From 89d1e15096d4ad1f3f6b58673a2b9fd11d0fe827 Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Wed, 8 Nov 2023 23:37:28 +0100 Subject: [PATCH] Cleanup : all sites share a common syntax --- nginx.conf | 68 ++-- nginx.conf.default_1.20 | 32 -- sites-available/000-default.conf | 77 +++++ sites-available/adtech.conf | 29 ++ sites-available/blockchain.conf | 26 ++ sites-available/blog.conf | 29 ++ sites-available/brewpi.conf | 42 ++- sites-available/castdeck.conf | 24 +- sites-available/chatbot.kevinmidboe.conf | 12 - sites-available/default.conf | 411 ----------------------- sites-available/default.dpkg-dist | 91 ----- sites-available/drone.conf | 30 +- sites-available/elastic.conf | 162 +++------ sites-available/fjordmap.conf | 1 + sites-available/gitea.conf | 31 ++ sites-available/grafana.conf | 87 ++--- sites-available/headscale.conf | 31 ++ sites-available/hiveMonitor.conf | 41 ++- sites-available/jelly.conf | 13 + sites-available/k9e.conf | 38 +++ sites-available/k9ee.conf | 28 ++ sites-available/kevinmidboe.conf | 77 +++++ sites-available/leifsopplevelser.conf | 70 ++-- sites-available/lottis.conf | 180 ++++++---- sites-available/maps.conf | 59 ++-- sites-available/mc.conf | 4 +- sites-available/memestream.conf | 30 +- sites-available/mondrian.conf | 37 +- sites-available/planetposen.conf | 98 +++++- sites-available/plex.conf | 36 +- sites-available/proxmox.conf | 26 -- sites-available/request.conf | 168 ++------- sites-available/rerequest.conf | 112 ------ sites-available/ruterna.conf | 4 +- sites-available/schleppecloud.conf | 24 ++ sites-available/schleppecloud.config | 81 ----- sites-available/seasoned.conf | 87 ----- sites-available/textbars.app.conf | 23 -- sites-available/valg.conf | 26 -- sites-available/vinlottis.conf | 57 ---- sites-available/wagovipps.conf | 34 ++ sites-available/warden.conf | 32 ++ sites-enabled/000-default.conf | 1 + sites-enabled/api.kevinmidboe.conf | 1 - sites-enabled/brewpi.conf | 1 - sites-enabled/castdeck.conf | 1 - sites-enabled/chatbot.kevinmidboe.conf | 1 - sites-enabled/default.conf | 1 - sites-enabled/drone.conf | 1 - sites-enabled/elastic.conf | 1 - sites-enabled/fjordmap.conf | 1 - sites-enabled/grafana.conf | 1 - sites-enabled/hitler.conf | 1 - sites-enabled/hiveMonitor.conf | 1 - sites-enabled/leifsopplevelser.conf | 1 - sites-enabled/lottis.conf | 1 - sites-enabled/maps.conf | 1 - sites-enabled/mc.conf | 1 - sites-enabled/memetream.conf | 1 - sites-enabled/mondrian.conf | 1 - sites-enabled/planetposen.conf | 1 - sites-enabled/plex.conf | 1 - sites-enabled/proxmox.conf | 1 - sites-enabled/request.conf | 1 - sites-enabled/ruterna.conf | 1 - sites-enabled/schleppecloud.config | 1 - sites-enabled/vinlottis.conf | 1 - 67 files changed, 1058 insertions(+), 1535 deletions(-) delete mode 100644 nginx.conf.default_1.20 create mode 100644 sites-available/000-default.conf create mode 100644 sites-available/adtech.conf create mode 100644 sites-available/blockchain.conf create mode 100644 sites-available/blog.conf delete mode 100644 sites-available/chatbot.kevinmidboe.conf delete mode 100644 sites-available/default.conf delete mode 100644 sites-available/default.dpkg-dist create mode 100644 sites-available/gitea.conf create mode 100644 sites-available/headscale.conf create mode 100644 sites-available/jelly.conf create mode 100644 sites-available/k9e.conf create mode 100644 sites-available/k9ee.conf create mode 100644 sites-available/kevinmidboe.conf delete mode 100644 sites-available/proxmox.conf delete mode 100644 sites-available/rerequest.conf create mode 100644 sites-available/schleppecloud.conf delete mode 100644 sites-available/schleppecloud.config delete mode 100644 sites-available/seasoned.conf delete mode 100644 sites-available/textbars.app.conf delete mode 100644 sites-available/valg.conf delete mode 100644 sites-available/vinlottis.conf create mode 100644 sites-available/wagovipps.conf create mode 100644 sites-available/warden.conf create mode 120000 sites-enabled/000-default.conf delete mode 120000 sites-enabled/api.kevinmidboe.conf delete mode 120000 sites-enabled/brewpi.conf delete mode 120000 sites-enabled/castdeck.conf delete mode 120000 sites-enabled/chatbot.kevinmidboe.conf delete mode 120000 sites-enabled/default.conf delete mode 120000 sites-enabled/drone.conf delete mode 120000 sites-enabled/elastic.conf delete mode 120000 sites-enabled/fjordmap.conf delete mode 120000 sites-enabled/grafana.conf delete mode 120000 sites-enabled/hitler.conf delete mode 120000 sites-enabled/hiveMonitor.conf delete mode 120000 sites-enabled/leifsopplevelser.conf delete mode 120000 sites-enabled/lottis.conf delete mode 120000 sites-enabled/maps.conf delete mode 120000 sites-enabled/mc.conf delete mode 120000 sites-enabled/memetream.conf delete mode 120000 sites-enabled/mondrian.conf delete mode 120000 sites-enabled/planetposen.conf delete mode 120000 sites-enabled/plex.conf delete mode 120000 sites-enabled/proxmox.conf delete mode 120000 sites-enabled/request.conf delete mode 120000 sites-enabled/ruterna.conf delete mode 120000 sites-enabled/schleppecloud.config delete mode 120000 sites-enabled/vinlottis.conf diff --git a/nginx.conf b/nginx.conf index bcdbc76..d02521f 100644 --- a/nginx.conf +++ b/nginx.conf @@ -7,47 +7,55 @@ pid /var/run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 1024; + worker_connections 1024; } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type text/plain; - ################## - # SSL settings # - ################## + ################## + # Basic settings # + ################## - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; - ################## - # Log settings # - ################## + ################## + # Gzip settings # + ################## - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + gzip on; - access_log /var/log/nginx/access.log main; - error_log /var/log/nginx/error.log; + ################## + # Headers # + ################## - ################## - # Basic settings # - ################## + add_header X-Web-Entry "Bifrost" always; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; + ################## + # SSL settings # + ################## - ################## - # Gzip settings # - ################## + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; - gzip on; + ################## + # Log settings # + ################## - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*.conf; + log_format main '$remote_addr - $remote_user [$time_local] ' + '"$request_method $scheme://$host$request_uri $server_protocol" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; + include /etc/nginx/cloudflare; } diff --git a/nginx.conf.default_1.20 b/nginx.conf.default_1.20 deleted file mode 100644 index 5e076aa..0000000 --- a/nginx.conf.default_1.20 +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/sites-available/000-default.conf b/sites-available/000-default.conf new file mode 100644 index 0000000..5c90913 --- /dev/null +++ b/sites-available/000-default.conf @@ -0,0 +1,77 @@ + +# - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default server configuration +# Any server_name not matched for port 80 or 443 +# returns 200 ok or 425 not supported respectively +# - - - - - - - - - - - - - - - - - - - - - - - - - - +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + + add_header X-Dead-End true; + add_header Content-Type text/plain; + + return 200 ok; +} + +# Don't want to return anything without a server_name. +# User a self signed snakeoil cert to deliver response. +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name _; + + add_header X-Dead-End true; + add_header Content-Type text/plain; + return 425 "SSL not supported here."; + + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; +} + +# Return stub status only for local local dns name +server { + listen 80; + server_name bifrost.schleppe; + + location /nginx_status { + stub_status; + } +} + + + + + + + + + + +#server { +# listen 80 default_server; +# listen [::]:80 default_server; +# server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin seasoned.show request.movie *.schleppe.cloud *.k9e.no; +# add_header Upgrading Connection; +# return 302 https://$host$request_uri; +#} + +# server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; + +# server_name bookit.schleppe.cloud; +# root /usr/share/nginx/html/Bookit-Frontend/build; + +# location / { +# index index.html; +# } + +# ssl_certificate /etc/letsencrypt/live/bookit.schleppe.cloud/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/bookit.schleppe.cloud/privkey.pem; # managed by Certbot +# } + + diff --git a/sites-available/adtech.conf b/sites-available/adtech.conf new file mode 100644 index 0000000..f609232 --- /dev/null +++ b/sites-available/adtech.conf @@ -0,0 +1,29 @@ + +server { + listen 80; + listen [::]:80; + + server_name adtech.