From d785ca88405929c828343e7731f6833c6a0319a3 Mon Sep 17 00:00:00 2001
From: PIVODEVAT <ivan.vekhov@mail.ru>
Date: Sun, 2 Feb 2025 03:27:12 +0300
Subject: [PATCH] init

---
 README.md                     |  0
 conf.d/gitea.conf             | 15 ++++++++
 conf.d/http.conf              | 13 +++++++
 conf.d/postfixadmin.conf      | 26 +++++++++++++
 conf.d/punkcraft.conf         | 22 +++++++++++
 conf.d/punkcraft_backend.conf | 15 ++++++++
 conf.d/seafile.conf           | 72 +++++++++++++++++++++++++++++++++++
 nginx.conf                    | 12 ++++++
 8 files changed, 175 insertions(+)
 create mode 100644 README.md
 create mode 100644 conf.d/gitea.conf
 create mode 100644 conf.d/http.conf
 create mode 100644 conf.d/postfixadmin.conf
 create mode 100644 conf.d/punkcraft.conf
 create mode 100644 conf.d/punkcraft_backend.conf
 create mode 100644 conf.d/seafile.conf
 create mode 100644 nginx.conf

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/conf.d/gitea.conf b/conf.d/gitea.conf
new file mode 100644
index 0000000..443904b
--- /dev/null
+++ b/conf.d/gitea.conf
@@ -0,0 +1,15 @@
+server {
+	listen 443 ssl;
+	server_name root-kit.ru;
+
+	ssl_certificate /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:3000;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+	}
+}
diff --git a/conf.d/http.conf b/conf.d/http.conf
new file mode 100644
index 0000000..dc3f7fa
--- /dev/null
+++ b/conf.d/http.conf
@@ -0,0 +1,13 @@
+server {
+	listen 80;
+	server_name root-kit.ru;
+	
+	# Prevent nginx HTTP Server Detection
+	server_tokens off;
+
+	# Редирект с HTTP на HTTPS
+	#return 301 https://$host$request_uri;
+	location / {
+		rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
+	}
+}
diff --git a/conf.d/postfixadmin.conf b/conf.d/postfixadmin.conf
new file mode 100644
index 0000000..ddf5397
--- /dev/null
+++ b/conf.d/postfixadmin.conf
@@ -0,0 +1,26 @@
+server {
+	listen 777 ssl;
+	server_name root-kit.ru;
+
+	ssl_certificate /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem;
+
+	root /usr/local/www/postfixadmin/public; 
+
+	index index.php index.html index.htm;
+
+	location / {
+		try_files $uri $uri/ /index.php?$query_string;
+	}
+
+	location ~ \.php$ {
+		include fastcgi_params;
+		fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	}
+
+	location ~ /\.ht {
+		deny all;
+	}
+}
diff --git a/conf.d/punkcraft.conf b/conf.d/punkcraft.conf
new file mode 100644
index 0000000..e9f3404
--- /dev/null
+++ b/conf.d/punkcraft.conf
@@ -0,0 +1,22 @@
+server {
+	listen 443 ssl;
+	server_name punkcraft.ru;
+
+	ssl_certificate /usr/local/etc/letsencrypt/live/punkcraft.ru/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/punkcraft.ru/privkey.pem;
+
+	# Указываем корневую директорию проекта
+	root /home/xer/punkcraft/frontend/dist;
+
+	# Обрабатываем запросы к статическим файлам
+	location /assets {
+		alias /home/xer/punkcraft/frontend/dist/assets;
+		expires 1y;
+		access_log off;
+		add_header Cache-Control "public";
+	}
+
+	location / {
+		try_files $uri $uri/ /index.html;
+	}
+}
diff --git a/conf.d/punkcraft_backend.conf b/conf.d/punkcraft_backend.conf
new file mode 100644
index 0000000..3d121eb
--- /dev/null
+++ b/conf.d/punkcraft_backend.conf
@@ -0,0 +1,15 @@
+server {
+	listen 3002 ssl;
+	server_name root-kit.ru;
+
+	ssl_certificate /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:3001;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+	}
+}
diff --git a/conf.d/seafile.conf b/conf.d/seafile.conf
new file mode 100644
index 0000000..bbf690f
--- /dev/null
+++ b/conf.d/seafile.conf
@@ -0,0 +1,72 @@
+server {
+	listen        666 ssl;
+	server_name   root-kit.ru;
+	server_tokens off;
+	http2 on;
+
+	ssl_protocols TLSv1.2;
+	ssl_certificate /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem;
+	ssl_prefer_server_ciphers on;
+	ssl_session_timeout 10m;
+
+
+	location / {
+		proxy_pass         http://127.0.0.1:8000;
+		proxy_set_header   Host $host:$server_port;
+		proxy_set_header   X-Real-IP $remote_addr;
+		proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header   X-Forwarded-Host $server_name;
+		proxy_set_header   X-Forwarded-Proto https;
+		proxy_http_version 1.1;
+		proxy_connect_timeout  36000s;
+		proxy_read_timeout  36000s;
+		proxy_send_timeout  36000s;
+		send_timeout  36000s;
+
+		# used for view/edit office file via Office Online Server
+		client_max_body_size 0;
+
+		access_log      /var/log/nginx/seahub.access.log;
+		error_log       /var/log/nginx/seahub.error.log;
+	}
+
+	location /seafhttp {
+		rewrite ^/seafhttp(.*)$ $1 break;
+		proxy_pass http://127.0.0.1:8082;
+		client_max_body_size 0;
+		proxy_connect_timeout  36000s;
+		proxy_read_timeout  36000s;
+		proxy_send_timeout  36000s;
+		send_timeout  36000s;
+		proxy_request_buffering off;
+		proxy_http_version 1.1;
+		
+	}
+
+	location /seafmedia {
+		rewrite ^/seafmedia(.*)$ /media$1 break;
+		root /opt/seafile/seafile-server-latest/seahub;
+	}
+
+	location /seafdav {
+		proxy_pass         http://127.0.0.1:8080;
+		proxy_set_header   Host $host;
+		proxy_set_header   X-Real-IP $remote_addr;
+		proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header   X-Forwarded-Host $server_name;
+		proxy_set_header   X-Forwarded-Proto https;
+		proxy_http_version 1.1;
+		proxy_connect_timeout  36000s;
+		proxy_read_timeout  36000s;
+		proxy_send_timeout  36000s;
+		send_timeout  36000s;
+
+		# This option is only available for Nginx >= 1.8.0.
+		client_max_body_size 0;
+		proxy_request_buffering off;
+
+		access_log      /var/log/nginx/seafdav.access.log;
+		error_log       /var/log/nginx/seafdav.error.log;
+	}
+}
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..42dbe92
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,12 @@
+#user  nobody;
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include			mime.types;
+	include			conf.d/*.conf;	
+    default_type  application/octet-stream;
+}