summaryrefslogtreecommitdiffstats
path: root/server/proxy
diff options
context:
space:
mode:
authorsijanec <sijanecantonluka@gmail.com>2020-09-26 21:42:10 +0200
committersijanec <sijanecantonluka@gmail.com>2020-09-26 21:42:10 +0200
commit3a3246dfecab404df90513989bf84a270e17d1f1 (patch)
tree629eb2d4f82d561fa709150742bb64c0bef54759 /server/proxy
parentunset tracking vars are now not reported to the spyware server (diff)
downloadbeziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.gz
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.bz2
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.lz
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.xz
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.tar.zst
beziapp-3a3246dfecab404df90513989bf84a270e17d1f1.zip
Diffstat (limited to 'server/proxy')
-rw-r--r--server/proxy/apache.conf99
-rw-r--r--server/proxy/lopolis.conf55
-rw-r--r--server/proxy/nginx.conf133
-rw-r--r--server/proxy/zgimsis.conf51
4 files changed, 106 insertions, 232 deletions
diff --git a/server/proxy/apache.conf b/server/proxy/apache.conf
deleted file mode 100644
index e0c49a5..0000000
--- a/server/proxy/apache.conf
+++ /dev/null
@@ -1,99 +0,0 @@
-<VirtualHost *:27443>
- SSLEngine On
- SSLCertificateFile /etc/ssl/sslforfree/sg.crt
- SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key
- SSLProxyEngine On
- SSLProxyCheckPeerCN Off
- SSLProxyCheckPeerName Off
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- #ServerName www.example.com
-
- #ServerAdmin webmaster@localhost
- #DocumentRoot /var/www/apache2
-
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
-
- RequestHeader unset Accept-Encoding
- ProxyPreserveHost Off
- ProxyPass "/" "https://zgimsis.gimb.org:443/"
- ProxyPassReverse "/" "https://zgimsis.gimb.org:443/"
- AddOutputFilterByType SUBSTITUTE text/html
- Substitute "s|zgimsis.gimb.org|zgimsis.gimb.tk:27443|i"
- Substitute "s/window.location.replace/console.log/i"
- DumpIOInput Off
- DumpIOOutput On
- LogLevel dumpio:trace7
- LogLevel debug
-
-</VirtualHost>
-<VirtualHost *:2780>
-# ServerName cargova.xn--pga.ga
-# SSLEngine On
-# SSLCertificateFile /etc/ssl/sslforfree/sg.crt
-# SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key
- SSLProxyEngine On
- SSLProxyCheckPeerCN Off
- SSLProxyCheckPeerName Off
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- #ServerName www.example.com
-
- #ServerAdmin webmaster@localhost
- #DocumentRoot /var/www/apache2
-
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
-
- RequestHeader unset Accept-Encoding
- ProxyPreserveHost Off
- ProxyPass "/" "https://zgimsis.gimb.org:443/"
- ProxyPassReverse "/" "https://zgimsis.gimb.org:443/"
- AddOutputFilterByType SUBSTITUTE text/html
- Substitute "s/zgimsis.gimb.org/zgimsis.gimb.tk:2780/i"
- Substitute "s/window.location.replace/console.log/i"
- DumpIOInput Off
- DumpIOOutput On
- LogLevel dumpio:trace7
- LogLevel debug
-
-</VirtualHost>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/server/proxy/lopolis.conf b/server/proxy/lopolis.conf
new file mode 100644
index 0000000..66f2d94
--- /dev/null
+++ b/server/proxy/lopolis.conf
@@ -0,0 +1,55 @@
+# /etc/nginx/sites-enabled/lopolis
+server {
+ listen 0.0.0.0:80;
+ listen [::]:80;
+ server_name .lopolis.gimb.tk;
+ return 301 https://lopolis.gimb.tk/;
+}
+server {
+ listen 0.0.0.0:443 http2 ssl;
+ listen [::]:443 http2 ssl;
+ ssl_certificate /etc/ssl/sslforfree/gimb.tk.crtca;
+ ssl_certificate_key /etc/ssl/sslforfree/gimb.tk.key;
+ server_name .lopolis.gimb.tk;
+ location / {
+ if ($http_origin ~ \.?gimb\.tk$) {
+ set $cors 'true';
+ set $both_conditions "P";
+ add_header "x-debug-http-origin-check" "passed";
+ }
+ if ($http_origin ~ \.?beziapp\.github\.io$) {
+ set $cors 'true';
+ set $both_conditions "P";
+ add_header "x-debug-http-origin-check" "passed";
+ }
+ if ($cors = 'true') {
+ add_header "Access-Control-Allow-Origin" $http_origin always;
+ add_header "Access-Control-Allow-Credentials" "true" always;
+ add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+ add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ }
+ if ($request_method = 'OPTIONS') {
+ set $both_conditions "${both_conditions}D";
+ }
+ if ($both_conditions = PD) {
+ add_header "Access-Control-Allow-Origin" $http_origin always;
+ add_header "Access-Control-Allow-Credentials" "true" always;
+ add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+ add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Max-Age' -1;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ access_log /var/log/nginx/lopolis/access.log postdata;
+ proxy_set_header Host www.lopolis.si;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_redirect off;
+ proxy_ssl_server_name on;
+ proxy_pass https://www.lopolis.si;
+ # try_files $uri $uri/ =404;
+ }
+}
+
diff --git a/server/proxy/nginx.conf b/server/proxy/nginx.conf
deleted file mode 100644
index 222b8d2..0000000
--- a/server/proxy/nginx.conf
+++ /dev/null
@@ -1,133 +0,0 @@
-#server {
-# server_name _;
-# listen 80 default_server;
-# # listen 443 default_server;
-# listen [::]:80 default_server;
-# # listen [::]:443 default_server;
-# return 444;
-#}
-server {
- listen 93.103.156.37:80;
- listen [::]:80;
- server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk;
- return 301 https://zgimsis.gimb.tk$request_uri;
- port_in_redirect off;
- server_name_in_redirect off;
-}
-server {
- listen 93.103.156.37:443 ssl http2;
- listen [::]:443 ssl http2;
- ssl_certificate /etc/ssl/sslforfree/sg.crt;
- ssl_certificate_key /etc/ssl/sslforfree/sg.key;
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_prefer_server_ciphers on;
- add_header Strict-Transport-Security "max-age=604800";
- #root /var/www/html;
- index index.php index.html index.htm index.nginx-debian.html;
- server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk;
- location /gse/ {
- #try_files $uri $uri/ =404;
- proxy_pass https://localhost:27443;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- set $cors '';
- set $both_conditions "";
- add_header "x-debug-location-gse" "triggered";
- if ($http_origin ~ \.?gimb\.tk$) {
- set $cors 'true';
- set $both_conditions "P";
- add_header "x-debug-http-origin-check" "passed";
- }
- if ($cors = 'true') {
- add_header "Access-Control-Allow-Origin" $http_origin always;
- add_header "Access-Control-Allow-Credentials" "true" always;
- add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
- add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- }
- if ($request_method = 'OPTIONS') {
- set $both_conditions "${both_conditions}D";
- }
- if ($both_conditions = PD) {
- add_header "Access-Control-Allow-Origin" $http_origin always;
- add_header "Access-Control-Allow-Credentials" "true" always;
- add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
- add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- add_header 'Access-Control-Max-Age' -1;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- }
- location / {
- set $cors '';
- if ($http_origin ~ \.?gimb\.tk$) {
- set $cors 'true';
- }
- if ($cors = 'true') {
- add_header "Access-Control-Allow-Origin" $http_origin always;
- add_header "Access-Control-Allow-Credentials" "true" always;
- add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
- add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
- }
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Max-Age' 300;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- return 301 https://zgimsis.gimb.tk/gse/;
- }
- #location ~ \.php$ {
- # include snippets/fastcgi-php.conf;
- # fastcgi_pass unix:/run/php/php7.3-fpm.sock;
- #}
- location ~ /\.ht {
- deny all;
- }
- port_in_redirect off;
- server_name_in_redirect off;
-}
-server {
- listen 93.103.156.37:80;
- listen [::]:80;
- server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk;
- return 301 https://lopolis-api.gimb.tk$request_uri;
- port_in_redirect off;
- server_name_in_redirect off;
-}
-server {
- listen 93.103.156.37:443 ssl http2;
- listen [::]:443 ssl http2;
- ssl_certificate /etc/ssl/sslforfree/sg.crt;
- ssl_certificate_key /etc/ssl/sslforfree/sg.key;
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_prefer_server_ciphers on;
- add_header Strict-Transport-Security "max-age=604800";
- #root /var/www/html;
- index index.php index.html index.htm index.nginx-debian.html;
- server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk;
- location / {
- #try_files $uri $uri/ =404;
- proxy_pass http://localhost:44625;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- }
- #location / {
-# return 301 https://zgimsis.gimb.tk/gse/;
-# }
- #location ~ \.php$ {
- # include snippets/fastcgi-php.conf;
- # fastcgi_pass unix:/run/php/php7.3-fpm.sock;
- #}
- location ~ /\.ht {
- deny all;
- }
- add_header X-This-Is-Definetley-Not-Flask I-Really-Care-If-Someone-DoSes-This-/s;
- add_header X-I-Mean-If-Someone-Wants-To-DoS-Me They-Have-The-Power-To-Do-It;
- add_header X-Although-It-Is-Illegal-And-I Will-Report-You-To-SiCert-And-They-Will-Bit-Your-Ass;
- port_in_redirect off;
- server_name_in_redirect off;
-}
diff --git a/server/proxy/zgimsis.conf b/server/proxy/zgimsis.conf
new file mode 100644
index 0000000..72a5974
--- /dev/null
+++ b/server/proxy/zgimsis.conf
@@ -0,0 +1,51 @@
+# /etc/nginx/sites-enabled/zgimsis
+server {
+ listen 0.0.0.0:80;
+ listen [::]:80;
+ server_name .zgimsis.gimb.tk;
+ return 301 https://zgimsis.gimb.tk/gse/;
+}
+server {
+ listen 0.0.0.0:443 http2 ssl;
+ listen [::]:443 http2 ssl;
+ ssl_certificate /etc/ssl/sslforfree/gimb.tk.crtca;
+ ssl_certificate_key /etc/ssl/sslforfree/gimb.tk.key;
+ server_name .zgimsis.gimb.tk;
+ location / {
+ if ($http_origin ~ \.?gimb\.tk$) {
+ set $cors 'true';
+ set $both_conditions "P";
+ add_header "x-debug-http-origin-check" "passed";
+ }
+ if ($http_origin ~ \.?beziapp\.github\.io$) {
+ set $cors 'true';
+ set $both_conditions "P";
+ add_header "x-debug-http-origin-check" "passed";
+ }
+ if ($cors = 'true') {
+ add_header "Access-Control-Allow-Origin" $http_origin always;
+ add_header "Access-Control-Allow-Credentials" "true" always;
+ add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+ add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ }
+ if ($request_method = 'OPTIONS') {
+ set $both_conditions "${both_conditions}D";
+ }
+ if ($both_conditions = PD) {
+ add_header "Access-Control-Allow-Origin" $http_origin always;
+ add_header "Access-Control-Allow-Credentials" "true" always;
+ add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+ add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+ add_header 'Access-Control-Max-Age' -1;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ access_log /var/log/nginx/zgimsis/access.log postdata;
+ proxy_pass https://zgimsis.gimb.org/;
+ # try_files $uri $uri/ =404;
+ }
+}
+