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name adtech.schleppe.cloud; + + location / { + resolver 10.0.0.72; + proxy_pass http://adtech.schleppe:3000; + client_max_body_size 2000M; + + include /etc/nginx/snippets/proxy-params.conf; + } + + ssl_certificate /etc/letsencrypt/live/adtech.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/adtech.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/blockchain.conf b/sites-available/blockchain.conf new file mode 100644 index 0000000..ace0181 --- /dev/null +++ b/sites-available/blockchain.conf @@ -0,0 +1,26 @@ + +server { + listen 80; + listen [::]:80; + + server_name blockchain.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name blockchain.schleppe.cloud; + + location / { + root /home/kevin/blockchain; + autoindex off; + index index.html; + } + + ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot +} \ No newline at end of file diff --git a/sites-available/blog.conf b/sites-available/blog.conf new file mode 100644 index 0000000..18c3c6d --- /dev/null +++ b/sites-available/blog.conf @@ -0,0 +1,29 @@ + +server { + listen 80; + listen [::]:80; + + server_name blog.kevinmidboe.com; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name blog.kevinmidboe.com; + + location / { + resolver 10.0.0.72; + proxy_pass http://blog.schleppe:80; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot +} \ No newline at end of file diff --git a/sites-available/brewpi.conf b/sites-available/brewpi.conf index b016098..e68cf4f 100644 --- a/sites-available/brewpi.conf +++ b/sites-available/brewpi.conf @@ -1,3 +1,14 @@ + +server { + listen 80; + listen [::]:80; + + server_name brew.schleppe.cloud beer.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + server { listen 443 ssl http2; listen [::]:443 ssl http2; @@ -9,21 +20,21 @@ server { gzip_min_length 1000; gzip_static on; - location / { - proxy_http_version 1.1; + resolver 10.0.0.72; + proxy_pass http://brewpi.schleppe:8080; + add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Content-Type'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://brewpi.schleppe:5000; } - ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot + + ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot } @@ -38,21 +49,20 @@ server { gzip_min_length 1000; gzip_static on; - location / { - proxy_http_version 1.1; + resolver 10.0.0.72; + proxy_pass http://brewpi.schleppe:8080; + add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Content-Type'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://brewpi.schleppe:5000; } - ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/castdeck.conf b/sites-available/castdeck.conf index 8281043..2cc70e7 100644 --- a/sites-available/castdeck.conf +++ b/sites-available/castdeck.conf @@ -1,3 +1,14 @@ + +server { + listen 80; + listen [::]:80; + + server_name castdeck.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + server { listen 443 ssl http2; listen [::]:443 ssl http2; @@ -10,19 +21,16 @@ server { gzip_static on; location / { - proxy_http_version 1.1; + resolver 10.0.0.72; + proxy_pass http://castdeck.schleppe:80; + add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Content-Type'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://castdeck.schleppe:80; } - ssl_certificate /etc/letsencrypt/live/castdeck.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/castdeck.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/castdeck.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/castdeck.schleppe.cloud/privkey.pem; # managed by Certbot } - diff --git a/sites-available/chatbot.kevinmidboe.conf b/sites-available/chatbot.kevinmidboe.conf deleted file mode 100644 index a8afffa..0000000 --- a/sites-available/chatbot.kevinmidboe.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443; - server_name chatbot.kevinmidboe.com; - - location / { - proxy_pass http://localhost:31458; - } - ssl_certificate /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/privkey.pem; # managed by Certbot - - -} diff --git a/sites-available/default.conf b/sites-available/default.conf deleted file mode 100644 index 6a5d993..0000000 --- a/sites-available/default.conf +++ /dev/null @@ -1,411 +0,0 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! - -server { - if ($host = es.schleppe.cloud) { - return 301 https://$host$request_uri; - } # managed by Certbot - - if ($host = elastic.schleppe.cloud) { - return 301 https://$host$request_uri; - } # managed by Certbot - - if ($host = elastic.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = blog.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = vinlottis.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = seasoned.show) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = ruterna.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = request.movie) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = planetposen.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = upload.leifsopplevelser.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = api.leifsopplevelser.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = knowit.vin) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = xoa.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = tau.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = sonarr.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = planet.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = kibana.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = dev.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = chatbot.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = api.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = hitler.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - if ($host = proxy.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - if ($host = prox.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - if ($host = memestream.schleppe.cloud) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - - if ($host = drone.kevinmidboe.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - -listen 80 default_server; -listen [::]:80 default_server; -server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin vinlottis.no seasoned.show request.movie; -return 302 https://$host$request_uri; - - -} - -server { - listen 443; - server_name sonarr.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.51:8989; - } - ssl_certificate /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/privkey.pem; # managed by Certbot - - -} - -server { - listen 443; - server_name tau.