diff options
Diffstat (limited to 'conf')
-rw-r--r-- | conf/0x0.service | 18 | ||||
-rw-r--r-- | conf/cleanup_0x0 | 5 | ||||
-rw-r--r-- | conf/nginx.conf | 56 |
3 files changed, 79 insertions, 0 deletions
diff --git a/conf/0x0.service b/conf/0x0.service new file mode 100644 index 0000000..ace57c0 --- /dev/null +++ b/conf/0x0.service @@ -0,0 +1,18 @@ +# /etc/systemd/system/0x0.service +[Unit] +Description=null pointer +After=network.target + +[Service] +Type=simple +User=0x0 +Group=0x0 +WorkingDirectory=/srv/0x0/ +ExecStart=/usr/bin/uwsgi_python3 --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2 --master +Restart=always +RestartSec=5 +StartLimitInterval=60s +StartLimitBurst=3 + +[Install] +WantedBy=default.target diff --git a/conf/cleanup_0x0 b/conf/cleanup_0x0 new file mode 100644 index 0000000..0137c23 --- /dev/null +++ b/conf/cleanup_0x0 @@ -0,0 +1,5 @@ +# /etc/cron.d/cleanup_0x0 +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +5 */12 * * * root python3 /srv/0x0/cleanup.py >/dev/null 2>&1 diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..c10583d --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,56 @@ +server { + listen 80; +# listen [::]:80; + server_name 0x0.envs.net; + + access_log /var/log/nginx/0x0.envs.net-access.log; + error_log /var/log/nginx/0x0.envs.net-error.log; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + alias /var/lib/letsencrypt/.well-known/acme-challenge/; + } +} + +server { + listen 443 ssl http2; + server_name 0x0.envs.net; + + ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem; + ssl_protocols TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_verify_depth 3; + ssl_dhparam /etc/ssl/certs/envs_dhparam.pem; + + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + # add_header X-Frame-Options "SAMEORIGIN"; + + access_log /var/log/nginx/0x0.envs.net-access.log; + error_log /var/log/nginx/0x0.envs.net-error.log; + + root /srv/0x0; + + location / { + include uwsgi_params; + uwsgi_param UWSGI_SCHEME $scheme; + + # make sure this matches the port you're running uwsgi on + uwsgi_pass 127.0.0.1:3031; + } + + location /up { + internal; + } +} |