Merge branch 'master' into devel
This commit is contained in:
commit
6c9dad52df
|
@ -4,6 +4,9 @@ Files here might be very specific to the setup of pixelplanet.fun and might not
|
||||||
## exalple-ecosystem-x.yml and captchaFonts
|
## exalple-ecosystem-x.yml and captchaFonts
|
||||||
Examples of configurations, will be copied into ./dist on build
|
Examples of configurations, will be copied into ./dist on build
|
||||||
|
|
||||||
|
# nginx
|
||||||
|
example nginx config
|
||||||
|
|
||||||
## updtmsg
|
## updtmsg
|
||||||
Basic nodejs script to print a message and a youtube video, used as a message while updating
|
Basic nodejs script to print a message and a youtube video, used as a message while updating
|
||||||
|
|
||||||
|
|
7
deployment/nginx/README.md
Normal file
7
deployment/nginx/README.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# nginx config
|
||||||
|
|
||||||
|
Example nginx config.
|
||||||
|
Ratelimiting can be adjusted in `conf.d/1ratelimiters.conf`
|
||||||
|
Everything that's important is in `includes/canvas.conf`
|
||||||
|
`sites-available/canvas.conf` is for domains and redirections.
|
||||||
|
`conf.d/2extiles.conf` is setting the different cache expire times for tile zoomlevels
|
28
deployment/nginx/conf.d/0realip.conf
Normal file
28
deployment/nginx/conf.d/0realip.conf
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# - IPv4
|
||||||
|
set_real_ip_from 173.245.48.0/20;
|
||||||
|
set_real_ip_from 103.21.244.0/22;
|
||||||
|
set_real_ip_from 103.22.200.0/22;
|
||||||
|
set_real_ip_from 103.31.4.0/22;
|
||||||
|
set_real_ip_from 141.101.64.0/18;
|
||||||
|
set_real_ip_from 108.162.192.0/18;
|
||||||
|
set_real_ip_from 190.93.240.0/20;
|
||||||
|
set_real_ip_from 188.114.96.0/20;
|
||||||
|
set_real_ip_from 197.234.240.0/22;
|
||||||
|
set_real_ip_from 198.41.128.0/17;
|
||||||
|
set_real_ip_from 162.158.0.0/15;
|
||||||
|
set_real_ip_from 104.16.0.0/13;
|
||||||
|
set_real_ip_from 104.24.0.0/14;
|
||||||
|
set_real_ip_from 172.64.0.0/13;
|
||||||
|
set_real_ip_from 131.0.72.0/22;
|
||||||
|
|
||||||
|
# - IPv6
|
||||||
|
set_real_ip_from 2400:cb00::/32;
|
||||||
|
set_real_ip_from 2606:4700::/32;
|
||||||
|
set_real_ip_from 2803:f800::/32;
|
||||||
|
set_real_ip_from 2405:b500::/32;
|
||||||
|
set_real_ip_from 2405:8100::/32;
|
||||||
|
set_real_ip_from 2a06:98c0::/29;
|
||||||
|
set_real_ip_from 2c0f:f248::/32;
|
||||||
|
|
||||||
|
real_ip_header CF-Connecting-IP;
|
||||||
|
real_ip_recursive on;
|
5
deployment/nginx/conf.d/1ratelimiters.conf
Normal file
5
deployment/nginx/conf.d/1ratelimiters.conf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
limit_req_zone $binary_remote_addr zone=websocket:5m rate=1r/s;
|
||||||
|
limit_req_zone $binary_remote_addr zone=general:5m rate=1r/s;
|
||||||
|
limit_req_zone $binary_remote_addr zone=chunks:5m rate=40r/s;
|
||||||
|
limit_req_zone $binary_remote_addr zone=captcha:5m rate=20r/m;
|
||||||
|
limit_req_zone $binary_remote_addr zone=authimp:5m rate=5r/m;
|
43
deployment/nginx/conf.d/2extiles.conf
Normal file
43
deployment/nginx/conf.d/2extiles.conf
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# maps to set expiration time for /tiles
|
||||||
|
# based on canvas $1 and zoomlevel $2
|
||||||
|
|
||||||
|
map $2 $ex2k {
|
||||||
|
2 15m;
|
||||||
|
1 90m;
|
||||||
|
0 6h;
|
||||||
|
default 2h;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $2 $ex16k {
|
||||||
|
5 15m;
|
||||||
|
4 90m;
|
||||||
|
3 6h;
|
||||||
|
2 9h;
|
||||||
|
1 12h;
|
||||||
|
0 18h;
|
||||||
|
default 2h;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $2 $ex64k {
|
||||||
|
7 15m;
|
||||||
|
6 90m;
|
||||||
|
5 6h;
|
||||||
|
4 9h;
|
||||||
|
3 12h;
|
||||||
|
2 18h;
|
||||||
|
1 24h;
|
||||||
|
0 30h;
|
||||||
|
default 2h;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $1 $extile {
|
||||||
|
0 $ex64k;
|
||||||
|
1 $ex16k;
|
||||||
|
5 $ex16k;
|
||||||
|
6 $ex16k;
|
||||||
|
7 $ex16k;
|
||||||
|
8 $ex2k;
|
||||||
|
default 2h;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