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.51:8181; - } - ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com-0001/privkey.pem; # managed by Certbot - - -} - -server { - listen 443; - server_name xoa.kevinmidboe.com; - - location / { - auth_basic "User authentication"; - auth_basic_user_file /etc/apache2/.htpasswd; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - -# Proxy configuration - proxy_pass http://10.0.0.43/; - - proxy_http_version 1.1; - proxy_set_header Connection "upgrade"; - proxy_set_header Upgrade $http_upgrade; - - proxy_redirect default; - -# Issue https://github.com/vatesfr/xen-orchestra/issues/1471 - proxy_read_timeout 1800; # Error will be only every 30m - -# For the VM import feature, this size must be larger than the file we want to upload. -# Without a proper value, nginx will have error "client intended to send too large body" - client_max_body_size 4G; - } - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot - -} - - -server { - listen 443; - - server_name dev.kevinmidboe.com; - - location / { - proxy_pass http://localhost:11001; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - ssl_certificate /etc/letsencrypt/live/dev.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/dev.kevinmidboe.com/privkey.pem; # managed by Certbot - -} - - -server { - listen 443 http2; - listen [::]:443 http2; - - server_name blog.kevinmidboe.com; - - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://10.0.0.59:80; - } - - ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot -} - -server { - listen 443 http2; - listen [::]:443 http2; - - server_name bookit.schleppe.cloud; - root /usr/share/nginx/html/Bookit-Frontend/build; - - location / { - index index.html; - } - - ssl_certificate /etc/letsencrypt/live/bookit.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/bookit.schleppe.cloud/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name kevinmidboe.com; - root /usr/share/nginx/html/; - - - location /jobb { - index index.html; - } - - location /km { - index index.html plex.html; - } - - - location /seasoned { - index index.html verified.html; - } - - location /seasonedUI { - index index.html; - } - - location /vibrate { - index index.html; - } - - - location /assets { - alias /www/data/assets; - autoindex on; - } - - location /clipboard { - index index.html; - } - - location /cubewave { - alias /home/kevin/cubewave; - index index.html; - } - - location /bookit { - alias /home/kevin/Bookit-Frontend/build; - index index.html; - } - - location /klp { - index index.html; - } - -location /kurs { - alias /usr/share/nginx/html/kurs; -} - - location /camera { - alias /usr/share/nginx/html/camera/dist/; - index index.html; - } - - location /shows { - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "https://kevinmidboe.com"; - add_header Access-Control-Allow-Methods "GET, OPTIONS, POST"; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - return 200; - } - - proxy_pass http://10.0.0.115:9301; - } - - - location /api { -# if ($request_method = OPTIONS) { -# return 204; -# } - - -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto https; -# proxy_set_header X-Forwarded-for 'request.movie'; - proxy_set_header X-Forwarded-for $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-for 'request.movie'; -# add_header X-Forwarded-for 'request.movie'; - -# proxy_set_header Connection 'upgrade'; -# proxy_set_header Host $host; -# proxy_pass_header Set-Cookie; -# proxy_cache_bypass $http_upgrade; - proxy_http_version 1.1; -# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; -# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; -# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; -# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; - -# proxy_set_header Origin 'https://request.movie'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - - proxy_pass http://seasoned.schleppe:31459; - -# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; -# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; -# add_header 'Access-Control-Allow-Credentials' 'true' always; - } - - - - location / { - proxy_pass http://10.0.0.54:5000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - error_page 502 /502.html; - location = /502.html { - root /home/kevin; - } - ssl_certificate /etc/letsencrypt/live/kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com-0001/privkey.pem; # managed by Certbot -} - diff --git a/sites-available/default.dpkg-dist b/sites-available/default.dpkg-dist deleted file mode 100644 index c5af914..0000000 --- a/sites-available/default.dpkg-dist +++ /dev/null @@ -1,91 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/sites-available/drone.conf b/sites-available/drone.conf index cc8fff4..cce6b36 100644 --- a/sites-available/drone.conf +++ b/sites-available/drone.conf @@ -1,24 +1,32 @@ server { -# auth_basic "Drone admin access"; -# auth_basic_user_file /etc/nginx/.htpasswd; + listen 80; + listen [::]:80; + server_name drone.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name drone.schleppe.cloud; + # auth_basic "Drone admin access"; + # auth_basic_user_file /etc/nginx/.htpasswd; + location / { - proxy_pass http://10.0.0.62:80; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; + resolver 10.0.0.72; + proxy_pass http://drone.schleppe:80; + + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; } - ssl_certificate /etc/letsencrypt/live/drone.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/drone.schleppe.cloud/privkey.pem; # managed by Certbot - + + ssl_certificate /etc/letsencrypt/live/drone.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/drone.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/elastic.conf b/sites-available/elastic.conf index dfd5d55..5af49cb 100644 --- a/sites-available/elastic.conf +++ b/sites-available/elastic.conf @@ -1,4 +1,23 @@ +upstream elastic { + server elastic.schleppe:9200; + server elastic-2.schleppe:9200; + server elastic-3.schleppe:9200; +} + +upstream kibana { + server elastic.schleppe:5601; +} + +server { + listen 80; + listen [::]:80; + + server_name kibana.schleppe.cloud elastic.schleppe.cloud es.schleppe.cloud elastic.keivnmidboe.com; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} server { listen 443 ssl http2; @@ -6,26 +25,13 @@ server { server_name kibana.schleppe.cloud; - location /ui { - add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud'; - proxy_pass http://10.0.0.55:5601/ui; - } - - location /app/visualize { - add_header 'Access-Control-Allow-Origin' 'brew.schleppe.cloud'; - proxy_pass http://10.0.0.55:5601/app/visualize; - } - location / { - auth_basic "Administrator's Area"; - auth_basic_user_file /etc/nginx/.htpasswd; - - add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud'; - proxy_pass http://10.0.0.55:5601; + resolver 10.0.0.72; + proxy_pass http://kibana; } - ssl_certificate /etc/letsencrypt/live/kibana.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/kibana.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/kibana.