user nginx nginx; worker_processes 1; events { worker_connections 1024; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; gzip off; client_body_timeout 1m; client_header_timeout 1m; # SSL parameters ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; index index.html; # Redirect unkown hostnames to main site server { listen 80; listen [::]:80; server_name _; return 400; } # HTTP/S Redirects server { listen 80; listen [::]:80; server_name howler.space; return 302 https://howler.space$request_uri; } server { listen 80; listen [::]:80; server_name bm.howler.space; return 302 https://prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name bigmike.sne.jp; return 302 https://bm.howler.space$request_uri; } # server { listen 80; listen [::]:80; server_name ral.howler.space; # return 302 https://ral.howler.space$request_uri; } # server { listen 80; listen [::]:80; server_name irc.ral.space; return 302 https://irc.prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name prettyboytellem.com; return 302 https://prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name bigmike.space; return 302 https://bigmike.space$request_uri; } server { listen 80; listen [::]:80; server_name hooya.space; return 302 https://hooya.space$request_uri; } server { listen 80; listen [::]:80; server_name wesleycoakley.com; return 302 https://wesleycoakley.com$request_uri; } server { listen 80; listen [::]:80; server_name bbdiary.prettyboytellem.com; return 301 https://bbdiary.prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name cdn.prettyboytellem.com; return 301 https://cdn.prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name cdn.wesleycoakley.com; return 301 https://cdn.wesleycoakley.com$request_uri; } server { listen 80; listen [::]:80; server_name www4.howler.space; return 301 https://www4.howler.space$request_uri; } server { listen 80; listen [::]:80; server_name raamen.org; return 301 https://raamen.org$request_uri; } server { listen 80; listen [::]:80; server_name ralee.org; return 301 https://ralee.org$request_uri; } server { listen 80; listen [::]:80; server_name cdn.raamen.org; return 301 https://cdn.raamen.org$request_uri; } server { listen 80; listen [::]:80; server_name irc.prettyboytellem.com; return 301 https://irc.prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name spitfire.prettyboytellem.com; return 301 https://spitfire.prettyboytellem.com$request_uri; } # howler legacy redirect server { listen 80; listen [::]:80; server_name howler.us.to; return 302 https://howler.space/ncsu; } server { listen 80; listen [::]:80; server_name yumi.howler.space; return 302 https://prettyboytellem.com; } # ral.space legacy redirect server { listen 80; listen [::]:80; server_name ral.space; return 302 https://ralee.org$request_uri; } # Return canonical non-www sites server { listen 80; listen [::]:80; server_name www.ral.space; return 302 https://ralee.org$request_uri; } server { listen 80; listen [::]:80; server_name www.howler.space; return 302 https://howler.space$request_uri; } server { listen 80; listen [::]:80; server_name www.prettyboytellem.com; return 302 https://prettyboytellem.com$request_uri; } server { listen 80; listen [::]:80; server_name www.bigmike.space; return 302 https://bigmike.space$request_uri; } server { listen 80; listen [::]:80; server_name www.hooya.space; return 302 https://hooya.space$request_uri; } server { listen 80; listen [::]:80; server_name www.wesleycoakley.com; return 302 https://wesleycoakley.com$request_uri; } server { listen 80; listen [::]:80; server_name www.raamen.org; return 301 https://raamen.org$request_uri; } # .onion addresses server { listen 80; # ral.space server_name f22glwrndpxkacwp.onion; location / { access_log /var/log/nginx/ral-onion-access.log; error_log /var/log/nginx/ral-onion-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison/; } location /api { access_log /var/log/nginx/ral-onion-access.log; error_log /var/log/nginx/ral-onion-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison/; } } server { listen 80; # prettyboytellem.com server_name wohwsqxxrctfp4ku.onion; location / { access_log /var/log/nginx/prettyboy-onion-access.log; error_log /var/log/nginx/prettyboy-onion-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison/; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www4.howler.space; ssl on; ssl_certificate /etc/letsencrypt/live/howler.space/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/howler.space/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/howler.space/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/www4-access.log; error_log /var/log/nginx/www4-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison/; } location /.well-known { alias /var/http/.well-known; } location /sock { access_log off; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name bigmike.space; ssl on; ssl_certificate /etc/letsencrypt/live/bigmike.space/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bigmike.space/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/bigmike.space/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; client_max_body_size 1G; location / { access_log /var/log/nginx/bigmike-access.log; access_log /var/log/nginx/bigmike-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name prettyboytellem.com; ssl on; ssl_certificate /etc/letsencrypt/live/prettyboytellem.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/prettyboytellem.