42
deployment/nginx/conf.d/6denyws.conf
Normal file
42
deployment/nginx/conf.d/6denyws.conf
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
geo $deny_ws {
|
||||||
|
default 0;
|
||||||
|
# Google
|
||||||
|
34.64.0.0/10 1;
|
||||||
|
34.128.0.0/10 1;
|
||||||
|
34.132.0.0/14 1;
|
||||||
|
35.184.0.0/13 1;
|
||||||
|
35.192.0.0/12 1;
|
||||||
|
46.131.0.0/16 1;
|
||||||
|
66.102.0.0/20 1;
|
||||||
|
72.55.128.0/18 1;
|
||||||
|
74.125.0.0/16 1;
|
||||||
|
84.239.14.0/24 1;
|
||||||
|
84.239.49.0/24 1;
|
||||||
|
# Google
|
||||||
|
104.154.0.0/15 1;
|
||||||
|
# Google
|
||||||
|
104.196.0.0/14 1;
|
||||||
|
119.59.121.0/24 1;
|
||||||
|
130.211.0.0/16 1;
|
||||||
|
# Google
|
||||||
|
168.149.128.0/18 1;
|
||||||
|
173.255.112.0/20 1;
|
||||||
|
185.245.26.0/23 1;
|
||||||
|
194.26.192.0/24 1;
|
||||||
|
194.71.130.0/24 1;
|
||||||
|
# TeraSwitch Networks Inc
|
||||||
|
204.16.240.0/21 1;
|
||||||
|
# DataHata BestHost Net
|
||||||
|
217.21.55.0/24 1;
|
||||||
|
# DataHata
|
||||||
|
31.130.200.0/21 1;
|
||||||
|
# DataHata BestHost Net
|
||||||
|
93.125.114.0/24 1;
|
||||||
|
# Secure Servers LLC
|
||||||
|
131.153.0.0/17 1;
|
||||||
|
2a07:d847::/32 1;
|
||||||
|
2a0f:c943::/32 1;
|
||||||
|
2a02:6b8:c08::/48 1;
|
||||||
|
# PlusWeb
|
||||||
|
2a0a:fa40::/29 1;
|
||||||
|
}
|
135
deployment/nginx/includes/canvas.conf
Normal file
135
deployment/nginx/includes/canvas.conf
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
# For maintenance
|
||||||
|
#location / {
|
||||||
|
# autoindex off;
|
||||||
|
# expires -1;
|
||||||
|
# access_log off;
|
||||||
|
# add_header Cache-Control "public";
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# root /home/pixelpla/pixelplace-redirect/wait;
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
include /etc/nginx/includes/certbotroot.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
if ($http_user_agent ~* (python-requests)) {
|
||||||
|
return 503;
|
||||||
|
}
|
||||||
|
limit_req zone=general burst=20 delay=10;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
client_max_body_size 3M;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = / {
|
||||||
|
if ($http_user_agent ~* (python-requests)) {
|
||||||
|
return 503;
|
||||||
|
}
|
||||||
|
if ( $query_string ) { return 403; }
|
||||||
|
limit_req zone=captcha burst=5;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# for matrix
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.pixelplanet.fun"}}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
# for matrix delegations
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
return 200 '{"m.server":"matrix.pixelplanet.fun:443"}';
|
||||||
|
default_type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
}
|
||||||
|
|
||||||
|
# block adminapi
|
||||||
|
location /adminapi {
|
||||||
|
return 403 '{"errors": ["Not allowed from nginx"]}';
|
||||||
|
default_type application/json;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/tiles/([0-9]+)/([0-9]+)/([0-9]+)/([0-9]+).webp$ {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
expires $extile;
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
root /home/pixelpla/pixelplanet/tiles;
|
||||||
|
try_files /$1/$2/$3/$4.webp /$1/emptytile.webp =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /chunks {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
if ( $query_string ) { return 404; }
|
||||||
|
limit_req zone=chunks burst=400 delay=200;
|
||||||
|
access_log off;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /ws {
|
||||||
|
#proxy_no_cache 1;
|
||||||
|
limit_req zone=websocket burst=5;
|
||||||
|
if ($deny_ws) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /captcha.svg {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
limit_req zone=captcha burst=5;
|
||||||
|
limit_req_status 429;
|
||||||
|
if ($http_user_agent ~* (python-requests)) {
|
||||||
|
return 503;
|
||||||
|
}
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /reset_password {
|
||||||
|