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kibana.schleppe.cloud/privkey.pem; # managed by Certbot } server { @@ -35,43 +41,14 @@ server { server_name elastic.schleppe.cloud; location / { - add_header 'Access-Control-Allow-Origin' '*'; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; - add_header 'Content-Type' 'application/json; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - resolver 10.0.0.72; - proxy_pass http://elastic.schleppe:9200; + proxy_pass https://elastic; + + add_header X-Upstream $upstream_addr always; } - ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud-0001/privkey.pem; # managed by Certbot + + ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud-0001/privkey.pem; # managed by Certbot } @@ -82,44 +59,14 @@ server { server_name es.schleppe.cloud; location / { - add_header 'Access-Control-Allow-Origin' '*'; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; - add_header 'Content-Type' 'application/json; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - resolver 10.0.0.72; - proxy_pass http://elastic.schleppe:9200; + proxy_pass http://elastic; + + add_header X-Upstream $upstream_addr always; } - ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud/privkey.pem; # managed by Certbot } @@ -130,41 +77,12 @@ server { server_name elastic.kevinmidboe.com; location / { - add_header 'Access-Control-Allow-Origin' '*'; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length'; - add_header 'Content-Type' 'application/json; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - resolver 10.0.0.72; - proxy_pass http://elastic.schleppe:9200; + proxy_pass http://elastic; + + add_header X-Upstream $upstream_addr always; } - ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/privkey.pem; # managed by Certbot + + ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/privkey.pem; # managed by Certbot } diff --git a/sites-available/fjordmap.conf b/sites-available/fjordmap.conf index e5826ad..2da2155 100644 --- a/sites-available/fjordmap.conf +++ b/sites-available/fjordmap.conf @@ -1,3 +1,4 @@ + server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/sites-available/gitea.conf b/sites-available/gitea.conf new file mode 100644 index 0000000..231be57 --- /dev/null +++ b/sites-available/gitea.conf @@ -0,0 +1,31 @@ + +server { + listen 80; + listen [::]:80; + + server_name git.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name git.schleppe.cloud; + + location / { + resolver 10.0.0.72; + proxy_pass http://git.schleppe:3000; + client_max_body_size 2000M; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + ssl_certificate /etc/letsencrypt/live/git.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/grafana.conf b/sites-available/grafana.conf index d076319..d00851e 100644 --- a/sites-available/grafana.conf +++ b/sites-available/grafana.conf @@ -1,43 +1,50 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! - -server { - listen 443; - listen [::]:443; - - server_name grafana.schleppe.cloud; - location / { - proxy_http_version 1.1; - - proxy_set_header X-Forwarded-Host grafana.schleppe.cloud; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - - proxy_pass http://grafana.schleppe:3000; - } - - ssl_certificate /etc/letsencrypt/live/grafana.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/grafana.schleppe.cloud/privkey.pem; # managed by Certbot +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream grafana { + server grafana.schleppe:80; +} + +server { + listen 80; + listen [::]:80; + + server_name grafana.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name grafana.schleppe.cloud; + + # Serve Grafana + location / { + # proxy_set_header Host $host; + + # rewrite ^/grafana/(.*) /$1 break; + proxy_pass http://grafana.schleppe:3000/; + + # Relax "413 Request Entity Too Large" + client_max_body_size 20M; + + # If upstream is slow + proxy_send_timeout 5m; + proxy_read_timeout 5m; + + # If downstream is slow + #client_header_timeout 3m; + client_body_timeout 5m; + send_timeout 5m; + } + + ssl_certificate /etc/letsencrypt/live/grafana.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/grafana.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/headscale.conf b/sites-available/headscale.conf new file mode 100644 index 0000000..addd4d4 --- /dev/null +++ b/sites-available/headscale.conf @@ -0,0 +1,31 @@ + +# TODO +# - Move SSL termination here and remove from headscale.schleppe + +map $http_upgrade $connection_upgrade { + default keep-alive; + 'websocket' upgrade; + '' close; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name flow.schleppe.cloud; + + location / { + resolver 10.0.0.72; + proxy_pass http://headscale.schleppe:8080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $server_name; + proxy_redirect http:// https://; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + } +} diff --git a/sites-available/hiveMonitor.conf b/sites-available/hiveMonitor.conf index 2f44440..a87f315 100644 --- a/sites-available/hiveMonitor.conf +++ b/sites-available/hiveMonitor.conf @@ -1,27 +1,40 @@ +upstream backend { + # enable sticky session based on IP + ip_hash; + + server 10.0.0.150; +} + +server { + listen 80; + listen [::]:80; + + server_name hive.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name rosendal.buzz; - - gzip on; - gzip_types application/json; - gzip_min_length 1000; + server_name hive.schleppe.cloud; location / { proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'rosendal.buzz'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://localhost:30040; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host hive.kazan.schleppe; + + resolver ns1.schleppe; + proxy_pass http://hive.kazan.schleppe; + # proxy_pass http://backend; } - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot - -} + ssl_certificate /etc/letsencrypt/live/hive.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/hive.schleppe.cloud/privkey.pem; # managed by Certbot +} diff --git a/sites-available/jelly.conf b/sites-available/jelly.conf new file mode 100644 index 0000000..599f2c8 --- /dev/null +++ b/sites-available/jelly.conf @@ -0,0 +1,13 @@ + +server { + listen 443 ssl http2; + server_name jelly.schleppe.cloud; + + location / { + proxy_pass http://jelly.schleppe:8096; + } + + ssl_certificate /etc/letsencrypt/live/jelly.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/jelly.schleppe.cloud/privkey.pem; # managed by Certbot +} + diff --git a/sites-available/k9e.conf b/sites-available/k9e.conf new file mode 100644 index 0000000..7a0f7f6 --- /dev/null +++ b/sites-available/k9e.conf @@ -0,0 +1,38 @@ + +upstream kazan { + server kazan.schleppe; + # server kazan-apollo.schleppe; + # server kazan-ambrosia.schleppe; + # server kazan-cerberus.schleppe; +} + +server { + listen 80; + listen [::]:80; + + server_name k9e.no; + + location / { + proxy_pass http://k9e.kazan.schleppe; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name k9e.no; + + location / { + proxy_pass http://k9e.kazan.schleppe; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + } + + ssl_certificate /etc/letsencrypt/live/k9e.no/fullchain.pem; # managed by Kevin + ssl_certificate_key /etc/letsencrypt/live/k9e.no/privkey.pem; # managed by Kevin +} diff --git a/sites-available/k9ee.conf b/sites-available/k9ee.conf new file mode 100644 index 0000000..a5d15dc --- /dev/null +++ b/sites-available/k9ee.conf @@ -0,0 +1,28 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name k9ee.no; + + error_page 404 /404.html; + location = /404.html { + root /home/kevin/; + } + + location / { + resolver 10.0.0.72; + + proxy_http_version 1.1; + add_header Proxy Bifrost; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://k9e.kazan.schleppe; + } + + ssl_certificate /etc/letsencrypt/live/k9e.no/fullchain.pem; # managed by Kevin + ssl_certificate_key /etc/letsencrypt/live/k9e.no/privkey.pem; # managed by Kevin +} + diff --git a/sites-available/kevinmidboe.conf b/sites-available/kevinmidboe.conf new file mode 100644 index 0000000..8de63ba --- /dev/null +++ b/sites-available/kevinmidboe.conf @@ -0,0 +1,77 @@ + +server { + listen 80; + listen [::]:80; + + server_name kevinmidboe.com; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name kevinmidboe.com; + root /usr/share/nginx/html/; + autoindex off; + + location /jobb { + index index.html; + } + + location /km { + index index.html plex.html; + } + + location /vibrate { + index index.html; + } + + location /assets { + alias /www/data/assets; + } + + location /clipboard { + index index.html; + } + + location /cubewave { + alias /home/kevin/cubewave; + index index.html; + } + + location /bookit { + alias /home/kevin/Bookit-Frontend/build; + index index.html; + } + + location /klp { + index index.html; + } + + location /kurs { + alias /usr/share/nginx/html/kurs; + } + + location /camera { + alias /usr/share/nginx/html/camera/dist/; + index index.html; + } + + location / { + return 404; + } + + # location /seasoned { + # index index.html verified.html; + # } + + # location /seasonedUI { + # index index.html; + # } + + ssl_certificate /etc/letsencrypt/live/kevinmidboe.