From 602420f4dc5b99edd7bec4fe665a5b3a30af68d3 Mon Sep 17 00:00:00 2001 From: Kevin Midboe Date: Wed, 15 Jun 2022 15:27:27 +0000 Subject: [PATCH] All updated & new site configs --- sites-available/api.kevinmidboe.conf | 7 +- sites-available/brewpi.conf | 58 ++++ sites-available/castdeck.conf | 28 ++ sites-available/chatbot.kevinmidboe.conf | 5 +- sites-available/default | 176 ---------- sites-available/default.conf | 411 +++++++++++++++++++++++ sites-available/default.dpkg-dist | 91 +++++ sites-available/drone.conf | 24 ++ sites-available/elastic.conf | 170 ++++++++++ sites-available/elastic.kevinmidboe.conf | 63 ---- sites-available/fjordmap.conf | 39 +++ sites-available/grafana.conf | 43 +++ sites-available/hitler.conf | 29 ++ sites-available/hiveMonitor.conf | 27 ++ sites-available/leifsopplevelser.conf | 57 ++-- sites-available/lottis.conf | 140 ++++++++ sites-available/maps.conf | 43 +++ sites-available/mc.conf | 30 ++ sites-available/memestream.conf | 23 ++ sites-available/mondrian.conf | 29 ++ sites-available/planetposen.conf | 43 ++- sites-available/plex.conf | 25 ++ sites-available/proxmox.conf | 26 ++ sites-available/proxy.conf | 23 ++ sites-available/request.conf | 174 ++++++++++ sites-available/rerequest.conf | 112 ++++++ sites-available/ruterna.conf | 29 +- sites-available/schleppecloud.config | 81 +++++ sites-available/seasoned.conf | 87 +++++ sites-available/valg.conf | 26 ++ sites-available/vinlottis.conf | 57 ++++ sites-enabled/api.kevinmidboe.conf | 2 +- sites-enabled/brewpi.conf | 1 + sites-enabled/castdeck.conf | 1 + sites-enabled/chatbot.kevinmidboe.conf | 2 +- sites-enabled/default | 1 - sites-enabled/default.conf | 1 + sites-enabled/drone.conf | 1 + sites-enabled/elastic.conf | 1 + sites-enabled/elastic.kevinmidboe.conf | 1 - sites-enabled/fjordmap.conf | 1 + sites-enabled/grafana.conf | 1 + sites-enabled/hitler.conf | 1 + sites-enabled/hiveMonitor.conf | 1 + sites-enabled/leifsopplevelser.conf | 2 +- sites-enabled/lottis.conf | 1 + sites-enabled/maps.conf | 1 + sites-enabled/mc.conf | 1 + sites-enabled/memetream.conf | 1 + sites-enabled/mondrian.conf | 1 + sites-enabled/plex.conf | 1 + sites-enabled/proxmox.conf | 1 + sites-enabled/request.conf | 1 + sites-enabled/ruterna.conf | 2 +- sites-enabled/schleppecloud.config | 1 + sites-enabled/textbars.app.conf | 1 - sites-enabled/vinlottis.conf | 1 + 57 files changed, 1910 insertions(+), 296 deletions(-) create mode 100644 sites-available/brewpi.conf create mode 100644 sites-available/castdeck.conf delete mode 100644 sites-available/default create mode 100644 sites-available/default.conf create mode 100644 sites-available/default.dpkg-dist create mode 100644 sites-available/drone.conf create mode 100644 sites-available/elastic.conf delete mode 100644 sites-available/elastic.kevinmidboe.conf create mode 100644 sites-available/fjordmap.conf create mode 100644 sites-available/grafana.conf create mode 100644 sites-available/hitler.conf create mode 100644 sites-available/hiveMonitor.conf create mode 100644 sites-available/lottis.conf create mode 100644 sites-available/maps.conf create mode 100644 sites-available/mc.conf create mode 100644 sites-available/memestream.conf create mode 100644 sites-available/mondrian.conf create mode 100644 sites-available/plex.conf create mode 100644 sites-available/proxmox.conf create mode 100644 sites-available/proxy.conf create mode 100644 sites-available/request.conf create mode 100644 sites-available/rerequest.conf create mode 100644 sites-available/schleppecloud.config create mode 100644 sites-available/seasoned.conf create mode 100644 sites-available/valg.conf create mode 100644 sites-available/vinlottis.conf create mode 120000 sites-enabled/brewpi.conf create mode 120000 sites-enabled/castdeck.conf delete mode 120000 sites-enabled/default create mode 120000 sites-enabled/default.conf create mode 120000 sites-enabled/drone.conf create mode 120000 sites-enabled/elastic.conf delete mode 120000 sites-enabled/elastic.kevinmidboe.conf create mode 120000 sites-enabled/fjordmap.conf create mode 120000 sites-enabled/grafana.conf create mode 120000 sites-enabled/hitler.conf create mode 120000 sites-enabled/hiveMonitor.conf create mode 120000 sites-enabled/lottis.conf create mode 120000 sites-enabled/maps.conf create mode 120000 sites-enabled/mc.conf create mode 120000 sites-enabled/memetream.conf create mode 120000 sites-enabled/mondrian.conf create mode 120000 sites-enabled/plex.conf create mode 120000 sites-enabled/proxmox.conf create mode 120000 sites-enabled/request.conf create mode 120000 sites-enabled/schleppecloud.config delete mode 120000 sites-enabled/textbars.app.conf create mode 120000 sites-enabled/vinlottis.conf diff --git a/sites-available/api.kevinmidboe.conf b/sites-available/api.kevinmidboe.conf index f26683a..2fe6403 100644 --- a/sites-available/api.kevinmidboe.conf +++ b/sites-available/api.kevinmidboe.conf @@ -5,9 +5,8 @@ server { listen [::]:443 ssl http2; server_name api.kevinmidboe.com; - - ssl_certificate /etc/letsencrypt/live/api.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.kevinmidboe.com/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/api.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.kevinmidboe.com-0001/privkey.pem; # managed by Certbot location /files { alias /var/Www/public_files; @@ -34,4 +33,6 @@ server { proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } + + } diff --git a/sites-available/brewpi.conf b/sites-available/brewpi.conf new file mode 100644 index 0000000..b016098 --- /dev/null +++ b/sites-available/brewpi.conf @@ -0,0 +1,58 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name brew.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://brewpi.schleppe:5000; + } + ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot + +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name beer.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://brewpi.schleppe:5000; + } + + ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/castdeck.conf b/sites-available/castdeck.conf new file mode 100644 index 0000000..8281043 --- /dev/null +++ b/sites-available/castdeck.conf @@ -0,0 +1,28 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name castdeck.