From 2672925bd2deacd56adf79a1811bf8a3b0307c67 Mon Sep 17 00:00:00 2001 From: Randy Jordan Date: Fri, 8 Nov 2024 16:44:16 -0600 Subject: [PATCH] Added nginx conf and gitea examples --- fail2ban/gitea_jail.local | 8 ++++ gitea/gitea_sites_available | 13 ++++++ nginx/custom_nginx.conf | 90 +++++++++++++++++++++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 fail2ban/gitea_jail.local create mode 100644 gitea/gitea_sites_available create mode 100644 nginx/custom_nginx.conf diff --git a/fail2ban/gitea_jail.local b/fail2ban/gitea_jail.local new file mode 100644 index 0000000..ac91244 --- /dev/null +++ b/fail2ban/gitea_jail.local @@ -0,0 +1,8 @@ +[gitea] +enabled = true +filter = gitea-4xx +logpath = /var/lib/gitea/log/gitea.log +findtime = 300 +maxretry = 10 +bantime = 360000 +action = iptables-allports diff --git a/gitea/gitea_sites_available b/gitea/gitea_sites_available new file mode 100644 index 0000000..5df8d82 --- /dev/null +++ b/gitea/gitea_sites_available @@ -0,0 +1,13 @@ +server { + #... + location / { + client_max_body_size 512M; + proxy_pass http://localhost:3000; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/nginx/custom_nginx.conf b/nginx/custom_nginx.conf new file mode 100644 index 0000000..53a7974 --- /dev/null +++ b/nginx/custom_nginx.conf @@ -0,0 +1,90 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + proxy_hide_header X-Powered-By; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Frame-Options "deny" always; + add_header X-Content-Type-Options "nosniff" always; + proxy_hide_header X-Runtime; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} +