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com-0001/privkey.pem; # managed by Certbot +} diff --git a/sites-available/leifsopplevelser.conf b/sites-available/leifsopplevelser.conf index 50daae0..61bfee5 100644 --- a/sites-available/leifsopplevelser.conf +++ b/sites-available/leifsopplevelser.conf @@ -1,50 +1,60 @@ +# TODO +# Move from localhost to vm + server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name api.leifsopplevelser.no; - - location / { - proxy_pass http://localhost:30021; - } - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot + listen 80; + listen [::]:80; + server_name *.leifsopplevelser.no leifsopplevelser.no; + add_header Upgrading Connection; + return 302 https://$host$request_uri; } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name upload.leifsopplevelser.no; + server_name api.leifsopplevelser.no; - location / { - proxy_pass http://localhost:30022; - } - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot + location / { + proxy_pass http://localhost:30021; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name upload.leifsopplevelser.no; + + location / { + proxy_pass http://localhost:30022; + } + + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name leifsopplevelser.no; + server_name leifsopplevelser.no; - location /assets { - root /home/kevin/leifs-image-processor; - } - - location / { - proxy_pass http://localhost:30020; - } - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot + location /assets { + root /home/kevin/leifs-image-processor; + } + location / { + proxy_pass http://localhost:30020; + } + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot } diff --git a/sites-available/lottis.conf b/sites-available/lottis.conf index f84aea3..987e4e6 100644 --- a/sites-available/lottis.conf +++ b/sites-available/lottis.conf @@ -1,56 +1,75 @@ + +upstream kxo-lottis { + server vinlottis.schleppe:30030; +} + +upstream aller-lottis { + server allerlottis.schleppe:30030; +} + +upstream beta-lottis { + server vinlottis-beta.schleppe:30030; +} + +server { + listen 80; + listen [::]:80; + + server_name .lottis.vin .vinlottis.no aller.vin knowit.vin; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +# - - - - - - - - +# KXO start server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name lottis.vin; - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; + # TODO: does this do anything other than what nginx.conf does (?) + # gzip on; + # gzip_types application/javascript; + # gzip_min_length 1000; location / { + resolver 10.0.0.72; + proxy_pass http://kxo-lottis; + proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'lottis.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; - proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://vinlottis.schleppe:30030; } - ssl_certificate /etc/letsencrypt/live/lottis.vin-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/lottis.vin-0001/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/lottis.vin-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/lottis.vin-0001/privkey.pem; # managed by Certbot } - server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name beta.lottis.vin; - - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; + server_name vinlottis.no; location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'beta.lottis.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + resolver 10.0.0.72; + proxy_pass http://kxo-lottis; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://vinlottis-beta.schleppe:30030; } - ssl_certificate /etc/letsencrypt/live/beta.lottis.vin/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vinlottis.no-0003/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0003/privkey.pem; # managed by Certbot } server { @@ -59,21 +78,16 @@ server { server_name kxo.lottis.vin; - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'lottis.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + resolver 10.0.0.72; + proxy_pass http://kxo-lottis; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://vinlottis.schleppe:30030; } ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot @@ -84,31 +98,51 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name aller.lottis.vin; - - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; + server_name knowit.vin; location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'lottis.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + resolver 10.0.0.72; + proxy_pass http://kxo-lottis; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://allerlottis.schleppe:30030; } - - ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/aller.lottis.vin/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kxo.lottis.vin/privkey.pem; # managed by Certbot } +# KXO end +# - - - - - - - - +# - - - - - - - - +# Aller start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name aller.lottis.vin; + + location / { + resolver 10.0.0.72; + proxy_pass http://aller-lottis; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + + add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + } + + ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/aller.lottis.vin/privkey.pem; # managed by Certbot +} server { listen 443 ssl http2; @@ -116,25 +150,49 @@ server { server_name aller.vin; - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - gzip_static on; - - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'aller.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + resolver 10.0.0.72; + proxy_pass http://aller-lottis; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://allerlottis.schleppe:30030; + + add_header 'Access-Control-Allow-Headers' 'Content-Type'; } ssl_certificate /etc/letsencrypt/live/aller.vin/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aller.vin/privkey.pem; # managed by Certbot } +# Aller end +# - - - - - - - - + +# - - - - - - - - +# Beta start +# - - - - - - - - +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name beta.lottis.vin; + + location / { + resolver 10.0.0.72; + proxy_pass http://beta-lottis; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + } + + ssl_certificate /etc/letsencrypt/live/beta.lottis.vin/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot +} +# Beta end +# - - - - - - - - \ No newline at end of file diff --git a/sites-available/maps.conf b/sites-available/maps.conf index 9a0698f..da21c73 100644 --- a/sites-available/maps.conf +++ b/sites-available/maps.conf @@ -1,43 +1,30 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! server { - listen 443; - listen [::]:443; + listen 80; + listen [::]:80; server_name maps.schleppe.cloud; - location / { - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host maps.schleppe.cloud; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - - proxy_pass http://mosaic.schleppe:3650; - } - - ssl_certificate /etc/letsencrypt/live/maps.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/maps.schleppe.cloud/privkey.pem; # managed by Certbot + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name maps.schleppe.cloud; + + location / { + resolver 10.0.0.72; + proxy_pass http://mosaic.schleppe:3650; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + } + + ssl_certificate /etc/letsencrypt/live/maps.