin traffic
- proxy_pass http://$jellyfin:8096;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Protocol $scheme;
- proxy_set_header X-Forwarded-Host $http_host;
- # Disable buffering when the nginx proxy gets very resource heavy upon streaming
- proxy_buffering off;
- }
- # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
- location = /web/ {
- # Proxy main Jellyfin traffic
- proxy_pass http://$jellyfin:8096/web/index.html;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Protocol $scheme;
- proxy_set_header X-Forwarded-Host $http_host;
- }
- location /socket {
- # Proxy Jellyfin Websockets traffic
- proxy_pass http://$jellyfin:8096;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Protocol $scheme;
- proxy_set_header X-Forwarded-Host $http_host;
- }
- }
- # configuration file /etc/letsencrypt/options-ssl-nginx.conf:
- # This file contains important security parameters. If you modify this file
- # manually, Certbot will be unable to automatically provide future security
- # updates. Instead, Certbot will print and log an error message with a path to
- # the up-to-date file that you will need to refer to when manually updating
- # this file.
- ssl_session_cache shared:le_nginx_SSL:10m;
- ssl_session_timeout 1440m;
- ssl_session_tickets off;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers off;
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
- # configuration file /etc/nginx/sites-enabled/default:
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- server {
- listen 80;
- listen [::]:80; # comment to disable IPv6
- if ($scheme = "http") {
- return 301 https://$host$request_uri;
- }
- listen 443 ssl http2;
- listen [::]:443 ssl http2; # comment to disable IPv6
- server_name exzibyte.com;
- location / {
- resolver localhost; # Note: you need to set a valid dns resolver here or use 127.0.0.1 / [::1] instead of localhost in the line below. See https://stackoverflow.com/a/49642310 for a better explanation
- proxy_pass http://192.168.0.15:8280$request_uri; # Note: you need to change localhost to 127.0.0.1 or [::1], if you don't use a valid dns resolver in the line above
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header Early-Data $ssl_early_data;
- proxy_set_header X-Forwarded-Scheme $scheme;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header Accept-Encoding "";
- proxy_set_header Host $host;
- client_body_buffer_size 512k;
- proxy_read_timeout 86400s;
- client_max_body_size 0;
- # Websocket
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
- ssl_certificate /etc/letsencrypt/live/exzibyte.com/fullchain.pem; # managed by certbot on host machine
- ssl_certificate_key /etc/letsencrypt/live/exzibyte.com/privkey.pem; # managed by certbot on host machine
- ssl_early_data on;
- ssl_session_timeout 1d;
- ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
- ssl_session_tickets off;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
- ssl_prefer_server_ciphers off;
- }
- # configuration file /etc/nginx/sites-enabled/pterodactyl.conf:
- server_tokens off;
- server {
- listen 80;
- server_name panel.exzibyte.com;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl http2;
- server_name panel.exzibyte.com;
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- # SSL Configuration - Replace the example <domain> with your domain
- ssl_certificate /etc/letsencrypt/live/panel.exzibyte.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/panel.exzibyte.com/privkey.pem;
- ssl_session_cache shared:SSL:10m;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
- ssl_prefer_server_ciphers on;
- # See https://hstspreload.org/ before uncommenting the line below.
- # add_header Strict-Transport-Security "max-age=15768000; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Content-Security-Policy "frame-ancestors 'self'";
- add_header X-Frame-Options DENY;
- add_header Referrer-Policy same-origin;
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php8.1-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- }
- # configuration file /etc/nginx/fastcgi_params:
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param REMOTE_USER $remote_user;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement