aboutsummaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf')
-rw-r--r--conf/0x0.service18
-rw-r--r--conf/cleanup_0x05
-rw-r--r--conf/nginx.conf56
3 files changed, 79 insertions, 0 deletions
diff --git a/conf/0x0.service b/conf/0x0.service
new file mode 100644
index 0000000..ace57c0
--- /dev/null
+++ b/conf/0x0.service
@@ -0,0 +1,18 @@
+# /etc/systemd/system/0x0.service
+[Unit]
+Description=null pointer
+After=network.target
+
+[Service]
+Type=simple
+User=0x0
+Group=0x0
+WorkingDirectory=/srv/0x0/
+ExecStart=/usr/bin/uwsgi_python3 --socket 127.0.0.1:3031 --wsgi-file fhost.py --callable app --processes 4 --threads 2 --master
+Restart=always
+RestartSec=5
+StartLimitInterval=60s
+StartLimitBurst=3
+
+[Install]
+WantedBy=default.target
diff --git a/conf/cleanup_0x0 b/conf/cleanup_0x0
new file mode 100644
index 0000000..0137c23
--- /dev/null
+++ b/conf/cleanup_0x0
@@ -0,0 +1,5 @@
+# /etc/cron.d/cleanup_0x0
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+5 */12 * * * root python3 /srv/0x0/cleanup.py >/dev/null 2>&1
diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..c10583d
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,56 @@
+server {
+ listen 80;
+# listen [::]:80;
+ server_name 0x0.envs.net;
+
+ access_log /var/log/nginx/0x0.envs.net-access.log;
+ error_log /var/log/nginx/0x0.envs.net-error.log;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ location /.well-known/acme-challenge/ {
+ alias /var/lib/letsencrypt/.well-known/acme-challenge/;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ server_name 0x0.envs.net;
+
+ ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem;
+ ssl_protocols TLSv1.2;
+ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+ ssl_verify_depth 3;
+ ssl_dhparam /etc/ssl/certs/envs_dhparam.pem;
+
+ ssl_session_tickets off;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem;
+
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Content-Type-Options nosniff;
+ # add_header X-Frame-Options "SAMEORIGIN";
+
+ access_log /var/log/nginx/0x0.envs.net-access.log;
+ error_log /var/log/nginx/0x0.envs.net-error.log;
+
+ root /srv/0x0;
+
+ location / {
+ include uwsgi_params;
+ uwsgi_param UWSGI_SCHEME $scheme;
+
+ # make sure this matches the port you're running uwsgi on
+ uwsgi_pass 127.0.0.1:3031;
+ }
+
+ location /up {
+ internal;
+ }
+}
bgstack15