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/maps.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/mc.conf b/sites-available/mc.conf index 6d0f726..38bf873 100644 --- a/sites-available/mc.conf +++ b/sites-available/mc.conf @@ -7,7 +7,9 @@ server { } - listen 443 ssl; # managed by Certbot + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/mc.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mc.kevinmidboe.com-0001/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot diff --git a/sites-available/memestream.conf b/sites-available/memestream.conf index 93d1037..5b417af 100644 --- a/sites-available/memestream.conf +++ b/sites-available/memestream.conf @@ -1,23 +1,31 @@ server { - listen 443 http2; - listen [::]:443 http2; + listen 80; + listen [::]:80; + + server_name memestream.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name memestream.schleppe.cloud; location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; + resolver 10.0.0.72; proxy_pass http://memestream.schleppe:80; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; } - ssl_certificate /etc/letsencrypt/live/memestream.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/memestream.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/memestream.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/memestream.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/mondrian.conf b/sites-available/mondrian.conf index cae6f37..4ec6922 100644 --- a/sites-available/mondrian.conf +++ b/sites-available/mondrian.conf @@ -1,29 +1,36 @@ + +server { + listen 80; + listen [::]:80; + + server_name mondrian.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name mondrian.schleppe.cloud; - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - gzip_static on; + # TODO: does this do anything other than what nginx.conf does (?) + # gzip on; + # gzip_types application/javascript; + # gzip_min_length 1000; + # gzip_static on; location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; resolver 10.0.0.72; - proxy_pass http://mondrian.schleppe:3000; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - ssl_certificate /etc/letsencrypt/live/mondrian.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/mondrian.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/mondrian.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mondrian.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/planetposen.conf b/sites-available/planetposen.conf index e027da3..03299a1 100644 --- a/sites-available/planetposen.conf +++ b/sites-available/planetposen.conf @@ -1,37 +1,107 @@ +upstream planetposen-frontend { + server planetposen.schleppe:4173; +} + +upstream planetposen-backend { + server planetposen.schleppe:30010; +} + +upstream planetposen-images { + server planetposen.schleppe:8000; +} + +upstream planetposen-ws { + # enable sticky session based on IP + ip_hash; + + server planetposen.schleppe:30010; +} + server { - listen 443 http2; - listen [::]:443 http2; + listen 80; + listen [::]:80; + + server_name planetposen.no planet.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name planetposen.no; location / { - root /opt/planetposen-original/; - autoindex on; + root /opt/planetposen-original/; + autoindex off; } - ssl_certificate /etc/letsencrypt/live/planetposen.no-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/planetposen.no-0001/privkey.pem; # managed by Certbot - + ssl_certificate /etc/letsencrypt/live/planetposen.no-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/planetposen.no-0001/privkey.pem; # managed by Certbot } server { - listen 443 http2; - listen [::]:443 http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name planet.schleppe.cloud; - location / { + location /ws { + resolver 10.0.0.72; + proxy_pass http://planetposen-ws; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /api/v1/images { + resolver 10.0.0.72; + proxy_pass http://planetposen-images/api/v1/images; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_request_buffering off; + add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Content-Type'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; + client_max_body_size 5M; + } + + location /api { resolver 10.0.0.72; - proxy_pass http://planetposen.schleppe:30010; + proxy_pass http://planetposen-backend/api; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + +# add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + } + + location / { + resolver 10.0.0.72; + proxy_pass http://planetposen-frontend; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; } ssl_certificate /etc/letsencrypt/live/planet.schleppe.cloud/fullchain.pem; # managed by Certbot diff --git a/sites-available/plex.conf b/sites-available/plex.conf index 3d7221a..1ce1102 100644 --- a/sites-available/plex.conf +++ b/sites-available/plex.conf @@ -1,25 +1,45 @@ server { - listen 443; + listen 80; + listen [::]:80; + + server_name sonarr.schleppe.cloud tau.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; server_name sonarr.schleppe.cloud; location / { - proxy_pass http://blex.schleppe:8989; + resolver 10.0.0.72; + proxy_pass http://plex.schleppe:8989; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; } - ssl_certificate /etc/letsencrypt/live/sonarr.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/sonarr.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/sonarr.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/sonarr.schleppe.cloud/privkey.pem; # managed by Certbot } server { - listen 443; + listen 443 ssl http2; server_name tau.schleppe.cloud; location / { - proxy_pass http://blex.schleppe:8181; + resolver 10.0.0.72; + proxy_pass http://plex.schleppe:8181; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; } - ssl_certificate /etc/letsencrypt/live/tau.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/tau.schleppe.cloud/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tau.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tau.schleppe.cloud/privkey.pem; # managed by Certbot } diff --git a/sites-available/proxmox.conf b/sites-available/proxmox.conf deleted file mode 100644 index bdd0090..0000000 --- a/sites-available/proxmox.conf +++ /dev/null @@ -1,26 +0,0 @@ - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name prox.kevinmidboe.com; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - add_header X-Frame-Options SAMEORIGIN; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - auth_basic "User authentication"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass https://10.0.0.80:8006; - } - ssl_certificate /etc/letsencrypt/live/prox.