mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-01 17:22:39 +00:00
Remove server things from repo (#2475)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Daniel Gray
@ -1,50 +0,0 @@
|
||||
(pg-umami-config) {
|
||||
umami {
|
||||
event_endpoint https://stats.jonaharagon.net/api/send
|
||||
website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
|
||||
# bit of a hack to get umami working properly, nothing to do with cloudflare
|
||||
client_ip_header CF-Connecting-IP
|
||||
trusted_ip_header X-Real-IP
|
||||
cookie_consent umami
|
||||
cookie_resolution resolution
|
||||
debug
|
||||
}
|
||||
}
|
||||
|
||||
www.privacyguides.org {
|
||||
import vars
|
||||
import common/*.caddy
|
||||
import production/*.caddy
|
||||
}
|
||||
|
||||
http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
|
||||
import vars
|
||||
import common/*.caddy
|
||||
import production/minio.caddy
|
||||
}
|
||||
|
||||
http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
|
||||
@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
|
||||
handle @hostnames {
|
||||
reverse_proxy {re.hostname.1}.privacyguides.org:443 {
|
||||
header_up Host {re.hostname.1}.privacyguides.org
|
||||
transport http {
|
||||
tls
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
privacyguides.org {
|
||||
import vars
|
||||
import production/matrix.caddy
|
||||
|
||||
handle {
|
||||
import production/https.caddy
|
||||
redir https://www.privacyguides.org{uri}
|
||||
}
|
||||
}
|
||||
|
||||
http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
|
||||
redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
|
||||
}
|
||||
@ -1,13 +0,0 @@
|
||||
# Caddy Webserver Config
|
||||
|
||||
Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
|
||||
|
||||
## Variables
|
||||
|
||||
These variables are set on the server, and can be accessed like `{vars.variable_name}`:
|
||||
|
||||
- `minio_hostname`
|
||||
- `pg_minio_bucket`
|
||||
- `pg_matrix_webserver`
|
||||
- `pg_umami_website_uuid`
|
||||
- `umami_hostname`
|
||||
@ -1,34 +0,0 @@
|
||||
@static {
|
||||
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
|
||||
}
|
||||
|
||||
@en path /en/*
|
||||
@es path /es/*
|
||||
@fr path /fr/*
|
||||
@he path /he/*
|
||||
@it path /it/*
|
||||
@nl path /nl/*
|
||||
@ru path /ru/*
|
||||
@zh-Hant path /zh-Hant/*
|
||||
|
||||
@es-header {
|
||||
header Accept-Language es*
|
||||
}
|
||||
@fr-header {
|
||||
header Accept-Language fr*
|
||||
}
|
||||
@he-header {
|
||||
header Accept-Language he*
|
||||
}
|
||||
@it-header {
|
||||
header Accept-Language it*
|
||||
}
|
||||
@nl-header {
|
||||
header Accept-Language nl*
|
||||
}
|
||||
@ru-header {
|
||||
header Accept-Language ru*
|
||||
}
|
||||
@zh-Hant-header {
|
||||
header Accept-Language zh-Hant*
|
||||
}
|
||||
@ -1,42 +0,0 @@
|
||||
handle_errors {
|
||||
@errors `{err.status_code} in [404]`
|
||||
handle @errors {
|
||||
handle @es {
|
||||
try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @fr {
|
||||
try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @he {
|
||||
try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @it {
|
||||
try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @nl {
|
||||
try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @ru {
|
||||
try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle @zh-Hant {
|
||||
try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
handle {
|
||||
try_files i18n/{err.status_code}.en.html
|
||||
file_server
|
||||
}
|
||||
}
|
||||
|
||||
# Handle all other webserver errors with a simple text response
|
||||
handle {
|
||||
respond "{err.status_code} {err.status_text}"
