casjaysdevdocker/ddns
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/ddns synced 2025-09-18 15:57:43 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

🗃️ Committing everything that changed 🗃️

Browse Source
This commit is contained in:
casjay
2022-10-20 19:46:15 -04:00
parent cbdd2f900f
commit c3af8d957d
51 changed files with 973 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
rootfs/usr/local/share/template-files/config/dhcp/dhcpd4.conf Executable file
View File

@@ -0,0 +1,102 @@
######
#Domain REPLACE_DOMAIN is dynamic DNS
#
#DHCP REPLACE_IPV4_ADDRESS
key rndc-key {
algorithm hmac-md5;
secret REPLACE_WITH_RNDC_KEY;
}
zone REPLACE_DOMAIN {
primary 127.0.0.1;
key rndc-key;
}
zone in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}
#option T150 code 150 = string;
#option wpad-url code 252 = text;
#option wpad-url "http://REPLACE_DOMAIN/wpad.dat ";
authoritative;
ddns-ttl 3600;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
update-conflict-detection off;
update-optimization on;
use-host-decl-names on;
ddns-domainname "REPLACE_DOMAIN";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
allow unknown-clients;
allow booting ;
allow bootp ;
next-server REPLACE_IPV4_ADDRESS;
filename "linux.0";
max-lease-time 3600;
default-lease-time 3600;
dynamic-bootp-lease-length 3600;
subnet REPLACE_IPV4_SUBNET netmask REPLACE_IPV4_NETMASK {
dynamic-bootp-lease-length 3600;
option slp-directory-agent true REPLACE_IPV4_ADDRESS;
option log-servers REPLACE_IPV4_ADDRESS;
option time-servers REPLACE_IPV4_ADDRESS;
allow client-updates;
ddns-updates on;
update-conflict-detection off;
update-static-leases true;
option routers REPLACE_IPV4_GATEWAY;
option subnet-mask REPLACE_IPV4_NETMASK;
option nis-domain "REPLACE_DOMAIN";
option domain-name "REPLACE_DOMAIN";
option domain-search "REPLACE_DOMAIN";
option domain-name-servers REPLACE_IPV4_ADDRESS;
option time-offset -18000;
option ntp-servers REPLACE_IPV4_ADDRESS;
option netbios-name-servers REPLACE_IPV4_ADDRESS;
option netbios-node-type 8;
range dynamic-bootp REPLACE_IPV4_ADDR_START REPLACE_IPV4_ADDR_END;
default-lease-time 3600;
max-lease-time 3600;
authoritative;
allow unknown-clients;
allow booting;
allow bootp;
update-static-leases on;
next-server REPLACE_IPV4_ADDRESS;
filename "pxelinux.0";
}
option architecture-type code 93 = unsigned integer 16;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option architecture-type = 0 {
filename "pxelinux.0";
} elsif option architecture-type = 9 {
filename "syslinux64.efi";
} elsif option architecture-type = 7 {
filename "syslinux64.efi";
} elsif option architecture-type = 6 {
filename "syslinux32.efi";
}
}
## Begin Fixed Addresses ##
#Servers REPLACE_IPV4_ADDRESS
#################################################
# host ddns {
# hardware ethernet 52:54:00:8f:c5:cb;
# fixed-address REPLACE_IPV4_ADDRESS;
# ddns-hostname monitor;
# ddns-domainname "REPLACE_DOMAIN";
# }

99
rootfs/usr/local/share/template-files/config/dhcp/dhcpd6.conf Executable file
View File