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/prox.kevinmidboe.com-0001/privkey.pem; # managed by Certbot - - -} - diff --git a/sites-available/request.conf b/sites-available/request.conf index 8cdb923..5410865 100644 --- a/sites-available/request.conf +++ b/sites-available/request.conf @@ -1,160 +1,59 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! server { - listen 443; - listen [::]:443; + listen 80; + listen [::]:80; + + server_name .request.movie; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name request.movie; location /api { -# if ($request_method = OPTIONS) { -# return 204; -# } - - -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; -# add_header X-Forwarded-for 'request.movie'; - -# proxy_set_header Connection 'upgrade'; -# proxy_set_header Host $host; -# proxy_pass_header Set-Cookie; -# proxy_cache_bypass $http_upgrade; - proxy_http_version 1.1; -# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; -# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; -# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; -# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; - -# proxy_set_header Origin 'https://request.movie'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - + resolver 10.0.0.72; proxy_pass http://seasoned.schleppe:31459; -# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; -# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; -# add_header 'Access-Control-Allow-Credentials' 'true' always; - } + include /etc/nginx/snippets/proxy-params.conf; + } location / { -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-Proto https; -# proxy_set_header X-Forwarded-for $remote_addr; - -# proxy_set_header X-Forwarded-For $remote_addr; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header Host $http_host; - -# proxy_set_header Connection 'upgrade'; -# proxy_set_header Host $host; -# proxy_pass_header Set-Cookie; -# proxy_cache_bypass $http_upgrade; - - proxy_http_version 1.1; -# add_header 'Access-Control-Allow-Origin' 'request.movie'; -# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; -# add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - + resolver 10.0.0.72; proxy_pass http://seasoned.schleppe:5000; + + include /etc/nginx/snippets/proxy-params.conf; } - error_page 502 /502.html; - location = /502.html { - root /home/kevin; - } - - ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot } server { - listen 443; - listen [::]:443; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name api.request.movie; location /api { -# if ($request_method = OPTIONS) { -# return 204; -# } - - -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto https; -# proxy_set_header X-Forwarded-for 'request.movie'; - proxy_set_header X-Forwarded-for $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-for 'request.movie'; -# add_header X-Forwarded-for 'request.movie'; - -# proxy_set_header Connection 'upgrade'; -# proxy_set_header Host $host; -# proxy_pass_header Set-Cookie; -# proxy_cache_bypass $http_upgrade; - proxy_http_version 1.1; -# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie'; -# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT'; -# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie'; -# proxy_set_header 'Access-Control-Allow-Credentials' 'true'; - -# proxy_set_header Origin 'https://request.movie'; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - + resolver 10.0.0.72; proxy_pass http://seasoned.schleppe:31459; -# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; -# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; -# add_header 'Access-Control-Allow-Credentials' 'true' always; - } + include /etc/nginx/snippets/proxy-params.conf; + } - ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot } server { - listen 443; - listen [::]:443; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name warden.request.movie; @@ -162,13 +61,12 @@ server { proxy_pass http://seasoned.schleppe:31458; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; + include /etc/nginx/snippets/proxy-params.conf; + } - ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot } diff --git a/sites-available/rerequest.conf b/sites-available/rerequest.conf deleted file mode 100644 index de27b74..0000000 --- a/sites-available/rerequest.conf +++ /dev/null @@ -1,112 +0,0 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! - -server { - listen 443; - listen [::]:443; - - server_name request.movie; - - location / { -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-Proto https; -# proxy_set_header X-Forwarded-for $remote_addr; - -# proxy_set_header X-Forwarded-For $remote_addr; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header Host $http_host; - -# proxy_set_header Connection 'upgrade'; -# proxy_set_header Host $host; -# proxy_pass_header Set-Cookie; -# proxy_cache_bypass $http_upgrade; - - proxy_http_version 1.1; -# add_header 'Access-Control-Allow-Origin' 'request.movie'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; -# add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - - proxy_pass http://seasoned.schleppe:5000; - } - - error_page 502 /502.html; - location = /502.html { - root /home/kevin; - } - - ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name api.request.movie; - - location /api { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_pass_header Set-Cookie; - proxy_cache_bypass $http_upgrade; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; -# add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_pass http://seasoned.schleppe:31459; - } - - ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name warden.request.movie; - - location / { - proxy_pass http://seasoned.schleppe:31458; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot -} diff --git a/sites-available/ruterna.conf b/sites-available/ruterna.conf index 147553b..e5f9fd8 100644 --- a/sites-available/ruterna.conf +++ b/sites-available/ruterna.conf @@ -31,9 +31,11 @@ server { location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; diff --git a/sites-available/schleppecloud.conf b/sites-available/schleppecloud.conf new file mode 100644 index 0000000..127acbb --- /dev/null +++ b/sites-available/schleppecloud.conf @@ -0,0 +1,24 @@ + +server { + listen 80; + listen [::]:80; + + server_name schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name schleppe.cloud; + + location / { + return 404; + } + + ssl_certificate /etc/letsencrypt/live/schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/schleppe.cloud/privkey.pem; # managed by Certbot +} diff --git a/sites-available/schleppecloud.config b/sites-available/schleppecloud.config deleted file mode 100644 index 6c59ad4..0000000 --- a/sites-available/schleppecloud.config +++ /dev/null @@ -1,81 +0,0 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! - - -server { - listen 443; - listen [::]:443; - - server_name schleppe.cloud; - - location / { - root /usr/share/nginx/schleppecloud/; - autoindex off; - index index.html; - } - ssl_certificate /etc/letsencrypt/live/schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/schleppe.cloud/privkey.pem; # managed by Certbot - -} - -server { - listen 443 http2; - listen [::]:443 http2; - - server_name blockchain.schleppe.cloud; - - location / { - root /home/kevin/blockchain; - autoindex off; - index index.html; - } - - ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot -} - -server { - listen 443 http2; - listen [::]:443 http2; - - server_name wagovipps.schleppe.cloud; - -# gzip on; -# gzip_min_length 1000; -# gzip_types text/plain application/json; - - # TODO restrict to allow vipps servers - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://10.0.0.58:80; - } - - ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot -} - diff --git a/sites-available/seasoned.conf b/sites-available/seasoned.conf deleted file mode 100644 index f88f456..0000000 --- a/sites-available/seasoned.conf +++ /dev/null @@ -1,87 +0,0 @@ -# -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration - -# Default should define all the routes to upgrade to https and global rules! - -server { - listen 443; - listen [::]:443; - - server_name seasoned.show; - - location / { - proxy_pass http://10.0.0.54:5000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - error_page 502 /502.html; - location = /502.html { - root /home/kevin; - } - - ssl_certificate /etc/letsencrypt/live/seasoned.show-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/seasoned.show-0001/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name api.seasoned.show; - - location /api { - proxy_pass http://10.0.0.54:31459; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - ssl_certificate /etc/letsencrypt/live/api.seasoned.show-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.seasoned.show-0001/privkey.pem; # managed by Certbot - - -} - -server { - listen 443; - listen [::]:443; - - server_name warden.seasoned.show; - - location /api { - proxy_pass http://seasoned.schleppe:31458; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } -} diff --git a/sites-available/textbars.app.conf b/sites-available/textbars.app.conf deleted file mode 100644 index 634ac8e..0000000 --- a/sites-available/textbars.app.conf +++ /dev/null @@ -1,23 +0,0 @@ - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - - location / { - root /home/kevin/wavecube; - include /etc/nginx/mime.types; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - proxy_pass http://localhost:3000; - } - - ssl_certificate /etc/letsencrypt/live/textbars.app/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/textbars.app/privkey.pem; # managed by Certbot -} diff --git a/sites-available/valg.conf b/sites-available/valg.conf deleted file mode 100644 index ec81cc7..0000000 --- a/sites-available/valg.conf +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name valg.schleppe.cloud; - - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - gzip_static on; - - - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'knowit.