# configuration file /etc/nginx/nginx.conf:user www-data;worker_processes au

1. # configuration file /etc/nginx/nginx.conf:
2. user www-data;
3. worker_processes auto;
4. pid /run/nginx.pid;
5. include /etc/nginx/modules-enabled/*.conf;
6.  
7. events {
8. worker_connections 768;
9. # multi_accept on;
10. }
11.  
12. http {
13.  
14. ##
15. # Basic Settings
16. ##
17.  
18. sendfile on;
19. tcp_nopush on;
20. tcp_nodelay on;
21. keepalive_timeout 65;
22. types_hash_max_size 2048;
23. # server_tokens off;
24.  
25. # server_names_hash_bucket_size 64;
26. # server_name_in_redirect off;
27.  
28. include /etc/nginx/mime.types;
29. default_type application/octet-stream;
30.  
31. ##
32. # SSL Settings
33. ##
34.  
35. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
36. ssl_prefer_server_ciphers on;
37.  
38. ##
39. # Logging Settings
40. ##
41.  
42. log_format combined_server '[$time_local] '
43. '"$request" $server_name $host $uri $status $body_bytes_sent '
44. '"$http_referer" "$http_user_agent"';
45.  
46. access_log /var/log/nginx/access.log combined_server;
47. error_log /var/log/nginx/error.log;
48.  
49. ##
50. # Gzip Settings
51. ##
52.  
53. gzip on;
54.  
55. # gzip_vary on;
56. # gzip_proxied any;
57. # gzip_comp_level 6;
58. # gzip_buffers 16 8k;
59. # gzip_http_version 1.1;
60. # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
61.  
62. ##
63. # Virtual Host Configs
64. ##
65.  
66. include /etc/nginx/conf.d/*.conf;
67. include /etc/nginx/sites-enabled/*;
68. }
69.  
70.  
71. #mail {
72. # # See sample authentication script at:
73. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
74. #
75. # # auth_http localhost/auth.php;
76. # # pop3_capabilities "TOP" "USER";
77. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
78. #
79. # server {
80. # listen localhost:110;
81. # protocol pop3;
82. # proxy on;
83. # }
84. #
85. # server {
86. # listen localhost:143;
87. # protocol imap;
88. # proxy on;
89. # }
90. #}
91.  
92. stream {
93. include /etc/nginx/streams/*;
94. }
95.  
96. # configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
97. load_module modules/ngx_http_auth_pam_module.so;
98.  
99. # configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
100. load_module modules/ngx_http_dav_ext_module.so;
101.  
102. # configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
103. load_module modules/ngx_http_echo_module.so;
104.  
105. # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
106. load_module modules/ngx_http_geoip_module.so;
107.  
108. # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
109. load_module modules/ngx_http_image_filter_module.so;
110.  
111. # configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
112. load_module modules/ngx_http_subs_filter_module.so;
113.  
114. # configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
115. load_module modules/ngx_http_upstream_fair_module.so;
116.  
117. # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
118. load_module modules/ngx_http_xslt_filter_module.so;
119.  
120. # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
121. load_module modules/ngx_mail_module.so;
122.  
123. # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
124. load_module modules/ngx_stream_module.so;
125.  
126. # configuration file /etc/nginx/mime.types:
127.  
128. types {
129. text/html html htm shtml;
130. text/css css;
131. text/xml xml;
132. image/gif gif;
133. image/jpeg jpeg jpg;
134. application/javascript js;
135. application/atom+xml atom;
136. application/rss+xml rss;
137.  
138. text/mathml mml;
139. text/plain txt;
140. text/vnd.sun.j2me.app-descriptor jad;
141. text/vnd.wap.wml wml;
142. text/x-component htc;
143.  
144. image/png png;
145. image/tiff tif tiff;
146. image/vnd.wap.wbmp wbmp;
147. image/x-icon ico;
148. image/x-jng jng;
149. image/x-ms-bmp bmp;
150. image/svg+xml svg svgz;
151. image/webp webp;
152.  
