diff --git a/ipfs/etc/nginx/sites-available/ipfs-gateway.conf b/ipfs/etc/nginx/sites-available/ipfs-gateway.conf new file mode 100644 index 0000000..97687da --- /dev/null +++ b/ipfs/etc/nginx/sites-available/ipfs-gateway.conf @@ -0,0 +1,131 @@ +upstream gateway { + server 127.0.0.1:8081; +} + +server { + server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot + listen 443 default_server ssl; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; + add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; + + proxy_pass_header Server; + proxy_read_timeout 1800s; + + error_page 403 /403.html; + + location /403.html { + root /var/www/html; + allow all; + } + + location /403.png { + root /var/www/html; + allow all; + } + + location /400.html { + root /var/www/html; + allow all; + } + + location /ipns { + proxy_pass http://gateway; + proxy_set_header Host unitoo.it; + proxy_cache_bypass $http_upgrade; + + proxy_intercept_errors on; + + allow all; + + error_page 400 /400.html; + } + + location /ipfs { + proxy_pass http://gateway; + proxy_set_header Host unitoo.it; + proxy_cache_bypass $http_upgrade; + + proxy_intercept_errors on; + + allow all; + + error_page 400 /400.html; + } + + location / { + proxy_pass http://localhost:5001; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + deny all; # <- Deny other traffic + } + + ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot + + include snippets/denylist.conf; +} + +server { + server_name *.ipfs.unitoo.it *.ipns.unitoo.it; + listen 443 ssl; + + proxy_read_timeout 1800s; + + error_page 403 /403.html; + + location /403.html { + root /var/www/html; + allow all; + } + + location /403.png { + root /var/www/html; + allow all; + } + + location /400.html { + root /var/www/html; + allow all; + } + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; + add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; + + include snippets/denylist.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Ipfs-Gateway-Prefix ""; + proxy_pass http://gateway; + } +} + +server { + server_name ipfs.unitoo.it ipns.unitoo.it; + listen 80; + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; + add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; + + proxy_pass_header Server; + proxy_read_timeout 1800s; + + include snippets/denylist.conf; + + location ~ "^/(ipfs|ipns|api)(/|$)" { + proxy_set_header Host unitoo.it; + proxy_set_header X-Ipfs-Gateway-Prefix ""; + proxy_pass http://gateway; + } + + return 404; +} diff --git a/ipfs/lib/systemd/system/ipfs.service b/ipfs/lib/systemd/system/ipfs.service new file mode 100644 index 0000000..6661590 --- /dev/null +++ b/ipfs/lib/systemd/system/ipfs.service @@ -0,0 +1,26 @@ +[Unit] +Description=IPFS Daemon +After=network.target + +[Service] +#Runtime +Environment="IPFS_PATH=/mnt/ipfs" +Environment=IPFS_LOGGING="error" +ExecStart=/home/ipfs/.local/bin/ipfs daemon --enable-gc --migrate +User=ipfs +Restart=on-failure +RestartSec=10s +KillSignal=SIGINT + +#Accounting +LimitNOFILE=10240 +#LimitNice=10 +MemoryAccounting=true +MemoryHigh=512M +MemoryMax=768M +MemorySwapMax=512M +CPUAccounting=true +CPUQuota=40% + +[Install] +WantedBy=multi-user.target diff --git a/nextcloud/var/www/html/nextcloud/config/config.s3.php b/nextcloud/var/www/html/nextcloud/config/config.s3.php index 0790fd8..6273db2 100644 --- a/nextcloud/var/www/html/nextcloud/config/config.s3.php +++ b/nextcloud/var/www/html/nextcloud/config/config.s3.php @@ -9,7 +9,7 @@ $CONFIG = array ( ), 'datadirectory' => '/var/www/html/nextcloud/data', 'dbtype' => 'mysql', - 'version' => '21.0.3.1', + 'version' => '23.0.3.2', 'overwrite.cli.url' => 'http://your_domain/', 'htaccess.RewriteBase' => '/', 'dbname' => 'nextcloud', @@ -61,4 +61,5 @@ $CONFIG = array ( 'mail_smtppassword' => '', 'maintenance' => false, 'default_phone_region' => 'IT', + 'preview_max_memory' => 768, ); diff --git a/wireguard/client/etc/wireguard/wg0.conf b/wireguard/client/etc/wireguard/wg0.conf new file mode 100644 index 0000000..cc746fe --- /dev/null +++ b/wireguard/client/etc/wireguard/wg0.conf @@ -0,0 +1,13 @@ +[Interface] +Address= +PrivateKey = `wg genkey` +ListenPort = + +[Peer] +PublicKey = +Endpoint = : +AllowedIPs = /24 + +# This is for if you're behind a NAT and +# want the connection to be kept alive. +PersistentKeepalive = 25