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://castdeck.schleppe:80; + } + + ssl_certificate /etc/letsencrypt/live/castdeck.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/castdeck.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/chatbot.kevinmidboe.conf b/sites-available/chatbot.kevinmidboe.conf index 69e8d3c..a8afffa 100644 --- a/sites-available/chatbot.kevinmidboe.conf +++ b/sites-available/chatbot.kevinmidboe.conf @@ -5,7 +5,8 @@ server { location / { proxy_pass http://localhost:31458; } + ssl_certificate /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + - ssl_certificate /etc/letsencrypt/live/chatbot.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/chatbot.kevinmidboe.com/privkey.pem; # managed by Certbot } diff --git a/sites-available/default b/sites-available/default deleted file mode 100644 index 96d2029..0000000 --- a/sites-available/default +++ /dev/null @@ -1,176 +0,0 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - - - -# Default should define all the routes to upgrade to https and global rules! - -server { - listen 80 default_server; - listen [::]:80 default_server; - server_name *.leifsopplevelser.no ruterna.no textbars.app *.kevinmidboe.com kevinmidboe.com; - return 302 https://$host$request_uri; - - -} - -server { - listen 443; - server_name sonarr.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.102:8989; - } - - ssl_certificate /etc/letsencrypt/live/sonarr.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/sonarr.kevinmidboe.com/privkey.pem; # managed by Certbot -} - -server { - listen 443; - server_name tau.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.44:8181; - } - - ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com/privkey.pem; # managed by Certbot -} - -server { - listen 443; - server_name xoa.kevinmidboe.com; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Proxy configuration - proxy_pass http://10.0.0.43/; - - proxy_http_version 1.1; - proxy_set_header Connection "upgrade"; - proxy_set_header Upgrade $http_upgrade; - - proxy_redirect default; - - # Issue https://github.com/vatesfr/xen-orchestra/issues/1471 - proxy_read_timeout 1800; # Error will be only every 30m - - # For the VM import feature, this size must be larger than the file we want to upload. - # Without a proper value, nginx will have error "client intended to send too large body" - client_max_body_size 4G; - } - - ssl_certificate /etc/letsencrypt/live/xoa.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/xoa.kevinmidboe.com/privkey.pem; # managed by Certbot -} - - -server { - listen 443; - - server_name dev.kevinmidboe.com; - - location / { - proxy_pass http://localhost:11001; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } -} - - - -server { - listen 443; - listen [::]:443; - - server_name kevinmidboe.com; - root /usr/share/nginx/html/; - - - location /jobb { - index index.html; - } - - location /km { - index index.html plex.html; - } - - - location /seasoned { - index index.html verified.html; - } - - location /seasonedUI { - index index.html; - } - - location /vibrate { - index index.html; - } - - - location /assets { - alias /www/data/assets; - autoindex on; - } - - location /clipboard { - index index.html; - } - - location /shows { -if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "https://kevinmidboe.com"; - add_header Access-Control-Allow-Methods "GET, OPTIONS, POST"; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - return 200; - } - proxy_pass http://10.0.0.115:9301; - } - - location / { - proxy_pass http://localhost:5000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - error_page 502 /502.html; - location = /502.html { - root /home/kevin; - } - ssl_certificate /etc/letsencrypt/live/kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com/privkey.pem; # managed by Certbot -} - diff --git a/sites-available/default.conf b/sites-available/default.conf new file mode 100644 index 0000000..6a5d993 --- /dev/null +++ b/sites-available/default.conf @@ -0,0 +1,411 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + if ($host = es.schleppe.cloud) { + return 301 https://$host$request_uri; + } # managed by Certbot + + if ($host = elastic.schleppe.cloud) { + return 301 https://$host$request_uri; + } # managed by Certbot + + if ($host = elastic.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = blog.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = vinlottis.no) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = seasoned.show) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = ruterna.no) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = request.movie) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = planetposen.no) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = upload.leifsopplevelser.no) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = api.leifsopplevelser.no) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = knowit.vin) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = xoa.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = tau.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = sonarr.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = planet.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = kibana.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = dev.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = chatbot.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = api.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = hitler.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = proxy.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + if ($host = prox.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + if ($host = memestream.schleppe.cloud) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + if ($host = drone.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + +listen 80 default_server; +listen [::]:80 default_server; +server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin vinlottis.no seasoned.show request.movie; +return 302 https://$host$request_uri; + + +} + +server { + listen 443; + server_name sonarr.kevinmidboe.com; + + location / { + proxy_pass http://10.0.0.51:8989; + } + ssl_certificate /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + + +} + +server { + listen 443; + server_name tau.kevinmidboe.com; + + location / { + proxy_pass http://10.0.0.51:8181; + } + ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + + +} + +server { + listen 443; + server_name xoa.kevinmidboe.com; + + location / { + auth_basic "User authentication"; + auth_basic_user_file /etc/apache2/.htpasswd; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + +# Proxy configuration + proxy_pass http://10.0.0.43/; + + proxy_http_version 1.1; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + + proxy_redirect default; + +# Issue https://github.com/vatesfr/xen-orchestra/issues/1471 + proxy_read_timeout 1800; # Error will be only every 30m + +# For the VM import feature, this size must be larger than the file we want to upload. +# Without a proper value, nginx will have error "client intended to send too large body" + client_max_body_size 4G; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot + +} + + +server { + listen 443; + + server_name dev.kevinmidboe.com; + + location / { + proxy_pass http://localhost:11001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + ssl_certificate /etc/letsencrypt/live/dev.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dev.kevinmidboe.com/privkey.pem; # managed by Certbot + +} + + +server { + listen 443 http2; + listen [::]:443 http2; + + server_name blog.kevinmidboe.com; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://10.0.0.59:80; + } + + ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot +} + +server { + listen 443 http2; + listen [::]:443 http2; + + server_name bookit.schleppe.cloud; + root /usr/share/nginx/html/Bookit-Frontend/build; + + location / { + index index.html; + } + + ssl_certificate /etc/letsencrypt/live/bookit.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/bookit.schleppe.cloud/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name kevinmidboe.com; + root /usr/share/nginx/html/; + + + location /jobb { + index index.html; + } + + location /km { + index index.html plex.html; + } + + + location /seasoned { + index index.html verified.html; + } + + location /seasonedUI { + index index.html; + } + + location /vibrate { + index index.html; + } + + + location /assets { + alias /www/data/assets; + autoindex on; + } + + location /clipboard { + index index.html; + } + + location /cubewave { + alias /home/kevin/cubewave; + index index.html; + } + + location /bookit { + alias /home/kevin/Bookit-Frontend/build; + index index.html; + } + + location /klp { + index index.html; + } + +location /kurs { + alias /usr/share/nginx/html/kurs; +} + + location /camera { + alias /usr/share/nginx/html/camera/dist/; + index index.html; + } + + location /shows { + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "https://kevinmidboe.com"; + add_header Access-Control-Allow-Methods "GET, OPTIONS, POST"; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + return 200; + } + + proxy_pass http://10.0.0.115:9301; + } + + + location /api { +# if ($request_method = OPTIONS) { +# return 204; +# } + + +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto https; +# proxy_set_header X-Forwarded-for 'request.movie'; + proxy_set_header X-Forwarded-for $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-for 'request.movie'; +# add_header X-Forwarded-for 'request.movie'; + +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_pass_header Set-Cookie; +# proxy_cache_bypass $http_upgrade; + proxy_http_version 1.1; +# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; +# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; +# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; +# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; + +# proxy_set_header Origin 'https://request.movie'; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://seasoned.schleppe:31459; + +# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; +# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; +# add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + + + location / { + proxy_pass http://10.0.0.54:5000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + error_page 502 /502.html; + location = /502.html { + root /home/kevin; + } + ssl_certificate /etc/letsencrypt/live/kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com-0001/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/default.dpkg-dist b/sites-available/default.dpkg-dist new file mode 100644 index 0000000..c5af914 --- /dev/null +++ b/sites-available/default.dpkg-dist @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/sites-available/drone.conf b/sites-available/drone.conf new file mode 100644 index 0000000..cc8fff4 --- /dev/null +++ b/sites-available/drone.conf @@ -0,0 +1,24 @@ + +server { +# auth_basic "Drone admin access"; +# auth_basic_user_file /etc/nginx/.htpasswd; + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name drone.schleppe.cloud; + + location / { + proxy_pass http://10.0.0.62:80; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + ssl_certificate /etc/letsencrypt/live/drone.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/drone.schleppe.cloud/privkey.pem; # managed by Certbot + +} diff --git a/sites-available/elastic.conf b/sites-available/elastic.conf new file mode 100644 index 0000000..dfd5d55 --- /dev/null +++ b/sites-available/elastic.conf @@ -0,0 +1,170 @@ + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name kibana.schleppe.cloud; + + location /ui { + add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud'; + proxy_pass http://10.0.0.55:5601/ui; + } + + location /app/visualize { + add_header 'Access-Control-Allow-Origin' 'brew.schleppe.cloud'; + proxy_pass http://10.0.0.55:5601/app/visualize; + } + + location / { + auth_basic "Administrator's Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + + add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud'; + proxy_pass http://10.0.0.55:5601; + } + + ssl_certificate /etc/letsencrypt/live/kibana.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kibana.schleppe.cloud/privkey.pem; # managed by Certbot +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name elastic.schleppe.cloud; + + location / { + add_header 'Access-Control-Allow-Origin' '*'; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; + add_header 'Content-Type' 'application/json; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + resolver 10.0.0.72; + proxy_pass http://elastic.schleppe:9200; + } + ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud-0001/privkey.pem; # managed by Certbot + +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name es.schleppe.cloud; + + location / { + add_header 'Access-Control-Allow-Origin' '*'; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; + add_header 'Content-Type' 'application/json; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + resolver 10.0.0.72; + proxy_pass http://elastic.schleppe:9200; + } + + ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud/privkey.pem; # managed by Certbot +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name elastic.kevinmidboe.com; + + location / { + add_header 'Access-Control-Allow-Origin' '*'; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; + add_header 'Content-Type' 'application/json; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + resolver 10.0.0.72; + proxy_pass http://elastic.schleppe:9200; + } + ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/privkey.pem; # managed by Certbot +} diff --git a/sites-available/elastic.kevinmidboe.conf b/sites-available/elastic.kevinmidboe.conf deleted file mode 100644 index 546d9ef..0000000 --- a/sites-available/elastic.kevinmidboe.conf +++ /dev/null @@ -1,63 +0,0 @@ - - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name kibana.kevinmidboe.com; - - location / { - - proxy_pass http://10.0.0.115:5601; - } - - ssl_certificate /etc/letsencrypt/live/kibana.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/kibana.kevinmidboe.com/privkey.pem; # managed by Certbot -} - - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name elastic.kevinmidboe.com; - - location / { - add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; - add_header 'Content-Type' 'application/json; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - proxy_pass http://10.0.0.115:9301; - } - - ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com/privkey.pem; # managed by Certbot -} diff --git a/sites-available/fjordmap.conf b/sites-available/fjordmap.conf new file mode 100644 index 0000000..e5826ad --- /dev/null +++ b/sites-available/fjordmap.conf @@ -0,0 +1,39 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name fjordmap.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'fjordmap.schleppe.cloud'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header HTTPS YES; + fastcgi_param HTTPS on; + fastcgi_param HTTP_HTTPS on; + fastcgi_param REQUEST_SCHEME https; + fastcgi_param SERVER_PORT 443; + + resolver 10.0.0.72; + proxy_pass http://fjordmap.schleppe$request_uri; + } + + ssl_certificate /etc/letsencrypt/live/fjordmap.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/fjordmap.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/grafana.conf b/sites-available/grafana.conf new file mode 100644 index 0000000..d076319 --- /dev/null +++ b/sites-available/grafana.conf @@ -0,0 +1,43 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + listen 443; + listen [::]:443; + + server_name grafana.schleppe.cloud; + location / { + proxy_http_version 1.1; + + proxy_set_header X-Forwarded-Host grafana.schleppe.cloud; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://grafana.schleppe:3000; + } + + ssl_certificate /etc/letsencrypt/live/grafana.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/grafana.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/hitler.conf b/sites-available/hitler.conf new file mode 100644 index 0000000..183e385 --- /dev/null +++ b/sites-available/hitler.conf @@ -0,0 +1,29 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name hitler.kevinmidboe.com; + + gzip on; + gzip_types application/json; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'hitler.kevinmidboe.com'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://10.0.0.66:8080; + } + ssl_certificate /etc/letsencrypt/live/hitler.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/hitler.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + + +} + + diff --git a/sites-available/hiveMonitor.conf b/sites-available/hiveMonitor.conf new file mode 100644 index 0000000..2f44440 --- /dev/null +++ b/sites-available/hiveMonitor.conf @@ -0,0 +1,27 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name rosendal.buzz; + + gzip on; + gzip_types application/json; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'rosendal.buzz'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://localhost:30040; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot + +} + diff --git a/sites-available/leifsopplevelser.conf b/sites-available/leifsopplevelser.conf index 5186e71..50daae0 100644 --- a/sites-available/leifsopplevelser.conf +++ b/sites-available/leifsopplevelser.conf @@ -1,47 +1,50 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name api.leifsopplevelser.no; + server_name api.leifsopplevelser.no; + + location / { + proxy_pass http://localhost:30021; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot - location / { - proxy_pass http://localhost:30021; - } - ssl_certificate /etc/letsencrypt/live/api.leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.leifsopplevelser.no/privkey.pem; # managed by Certbot } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name upload.leifsopplevelser.no; + server_name upload.leifsopplevelser.no; + + location / { + proxy_pass http://localhost:30022; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot - location / { - proxy_pass http://localhost:30022; - } - ssl_certificate /etc/letsencrypt/live/upload.leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/upload.leifsopplevelser.no/privkey.pem; # managed by Certbot } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name leifsopplevelser.no; + server_name leifsopplevelser.no; - location /assets { - root /home/kevin/leifs-image-processor; - } + location /assets { + root /home/kevin/leifs-image-processor; + } + + location / { + proxy_pass http://localhost:30020; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot - location / { - proxy_pass http://localhost:30020; - } - ssl_certificate /etc/letsencrypt/live/leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/leifsopplevelser.no/privkey.pem; # managed by Certbot } diff --git a/sites-available/lottis.conf b/sites-available/lottis.conf new file mode 100644 index 0000000..f84aea3 --- /dev/null +++ b/sites-available/lottis.conf @@ -0,0 +1,140 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name lottis.