153. application/font-woff woff;
154. application/java-archive jar war ear;
155. application/json json;
156. application/mac-binhex40 hqx;
157. application/msword doc;
158. application/pdf pdf;
159. application/postscript ps eps ai;
160. application/rtf rtf;
161. application/vnd.apple.mpegurl m3u8;
162. application/vnd.ms-excel xls;
163. application/vnd.ms-fontobject eot;
164. application/vnd.ms-powerpoint ppt;
165. application/vnd.wap.wmlc wmlc;
166. application/vnd.google-earth.kml+xml kml;
167. application/vnd.google-earth.kmz kmz;
168. application/x-7z-compressed 7z;
169. application/x-cocoa cco;
170. application/x-java-archive-diff jardiff;
171. application/x-java-jnlp-file jnlp;
172. application/x-makeself run;
173. application/x-perl pl pm;
174. application/x-pilot prc pdb;
175. application/x-rar-compressed rar;
176. application/x-redhat-package-manager rpm;
177. application/x-sea sea;
178. application/x-shockwave-flash swf;
179. application/x-stuffit sit;
180. application/x-tcl tcl tk;
181. application/x-x509-ca-cert der pem crt;
182. application/x-xpinstall xpi;
183. application/xhtml+xml xhtml;
184. application/xspf+xml xspf;
185. application/zip zip;
186.  
187. application/octet-stream bin exe dll;
188. application/octet-stream deb;
189. application/octet-stream dmg;
190. application/octet-stream iso img;
191. application/octet-stream msi msp msm;
192.  
193. application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
194. application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
195. application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
196.  
197. audio/midi mid midi kar;
198. audio/mpeg mp3;
199. audio/ogg ogg;
200. audio/x-m4a m4a;
201. audio/x-realaudio ra;
202.  
203. video/3gpp 3gpp 3gp;
204. video/mp2t ts;
205. video/mp4 mp4;
206. video/mpeg mpeg mpg;
207. video/quicktime mov;
208. video/webm webm;
209. video/x-flv flv;
210. video/x-m4v m4v;
211. video/x-mng mng;
212. video/x-ms-asf asx asf;
213. video/x-ms-wmv wmv;
214. video/x-msvideo avi;
215. }
216.  
217. # configuration file /etc/nginx/sites-enabled/grzybnia.de:
218. server {
219. server_name grzybnia.de;
220.  
221. root /var/www/html/grzybnia.de;
222. autoindex off;
223.  
224. index index.html;
225.  
226. location / {
227. expires max;
228. try_files $uri $uri/ =404;
229. }
230.  
231.  
232. listen 443 ssl; # managed by Certbot
233. ssl_certificate /etc/letsencrypt/live/grzybnia.de/fullchain.pem; # managed by Certbot
234. ssl_certificate_key /etc/letsencrypt/live/grzybnia.de/privkey.pem; # managed by Certbot
235. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
236. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
237.  
238.  
239. }
240. server {
241. if ($host = grzybnia.de) {
242. return 301 https://$host$request_uri;
243. } # managed by Certbot
244.  
245.  
246. server_name grzybnia.de;
247. listen 80;
248. return 404; # managed by Certbot
249.  
250.  
251. }
252. # configuration file /etc/letsencrypt/options-ssl-nginx.conf:
253. # This file contains important security parameters. If you modify this file
254. # manually, Certbot will be unable to automatically provide future security
255. # updates. Instead, Certbot will print and log an error message with a path to
256. # the up-to-date file that you will need to refer to when manually updating
257. # this file.
258.  
259. ssl_session_cache shared:le_nginx_SSL:10m;
260. ssl_session_timeout 1440m;
261. ssl_session_tickets off;
262.  
263. ssl_protocols TLSv1.2 TLSv1.3;
264. ssl_prefer_server_ciphers off;
265.  
266. ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
267.  
268. # configuration file /etc/nginx/sites-enabled/kacper.grzybnia.de:
269. server {
270. server_name kacper.grzybnia.de;
271.  
272. root /var/www/html/kacper.grzybnia.de;
273. autoindex off;
274.  
275. index index.html;
276.  
277. location / {
278. expires max;
279. try_files $uri $uri/ =404;
280. }
281. }
282.  
283. # configuration file /etc/nginx/sites-enabled/pihole.grzybnia.de:
284. server {
285. root /var/www/html/pihole.grzybnia.de;
286. server_name pihole.grzybnia.de;
287. autoindex off;
288.  
289. index pihole/index.php index.php index.html index.htm;
290.  
291. location / {
292. expires max;
293. try_files $uri $uri/ =404;
294. }
295.  
296. location ~ \.php$ {
297. include fastcgi_params;
298. fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
299. fastcgi_pass unix:/run/php/php7.3-fpm.sock;
300. fastcgi_param FQDN true;
301. auth_basic "Restricted"; # For Basic Auth
302. auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
303. }
304.  
305. location /*.js {
306. index pihole/index.js;
307. auth_basic "Restricted"; # For Basic Auth
308. auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
309. }
310.  
311. location /admin {
312. root /var/www/html/pihole.grzybnia.de;
313. index index.php index.html index.htm;
314. auth_basic "Restricted"; # For Basic Auth
315. auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
316. }
317.  
318. location ~ /\.ht {
319. deny all;
320. }
321.  
322. listen [::]:443 ssl ipv6only=on; # managed by Certbot
323. listen 443 ssl; # managed by Certbot
324. ssl_certificate /etc/letsencrypt/live/pihole.grzybnia.de/fullchain.pem; # managed by Certbot
325. ssl_certificate_key /etc/letsencrypt/live/pihole.grzybnia.de/privkey.pem; # managed by Certbot
326. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
327. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
328.  
329. }
330.  
331. server {
332. if ($host = pihole.grzybnia.de) {
333. return 301 https://$host$request_uri;
334. } # managed by Certbot
335.  
336.  
337. listen 80;
338. listen [::]:80;
339. server_name pihole.grzybnia.de;
340. return 404; # managed by Certbot
341.  
342.  
343. }
344.  
345. # configuration file /etc/nginx/fastcgi_params:
346.  
347. fastcgi_param QUERY_STRING $query_string;
348. fastcgi_param REQUEST_METHOD $request_method;
349. fastcgi_param CONTENT_TYPE $content_type;
350. fastcgi_param CONTENT_LENGTH $content_length;
351.  
352. fastcgi_param SCRIPT_NAME $fastcgi_script_name;
353. fastcgi_param REQUEST_URI $request_uri;
354. fastcgi_param DOCUMENT_URI $document_uri;
355. fastcgi_param DOCUMENT_ROOT $document_root;
356. fastcgi_param SERVER_PROTOCOL $server_protocol;
357. fastcgi_param REQUEST_SCHEME $scheme;
358. fastcgi_param HTTPS $https if_not_empty;
359.  
360. fastcgi_param GATEWAY_INTERFACE CGI/1.1;
361. fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
362.  
363. fastcgi_param REMOTE_ADDR $remote_addr;
364. fastcgi_param REMOTE_PORT $remote_port;
365. fastcgi_param SERVER_ADDR $server_addr;
366. fastcgi_param SERVER_PORT $server_port;
367. fastcgi_param SERVER_NAME $server_name;
368.  
369. # PHP only, required if PHP was built with --enable-force-cgi-redirect
370. fastcgi_param REDIRECT_STATUS 200;
371.  
372. # configuration file /etc/nginx/streams/dns-over-tls:
373. upstream dns-servers {
374. server 127.0.0.1:53;
375. #server dns.grzybnia.de:53;
376. }
377.  
378. server {
379. listen 853 ssl; # managed by Certbot
380. ssl_certificate /etc/letsencrypt/live/grzybnia.de/fullchain.pem; # managed by Certbot
381. ssl_certificate_key /etc/letsencrypt/live/grzybnia.de/privkey.pem; # managed by Certbot
382. ssl_protocols TLSv1.2 TLSv1.3;
383.  
384. ssl_handshake_timeout 10s;
385. ssl_session_cache shared:SSL:20m;
386. ssl_session_timeout 4h;
387. proxy_pass dns-servers;
388. }