From bdb9a8bd21c0b682d9f58cca6000f17fa66bfe56 Mon Sep 17 00:00:00 2001
From: hitlerrip <git@hitler.rip>
Date: Fri, 19 Dec 2025 22:04:18 +0100
Subject: server proxy dns

- updated nginx config for dns proxy
- updated README.md
---
 server.sh | 155 ++++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 85 insertions(+), 70 deletions(-)

(limited to 'server.sh')

diff --git a/server.sh b/server.sh
index 1ce5d22..6d4dff7 100755
--- a/server.sh
+++ b/server.sh
@@ -124,84 +124,99 @@ sudo certbot --nginx
 	# web@hitler.rip
 	# Y
 	# N
-	# hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip
+	# hitler.rip www.hitler.rip links.hitler.rip oldgit.hitler.rip git.hitler.rip dns.hitler.rip search.hitler.rip
 sudo tee /etc/nginx/sites-available/default << EOF
 server {
-	if (\$host = hitler.rip) {
-		return 301 https://hitler.rip\$request_uri;
-	}
-	if (\$host = www.hitler.rip) {
-		return 301 https://hitler.rip\$request_uri;
-	}
-	if (\$host = links.hitler.rip) {
-		return 301 https://hitler.rip/links\$request_uri;
-	}
-	if (\$host = git.hitler.rip) {
-		return 301 https://git.hitler.rip\$request_uri;
-	}
-	if (\$host = search.hitler.rip) {
-		return 301 https://search.hitler.rip\$request_uri;
-	}
-	listen 80;
-	listen [::]:80;
-	serer_name hitler.rip www.hitler.rip links.hitler.rip git.hitler.rip search.hitler.rip;
-	return 301 https://hitler.rip\$request_uri;
+    if ($host = hitler.rip) {
+        return 301 https://hitler.rip$request_uri;
+    }
+    if ($host = www.hitler.rip) {
+        return 301 https://hitler.rip$request_uri;
+    }
+    if ($host = links.hitler.rip) {
+        return 301 https://hitler.rip/links$request_uri;
+    }
+    if ($host = oldgit.hitler.rip) {
+        return 301 https://git.hitler.rip$request_uri;
+    }
+    if ($host = git.hitler.rip) {
+        return 301 https://git.hitler.rip$request_uri;
+    }
+    if ($host = dns.hitler.rip) {
+        return 301 https://dns.hitler.rip$request_uri;
+    }
+    if ($host = search.hitler.rip) {
+        return 301 https://search.hitler.rip$request_uri;
+    }
+    listen 80;
+    listen [::]:80;
+    server_name hitler.rip www.hitler.rip links.hitler.rip oldgit.hitler.rip git.hitler.rip dns.hitler.rip search.hitler.rip;
+    return 301 https://hitler.rip$request_uri;
 }
 
 server {
-	server_name hitler.rip www.hitler.rip links.hitler.rip;
-
-	if (\$host = links.hitler.rip) {
-		return 301 https://hitler.rip/links\$request_uri;
-	}
-	if (\$host = www.hitler.rip) {
-		return 301 https://hitler.rip\$request_uri;
-	}
+    server_name hitler.rip www.hitler.rip links.hitler.rip;
+    if ($host = links.hitler.rip) {
+        return 301 https://hitler.rip/links$request_uri;
+    }
+    if ($host = www.hitler.rip) {
+        return 301 https://hitler.rip$request_uri;
+    }
+    root /srv/web;
+    index index.html;
+    error_page 404 /404.html;
+    location = /404.html { internal; }
+    location / {
+        try_files $uri $uri/ =404;
+    }
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
 
-	root /srv/web;
-	error_page 404 /404.html
-	location = /404.html { internal; }
-	index index.html;
-	location / {
-		try_files \$uri \$uri/ =404;
-	}
-	listen [::]:443 ssl;
-	listen 443 ssl;
-	ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+server {
+    server_name oldgit.hitler.rip git.hitler.rip;
+    root /usr/share/cgit;
+    try_files $uri @cgit;
+    location @cgit {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+        fastcgi_param PATH_INFO $uri;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param HTTP_HOST git.hitler.rip;
+        fastcgi_pass unix:/run/fcgiwrap.socket;
+    }
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
 
 server {
-	server_name git.hitler.rip;
-	root /usr/share/cgit;
-	try_files \$uri @cgit;
-	location @cgit {
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
-		fastcgi_param PATH_INFO \$uri;
-		fastcgi_param QUERY_STRING \$args;
-		fastcgi_param HTTP_HOST git.hitler.rip;
-		fastcgi_pass unix:/run/fcgiwrap.socket;
-	}
-	listen [::]:443 ssl;
-	listen 443 ssl;
-	ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    server_name dns.hitler.rip;
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    location / {
+        proxy_pass https://localhost:12221;
+    }
+    ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
 }
 
 server {
-	server_name search.hitler.rip;
-	root /srv/frontends/4get;
-	location @php {
+    server_name search.hitler.rip;
+    root /srv/frontends/4get;
+    location @php {
         try_files $uri.php $uri/index.php =404;
-        fastcgi_pass unix:/var/run/php/php-fpm.sock;
+	fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_intercept_errors on;
     }
     location / {
@@ -210,12 +225,12 @@ server {
     location ~* ^(.*)\.php$ {
         return 301 $1;
     }
-	listen [::]:443 ssl;
-	listen 443 ssl;
-	ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/hitler.rip/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hitler.rip/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
 EOF
 sudo mkdir -p /srv/web/
@@ -302,7 +317,7 @@ echo "[server] 4get server created. You may now edit the robots.txt, data/config
 echo "[server] setting up adguard home..."
 sudo apt install -y dnsutils
 curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
-echo "[server] finished setting up adguard home. allow port 3000 and run initial setup with admin panel set to appear on port 11211, then disallow port 3000 again. set log rotation to 7 days. enable encryption, https port 12221 tls port 853. make blocked dns queries return the IP adress of the host. add dns fallback servers. add filters, but allow google and piracy, ddns, bypassing and all tlds. also automate this ffs."
+echo "[server] finished setting up adguard home. allow port 3000 and run initial setup with admin panel set to appear on port 11211, then disallow port 3000 again. set log rotation to 7 days. enable encryption, set host, https port 12221 tls port 853. make blocked dns queries return the IP adress of the host. add dns fallback servers. add filters. also automate this ffs. block 12221 again as it's proxied to dns subdomain."
 
 echo "[server] configuring shell..."
 tee ~/.bash_aliases << EOF
-- 
cgit v1.2.3