Files
nginx-configs/nginx/nginx/sites-available/bots.conf
T
hikari fc252e28e2
Test nginx configuration / Static Analysis (push) Failing after 4s
Test nginx configuration / nginx Syntax Check (push) Successful in 20s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m8s
feat: block dotfile requests across all sites
Adds a deny-dotfiles snippet that returns 403 for any URI matching /\.
(e.g. .gitconfig, .env, .git/) and includes it in every server block.
2026-03-18 11:31:02 -07:00

273 lines
7.5 KiB
Plaintext

# Discord bots and automated services (one entry per bot, sorted alphabetically).
server {
listen 443 ssl;
server_name altaria.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/altaria.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/altaria.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6022;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name amari.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/amari.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amari.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7044;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name becca.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/becca.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/becca.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5010;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name caelia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/caelia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/caelia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7055;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name callista.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/callista.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/callista.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6111;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name chibika.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/chibika.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chibika.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5018;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name gwen.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/gwen.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gwen.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5012;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name keiko.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/keiko.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/keiko.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name liora.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/liora.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liora.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5022;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name maylin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/maylin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maylin.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5011;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name melody.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/melody.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/melody.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5443;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name pavelle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/pavelle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pavelle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6019;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name ruubot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4443;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name saisoku.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/saisoku.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/saisoku.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9100;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name serenya.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/serenya.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/serenya.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7066;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name sorielle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/sorielle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sorielle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5019;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name tyche.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/tyche.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tyche.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8123;
proxy_redirect off;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name umbrelle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/umbrelle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/umbrelle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6088;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name valerium.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/valerium.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/valerium.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3443;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name veluna.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/veluna.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/veluna.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6099;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}