Created
August 9, 2023 16:45
-
-
Save gdamjan/59f6679ed7669ace8d4227b273d7d92c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/soju/config | |
| # only accept connections from nginx, so insecure is fine | |
| … | |
| accept-proxy-ip localhost | |
| listen irc+insecure://127.0.0.1:12000 | |
| listen ws+insecure://127.0.0.1:12001 | |
| hostname <my-hostname> | |
| … |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nginx/sites-enabled/52-soju.conf | |
| # nginx http server for gamja files and proxy to the soju websocket | |
| server { | |
| server_name <my-hostname>; | |
| root /srv/gamja/; | |
| location /socket { | |
| proxy_pass http://127.0.0.1:12001; | |
| proxy_read_timeout 600s; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $host; | |
| } | |
| listen [::]:443 ssl; # managed by Certbot | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/<my-hostname>/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/<my-hostname>/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| } | |
| server { | |
| server_name <my-hostname>; | |
| if ($host = <my-hostname>) { | |
| return 301 https://$host$request_uri; | |
| } # managed by Certbot | |
| listen 80; | |
| listen [::]:80; | |
| return 404; # managed by Certbot | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nginx/streams-enabled/52-soju.conf | |
| # use nginx stream tcp proxy to access soju from an irc client | |
| # nginx does the TLS termination and certbot integration | |
| server { | |
| listen 1667 ssl; | |
| listen [::]:1667 ssl; | |
| ssl_certificate /etc/letsencrypt/live/<my-hostname>/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/<my-hostname>/privkey.pem; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| proxy_pass 127.0.0.1:12000; | |
| proxy_protocol on; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sync gamja: