nasp.ob.ac.cn -> nasp.fit

This commit is contained in:
Dict Xiong 2024-04-16 00:36:48 +08:00
parent 8f8e3eda4d
commit 8ecf30dfc6
33 changed files with 842 additions and 30 deletions

View File

@ -1,3 +1,5 @@
127.0.0.1 localhost
127.0.1.1 g18-nasp
192.168.16.201 sir1.ibd.ink 192.168.16.201 sir1.ibd.ink
192.168.16.101 g1-nasp g1 192.168.16.101 g1-nasp g1
192.168.16.102 g2-nasp g2 192.168.16.102 g2-nasp g2
@ -16,6 +18,15 @@
192.168.16.115 g15-nasp g15 192.168.16.115 g15-nasp g15
192.168.16.116 g16-nasp g16 192.168.16.116 g16-nasp g16
192.168.16.117 g17-nasp g17 192.168.16.117 g17-nasp g17
192.168.16.118 g18-nasp g18 nasp.ob.ac.cn git.nasp.ob.ac.cn 192.168.16.118 g18-nasp g18 nasp.ob.ac.cn git.nasp.ob.ac.cn git.nasp.fit
192.168.16.119 g19-nasp g19 192.168.16.119 g19-nasp g19
192.168.16.2 g20-nasp g20 192.168.16.120 g20-nasp g20
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

View File

@ -1,13 +1,18 @@
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_session_timeout 1d;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# 'always' requires nginx >= 1.7.5, see http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
ssl_session_tickets off; ssl_session_tickets off;
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx >= 1.3.7 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
# resolver $DNS-IP-1 $DNS-IP-2 valid=300s; ssl_dhparam ffdhe2048.txt;
# resolver_timeout 5s;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

View File

@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

View File

@ -0,0 +1,26 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

View File

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

View File

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

View File

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip2.conf

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-image-filter.conf

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-mail.conf

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream.conf

View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip2.conf

View File

@ -0,0 +1,83 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

View File

@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

View File

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

View File

@ -1,8 +1,23 @@
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
listen 443 http2 ssl default_server;
listen [::]:443 http2 ssl default_server;
server_name _;
return 404; include enable-ssl.conf;
include ssl-for-nasp_fit.conf;
location / {
return 404;
}
}
server {
listen 80;
listen [::]:80;
server_name git.ob.ac.cn git.nasp.ob.ac.cn;
return 301 https://git.nasp.fit$request_uri;
} }
server { server {
@ -10,10 +25,10 @@ server {
listen [::]:80; listen [::]:80;
listen 443 http2 ssl; listen 443 http2 ssl;
listen [::]:443 http2 ssl; listen [::]:443 http2 ssl;
server_name git.nasp.ob.ac.cn; server_name git.nasp.fit;
include enable-ssl.conf; include enable-ssl.conf;
include ssl-for-git_nasp_ob_ac_cn.conf; include ssl-for-nasp_fit.conf;
location / { location / {
client_max_body_size 100G; client_max_body_size 100G;
@ -30,10 +45,10 @@ server {
listen [::]:80; listen [::]:80;
listen 443 http2 ssl; listen 443 http2 ssl;
listen [::]:443 http2 ssl; listen [::]:443 http2 ssl;
server_name nasp.ob.ac.cn; server_name status.nasp.fit;
include enable-ssl.conf; include enable-ssl.conf;
include ssl-for-nasp_ob_ac_cn.conf; include ssl-for-nasp_fit.conf;
location / { location / {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -44,4 +59,45 @@ server {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
} }
location /mirrors {
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;
add_header Cache-Control no-cache;
root /data0/public;
index index.html;
}
}
server {
listen 80;
listen [::]:80;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name grafana.nasp.fit;
include enable-ssl.conf;
include ssl-for-nasp_fit.conf;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://localhost:3002;
}
}
server {
listen 80;
server_name 192.168.16.*;
root /data0/public;
index index.html;
location / {
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;
add_header Cache-Control no-cache;
}
} }

View File

@ -0,0 +1 @@
/etc/nginx/sites-available/default

View File

@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;

View File

@ -0,0 +1,5 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEnDCCA4SgAwIBAgIUKPhke/gv8SS+j8VtdsHUM6tc+KAwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MB4XDTI0MDQxNTE2MDMwMFoXDTM5MDQxMjE2MDMwMFowYjEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMMR0kzpSFDWYngDXHAZuOfGrgCphDG8yrw8
tcte96ntnSoowrDyNHg5jcLnup53Bit06BKSPwLjxhmMMZzwvZpQAB1CvHNyr59g
mQBxdTPyY8oL+NrE4pVuzL75Ju0zJtz5UDeW/Me7vHN3vuW63jzTE/8qS4Ef2gjY
N9G00/NBMtgOTvHbP4gkkpWBHc7W8u8CSJU76wl+SSuekXjQRcs3z1zsTOUFJ4Ex
fzAt0lwmOjT2pVqpXcyCaNt6AlBreMMAv0/cLzEPNKopkWhrTpKU/rjQUoVQu7Gf
Zds+hgfpHSpTMwZnrKOCLlT/Fh6JSwn+nQIkQcjjk3bk5UVSeQIDAQABo4IBHjCC
ARowDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTEtFnT5lDM1y6lyi785r839s/EbDAf
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
YTAfBgNVHREEGDAWggoqLm5hc3AuZml0gghuYXNwLmZpdDA4BgNVHR8EMTAvMC2g
K6AphidodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29tL29yaWdpbl9jYS5jcmwwDQYJ
KoZIhvcNAQELBQADggEBAGuPEGBv8f1pOysC80t9nBJ84P4jx7NgAKRtmln/s5+s
3WUQgZQ9snvkjTu9JHWR0PjGKDM/9qmXPrSjdd7So4jQ37dd3/IAfiY9APyxxKAx
7nzsd839NPlhN7GCD+B1XzjEOVNIjO2noCLfuQuwKBOG2G7rQ/hwD62wa9kbYSGz
zFw/4vp1hUIQpvA/jSRw0eYjD1Ld7XjDyFam3yvN+t6jl7pHdwRmYW3bhHOuLk5n
kOiC/OjatrxiBDDYGTnGge3+coiWpuLOa99Qjl65G7cc6uHYitQ4Q2HCdOFlMw2o
HSZ+6Odtp4LqKaNba8LvILcnIS//WavBS4rGKl1I9/U=
-----END CERTIFICATE-----

View File

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMwxHSTOlIUNZi
eANccBm458auAKmEMbzKvDy1y173qe2dKijCsPI0eDmNwue6nncGK3ToEpI/AuPG
GYwxnPC9mlAAHUK8c3Kvn2CZAHF1M/Jjygv42sTilW7Mvvkm7TMm3PlQN5b8x7u8
c3e+5brePNMT/ypLgR/aCNg30bTT80Ey2A5O8ds/iCSSlYEdztby7wJIlTvrCX5J
K56ReNBFyzfPXOxM5QUngTF/MC3SXCY6NPalWqldzIJo23oCUGt4wwC/T9wvMQ80
qimRaGtOkpT+uNBShVC7sZ9l2z6GB+kdKlMzBmeso4IuVP8WHolLCf6dAiRByOOT
duTlRVJ5AgMBAAECggEAJxwwTHybx1AHbtXxAGg6BYchvA0M097jKk8Tgn7GlCQN
KmqJ0AwXqx12ksTyWYMYhWFqCkS30djFtEofbL+G/RQbKTZtj4y2kGRvATJkOWhz
aQuHx1/T4Np9iBaHBOAkF813wlJn4L7utSNR8TC0hWvVPlnL1JGkiZMMZ3cC5MOX
Xu8FJL06zcPePfgciluB8ki3nBWix+qiwci4AtMPNyU2B+zuamL4s/hZpyyk6FIr
x0zn6lQRMt+UEbmCFhZ8MhoK5V5/hJ5pdRcJHNUWqFZhl+9UhTNZ0xiXZE/41pet
y/hy54Fj/wXJuYq6jWmObPJdbA/pNc6IinhJe7T2fQKBgQD0gxc56uPNagEQsuJU
z44Ig0lfYACPf5PwpaMSgTbjy9kjhbZNXsY3fgaXffGTwGhtNuGNBP8PLzCqvpgm
dMzzInoOMSwwF8mBUXFO2Qxh/XPBrWVoHt8HaWwEZAoxY/X1iuo6ECSwWTqtg6GL
EeUQgcNrEVTuKgEEWJwdfMWZxQKBgQDWYeDS12vd6Emy9Hc52uYGAsCmLfsufJ6H
QS9qckRtnBhZgE088CB34bUuS1UQx0dkAlh0V9BCVMEdkL0VxLrMqOGqQf4LdksU
cISV0tWTn4S0DUrJsiq8jasWqSJA/YOAp3+/zrHE0KPnQ+un1hr497leyera6wYi
CGvDCXRFJQKBgFBJBwRWcyxMpULladmtORbkfOAbNrPnkR0QViZKVUqg8ZBvZDet
aeposCNoED2SjPdncNIMFO/Yb+Nwp6bg7TbcWDV2weqctOaIZmsca6t1PGAY3lY8
5MCbRgN/EbW7+9P/I/+is1lQQyscMJvoaU1tPkxWqYt2MVVK/x/Ti1J9AoGAYPrw
KJEZE860IEdk9AApVIjEO6jLWzE2ybrcR0wf1nHptftLdYivN2wceS/M8IUlr4E8
II1lAcyze7txPjq7wj+XrlyiHu9JcZqg7+Hrihd8gbMNpQZ7PMbdoaerfjjw1y9u
pAdN9dnoe4MHROqfUwdFjTLMknIFWTnz/cv2FB0CgYAtO00s6r2eHYKIpLnZwZjd
pZT9Ndy+Gtt65Ump640cl0LmsYuV+Fnzas7NpwmOWIhhCAJXQsYASNGvp3ArL/hA
ZvMyS+dpyuzhqvm0BnYXWs/Hl0jZGdnvjjz6c8xH3lnp6LJWkcaK4YHaFjHa3JR9
9BVWfjiFa2GJYayTn/XR7w==
-----END PRIVATE KEY-----

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDuTCCAqGgAwIBAgIUGoQwFSPLnjvCNk8IMIKS5Zf2sqcwDQYJKoZIhvcNAQEL
BQAwazELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0Jl
aWppbmcxDTALBgNVBAoMBE5BU1AxDzANBgNVBAsMBlNlcnZlcjEYMBYGA1UEAwwP
MjE5LjI0My4yMTUuMjAzMCAXDTIzMDgwMjA4MzIxOVoYDzIxMjMwNzA5MDgzMjE5
WjBrMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHQmVp
amluZzENMAsGA1UECgwETkFTUDEPMA0GA1UECwwGU2VydmVyMRgwFgYDVQQDDA8y
MTkuMjQzLjIxNS4yMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
JtJLHGk8ASW+mhZYVj/vRGc3DlEE0nBIiWHadgBuRutuiau86r7cDmcNikt0LVTj
nIdz1704cSVejRr4QKZZw0TAAiZpbaVk8PKIqO8ZeOgMojUcrHl1YqN2BPIA+Lg4
cgIm3ahWgNmA5a3sw8bDvBk82qpgYEBEbXJ28Mx+onu8COxx0YWWOYleVsgiuLlg
R/Z86egIAY4umLQaLScdMPtMdDoKRyjrHR2BU0SAlwTp9O7Pl5JMrPHA+jMcME17
LlLawpPXerfqT0tAud0b30CvF9viATlPEB6ysEn0OEOJhgpSM1El3djO63YqKty7
YlbeJ4YjGAGUs5rj6oBXAgMBAAGjUzBRMB0GA1UdDgQWBBRp4kiX+tNIA3YGdxK/
iOlU8/9xUzAfBgNVHSMEGDAWgBRp4kiX+tNIA3YGdxK/iOlU8/9xUzAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBEcZxoem+SdPeCm1SZYeKv4iO9
grHj8aJ3I5HsjCSfu+2itwcjcDWmeWEz+PWJzA8PC5RvO1jM/CTEp2fvK/7haHiT
42lbgQi4S0qSBDzwEsFMcQpDrqQuJfSHPlw1H36wgQmfzuBHdrndncRLHvvY/PaR
FVlj3IUpqyNWxX8pF4iTPMC6H7LEF/ncetQsPCUYx3JdyVgrrfc8279eglzAp3LT
3qNHrP1yQEUVJ4y7MwEZQiRzUdcnbeu499if332FffBlwwd9ylTo/uuODNHLYZgQ
MUX2Set2NWmQiEqIKFekyci2xrrWOTLpfeM52WYY+EkYBmwLJsk7Sbikpkpl
-----END CERTIFICATE-----

View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8JtJLHGk8ASW+
mhZYVj/vRGc3DlEE0nBIiWHadgBuRutuiau86r7cDmcNikt0LVTjnIdz1704cSVe
jRr4QKZZw0TAAiZpbaVk8PKIqO8ZeOgMojUcrHl1YqN2BPIA+Lg4cgIm3ahWgNmA
5a3sw8bDvBk82qpgYEBEbXJ28Mx+onu8COxx0YWWOYleVsgiuLlgR/Z86egIAY4u
mLQaLScdMPtMdDoKRyjrHR2BU0SAlwTp9O7Pl5JMrPHA+jMcME17LlLawpPXerfq
T0tAud0b30CvF9viATlPEB6ysEn0OEOJhgpSM1El3djO63YqKty7YlbeJ4YjGAGU
s5rj6oBXAgMBAAECggEAAQMwvQxk4wP+ogS7xlqPg2EHeqZHu83xaf2hOw12hXgs
iIaJxXxTHa9RV6EOZEcGTl/s3f5kx+rJPSafkoNDbdSZdMU4fx5VMvxqOhoijPBr
xZ5yCd+L7YkEbqNi642SISg9Hnz/gd4H8E9OQw2C2UT+0V1nUo7mpUsk775Wc4GM
a3v7sEJHIQfmFaFBegVV+Tnr6ipSSW1LvQ/cgBYuC5QmDSkPV1mWarkhp37yKbam
FWRTUTV6EuY0zDZilnv3jBa4336EDH3avgG285x6++oz1skVw+vGI/QBa3GMg8L6
frYv6FGT++ylOqwH+957Pd+XmnfHh3dk6ogs/ZzkgQKBgQD6lqOZ8mVw8xUvcYsq
G/aASJljnsYwmxZ9i92EXkFKocu2nUv6PIIR1K7IUpng04u2W4DfIoegcWcJPWYq
tK7dvyhfMaeogkvssAHo0nfuJcCJCRPjLAu0N8dACsO+RWK3kzplQXckwqiuBQho
vzAZNwZFkGiNRGcmRhxAWZ/3wQKBgQDANwFBSz4drYGKb369vbNzVeQaQSWjzKXD
Ep1o4opiBxv8daGRNtHxxFAQDHdL2FqgpzTcIUVrf9nrI2duBy8zh5Y59CIHv6Eo
as2t5dq3qlFXMocrpKNMxDpmmqWMK8/72qJUPsqk4W2XKWH0eigVXG6hzV0QCAM4
0YIVNyq+FwKBgQCtSFPzldouA/pHZ4XrZZDM3ucrK1UzsVsZEAnrid4uhLnBGv66
GPN87wy6O9xqyv6W6KmyI0eUXDb6/blTmMQ/VPvO8CBW91sXXhLD9B640ORWHq/g
7MlfIx8mmwsG3SZJeYbtFBsWkYFhbNuGy4awOQueOSEDZyTJI7xPh2qGQQKBgQC4
qN9SzCd7uYGW7nBTdtjcd+qw8l9n0qZ5FvwUlHcfn/bZ/mRerszZOKE2GdPOEKdY
aeqVhH09vlEr3hJymQJWve6r9Idw7D+2JY09gHI0OrL0U32ahwu/J1F32yAp3rls
GuoSh1SFPHDdZQtPJMA3bVp3pWS/jwMRZe1T1nEAtwKBgF0b/2/gMgpGh3jvSsYO
FjvuomloHdF/nIg9mdkCd7KqYJPVdpQlhtiVWyouZvXqvXmaJMGrXCl5ft94vln6
2YfWVX89Yca7kqfcnkz5TYRzd6C+x5mj/23MPk5s4CV/4OvJPbgfWmM15Ynv5pwS
+BpCph3rZ4Z2vt2b/GZK0LUC
-----END PRIVATE KEY-----

View File

@ -1,3 +0,0 @@
ssl_certificate /root/.acme.sh/git.nasp.ob.ac.cn/fullchain.cer;
ssl_certificate_key /root/.acme.sh/git.nasp.ob.ac.cn/git.nasp.ob.ac.cn.key;
ssl_trusted_certificate /root/.acme.sh/git.nasp.ob.ac.cn/git.nasp.ob.ac.cn.cer;

View File

@ -0,0 +1,3 @@
ssl_certificate /root/.acme.sh/git.nasp.fit/fullchain.cer;
ssl_certificate_key /root/.acme.sh/git.nasp.fit/git.nasp.fit.key;
ssl_trusted_certificate /root/.acme.sh/git.nasp.fit/git.nasp.fit.cer;

View File

@ -1,3 +1,2 @@
ssl_certificate /root/.acme.sh/nasp.ob.ac.cn/fullchain.cer; ssl_certificate "/etc/nginx/ssl-certs/cf.crt";
ssl_certificate_key /root/.acme.sh/nasp.ob.ac.cn/nasp.ob.ac.cn.key; ssl_certificate_key "/etc/nginx/ssl-certs/cf.key";
ssl_trusted_certificate /root/.acme.sh/nasp.ob.ac.cn/nasp.ob.ac.cn.cer;

View File

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

View File

@ -0,0 +1,125 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A; # single low-9 quotation mark
84 E2809E; # double low-9 quotation mark
85 E280A6; # ellipsis
86 E280A0; # dagger
87 E280A1; # double dagger
88 E282AC; # euro
89 E280B0; # per mille
91 E28098; # left single quotation mark
92 E28099; # right single quotation mark
93 E2809C; # left double quotation mark
94 E2809D; # right double quotation mark
95 E280A2; # bullet
96 E28093; # en dash
97 E28094; # em dash
99 E284A2; # trade mark sign
A0 C2A0; # &nbsp;
A1 D18E; # capital Byelorussian short U
A2 D19E; # small Byelorussian short u
A4 C2A4; # currency sign
A5 D290; # capital Ukrainian soft G
A6 C2A6; # borken bar
A7 C2A7; # section sign
A8 D081; # capital YO
A9 C2A9; # (C)
AA D084; # capital Ukrainian YE
AB C2AB; # left-pointing double angle quotation mark
AC C2AC; # not sign
AD C2AD; # soft hypen
AE C2AE; # (R)
AF D087; # capital Ukrainian YI
B0 C2B0; # &deg;
B1 C2B1; # plus-minus sign
B2 D086; # capital Ukrainian I
B3 D196; # small Ukrainian i
B4 D291; # small Ukrainian soft g
B5 C2B5; # micro sign
B6 C2B6; # pilcrow sign
B7 C2B7; # &middot;
B8 D191; # small yo
B9 E28496; # numero sign
BA D194; # small Ukrainian ye
BB C2BB; # right-pointing double angle quotation mark
BF D197; # small Ukrainian yi
C0 D090; # capital A
C1 D091; # capital B
C2 D092; # capital V
C3 D093; # capital G
C4 D094; # capital D
C5 D095; # capital YE
C6 D096; # capital ZH
C7 D097; # capital Z
C8 D098; # capital I
C9 D099; # capital J
CA D09A; # capital K
CB D09B; # capital L
CC D09C; # capital M
CD D09D; # capital N
CE D09E; # capital O
CF D09F; # capital P
D0 D0A0; # capital R
D1 D0A1; # capital S
D2 D0A2; # capital T
D3 D0A3; # capital U
D4 D0A4; # capital F
D5 D0A5; # capital KH
D6 D0A6; # capital TS
D7 D0A7; # capital CH
D8 D0A8; # capital SH
D9 D0A9; # capital SHCH
DA D0AA; # capital hard sign
DB D0AB; # capital Y
DC D0AC; # capital soft sign
DD D0AD; # capital E
DE D0AE; # capital YU
DF D0AF; # capital YA
E0 D0B0; # small a
E1 D0B1; # small b
E2 D0B2; # small v
E3 D0B3; # small g
E4 D0B4; # small d
E5 D0B5; # small ye
E6 D0B6; # small zh
E7 D0B7; # small z
E8 D0B8; # small i
E9 D0B9; # small j
EA D0BA; # small k
EB D0BB; # small l
EC D0BC; # small m
ED D0BD; # small n
EE D0BE; # small o
EF D0BF; # small p
F0 D180; # small r
F1 D181; # small s
F2 D182; # small t
F3 D183; # small u
F4 D184; # small f
F5 D185; # small kh
F6 D186; # small ts
F7 D187; # small ch
F8 D188; # small sh
F9 D189; # small shch
FA D18A; # small hard sign
FB D18B; # small y
FC D18C; # small soft sign
FD D18D; # small e
FE D18E; # small yu
FF D18F; # small ya
}

View File

@ -1,6 +1,7 @@
2c:ea:7f:ec:47:44 166.111.130.255 2c:ea:7f:ec:47:44 166.111.130.255
2c:ea:7f:ec:48:a0 166.111.130.255 2c:ea:7f:ec:48:a0 166.111.130.255
2c:ea:7f:ec:46:88 166.111.130.255 2c:ea:7f:ec:46:88 166.111.130.255
2c:ea:7f:ec:48:a1 192.168.16.255
2c:ea:7f:ec:47:44 192.168.16.255 2c:ea:7f:ec:47:44 192.168.16.255
2c:ea:7f:ec:48:a0 192.168.16.255 2c:ea:7f:ec:48:a0 192.168.16.255
2c:ea:7f:ec:46:88 192.168.16.255 2c:ea:7f:ec:46:88 192.168.16.255

View File

@ -75,10 +75,10 @@ insert_if_not_exist()
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename" grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
} }
cd /opt cd /opt
git clone https://git.nasp.ob.ac.cn/NASP/configurations git clone https://git.nasp.fit/NASP/configurations
insert_if_not_exist "/etc/crontab" "59 22 * * * root /opt/configurations/testbed/scripts/schedule-poweroff.sh" insert_if_not_exist "/etc/crontab" "59 22 * * * root /opt/configurations/testbed/scripts/schedule-poweroff.sh"
cd /opt cd /opt
git clone https://git.nasp.ob.ac.cn/NASP/registry git clone https://git.nasp.fit/NASP/registry
cd registry/scripts cd registry/scripts
./testbed_deploy.sh ./testbed_deploy.sh

View File

@ -53,9 +53,9 @@ if [[ "$ret" == "1" ]]; then
--device=/dev/infiniband/umad0 --device=/dev/infiniband/uverbs0" --device=/dev/infiniband/umad0 --device=/dev/infiniband/uverbs0"
fi fi
read -p "Image name (default: git.nasp.ob.ac.cn/nasp/nasp-ubuntu): " read -p "Image name (default: git.nasp.fit/nasp/nasp-ubuntu): "
if [[ -z "$REPLY" ]]; then if [[ -z "$REPLY" ]]; then
image_name="git.nasp.ob.ac.cn/nasp/nasp-ubuntu" image_name="git.nasp.fit/nasp/nasp-ubuntu"
else else
image_name="$REPLY" image_name="$REPLY"
fi fi