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'lottis.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://vinlottis.schleppe:30030; + } + + ssl_certificate /etc/letsencrypt/live/lottis.vin-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/lottis.vin-0001/privkey.pem; # managed by Certbot +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name beta.lottis.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'beta.lottis.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://vinlottis-beta.schleppe:30030; + } + ssl_certificate /etc/letsencrypt/live/beta.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot + +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name kxo.lottis.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'lottis.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://vinlottis.schleppe:30030; + } + + ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kxo.lottis.vin/privkey.pem; # managed by Certbot +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name aller.lottis.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'lottis.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://allerlottis.schleppe:30030; + } + + + ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/aller.lottis.vin/privkey.pem; # managed by Certbot +} + + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name aller.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'aller.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://allerlottis.schleppe:30030; + } + ssl_certificate /etc/letsencrypt/live/aller.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/aller.vin/privkey.pem; # managed by Certbot + +} diff --git a/sites-available/maps.conf b/sites-available/maps.conf new file mode 100644 index 0000000..9a0698f --- /dev/null +++ b/sites-available/maps.conf @@ -0,0 +1,43 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + listen 443; + listen [::]:443; + + server_name maps.schleppe.cloud; + location / { + proxy_http_version 1.1; + + proxy_set_header X-Forwarded-Host maps.schleppe.cloud; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://mosaic.schleppe:3650; + } + + ssl_certificate /etc/letsencrypt/live/maps.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/maps.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/mc.conf b/sites-available/mc.conf new file mode 100644 index 0000000..6d0f726 --- /dev/null +++ b/sites-available/mc.conf @@ -0,0 +1,30 @@ + +server { + server_name mc.kevinmidboe.com; + + location / { + proxy_pass http://10.0.0.65:25565; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/mc.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mc.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + +server { + if ($host = mc.kevinmidboe.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name mc.kevinmidboe.com; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/sites-available/memestream.conf b/sites-available/memestream.conf new file mode 100644 index 0000000..93d1037 --- /dev/null +++ b/sites-available/memestream.conf @@ -0,0 +1,23 @@ + +server { + listen 443 http2; + listen [::]:443 http2; + + server_name memestream.schleppe.cloud; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://memestream.schleppe:80; + } + + ssl_certificate /etc/letsencrypt/live/memestream.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/memestream.schleppe.cloud/privkey.pem; # managed by Certbot +} + + diff --git a/sites-available/mondrian.conf b/sites-available/mondrian.conf new file mode 100644 index 0000000..cae6f37 --- /dev/null +++ b/sites-available/mondrian.conf @@ -0,0 +1,29 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name mondrian.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + + proxy_pass http://mondrian.schleppe:3000; + } + + ssl_certificate /etc/letsencrypt/live/mondrian.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mondrian.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/planetposen.conf b/sites-available/planetposen.conf index b9bd100..e027da3 100644 --- a/sites-available/planetposen.conf +++ b/sites-available/planetposen.conf @@ -1,28 +1,39 @@ server { - listen 443 http2; - listen [::]:443 http2; + listen 443 http2; + listen [::]:443 http2; - server_name planetposen.no; + server_name planetposen.no; + + location / { + root /opt/planetposen-original/; + autoindex on; + } + ssl_certificate /etc/letsencrypt/live/planetposen.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/planetposen.no-0001/privkey.pem; # managed by Certbot - location / { - root /opt/planetposen/; - } - ssl_certificate /etc/letsencrypt/live/planetposen.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/planetposen.no/privkey.pem; # managed by Certbot } server { - listen 443 http2; - listen [::]:443 http2; + listen 443 http2; + listen [::]:443 http2; - server_name planet.kevinmidboe.com; + server_name planet.schleppe.cloud; - location / { - root /opt/planetposen/; - } - ssl_certificate /etc/letsencrypt/live/planet.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/planet.kevinmidboe.com/privkey.pem; # managed by Certbot + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://planetposen.schleppe:30010; + } + + ssl_certificate /etc/letsencrypt/live/planet.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/planet.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/plex.conf b/sites-available/plex.conf new file mode 100644 index 0000000..3d7221a --- /dev/null +++ b/sites-available/plex.conf @@ -0,0 +1,25 @@ + +server { + listen 443; + server_name sonarr.schleppe.cloud; + + location / { + proxy_pass http://blex.schleppe:8989; + } + + ssl_certificate /etc/letsencrypt/live/sonarr.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/sonarr.schleppe.cloud/privkey.pem; # managed by Certbot +} + +server { + listen 443; + server_name tau.schleppe.cloud; + + location / { + proxy_pass http://blex.schleppe:8181; + } + + ssl_certificate /etc/letsencrypt/live/tau.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tau.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/proxmox.conf b/sites-available/proxmox.conf new file mode 100644 index 0000000..bdd0090 --- /dev/null +++ b/sites-available/proxmox.conf @@ -0,0 +1,26 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name prox.kevinmidboe.com; + + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + add_header X-Frame-Options SAMEORIGIN; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + auth_basic "User authentication"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://10.0.0.80:8006; + } + ssl_certificate /etc/letsencrypt/live/prox.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/prox.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + + +} + diff --git a/sites-available/proxy.conf b/sites-available/proxy.conf new file mode 100644 index 0000000..e01dfc4 --- /dev/null +++ b/sites-available/proxy.conf @@ -0,0 +1,23 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name proxy.kevinmidboe.com; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://localhost:30030; + } + + ssl_certificate /etc/letsencrypt/live/proxy.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/proxy.kevinmidboe.com/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/request.conf b/sites-available/request.conf new file mode 100644 index 0000000..8cdb923 --- /dev/null +++ b/sites-available/request.conf @@ -0,0 +1,174 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + listen 443; + listen [::]:443; + + server_name request.movie; + + location /api { +# if ($request_method = OPTIONS) { +# return 204; +# } + + +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; +# add_header X-Forwarded-for 'request.movie'; + +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_pass_header Set-Cookie; +# proxy_cache_bypass $http_upgrade; + proxy_http_version 1.1; +# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; +# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; +# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; +# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; + +# proxy_set_header Origin 'https://request.movie'; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://seasoned.schleppe:31459; + +# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; +# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; +# add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + + location / { +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-Proto https; +# proxy_set_header X-Forwarded-for $remote_addr; + +# proxy_set_header X-Forwarded-For $remote_addr; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $http_host; + +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_pass_header Set-Cookie; +# proxy_cache_bypass $http_upgrade; + + proxy_http_version 1.1; +# add_header 'Access-Control-Allow-Origin' 'request.movie'; +# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; +# add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://seasoned.schleppe:5000; + } + + error_page 502 /502.html; + location = /502.html { + root /home/kevin; + } + + ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name api.request.movie; + + location /api { +# if ($request_method = OPTIONS) { +# return 204; +# } + + +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto https; +# proxy_set_header X-Forwarded-for 'request.movie'; + proxy_set_header X-Forwarded-for $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-for 'request.movie'; +# add_header X-Forwarded-for 'request.movie'; + +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_pass_header Set-Cookie; +# proxy_cache_bypass $http_upgrade; + proxy_http_version 1.1; +# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; +# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; +# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; +# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; + +# proxy_set_header Origin 'https://request.movie'; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://seasoned.schleppe:31459; + +# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; +# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; +# add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name warden.request.movie; + + location / { + proxy_pass http://seasoned.schleppe:31458; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot +} diff --git a/sites-available/rerequest.conf b/sites-available/rerequest.conf new file mode 100644 index 0000000..de27b74 --- /dev/null +++ b/sites-available/rerequest.conf @@ -0,0 +1,112 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + listen 443; + listen [::]:443; + + server_name request.movie; + + location / { +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-Proto https; +# proxy_set_header X-Forwarded-for $remote_addr; + +# proxy_set_header X-Forwarded-For $remote_addr; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header Host $http_host; + +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_pass_header Set-Cookie; +# proxy_cache_bypass $http_upgrade; + + proxy_http_version 1.1; +# add_header 'Access-Control-Allow-Origin' 'request.movie'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; +# add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://seasoned.schleppe:5000; + } + + error_page 502 /502.html; + location = /502.html { + root /home/kevin; + } + + ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name api.request.movie; + + location /api { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_pass_header Set-Cookie; + proxy_cache_bypass $http_upgrade; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; +# add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_pass http://seasoned.schleppe:31459; + } + + ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name warden.request.movie; + + location / { + proxy_pass http://seasoned.schleppe:31458; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot +} diff --git a/sites-available/ruterna.conf b/sites-available/ruterna.conf index 81bfe91..147553b 100644 --- a/sites-available/ruterna.conf +++ b/sites-available/ruterna.conf @@ -1,4 +1,27 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name geobus.ruterna.no; + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'lottis.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://localhost:31775; + } + + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot +} + + server { listen 443 ssl http2; listen [::]:443 ssl http2; @@ -16,7 +39,9 @@ server { proxy_pass http://localhost:30011/; } + ssl_certificate /etc/letsencrypt/live/ruterna.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ruterna.no-0001/privkey.pem; # managed by Certbot + + - ssl_certificate /etc/letsencrypt/live/ruterna.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ruterna.no/privkey.pem; # managed by Certbot } diff --git a/sites-available/schleppecloud.config b/sites-available/schleppecloud.config new file mode 100644 index 0000000..6c59ad4 --- /dev/null +++ b/sites-available/schleppecloud.config @@ -0,0 +1,81 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + + +server { + listen 443; + listen [::]:443; + + server_name schleppe.cloud; + + location / { + root /usr/share/nginx/schleppecloud/; + autoindex off; + index index.html; + } + ssl_certificate /etc/letsencrypt/live/schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/schleppe.cloud/privkey.pem; # managed by Certbot + +} + +server { + listen 443 http2; + listen [::]:443 http2; + + server_name blockchain.schleppe.cloud; + + location / { + root /home/kevin/blockchain; + autoindex off; + index index.html; + } + + ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot +} + +server { + listen 443 http2; + listen [::]:443 http2; + + server_name wagovipps.schleppe.cloud; + +# gzip on; +# gzip_min_length 1000; +# gzip_types text/plain application/json; + + # TODO restrict to allow vipps servers + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://10.0.0.58:80; + } + + ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/seasoned.conf b/sites-available/seasoned.conf new file mode 100644 index 0000000..f88f456 --- /dev/null +++ b/sites-available/seasoned.conf @@ -0,0 +1,87 @@ +# +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration + +# Default should define all the routes to upgrade to https and global rules! + +server { + listen 443; + listen [::]:443; + + server_name seasoned.show; + + location / { + proxy_pass http://10.0.0.54:5000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + error_page 502 /502.html; + location = /502.html { + root /home/kevin; + } + + ssl_certificate /etc/letsencrypt/live/seasoned.show-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/seasoned.show-0001/privkey.pem; # managed by Certbot +} + +server { + listen 443; + listen [::]:443; + + server_name api.seasoned.show; + + location /api { + proxy_pass http://10.0.0.54:31459; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + ssl_certificate /etc/letsencrypt/live/api.seasoned.show-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.seasoned.show-0001/privkey.pem; # managed by Certbot + + +} + +server { + listen 443; + listen [::]:443; + + server_name warden.seasoned.show; + + location /api { + proxy_pass http://seasoned.schleppe:31458; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} diff --git a/sites-available/valg.conf b/sites-available/valg.conf new file mode 100644 index 0000000..ec81cc7 --- /dev/null +++ b/sites-available/valg.conf @@ -0,0 +1,26 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name valg.schleppe.cloud; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'knowit.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://valg.schleppe:30030; + } +} + diff --git a/sites-available/vinlottis.conf b/sites-available/vinlottis.conf new file mode 100644 index 0000000..0b2f4f5 --- /dev/null +++ b/sites-available/vinlottis.conf @@ -0,0 +1,57 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name knowit.vin; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + gzip_static on; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'knowit.vin'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://vinlottis.schleppe:30030; + } + + ssl_certificate /etc/letsencrypt/live/knowit.vin-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/knowit.vin-0001/privkey.pem; # managed by Certbot +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name vinlottis.no; + + gzip on; + gzip_types application/javascript; + gzip_min_length 1000; + + + location / { + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' 'vinlottis.no'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + resolver 10.0.0.72; + proxy_pass http://vinlottis.schleppe:30030; + } + + + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0003/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0003/privkey.pem; # managed by Certbot +} diff --git a/sites-enabled/api.kevinmidboe.conf b/sites-enabled/api.kevinmidboe.conf index a56b61e..963f197 120000 --- a/sites-enabled/api.kevinmidboe.conf +++ b/sites-enabled/api.kevinmidboe.conf @@ -1 +1 @@ -../sites-available/api.kevinmidboe.conf \ No newline at end of file +/etc/nginx/sites-available/api.kevinmidboe.conf \ No newline at end of file diff --git a/sites-enabled/brewpi.conf b/sites-enabled/brewpi.conf new file mode 120000 index 0000000..f1d084a --- /dev/null +++ b/sites-enabled/brewpi.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/brewpi.conf \ No newline at end of file diff --git a/sites-enabled/castdeck.conf b/sites-enabled/castdeck.conf new file mode 120000 index 0000000..49589c6 --- /dev/null +++ b/sites-enabled/castdeck.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/castdeck.conf \ No newline at end of file diff --git a/sites-enabled/chatbot.kevinmidboe.conf b/sites-enabled/chatbot.kevinmidboe.conf index 224c77a..9941abf 120000 --- a/sites-enabled/chatbot.kevinmidboe.conf +++ b/sites-enabled/chatbot.kevinmidboe.conf @@ -1 +1 @@ -../sites-available/chatbot.kevinmidboe.conf \ No newline at end of file +/etc/nginx/sites-available/chatbot.kevinmidboe.conf \ No newline at end of file diff --git a/sites-enabled/default b/sites-enabled/default deleted file mode 120000 index 6d9ba33..0000000 --- a/sites-enabled/default +++ /dev/null @@ -1 +0,0 @@ -../sites-available/default \ No newline at end of file diff --git a/sites-enabled/default.conf b/sites-enabled/default.conf new file mode 120000 index 0000000..772cfe8 --- /dev/null +++ b/sites-enabled/default.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/default.conf \ No newline at end of file diff --git a/sites-enabled/drone.conf b/sites-enabled/drone.conf new file mode 120000 index 0000000..a691b98 --- /dev/null +++ b/sites-enabled/drone.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/drone.conf \ No newline at end of file diff --git a/sites-enabled/elastic.conf b/sites-enabled/elastic.conf new file mode 120000 index 0000000..038d519 --- /dev/null +++ b/sites-enabled/elastic.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/elastic.conf \ No newline at end of file diff --git a/sites-enabled/elastic.kevinmidboe.conf b/sites-enabled/elastic.kevinmidboe.conf deleted file mode 120000 index 402ee71..0000000 --- a/sites-enabled/elastic.kevinmidboe.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/elastic.kevinmidboe.conf \ No newline at end of file diff --git a/sites-enabled/fjordmap.conf b/sites-enabled/fjordmap.conf new file mode 120000 index 0000000..f4743fd --- /dev/null +++ b/sites-enabled/fjordmap.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/fjordmap.conf \ No newline at end of file diff --git a/sites-enabled/grafana.conf b/sites-enabled/grafana.conf new file mode 120000 index 0000000..8411193 --- /dev/null +++ b/sites-enabled/grafana.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/grafana.conf \ No newline at end of file diff --git a/sites-enabled/hitler.conf b/sites-enabled/hitler.conf new file mode 120000 index 0000000..6f20c5a --- /dev/null +++ b/sites-enabled/hitler.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/hitler.conf \ No newline at end of file diff --git a/sites-enabled/hiveMonitor.conf b/sites-enabled/hiveMonitor.conf new file mode 120000 index 0000000..44a1209 --- /dev/null +++ b/sites-enabled/hiveMonitor.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/hiveMonitor.conf \ No newline at end of file diff --git a/sites-enabled/leifsopplevelser.conf b/sites-enabled/leifsopplevelser.conf index 0fa8355..e69660b 120000 --- a/sites-enabled/leifsopplevelser.conf +++ b/sites-enabled/leifsopplevelser.conf @@ -1 +1 @@ -../sites-available/leifsopplevelser.conf \ No newline at end of file +/etc/nginx/sites-available/leifsopplevelser.conf \ No newline at end of file diff --git a/sites-enabled/lottis.conf b/sites-enabled/lottis.conf new file mode 120000 index 0000000..7082bf4 --- /dev/null +++ b/sites-enabled/lottis.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/lottis.conf \ No newline at end of file diff --git a/sites-enabled/maps.conf b/sites-enabled/maps.conf new file mode 120000 index 0000000..919e3e1 --- /dev/null +++ b/sites-enabled/maps.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/maps.conf \ No newline at end of file diff --git a/sites-enabled/mc.conf b/sites-enabled/mc.conf new file mode 120000 index 0000000..da56441 --- /dev/null +++ b/sites-enabled/mc.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/mc.conf \ No newline at end of file diff --git a/sites-enabled/memetream.conf b/sites-enabled/memetream.conf new file mode 120000 index 0000000..82ba3d1 --- /dev/null +++ b/sites-enabled/memetream.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/memestream.conf \ No newline at end of file diff --git a/sites-enabled/mondrian.conf b/sites-enabled/mondrian.conf new file mode 120000 index 0000000..535309a --- /dev/null +++ b/sites-enabled/mondrian.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/mondrian.conf \ No newline at end of file diff --git a/sites-enabled/plex.conf b/sites-enabled/plex.conf new file mode 120000 index 0000000..bddad86 --- /dev/null +++ b/sites-enabled/plex.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/plex.conf \ No newline at end of file diff --git a/sites-enabled/proxmox.conf b/sites-enabled/proxmox.conf new file mode 120000 index 0000000..e775e38 --- /dev/null +++ b/sites-enabled/proxmox.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/proxmox.conf \ No newline at end of file diff --git a/sites-enabled/request.conf b/sites-enabled/request.conf new file mode 120000 index 0000000..697190d --- /dev/null +++ b/sites-enabled/request.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/request.conf \ No newline at end of file diff --git a/sites-enabled/ruterna.conf b/sites-enabled/ruterna.conf index 47da9cf..2d3f2d9 120000 --- a/sites-enabled/ruterna.conf +++ b/sites-enabled/ruterna.conf @@ -1 +1 @@ -../sites-available/ruterna.conf \ No newline at end of file +/etc/nginx/sites-available/ruterna.conf \ No newline at end of file diff --git a/sites-enabled/schleppecloud.config b/sites-enabled/schleppecloud.config new file mode 120000 index 0000000..6b6857d --- /dev/null +++ b/sites-enabled/schleppecloud.config @@ -0,0 +1 @@ +/etc/nginx/sites-available/schleppecloud.config \ No newline at end of file diff --git a/sites-enabled/textbars.app.conf b/sites-enabled/textbars.app.conf deleted file mode 120000 index 37d7641..0000000 --- a/sites-enabled/textbars.app.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/textbars.app.conf \ No newline at end of file diff --git a/sites-enabled/vinlottis.conf b/sites-enabled/vinlottis.conf new file mode 120000 index 0000000..7ec0603 --- /dev/null +++ b/sites-enabled/vinlottis.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/vinlottis.conf \ No newline at end of file