From 00f35328ecd7fb71e24d271991083aa76a48d441 Mon Sep 17 00:00:00 2001 From: Luke Hoersten Date: Sat, 10 Feb 2024 15:40:23 -0600 Subject: Added pastebin bin role. --- bin/server/templates/bin@.service.j2 | 11 +++++++++++ bin/server/templates/nginx.conf.j2 | 30 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 bin/server/templates/bin@.service.j2 create mode 100644 bin/server/templates/nginx.conf.j2 (limited to 'bin/server/templates') diff --git a/bin/server/templates/bin@.service.j2 b/bin/server/templates/bin@.service.j2 new file mode 100644 index 0000000..697bb79 --- /dev/null +++ b/bin/server/templates/bin@.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Bin pastebin server bound on port %i +After=syslog.target network.target + +[Service] +ExecStart=/usr/local/bin/bin 127.0.0.1:%i --buffer-size 10 --max-paste-size 16kB +Restart=always +User={{bin_user}} + +[Install] +WantedBy=multi-user.target diff --git a/bin/server/templates/nginx.conf.j2 b/bin/server/templates/nginx.conf.j2 new file mode 100644 index 0000000..e07be7e --- /dev/null +++ b/bin/server/templates/nginx.conf.j2 @@ -0,0 +1,30 @@ +server { + listen 80; + listen [::]:80; + server_name {{nginx_server_name}}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + # listen [::]:443 ssl ipv6only=on; + server_name {{nginx_server_name}}; + + ssl_certificate {{nginx_ssl_cert}}; + ssl_certificate_key {{nginx_ssl_privkey}}; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; + ssl_stapling on; + ssl_stapling_verify on; + + location / { + proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} -- cgit v1.2.3