@@ -0,0 +1,99 @@
#Domain REPLACE_DOMAIN is dynamic DNS
#
#Servers REPLACE_IPV6_ADDR
key rndc-key {
algorithm hmac-md5;
secret REPLACE_WITH_RNDC_KEY;
}
zone REPLACE_DOMAIN {
primary 127.0.0.1;
key rndc-key;
}
zone ip6.arpa {
primary 127.0.0.1;
key rndc-key;
}
#option T150 code 150 = string;
#option wpad-url code 252 = text;
#option wpad-url "http://REPLACE_DOMAIN/wpad.dat";
authoritative;
ddns-ttl 3600;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
update-conflict-detection off;
update-optimization on;
use-host-decl-names on;
ddns-domainname "REPLACE_DOMAIN";
ddns-rev-domainname "ip6.arpa.";
allow client-updates;
allow unknown-clients;
allow booting ;
allow bootp ;
option dhcp6.bootfile-url "tftp://[REPLACE_IPV6_ADDRESS]/linux.0";
option dhcp6.bootfile-url code 59 = string ;
max-lease-time 43200;
default-lease-time 43200;
dynamic-bootp-lease-length 43200;
subnet6 REPLACE_IPV6_SUBNET/REPLACE_IPV6_SUBNET {
dynamic-bootp-lease-length 3600;
allow client-updates;
ddns-ttl 43200;
ddns-updates on;
ddns-update-style standard;
update-static-leases on;
update-static-leases true;
update-conflict-detection off;
update-optimization false;
use-host-decl-names on;
ddns-domainname "REPLACE_DOMAIN";
ddns-rev-domainname "ip6.arpa";
option subnet-mask IPV4_ADDR_NETMASK;
option nis-domain "REPLACE_DOMAIN";
option domain-name "REPLACE_DOMAIN";
option dhcp6.name-servers REPLACE_IPV6_ADDRESS;
option time-offset -18000;
option netbios-node-type 8;
option dhcp6.domain-search "REPLACE_DOMAIN";
range6 REPLACE_IPV6_ADDR_START REPLACE_IPV6_ADDR_END;
default-lease-time 43200;
max-lease-time 43200;
authoritative;
allow unknown-clients;
allow booting;
allow bootp;
option dhcp6.bootfile-url "tftp://[REPLACE_IPV6_ADDRESS]/linux.0";
}
option architecture-type code 93 = unsigned integer 16;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option architecture-type = 0 {
filename "pxelinux.0";
} elsif option architecture-type = 9 {
filename "syslinux64.efi";
} elsif option architecture-type = 7 {
filename "syslinux64.efi";
} elsif option architecture-type = 6 {
filename "syslinux32.efi";
}
}
## Begin Fixed Addresses ##
#Servers REPLACE_IPV6_ADDRESS
#################################################
# host ddns {
# hardware ethernet 00:50:56:a1:87:a8;
# fixed-address6 REPLACE_IPV6_ADDRESS;
# ddns-hostname ddns;
# ddns-domainname "REPLACE_DOMAIN";
# }

38
rootfs/usr/local/share/template-files/config/named.conf Normal file
View File

@@ -0,0 +1,38 @@
#
options {
version "";
directory "/var/named";
pid-file "/var/run/named/named.pid";
dump-file "/var/named/data/dump.db";
memstatistics-file "/var/log/named/mem.stats";
statistics-file "/var/log/named/named.stats";
zone-statistics yes;
max-cache-size 15m;
interface-interval 60;
lame-ttl 0;
max-ncache-ttl 10800;
recursion yes;
allow-transfer { any; };
allow-recursion { any; };
allow-query { any; };
transfer-format many-answers;
listen-on { any; };
listen-on-v6 { any; };
notify yes;
also-notify { };
dnssec-validation auto;
managed-keys-directory "/etc/named/keys/";
forwarders { 1.1.1.1; 8.8.8.8; 8.8.4.4; 9.9.9.9; };
};
include "/etc/named/config/0000-logging.conf";
include "/etc/named/config/0001-rndc.key";
include "/etc/named/config/0001-rndc.conf";
include "/etc/named/config/0002-acl.conf";
include "/etc/named/zones/000-hint.conf";
include "/etc/named/zones/000-localhost.zone";
include "/etc/named/zones/000-localdomain.zone";
include "/etc/named/zones/001-ddns.zone";
include "/etc/named/zones/000-tor.zone";

8
rootfs/usr/local/share/template-files/config/named/certbot-update.conf Normal file
View File

@@ -0,0 +1,8 @@
#Certbot DNS
dns_rfc2136_server = 127.0.0.1
# TSIG key name
dns_rfc2136_name = certbot.
# TSIG key secret
dns_rfc2136_secret = REPLACE_WITH_RNDC_KEY
# TSIG key algorithm
dns_rfc2136_algorithm = HMAC-MD5

9
rootfs/usr/local/share/template-files/config/named/common/001-soa.inc Normal file
View File

@@ -0,0 +1,9 @@
;default soa records
$TTL 38400 ; 10 hours 40 minutes
@ IN SOA dns dns-admin (
2021040901 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
38400 ; minimum (10 hours 40 minutes)
)

2
rootfs/usr/local/share/template-files/config/named/common/002-nameservers.inc Normal file
View File

@@ -0,0 +1,2 @@
;default nameservers
@ IN NS dns

8
rootfs/usr/local/share/template-files/config/named/common/003-dns.inc Normal file
View File

@@ -0,0 +1,8 @@
;local dns
dns IN A REPLACE_IPV4_ADDRESS
dns IN AAAA REPLACE_IPV6_ADDRESS
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQ16IV4OzWniRotqTNUvuwO5KknZMm5F5cOQl+Ch20Zm5D3RSL27AcjGE8DXIlkADDG3jFoXKOPilmCyf6ikqDX9PwBpeveY6ugaASMl6DHK4PSGZby6EmFuNu59kIpPJXac7Wwvy7Kd5mWVTZBxQt3ersDf8KRzL+Akr0IE7DwIDAQAB" ) ;
*.default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQ16IV4OzWniRotqTNUvuwO5KknZMm5F5cOQl+Ch20Zm5D3RSL27AcjGE8DXIlkADDG3jFoXKOPilmCyf6ikqDX9PwBpeveY6ugaASMl6DHK4PSGZby6EmFuNu59kIpPJXac7Wwvy7Kd5mWVTZBxQt3ersDf8KRzL+Akr0IE7DwIDAQAB" ) ;