|
||||
}
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
header X-Frame-Options SAMEORIGIN
|
||||
header X-Content-Type-Options nosniff
|
||||
header X-XSS-Protection 0
|
||||
|
||||
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
|
||||
# You can check whether a CSP directive will fall back to default-src on MDN.
|
||||
# Add CSP directives WITH a default-src fallback here:
|
||||
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
|
||||
# Add CSP directives WITHOUT a default-src fallback here:
|
||||
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
|
||||
|
||||
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
|
||||
|
||||
header Access-Control-Allow-Origin "*"
|
||||
|
||||
header @static Cache-Control max-age=2592000
|
||||
@ -1,4 +0,0 @@
|
||||
redir /kb* /en/basics/why-privacy-matters/
|
||||
redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
|
||||
redir /coc* /en/CODE_OF_CONDUCT/
|
||||
redir /team* /en/about/
|
||||
@ -1,30 +0,0 @@
|
||||
route / {
|
||||
header Cache-Control no-store
|
||||
|
||||
redir @es-header /es
|
||||
redir @fr-header /fr
|
||||
redir @he-header /he
|
||||
redir @it-header /it
|
||||
redir @nl-header /nl
|
||||
redir @ru-header /ru
|
||||
redir @zh-Hant-header /zh-Hant
|
||||
|
||||
# default case
|
||||
handle {
|
||||
redir * /en/
|
||||
}
|
||||
}
|
||||
|
||||
@kb {
|
||||
path */kb */kb/*
|
||||
}
|
||||
route @kb {
|
||||
redir @es /es/basics/why-privacy-matters/
|
||||
redir @fr /fr/basics/why-privacy-matters/
|
||||
redir @he /he/basics/why-privacy-matters/
|
||||
redir @it /it/basics/why-privacy-matters/
|
||||
redir @nl /nl/basics/why-privacy-matters/
|
||||
redir @ru /ru/basics/why-privacy-matters/
|
||||
redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
|
||||
redir * /en/basics/why-privacy-matters/
|
||||
}
|
||||
@ -1,50 +0,0 @@
|
||||
redir /browsers /en/desktop-browsers/
|
||||
redir /blog https://blog.privacyguides.org
|
||||
redir /basics/dns-overview /en/advanced/dns-overview/
|
||||
redir /basics/tor-overview /en/advanced/tor-overview/
|
||||
redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
|
||||
redir /advanced/real-time-communication /en/advanced/communication-network-types
|
||||
redir /android/overview /en/os/android-overview/
|
||||
redir /linux-desktop/overview /en/os/linux-overview/
|
||||
redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
|
||||
redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
|
||||
redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
|
||||
redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
|
||||
redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
|
||||
redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
|
||||
redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
|
||||
redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
|
||||
redir /operating-systems /en/desktop/
|
||||
redir /threat-modeling /en/basics/threat-modeling/
|
||||
redir /self-contained-networks /en/tor/
|
||||
redir /privacy-policy /en/about/privacy-policy/
|
||||
redir /metadata-removal-tools /en/data-redaction/
|
||||
redir /basics /en/kb
|
||||
redir /software/file-encryption /en/encryption/
|
||||
redir /providers /en/tools/#service-providers
|
||||
redir /software/calendar-contacts /en/calendar/
|
||||
redir /calendar-contacts /en/calendar/
|
||||
redir /software/metadata-removal-tools /en/data-redaction/
|
||||
redir /contact /en/about/
|
||||
redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
|
||||
redir /software/email /en/email-clients/
|
||||
redir /providers/paste /en/tools/
|
||||
redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
|
||||
redir /terms-and-notices /en/about/notices/
|
||||
redir /software/networks /en/tor/
|
||||
redir /social-news-aggregator /en/news-aggregators/
|
||||
redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
|
||||
redir /linux-desktop /en/desktop/
|
||||
|
||||
handle_path /providers/* {
|
||||
redir * /en/{uri}
|
||||
}
|
||||
handle_path /software/* {
|
||||
redir * /en/{uri}
|
||||
}
|
||||
handle_path /blog/* {
|
||||
redir * https://blog.privacyguides.org/{uri}
|
||||
}
|
||||
handle_path /assets/* {
|
||||
redir * /en/assets/{uri}
|
||||
}
|
||||
@ -1,6 +0,0 @@
|
||||
@canonicalPath {
|
||||
path */
|
||||
}
|
||||
route @canonicalPath {
|
||||
rewrite @canonicalPath {http.request.orig_uri.path}index.html
|
||||
}
|
||||
@ -1,2 +0,0 @@
|
||||
header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||
header +Content-Security-Policy upgrade-insecure-requests;
|
||||
@ -1,13 +0,0 @@
|
||||
@matrix {
|
||||
path /.well-known/matrix/*
|
||||
}
|
||||
|
||||
handle @matrix {
|
||||
reverse_proxy 10.163.5.51:81 {
|
||||
header_up Host matrix.privacyguides.org
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
@ -1,31 +0,0 @@
|
||||
cache
|
||||
encode zstd gzip
|
||||
reverse_proxy http://10.163.3.10:9000 {
|
||||
header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
|
||||
header_down -Server
|
||||
header_down -Vary
|
||||
header_down -X-*
|
||||
|
||||
@200ok status 2xx 304
|
||||
handle_response @200ok {
|
||||
import pg-umami-config
|
||||
copy_response
|
||||
copy_response_headers
|
||||
}
|
||||
|
||||
@error404 status 404
|
||||
handle_response @error404 {
|
||||
@addSlash {
|
||||
expression !{path}.endsWith("/")
|
||||
}
|
||||
redir @addSlash {http.request.orig_uri.path}/
|
||||
}
|
||||
|
||||
@error400 status 400
|
||||
handle_response @error400 {
|
||||
@real404 {
|
||||
path *//index.html
|
||||
}
|
||||
respond @real404 404
|
||||
}
|
||||
}
|
||||
@ -105,8 +105,8 @@ extra:
|
||||
name: Self-Hosted Analytics
|
||||
checked: true
|
||||
github:
|
||||
name: GitHub
|
||||
checked: false
|
||||
name: GitHub API
|
||||
checked: true
|
||||
actions:
|
||||
- reject
|
||||
- accept
|
||||
|
||||
Reference in New Issue
Block a user