Skip to content

Commit 431a775

Browse files
lzwjavalzwjava
committed
add
1 parent 34b585d commit 431a775

File tree

3 files changed

+109
-15
lines changed

3 files changed

+109
-15
lines changed

_posts/2024-12-20-ufw-en.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,4 +53,11 @@ To start fresh, reset UFW:
5353
sudo ufw reset
5454
```
5555

56+
### Custom ports
57+
58+
```bash
59+
sudo ufw allow 1024:65535/tcp
60+
sudo ufw allow 1024:65535/udp
61+
```
62+
5663
Let me know if you need help with specific UFW configurations!

scripts/bandwidth.sh

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,31 +6,26 @@ sudo apt-get update
66

77
sudo apt-get install vnstat
88

9-
sudo vnstat -u -i eth0
10-
11-
sudo vnstat -i eth0
12-
13-
sudo vnstat -l
14-
15-
sudo vnstat -d
16-
17-
pip install Flask
18-
199
sudo apt install python3-pip
2010

2111
pip install Flask
2212

23-
emacs
24-
2513
sudo apt install emacs-nox
2614

2715
emacs bandwidth_api.py
2816

29-
python bandwidth_api.py
17+
pip3 install flask_cors
3018

3119
python3 bandwidth_api.py
3220

33-
tmux
21+
sudo apt install nginx
22+
23+
sudo systemctl start nginx
24+
25+
sudo apt install certbot python3-certbot-nginx
26+
27+
sudo certbot --nginx -d lzwjava.xyz
3428

35-
history
29+
sudo nginx -t
3630

31+
sudo systemctl reload nginx

scripts/nginx.conf

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
# Define a map to handle the allowed origins
2+
map $http_origin $cors_origin {
3+
default "https://lzwjava.xyz";
4+
"http://localhost:3000" "http://localhost:3000";
5+
"https://lzwjava.xyz" "https://lzwjava.xyz";
6+
"https://www.lzwjava.xyz" "https://www.lzwjava.xyz";
7+
}
8+
9+
# Redirect HTTP to HTTPS
10+
server {
11+
listen 80;
12+
server_name lzwjava.xyz api.lzwjava.xyz;
13+
14+
return 301 https://$host$request_uri;
15+
}
16+
17+
# Main site configuration for lzwjava.xyz
18+
server {
19+
listen 443 ssl;
20+
listen [::]:443 ssl ipv6only=on; # managed by Certbot
21+
server_name lzwjava.xyz;
22+
23+
ssl_certificate /etc/letsencrypt/live/lzwjava.xyz/fullchain.pem; # managed by Certbot
24+
ssl_certificate_key /etc/letsencrypt/live/lzwjava.xyz/privkey.pem; # managed by Certbot
25+
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
26+
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
27+
28+
ssl_protocols TLSv1.2 TLSv1.3;
29+
ssl_prefer_server_ciphers on;
30+
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
31+
32+
root /home/project/web;
33+
index index.html index.htm index.php default.html default.htm default.php;
34+
35+
location / {
36+
try_files $uri $uri/ =404;
37+
}
38+
39+
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
40+
expires 30d;
41+
}
42+
43+
location ~ .*\.(js|css)?$ {
44+
expires 12h;
45+
}
46+
47+
error_page 404 /index.html;
48+
}
49+
50+
# API configuration for api.lzwjava.xyz
51+
server {
52+
listen 443 ssl;
53+
listen [::]:443 ssl ipv6only=on; # managed by Certbot
54+
server_name api.lzwjava.xyz;
55+
56+
ssl_certificate /etc/letsencrypt/live/lzwjava.xyz/fullchain.pem; # managed by Certbot
57+
ssl_certificate_key /etc/letsencrypt/live/lzwjava.xyz/privkey.pem; # managed by Certbot
58+
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
59+
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
60+
61+
ssl_protocols TLSv1.2 TLSv1.3;
62+
ssl_prefer_server_ciphers on;
63+
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
64+
65+
location / {
66+
# Clear any pre-existing Access-Control headers
67+
more_clear_headers 'Access-Control-Allow-Origin';
68+
69+
# Handle CORS preflight requests
70+
if ($request_method = 'OPTIONS') {
71+
add_header 'Access-Control-Allow-Origin' $cors_origin;
72+
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
73+
add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Client-Info, X-Trace-Id, X-Requested-With, X-HTTP-Method-Override, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Range, Range';
74+
add_header 'Access-Control-Max-Age' 3600;
75+
return 204;
76+
}
77+
78+
add_header 'Access-Control-Allow-Origin' $cors_origin always;
79+
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
80+
add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Client-Info, X-Trace-Id, X-Requested-With, X-HTTP-Method-Override, DNT, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Content-Range, Range' always;
81+
82+
proxy_pass http://127.0.0.1:5000/;
83+
proxy_set_header Host $host;
84+
proxy_set_header X-Real-IP $remote_addr;
85+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
86+
proxy_set_header X-Forwarded-Proto $scheme;
87+
proxy_connect_timeout 600s;
88+
proxy_send_timeout 600s;
89+
proxy_read_timeout 600s;
90+
send_timeout 600s;
91+
}
92+
}

0 commit comments

Comments
 (0)