104
rootfs/usr/local/share/template-files/config/named/config/0000-logging.conf Normal file
View File

@@ -0,0 +1,104 @@
logging {
# channel default {
# file "/data/log/dns/default.log";
# severity debug;
# print-category yes;
# print-severity yes;
# print-time yes;
# };
# category lame-servers {
# default;
# };
# category dispatch {
# default;
# };
# category network {
# default;
# };
# category unmatched {
# default;
# };
# category client {
# default;
# };
# category resolver {
# default;
# };
# category config {
# default;
# };
# category database {
# default;
# };
# category general {
# default;
# };
# category default {
# default;
# };
channel security {
file "/data/log/dns/default.log";
severity dynamic;
print-severity yes;
print-time yes;
};
category security {
security;
};
category dnssec {
security;
};
channel xfer-in {
file "/data/log/dns/default.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category xfer-in {
xfer-in;
};
channel xfer-out {
file "/data/log/dns/default.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category xfer-out {
xfer-out;
};
channel update {
file "/data/log/dns/default.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update {
update;
};
channel notify {
file "/data/log/dns/default.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category notify {
notify;
};
channel querylog {
file "/data/log/dns/default.log";
severity info;
print-time yes;
};
category queries {
querylog;
};
};

3
rootfs/usr/local/share/template-files/config/named/config/0001-rndc.conf Normal file
View File

@@ -0,0 +1,3 @@
controls {
inet 127.0.0.1 allow { trusted; } keys { "rndc-key"; };
};

4
rootfs/usr/local/share/template-files/config/named/config/0001-rndc.key Normal file
View File

@@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "REPLACE_WITH_RNDC_KEY";
};

10
rootfs/usr/local/share/template-files/config/named/config/0002-acl.conf Normal file
View File

@@ -0,0 +1,10 @@
acl "trusted" {
127.0.0.0/8;
10.0.0.0/8;
172.0.0.0/12;
192.168.0.0/16;
::1/128;
2001:db8:edfa:1234::/64;
localhost;
localnets;
};

5
rootfs/usr/local/share/template-files/config/named/hosted/host.ddns.conf Normal file
View File

@@ -0,0 +1,5 @@
;host info
@ HINFO "HP DL360" "CentOS"
* HINFO "HP DL360" "CentOS"
@ IN TXT "Hosted on REPLACE_DOMAIN"
* IN TXT "Hosted on REPLACE_DOMAIN"

5
rootfs/usr/local/share/template-files/config/named/hosted/ip.ddns.conf Normal file
View File

@@ -0,0 +1,5 @@
;default server
@ IN A REPLACE_IPV4_ADDRESS
* IN A REPLACE_IPV4_ADDRESS
@ IN AAAA REPLACE_IPV6_ADDRESS
* IN AAAA REPLACE_IPV6_ADDRESS

33
rootfs/usr/local/share/template-files/config/named/keys/managed-keys.bind Normal file
View File

@@ -0,0 +1,33 @@
$ORIGIN .
$TTL 0 ; 0 seconds
@ IN SOA . . (
1930 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
0 ; minimum (0 seconds)
)
KEYDATA 20201227202202 20180303084353 19700101000000 257 3 8 (
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
) ; KSK; alg = RSASHA256; key id = 19036
; next refresh: Sun, 27 Dec 2020 20:22:02 GMT
; trusted since: Sat, 03 Mar 2018 08:43:53 GMT
KEYDATA 20201227202202 20180303084353 19700101000000 257 3 8 (
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
) ; KSK; alg = RSASHA256; key id = 20326
; next refresh: Sun, 27 Dec 2020 20:22:02 GMT
; trusted since: Sat, 03 Mar 2018 08:43:53 GMT

4
rootfs/usr/local/share/template-files/config/named/zones/000-hint.conf Normal file
View File

@@ -0,0 +1,4 @@
zone "." in {
type hint;
file "data/hint";
};

6
rootfs/usr/local/share/template-files/config/named/zones/000-localdomain.zone Normal file
View File

@@ -0,0 +1,6 @@
zone "local" {
type master;
file "data/localdomain.conf";
allow-update { trusted; };
allow-transfer { trusted; };
};

14
rootfs/usr/local/share/template-files/config/named/zones/000-localhost.zone Normal file
View File

@@ -0,0 +1,14 @@
zone "localhost" {
type master;
file "data/localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "data/localhost4.rev";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "data/localhost6.rev";
};

10
rootfs/usr/local/share/template-files/config/named/zones/000-tor.zone Normal file
View File

@@ -0,0 +1,10 @@
zone "onion" {
type forward;
forward only;
forwarders { 127.0.0.1 port 8053; };
};
zone "exit" {
type forward;
forward only;
forwarders { 127.0.0.1 port 8053; };
};

21
rootfs/usr/local/share/template-files/config/named/zones/001-ddns.zone Normal file
View File

@@ -0,0 +1,21 @@
zone "REPLACE_DOMAIN" {
type master;
file "dynamic/ddns.zone";
allow-update { trusted; };
allow-transfer { trusted; };
};
zone "in-addr.arpa" {
type master;
file "reverse/in-addr.arpa.rev";
allow-update { trusted; };
allow-transfer { trusted; };
};
zone "ip6.arpa" {
type master;
file "reverse/ip6.arpa.rev";
allow-update { trusted; };
allow-transfer { trusted; };
};

99
rootfs/usr/local/share/template-files/config/nginx/mime.types Normal file
View File

@@ -0,0 +1,99 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

65
rootfs/usr/local/share/template-files/config/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,65 @@
# Default nginx configuration
user root;
worker_processes 1;
error_log /dev/stderr warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
server {
listen SERVER_PORT;
root /data/htdocs/www;
index index.html index.php index.cgi index.pl index.aspx awstats.pl index.unknown.php index.default.php index.txt index.json;
proxy_intercept_errors off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /nginx_status {
stub_status;
}
location /health {
default_type text/html;
allow all;
access_log off;
return 200 'OK';
}
location /health.json {
default_type application/json;
allow all;
access_log off;
return 200 '{"status":"OK"}';
}
}
}

73
rootfs/usr/local/share/template-files/config/nginx/nginx.ssl.conf Normal file
View File

@@ -0,0 +1,73 @@
# Default nginx configuration
user root;
worker_processes 1;
error_log /dev/stderr warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
server
listen SERVER_PORT ssl http2 default_server;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
keepalive_timeout 75 75;
root /data/htdocs/www;
index index.html index.php index.cgi index.pl index.aspx awstats.pl index.unknown.php index.default.php index.txt index.json;
proxy_intercept_errors off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_certificate /config/ssl/localhost.crt;
ssl_certificate_key /config/ssl/localhost.key;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /nginx_status {
stub_status;
}
location /health {
default_type text/html;
allow all;
access_log off;
return 200 'OK';
}
location /health.json {
default_type application/json;
allow all;
access_log off;
return 200 '{"status":"OK"}';
}
}
}

10
rootfs/usr/local/share/template-files/config/radvd.conf Normal file
View File

@@ -0,0 +1,10 @@
# RADVD with DHCPd6 configuration
# /etc/radvd.conf
interface eth0 {
AdvManagedFlag on;
AdvSendAdvert on;
# AdvAutonomous off;
AdvOtherConfigFlag on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 60;
};

49
rootfs/usr/local/share/template-files/config/tor/torrc Normal file
View File

@@ -0,0 +1,49 @@
## https://github.com/torproject/tor/blob/main/src/config/torrc.sample.in
############### Configuration file for a typical Tor user
ControlSocket /run/tor/control
ControlSocketsGroupWritable 1
CookieAuthentication 1
CookieAuthFile /run/tor/control.authcookie
CookieAuthFileGroupReadable 1
SOCKSPort 9050
SOCKSPolicy accept *
RunAsDaemon 0
DataDirectory /var/lib/tor
ControlPort 9051
Log error stderr
#HashedControlPassword 16:kfhkajdsfhkjadhfiuhfhdjcahsf
############### dnsforwarder
DNSPort 8053
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
############### This section is just for location-hidden services ###
#HiddenServiceDir /data/tor/hidden/default
#HiddenServicePort 22 127.0.0.2:22
################ This section is just for relays #####################
#ORPort 9001
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise
#Address noname.example.com
# OutboundBindAddress 10.0.0.5
#Nickname ididnteditheconfig
#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
#AccountingMax 40 GBytes
#AccountingStart day 00:00
#AccountingStart month 3 15:00
#ContactInfo Random Person <nobody AT example dot com>
#DirPort 9030 # what port to advertise for directory connections
#DirPort 80 NoListen
#DirPort 127.0.0.1:9091 NoAdvertise
#DirPortFrontPage /etc/tor/tor-exit-notice.html
#MyFamily $keyid,$keyid,...
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
#ExitPolicy reject *:* # no exits allowed
#BridgeRelay 1
#PublishServerDescriptor 0