# configuration file /etc/nginx/nginx.conf:user www-data;worker_processes au

1. # configuration file /etc/nginx/nginx.conf:
2. user www-data;
3. worker_processes auto;
4. pid /run/nginx.pid;
5. include /etc/nginx/modules-enabled/*.conf;
6.  
7. events {
8. worker_connections 768;
9. # multi_accept on;
10. }
11.  
12. http {
13.  
14. ##
15. # Basic Settings
16. ##
17.  
18. sendfile on;
19. tcp_nopush on;
20. types_hash_max_size 2048;
21. # server_tokens off;
22.  
23. # server_names_hash_bucket_size 64;
24. # server_name_in_redirect off;
25.  
26. include /etc/nginx/mime.types;
27. default_type application/octet-stream;
28.  
29. ##
30. # SSL Settings
31. ##
32.  
33. ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
34. ssl_prefer_server_ciphers on;
35.  
36. ##
37. # Logging Settings
38. ##
39.  
40. access_log /var/log/nginx/access.log;
41. error_log /var/log/nginx/error.log;
42.  
43. ##
44. # Gzip Settings
45. ##
46.  
47. gzip on;
48.  
49. # gzip_vary on;
50. # gzip_proxied any;
51. # gzip_comp_level 6;
52. # gzip_buffers 16 8k;
53. # gzip_http_version 1.1;
54. # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
55.  
56. ##
57. # Virtual Host Configs
58. ##
59.  
60. include /etc/nginx/conf.d/*.conf;
61. include /etc/nginx/sites-enabled/*;
62. }
63.  
64.  
65. #mail {
66. # # See sample authentication script at:
67. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
68. #
69. # # auth_http localhost/auth.php;
70. # # pop3_capabilities "TOP" "USER";
71. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
72. #
73. # server {
74. # listen localhost:110;
75. # protocol pop3;
76. # proxy on;
77. # }
78. #
79. # server {
80. # listen localhost:143;
81. # protocol imap;
82. # proxy on;
83. # }
84. #}
85.  
86. # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
87. load_module modules/ngx_http_geoip_module.so;
88.  
89. # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
90. load_module modules/ngx_http_image_filter_module.so;
91.  
92. # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
93. load_module modules/ngx_http_xslt_filter_module.so;
94.  
95. # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
96. load_module modules/ngx_mail_module.so;
97.  
98. # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
99. load_module modules/ngx_stream_module.so;
100.  
101. # configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip.conf:
102. load_module modules/ngx_stream_geoip_module.so;
103.  
104. # configuration file /etc/nginx/mime.types:
105.  
106. types {
107. text/html html htm shtml;
108. text/css css;
109. text/xml xml;
110. image/gif gif;
111. image/jpeg jpeg jpg;
112. application/javascript js;
113. application/atom+xml atom;
114. application/rss+xml rss;
115.  
116. text/mathml mml;
117. text/plain txt;
118. text/vnd.sun.j2me.app-descriptor jad;
119. text/vnd.wap.wml wml;
120. text/x-component htc;
121.  
122. image/png png;
123. image/tiff tif tiff;
124. image/vnd.wap.wbmp wbmp;
125. image/x-icon ico;
126. image/x-jng jng;
127. image/x-ms-bmp bmp;
128. image/svg+xml svg svgz;
129. image/webp webp;
130.  
131. application/font-woff woff;
132. application/java-archive jar war ear;
133. application/json json;
134. application/mac-binhex40 hqx;
135. application/msword doc;
136. application/pdf pdf;
137. application/postscript ps eps ai;
138. application/rtf rtf;
139. application/vnd.apple.mpegurl m3u8;
140. application/vnd.ms-excel xls;
141. application/vnd.ms-fontobject eot;
142. application/vnd.ms-powerpoint ppt;
143. application/vnd.wap.wmlc wmlc;
144. application/vnd.google-earth.kml+xml kml;
145. application/vnd.google-earth.kmz kmz;
146. application/x-7z-compressed 7z;
147. application/x-cocoa cco;
148. application/x-java-archive-diff jardiff;
149. application/x-java-jnlp-file jnlp;
150. application/x-makeself run;
151. application/x-perl pl pm;
152. application/x-pilot prc pdb;
153. application/x-rar-compressed rar;
154. application/x-redhat-package-manager rpm;
155. application/x-sea sea;
156. application/x-shockwave-flash swf;
157. application/x-stuffit sit;
158. application/x-tcl tcl tk;
159. application/x-x509-ca-cert der pem crt;
160. application/x-xpinstall xpi;
161. application/xhtml+xml xhtml;
162. application/xspf+xml xspf;
163. application/zip zip;
164.  
165. application/octet-stream bin exe dll;
166. application/octet-stream deb;
167. application/octet-stream dmg;
168. application/octet-stream iso img;
169. application/octet-stream msi msp msm;
170.  
171. application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
172. application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
173. application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
174.  
175. audio/midi mid midi kar;
176. audio/mpeg mp3;
177. audio/ogg ogg;
178. audio/x-m4a m4a;
179. audio/x-realaudio ra;
180.  
181. video/3gpp 3gpp 3gp;
182. video/mp2t ts;
183. video/mp4 mp4;
184. video/mpeg mpeg mpg;
185. video/quicktime mov;
186. video/webm webm;
187. video/x-flv flv;
188. video/x-m4v m4v;
189. video/x-mng mng;
190. video/x-ms-asf asx asf;
191. video/x-ms-wmv wmv;
192. video/x-msvideo avi;
193. }
194.  
195. # configuration file /etc/nginx/sites-enabled/git.conf:
196. ##
197. # You should look at the following URL's in order to grasp a solid understanding
198. # of Nginx configuration files in order to fully unleash the power of Nginx.
199. # https://www.nginx.com/resources/wiki/start/
200. # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
201. # https://wiki.debian.org/Nginx/DirectoryStructure
202. #
203. # In most cases, administrators will remove this file from sites-enabled/ and
204. # leave it as reference inside of sites-available where it will continue to be
205. # updated by the nginx packaging team.
206. #
207. # This file will automatically load configuration files provided by other
208. # applications, such as Drupal or Wordpress. These applications will be made
209. # available underneath a path with that package name, such as /drupal8.
210. #
211. # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
212. ##
213.  
214. # Default server configuration
215. #
216. server {
217.  
218. # SSL configuration
219. #
220. # listen 443 ssl default_server;
221. # listen [::]:443 ssl default_server;
222. #
223. # Note: You should disable gzip for SSL traffic.
224. # See: https://bugs.debian.org/773332
225. #
226. # Read up on ssl_ciphers to ensure a secure configuration.
227. # See: https://bugs.debian.org/765782
228. #
229. # Self signed certs generated by the ssl-cert package
230. # Don't use them in a production server!
231. #
232. # include snippets/snakeoil.conf;
233.  
234. # Add index.php to the list if you are using PHP
235. index index.html index.htm index.nginx-debian.html index.php;
236.  
237. server_name git.alkarkhi.net;
238.  
239. location / {
240. proxy_pass http://127.0.0.1:3000;
241. }
242.  
243. # pass PHP scripts to FastCGI server
244. #
245. #location ~ \.php$ {
246. # include snippets/fastcgi-php.conf;
247. #
248. # # With php-fpm (or other unix sockets):
249. # fastcgi_pass unix:/run/php/php7.4-fpm.sock;
250. # # With php-cgi (or other tcp sockets):
251. # fastcgi_pass 127.0.0.1:9000;
252. #}
253.  
254. # deny access to .htaccess files, if Apache's document root
255. # concurs with nginx's one
256. #
257. location ~ /\.ht {
258. deny all;
259. }
260.  
261. listen [::]:443 ssl; # managed by Certbot
262. listen 443 ssl; # managed by Certbot
263. ssl_certificate /etc/letsencrypt/live/git.alkarkhi.net/fullchain.pem; # managed by Certbot
264. ssl_certificate_key /etc/letsencrypt/live/git.alkarkhi.net/privkey.pem; # managed by Certbot
265. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
266. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
267.  
268. }
269.  
270.  
271. # Virtual Host configuration for example.com
272. #
273. # You can move that to a different file under sites-available/ and symlink that
274. # to sites-enabled/ to enable it.
275. #
276. #server {
277. # listen 80;
278. # listen [::]:80;
279. #
280. # server_name example.com;
281. #
282. # root /var/www/example.com;
283. # index index.html;
284. #
285. # location / {
286. # try_files $uri $uri/ =404;
287. # }
288. #}
289.  
290. server {
291. if ($host = git.alkarkhi.net) {
292. return 301 https://$host$request_uri;
293. } # managed by Certbot
294.  
295.  
296. listen 80;
297. listen [::]:80;
298.  
299. server_name git.alkarkhi.net;
300. return 404; # managed by Certbot
301.  
302.  
303. }
304. # configuration file /etc/letsencrypt/options-ssl-nginx.conf:
305. # This file contains important security parameters. If you modify this file
306. # manually, Certbot will be unable to automatically provide future security
307. # updates. Instead, Certbot will print and log an error message with a path to
308. # the up-to-date file that you will need to refer to when manually updating
309. # this file.
310.  
311. ssl_session_cache shared:le_nginx_SSL:10m;
312. ssl_session_timeout 1440m;
313. ssl_session_tickets off;
314.  
315. ssl_protocols TLSv1.2 TLSv1.3;
316. ssl_prefer_server_ciphers off;
317.  
318. ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
319.  
320. # configuration file /etc/nginx/sites-enabled/home.conf:
321. ##
322. # You should look at the following URL's in order to grasp a solid understanding
323. # of Nginx configuration files in order to fully unleash the power of Nginx.
324. # https://www.nginx.com/resources/wiki/start/
325. # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
326. # https://wiki.debian.org/Nginx/DirectoryStructure
327. #
328. # In most cases, administrators will remove this file from sites-enabled/ and
329. # leave it as reference inside of sites-available where it will continue to be
330. # updated by the nginx packaging team.
331. #
332. # This file will automatically load configuration files provided by other
333. # applications, such as Drupal or Wordpress. These applications will be made
334. # available underneath a path with that package name, such as /drupal8.
335. #
336. # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
337. ##
338.  
339. # Default server configuration
340. #
341. server {
342.  
343. # SSL configuration
344. #
345. # listen 443 ssl default_server;
346. # listen [::]:443 ssl default_server;
347. #
348. # Note: You should disable gzip for SSL traffic.
349. # See: https://bugs.debian.org/773332
350. #
351. # Read up on ssl_ciphers to ensure a secure configuration.
352. # See: https://bugs.debian.org/765782
353. #
354. # Self signed certs generated by the ssl-cert package
355. # Don't use them in a production server!
356. #
357. # include snippets/snakeoil.conf;
358.  
359. root /var/www/home;
360.  
361. # Add index.php to the list if you are using PHP
362. index index.html index.htm index.nginx-debian.html index.php;
363.  
364. server_name alkarkhi.net www.alkarkhi.net;
365.  
366. location / {
367. # First attempt to serve request as file, then
368. # as directory, then fall back to displaying a 404.
369. try_files $uri $uri/ =404;
370. }
371.  
372. # pass PHP scripts to FastCGI server
373. #
374. #location ~ \.php$ {
375. # include snippets/fastcgi-php.conf;
376. #
377. # # With php-fpm (or other unix sockets):
378. # fastcgi_pass unix:/run/php/php7.4-fpm.sock;
379. # # With php-cgi (or other tcp sockets):
380. # fastcgi_pass 127.0.0.1:9000;
381. #}
382.  
383. # deny access to .htaccess files, if Apache's document root
384. # concurs with nginx's one
385. #
386. location ~ /\.ht {
387. deny all;
388. }
389.  
390. listen [::]:443 ssl ipv6only=on; # managed by Certbot
391. listen 443 ssl; # managed by Certbot
392. ssl_certificate /etc/letsencrypt/live/alkarkhi.net/fullchain.pem; # managed by Certbot
393. ssl_certificate_key /etc/letsencrypt/live/alkarkhi.net/privkey.pem; # managed by Certbot
394. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
395. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
396.  
397.  
398. }
399.  
400.  
401. # Virtual Host configuration for example.com
402. #
403. # You can move that to a different file under sites-available/ and symlink that
404. # to sites-enabled/ to enable it.
405. #
406. #server {
407. # listen 80;
408. # listen [::]:80;
409. #
410. # server_name example.com;
411. #
412. # root /var/www/example.com;
413. # index index.html;
414. #
415. # location / {
416. # try_files $uri $uri/ =404;
417. # }
418. #}
419.  
420. server {
421. if ($host = www.alkarkhi.net) {
422. return 301 https://$host$request_uri;
423. } # managed by Certbot
424.  
425.  
426. if ($host = alkarkhi.net) {
427. return 301 https://$host$request_uri;
428. } # managed by Certbot
429.  
430.  
431. listen 80 default_server;
432. listen [::]:80 default_server;
433.  
434. server_name alkarkhi.net www.alkarkhi.net;
435. return 404; # managed by Certbot
436.  
437.  
438.  
439.  
440. }
441. # configuration file /etc/nginx/sites-enabled/mail.conf:
442. ##
443. # You should look at the following URL's in order to grasp a solid understanding
444. # of Nginx configuration files in order to fully unleash the power of Nginx.
445. # https://www.nginx.com/resources/wiki/start/
446. # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
447. # https://wiki.debian.org/Nginx/DirectoryStructure
448. #
449. # In most cases, administrators will remove this file from sites-enabled/ and
450. # leave it as reference inside of sites-available where it will continue to be
451. # updated by the nginx packaging team.
452. #
453. # This file will automatically load configuration files provided by other
454. # applications, such as Drupal or Wordpress. These applications will be made
455. # available underneath a path with that package name, such as /drupal8.
456. #
457. # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
458. ##
459.  
460. # Default server configuration
461. #
462. server {
463.  
464. # SSL configuration
465. #
466. # listen 443 ssl default_server;
467. # listen [::]:443 ssl default_server;
468. #
469. # Note: You should disable gzip for SSL traffic.
470. # See: https://bugs.debian.org/773332
471. #
472. # Read up on ssl_ciphers to ensure a secure configuration.
473. # See: https://bugs.debian.org/765782
474. #
475. # Self signed certs generated by the ssl-cert package
476. # Don't use them in a production server!
477. #
478. # include snippets/snakeoil.conf;
479.  
480. # Add index.php to the list if you are using PHP
481. index index.html index.htm index.nginx-debian.html index.php;
482.  
483. server_name mail.alkarkhi.net autodiscover.* autoconfig.*;
484.  
485. location / {
486. proxy_pass http://127.0.0.1:8080/;
487. proxy_set_header Host $http_host;
488. proxy_set_header X-Real-IP $remote_addr;
489. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
490. proxy_set_header X-Forwarded-Proto $scheme;
491. client_max_body_size 0;
492. }
493.  
494. location /Microsoft-Server-ActiveSync {
495. proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
496. proxy_set_header Host $http_host;
497. proxy_set_header X-Real-IP $remote_addr;
498. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
499. proxy_set_header X-Forwarded-Proto $scheme;
500. proxy_connect_timeout 75;
501. proxy_send_timeout 3650;
502. proxy_read_timeout 3650;
503. proxy_buffers 64 256k;
504. client_body_buffer_size 512k;
505. client_max_body_size 0;
506. }
507.  
508.  
509. # pass PHP scripts to FastCGI server
510. #
511. #location ~ \.php$ {
512. # include snippets/fastcgi-php.conf;
513. #
514. # # With php-fpm (or other unix sockets):
515. # fastcgi_pass unix:/run/php/php7.4-fpm.sock;
516. # # With php-cgi (or other tcp sockets):
517. # fastcgi_pass 127.0.0.1:9000;
518. #}
519.  
520. # deny access to .htaccess files, if Apache's document root
521. # concurs with nginx's one
522. #
523. location ~ /\.ht {
524. deny all;
525. }
526.  
527. listen [::]:443 ssl http2; # managed by Certbot
528. listen 443 ssl http2; # managed by Certbot
529. ssl_certificate /etc/letsencrypt/live/mail.alkarkhi.net/fullchain.pem; # managed by Certbot
530. ssl_certificate_key /etc/letsencrypt/live/mail.alkarkhi.net/privkey.pem; # managed by Certbot
531. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
532. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
533.  
534. }
535.  
536.  
537. # Virtual Host configuration for example.com
538. #
539. # You can move that to a different file under sites-available/ and symlink that
540. # to sites-enabled/ to enable it.
541. #
542. #server {
543. # listen 80;
544. # listen [::]:80;
545. #
546. # server_name example.com;
547. #
548. # root /var/www/example.com;
549. # index index.html;
550. #
551. # location / {
552. # try_files $uri $uri/ =404;
553. # }
554. #}
555.  
556. server {
557. if ($host = mail.alkarkhi.net) {
558. return 301 https://$host$request_uri;
559. } # managed by Certbot
560.  
561.  
562. listen 80;
563. listen [::]:80;
564.  
565. server_name mail.alkarkhi.net autodiscover.* autoconfig.*;
566. return 404; # managed by Certbot
567.  
568.  
569. }
570.  
571.