forked from ppfun/pixelplanet
Merge branch 'master' into devel
This commit is contained in:
commit
6c9dad52df
|
@ -4,6 +4,9 @@ Files here might be very specific to the setup of pixelplanet.fun and might not
|
|||
## exalple-ecosystem-x.yml and captchaFonts
|
||||
Examples of configurations, will be copied into ./dist on build
|
||||
|
||||
# nginx
|
||||
example nginx config
|
||||
|
||||
## updtmsg
|
||||
Basic nodejs script to print a message and a youtube video, used as a message while updating
|
||||
|
||||
|
|
7
deployment/nginx/README.md
Normal file
7
deployment/nginx/README.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
# nginx config
|
||||
|
||||
Example nginx config.
|
||||
Ratelimiting can be adjusted in `conf.d/1ratelimiters.conf`
|
||||
Everything that's important is in `includes/canvas.conf`
|
||||
`sites-available/canvas.conf` is for domains and redirections.
|
||||
`conf.d/2extiles.conf` is setting the different cache expire times for tile zoomlevels
|
28
deployment/nginx/conf.d/0realip.conf
Normal file
28
deployment/nginx/conf.d/0realip.conf
Normal file
|
@ -0,0 +1,28 @@
|
|||
# - IPv4
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 104.16.0.0/13;
|
||||
set_real_ip_from 104.24.0.0/14;
|
||||
set_real_ip_from 172.64.0.0/13;
|
||||
set_real_ip_from 131.0.72.0/22;
|
||||
|
||||
# - IPv6
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
set_real_ip_from 2a06:98c0::/29;
|
||||
set_real_ip_from 2c0f:f248::/32;
|
||||
|
||||
real_ip_header CF-Connecting-IP;
|
||||
real_ip_recursive on;
|
5
deployment/nginx/conf.d/1ratelimiters.conf
Normal file
5
deployment/nginx/conf.d/1ratelimiters.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
limit_req_zone $binary_remote_addr zone=websocket:5m rate=1r/s;
|
||||
limit_req_zone $binary_remote_addr zone=general:5m rate=1r/s;
|
||||
limit_req_zone $binary_remote_addr zone=chunks:5m rate=40r/s;
|
||||
limit_req_zone $binary_remote_addr zone=captcha:5m rate=20r/m;
|
||||
limit_req_zone $binary_remote_addr zone=authimp:5m rate=5r/m;
|
43
deployment/nginx/conf.d/2extiles.conf
Normal file
43
deployment/nginx/conf.d/2extiles.conf
Normal file
|
@ -0,0 +1,43 @@
|
|||
# maps to set expiration time for /tiles
|
||||
# based on canvas $1 and zoomlevel $2
|
||||
|
||||
map $2 $ex2k {
|
||||
2 15m;
|
||||
1 90m;
|
||||
0 6h;
|
||||
default 2h;
|
||||
}
|
||||
|
||||
map $2 $ex16k {
|
||||
5 15m;
|
||||
4 90m;
|
||||
3 6h;
|
||||
2 9h;
|
||||
1 12h;
|
||||
0 18h;
|
||||
default 2h;
|
||||
}
|
||||
|
||||
map $2 $ex64k {
|
||||
7 15m;
|
||||
6 90m;
|
||||
5 6h;
|
||||
4 9h;
|
||||
3 12h;
|
||||
2 18h;
|
||||
1 24h;
|
||||
0 30h;
|
||||
default 2h;
|
||||
}
|
||||
|
||||
map $1 $extile {
|
||||
0 $ex64k;
|
||||
1 $ex16k;
|
||||
5 $ex16k;
|
||||
6 $ex16k;
|
||||
7 $ex16k;
|
||||
8 $ex2k;
|
||||
default 2h;
|
||||
}
|
||||
|
||||
|
42
deployment/nginx/conf.d/6denyws.conf
Normal file
42
deployment/nginx/conf.d/6denyws.conf
Normal file
|
@ -0,0 +1,42 @@
|
|||
geo $deny_ws {
|
||||
default 0;
|
||||
# Google
|
||||
34.64.0.0/10 1;
|
||||
34.128.0.0/10 1;
|
||||
34.132.0.0/14 1;
|
||||
35.184.0.0/13 1;
|
||||
35.192.0.0/12 1;
|
||||
46.131.0.0/16 1;
|
||||
66.102.0.0/20 1;
|
||||
72.55.128.0/18 1;
|
||||
74.125.0.0/16 1;
|
||||
84.239.14.0/24 1;
|
||||
84.239.49.0/24 1;
|
||||
# Google
|
||||
104.154.0.0/15 1;
|
||||
# Google
|
||||
104.196.0.0/14 1;
|
||||
119.59.121.0/24 1;
|
||||
130.211.0.0/16 1;
|
||||
# Google
|
||||
168.149.128.0/18 1;
|
||||
173.255.112.0/20 1;
|
||||
185.245.26.0/23 1;
|
||||
194.26.192.0/24 1;
|
||||
194.71.130.0/24 1;
|
||||
# TeraSwitch Networks Inc
|
||||
204.16.240.0/21 1;
|
||||
# DataHata BestHost Net
|
||||
217.21.55.0/24 1;
|
||||
# DataHata
|
||||
31.130.200.0/21 1;
|
||||
# DataHata BestHost Net
|
||||
93.125.114.0/24 1;
|
||||
# Secure Servers LLC
|
||||
131.153.0.0/17 1;
|
||||
2a07:d847::/32 1;
|
||||
2a0f:c943::/32 1;
|
||||
2a02:6b8:c08::/48 1;
|
||||
# PlusWeb
|
||||
2a0a:fa40::/29 1;
|
||||
}
|
135
deployment/nginx/includes/canvas.conf
Normal file
135
deployment/nginx/includes/canvas.conf
Normal file
|
@ -0,0 +1,135 @@
|
|||
# For maintenance
|
||||
#location / {
|
||||
# autoindex off;
|
||||
# expires -1;
|
||||
# access_log off;
|
||||
# add_header Cache-Control "public";
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# root /home/pixelpla/pixelplace-redirect/wait;
|
||||
#}
|
||||
|
||||
|
||||
include /etc/nginx/includes/certbotroot.conf;
|
||||
|
||||
location / {
|
||||
proxy_no_cache 1;
|
||||
if ($http_user_agent ~* (python-requests)) {
|
||||
return 503;
|
||||
}
|
||||
limit_req zone=general burst=20 delay=10;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
client_max_body_size 3M;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location = / {
|
||||
if ($http_user_agent ~* (python-requests)) {
|
||||
return 503;
|
||||
}
|
||||
if ( $query_string ) { return 403; }
|
||||
limit_req zone=captcha burst=5;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
# for matrix
|
||||
location /.well-known/matrix/client {
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.pixelplanet.fun"}}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