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/prettyboytellem.com/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/prettyboy-access.log; access_log /var/log/nginx/prettyboy-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /30XX/stream/ { proxy_pass http://localhost:8000/; add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name hooya.space; ssl on; ssl_certificate /etc/letsencrypt/live/hooya.space/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hooya.space/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/hooya.space/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/bigmike-access.log; access_log /var/log/nginx/bigmike-error.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name howler.space; ssl on; ssl_certificate /etc/letsencrypt/live/howler.space/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/howler.space/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/howler.space/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; client_max_body_size 15M; location / { proxy_buffering off; proxy_intercept_errors on; proxy_redirect off; access_log /var/log/nginx/howler-access.log; # WebSockets support. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison:8000; } location /sock { proxy_buffering off; proxy_intercept_errors on; proxy_redirect off; access_log off; # WebSockets support. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison:8000; } location /offline.html { internal; } location /.well-known { alias /var/http/.well-known; } root /var/http/howler; error_page 500 502 503 504 /offline.html; } server { listen 443 http2 ssl; listen [::]:443 http2 ssl; server_name ralee.org; ssl on; ssl_certificate /etc/letsencrypt/live/ralee.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ralee.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/ralee.org/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/ralee-access.log; proxy_buffering off; gzip off; proxy_intercept_errors on; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://unison/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; } location /api { access_log off; proxy_buffering off; gzip off; proxy_intercept_errors on; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://unison; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name wesleycoakley.com; ssl on; ssl_certificate /etc/letsencrypt/live/wesleycoakley.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/wesleycoakley.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/wesleycoakley.com/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { proxy_buffering off; proxy_intercept_errors on; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://unison/; access_log /var/log/nginx/presonal-access.log; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name irc.ral.space; ssl on; ssl_certificate /etc/letsencrypt/live/ral.space/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ral.space/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/ral.space/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { return 302 https://irc.prettyboytellem.com; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name irc.prettyboytellem.com; ssl on; ssl_certificate /etc/letsencrypt/live/prettyboytellem.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/prettyboytellem.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/prettyboytellem.com/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/irc-access.log; error_log /var/log/nginx/irc-error.log; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; gzip off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison:9090/; } location /.well-known { alias /var/http/.well-known; } } server { listen 443; server_name bbdiary.prettyboytellem.com; ssl_certificate /etc/letsencrypt/live/prettyboytellem.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/prettyboytellem.com/privkey.pem; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; gzip off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://unison/; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name raamen.org; ssl on; ssl_certificate /etc/letsencrypt/live/raamen.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/raamen.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/raamen.org/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/raamen-access.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cdn.prettyboytellem.com; ssl on; ssl_certificate /etc/letsencrypt/live/prettyboytellem.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/prettyboytellem.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/prettyboytellem.com/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/prettyboy-cdn-access.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cdn.raamen.org; ssl on; ssl_certificate /etc/letsencrypt/live/raamen.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/raamen.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/raamen.org/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; underscores_in_headers on; location / { access_log /var/log/nginx/prettyboy-cdn-access.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; proxy_redirect off; proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; # proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cdn.wesleycoakley.com; ssl on; ssl_certificate /etc/letsencrypt/live/wesleycoakley.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/wesleycoakley.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/wesleycoakley.com/chain.pem; # HSTS add_header Strict-Transport-Security max-age=15768000; location / { access_log /var/log/nginx/personal-cdn-access.log; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_intercept_errors on; proxy_pass http://unison; } location /.well-known { alias /var/http/.well-known; } } } include /etc/nginx/sites-available/*;