limit_req zone=authimp burst=3;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /mcws {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
limit_req zone=websocket burst=5;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/auth {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
limit_req zone=websocket burst=5;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/captcha {
|
||||||
|
proxy_no_cache 1;
|
||||||
|
limit_req zone=general burst=10 nodelay;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://$ppfun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /moderation {
|
||||||
|
autoindex on;
|
||||||
|
expires 15m;
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
root /home/pixelpla/pixelplanet/log;
|
||||||
|
}
|
4
deployment/nginx/includes/certbotroot.conf
Normal file
4
deployment/nginx/includes/certbotroot.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# very handy for setting a common webroot for certbot only
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
root /home/pixelpla/certbotroot;
|
||||||
|
}
|
4
deployment/nginx/includes/ppfuncert.conf
Normal file
4
deployment/nginx/includes/ppfuncert.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
ssl_certificate /etc/letsencrypt/live/pixelplanet.fun/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/pixelplanet.fun/privkey.pem;
|
||||||
|
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
135
deployment/nginx/sites-available/canvas.conf
Normal file
135
deployment/nginx/sites-available/canvas.conf
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name www.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
return 301 https://pixelplanet.fun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name www.fuckyouarkeros.fun;
|
||||||
|
|
||||||
|
return 301 https://fuckyouarkeros.fun$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name fuckyouarkeros.fun;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3000;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name pixelplanet.fun sca.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3000;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name dev.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:4000;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name scb.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3333;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name scc.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3334;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name scd.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3335;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name sce.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3336;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name scf.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3337;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name scg.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3338;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 123.123.123.120:80;
|
||||||
|
|
||||||
|
server_name sch.pixelplanet.fun;
|
||||||
|
|
||||||
|
listen 123.123.123.120:443 ssl http2;
|
||||||
|
include /etc/nginx/includes/ppfuncert.conf;
|
||||||
|
|
||||||
|
set $ppfun 127.0.0.1:3339;
|
||||||
|
include /etc/nginx/includes/canvas.conf;
|
||||||
|
}
|
BIN
public/cf/xk.gif
Normal file
BIN
public/cf/xk.gif
Normal file
Binary file not shown.
After Width: | Height: | Size: 342 B |
|
@ -29,7 +29,7 @@ export const shardOrigin = shardHost
|
||||||
* defaults to 8s
|
* defaults to 8s
|
||||||
*/
|
*/
|
||||||
async function fetchWithTimeout(url, options = {}) {
|
async function fetchWithTimeout(url, options = {}) {
|
||||||
const { timeout = 10000 } = options;
|
const { timeout = 30000 } = options;
|
||||||
|
|
||||||
const controller = new AbortController();
|
const controller = new AbortController();
|
||||||
const id = setTimeout(() => controller.abort(), timeout);
|
const id = setTimeout(() => controller.abort(), timeout);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user