# for matrix delegations
|
||||
location /.well-known/matrix/server {
|
||||
return 200 '{"m.server":"matrix.pixelplanet.fun:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
# block adminapi
|
||||
location /adminapi {
|
||||
return 403 '{"errors": ["Not allowed from nginx"]}';
|
||||
default_type application/json;
|
||||
}
|
||||
|
||||
location ~ ^/tiles/([0-9]+)/([0-9]+)/([0-9]+)/([0-9]+).webp$ {
|
||||
proxy_no_cache 1;
|
||||
expires $extile;
|
||||
add_header Cache-Control "public";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
root /home/pixelpla/pixelplanet/tiles;
|
||||
try_files /$1/$2/$3/$4.webp /$1/emptytile.webp =404;
|
||||
}
|
||||
|
||||
location /chunks {
|
||||
proxy_no_cache 1;
|
||||
if ( $query_string ) { return 404; }
|
||||
limit_req zone=chunks burst=400 delay=200;
|
||||
access_log off;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
#proxy_no_cache 1;
|
||||
limit_req zone=websocket burst=5;
|
||||
if ($deny_ws) {
|
||||
return 403;
|
||||
}
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /captcha.svg {
|
||||
proxy_no_cache 1;
|
||||
limit_req zone=captcha burst=5;
|
||||
limit_req_status 429;
|
||||
if ($http_user_agent ~* (python-requests)) {
|
||||
return 503;
|
||||
}
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /reset_password {
|
||||
limit_req zone=authimp burst=3;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /mcws {
|
||||
proxy_no_cache 1;
|
||||
limit_req zone=websocket burst=5;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /api/auth {
|
||||
proxy_no_cache 1;
|
||||
limit_req zone=websocket burst=5;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /api/captcha {
|
||||
proxy_no_cache 1;
|
||||
limit_req zone=general burst=10 nodelay;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://$ppfun$request_uri;
|
||||
}
|
||||
|
||||
location /moderation {
|
||||
autoindex on;
|
||||
expires 15m;
|
||||
add_header Cache-Control "public";
|
||||
root /home/pixelpla/pixelplanet/log;
|
||||
}
|
4
deployment/nginx/includes/certbotroot.conf
Normal file
4
deployment/nginx/includes/certbotroot.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
# very handy for setting a common webroot for certbot only
|
||||
location /.well-known/acme-challenge {
|
||||
root /home/pixelpla/certbotroot;
|
||||
}
|
4
deployment/nginx/includes/ppfuncert.conf
Normal file
4
deployment/nginx/includes/ppfuncert.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
ssl_certificate /etc/letsencrypt/live/pixelplanet.fun/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/pixelplanet.fun/privkey.pem;
|
||||
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
135
deployment/nginx/sites-available/canvas.conf
Normal file
135
deployment/nginx/sites-available/canvas.conf
Normal file
|
@ -0,0 +1,135 @@
|
|||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name www.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
return 301 https://pixelplanet.fun$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name www.fuckyouarkeros.fun;
|
||||
|
||||
return 301 https://fuckyouarkeros.fun$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name fuckyouarkeros.fun;
|
||||
|
||||
set $ppfun 127.0.0.1:3000;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name pixelplanet.fun sca.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3000;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name dev.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:4000;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name scb.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3333;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name scc.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3334;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name scd.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3335;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name sce.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3336;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name scf.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3337;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name scg.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3338;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 123.123.123.120:80;
|
||||
|
||||
server_name sch.pixelplanet.fun;
|
||||
|
||||
listen 123.123.123.120:443 ssl http2;
|
||||
include /etc/nginx/includes/ppfuncert.conf;
|
||||
|
||||
set $ppfun 127.0.0.1:3339;
|
||||
include /etc/nginx/includes/canvas.conf;
|
||||
}
|
BIN
public/cf/xk.gif
Normal file
BIN
public/cf/xk.gif
Normal file
Binary file not shown.
After Width: | Height: | Size: 342 B |
|
@ -29,7 +29,7 @@ export const shardOrigin = shardHost
|
|||
* defaults to 8s
|
||||
*/
|
||||
async function fetchWithTimeout(url, options = {}) {
|
||||
const { timeout = 10000 } = options;
|
||||
const { timeout = 30000 } = options;
|
||||
|
||||
const controller = new AbortController();
|
||||
const id = setTimeout(() => controller.abort(), timeout);
|
||||
|
|
Loading…
Reference in New Issue
Block a user