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://valg.schleppe:30030; - } -} - diff --git a/sites-available/vinlottis.conf b/sites-available/vinlottis.conf deleted file mode 100644 index 0b2f4f5..0000000 --- a/sites-available/vinlottis.conf +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name knowit.vin; - - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - gzip_static on; - - - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'knowit.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://vinlottis.schleppe:30030; - } - - ssl_certificate /etc/letsencrypt/live/knowit.vin-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/knowit.vin-0001/privkey.pem; # managed by Certbot -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name vinlottis.no; - - gzip on; - gzip_types application/javascript; - gzip_min_length 1000; - - - location / { - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'vinlottis.no'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - resolver 10.0.0.72; - proxy_pass http://vinlottis.schleppe:30030; - } - - - ssl_certificate /etc/letsencrypt/live/vinlottis.no-0003/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0003/privkey.pem; # managed by Certbot -} diff --git a/sites-available/wagovipps.conf b/sites-available/wagovipps.conf new file mode 100644 index 0000000..ce4f8b8 --- /dev/null +++ b/sites-available/wagovipps.conf @@ -0,0 +1,34 @@ + +server { + listen 80; + listen [::]:80; + + server_name wagovipps.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name wagovipps.schleppe.cloud; + + # TODO restrict to allow vipps servers + location / { + resolver 10.0.0.72; + proxy_pass http://wagovipps.schleppe:80; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Content-Type'; + } + + ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot +} \ No newline at end of file diff --git a/sites-available/warden.conf b/sites-available/warden.conf new file mode 100644 index 0000000..12461aa --- /dev/null +++ b/sites-available/warden.conf @@ -0,0 +1,32 @@ + +server { + listen 80; + listen [::]:80; + + server_name warden.schleppe.cloud; + + add_header Upgrading Connection; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name warden.schleppe.cloud; + + location / { + resolver 10.0.0.72; + proxy_pass http://bitwarden.schleppe:80; + + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + } + + ssl_certificate /etc/letsencrypt/live/warden.schleppe.cloud/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/warden.schleppe.cloud/privkey.pem; # managed by Certbot +} + + diff --git a/sites-enabled/000-default.conf b/sites-enabled/000-default.conf new file mode 120000 index 0000000..f1b1781 --- /dev/null +++ b/sites-enabled/000-default.conf @@ -0,0 +1 @@ +sites-available/000-default.conf \ No newline at end of file diff --git a/sites-enabled/api.kevinmidboe.conf b/sites-enabled/api.kevinmidboe.conf deleted file mode 120000 index 963f197..0000000 --- a/sites-enabled/api.kevinmidboe.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/api.kevinmidboe.conf \ No newline at end of file diff --git a/sites-enabled/brewpi.conf b/sites-enabled/brewpi.conf deleted file mode 120000 index f1d084a..0000000 --- a/sites-enabled/brewpi.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/brewpi.conf \ No newline at end of file diff --git a/sites-enabled/castdeck.conf b/sites-enabled/castdeck.conf deleted file mode 120000 index 49589c6..0000000 --- a/sites-enabled/castdeck.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/castdeck.conf \ No newline at end of file diff --git a/sites-enabled/chatbot.kevinmidboe.conf b/sites-enabled/chatbot.kevinmidboe.conf deleted file mode 120000 index 9941abf..0000000 --- a/sites-enabled/chatbot.kevinmidboe.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/chatbot.kevinmidboe.conf \ No newline at end of file diff --git a/sites-enabled/default.conf b/sites-enabled/default.conf deleted file mode 120000 index 772cfe8..0000000 --- a/sites-enabled/default.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/default.conf \ No newline at end of file diff --git a/sites-enabled/drone.conf b/sites-enabled/drone.conf deleted file mode 120000 index a691b98..0000000 --- a/sites-enabled/drone.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/drone.conf \ No newline at end of file diff --git a/sites-enabled/elastic.conf b/sites-enabled/elastic.conf deleted file mode 120000 index 038d519..0000000 --- a/sites-enabled/elastic.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/elastic.conf \ No newline at end of file diff --git a/sites-enabled/fjordmap.conf b/sites-enabled/fjordmap.conf deleted file mode 120000 index f4743fd..0000000 --- a/sites-enabled/fjordmap.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/fjordmap.conf \ No newline at end of file diff --git a/sites-enabled/grafana.conf b/sites-enabled/grafana.conf deleted file mode 120000 index 8411193..0000000 --- a/sites-enabled/grafana.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/grafana.conf \ No newline at end of file diff --git a/sites-enabled/hitler.conf b/sites-enabled/hitler.conf deleted file mode 120000 index 6f20c5a..0000000 --- a/sites-enabled/hitler.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/hitler.conf \ No newline at end of file diff --git a/sites-enabled/hiveMonitor.conf b/sites-enabled/hiveMonitor.conf deleted file mode 120000 index 44a1209..0000000 --- a/sites-enabled/hiveMonitor.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/hiveMonitor.conf \ No newline at end of file diff --git a/sites-enabled/leifsopplevelser.conf b/sites-enabled/leifsopplevelser.conf deleted file mode 120000 index e69660b..0000000 --- a/sites-enabled/leifsopplevelser.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/leifsopplevelser.conf \ No newline at end of file diff --git a/sites-enabled/lottis.conf b/sites-enabled/lottis.conf deleted file mode 120000 index 7082bf4..0000000 --- a/sites-enabled/lottis.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/lottis.conf \ No newline at end of file diff --git a/sites-enabled/maps.conf b/sites-enabled/maps.conf deleted file mode 120000 index 919e3e1..0000000 --- a/sites-enabled/maps.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/maps.conf \ No newline at end of file diff --git a/sites-enabled/mc.conf b/sites-enabled/mc.conf deleted file mode 120000 index da56441..0000000 --- a/sites-enabled/mc.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/mc.conf \ No newline at end of file diff --git a/sites-enabled/memetream.conf b/sites-enabled/memetream.conf deleted file mode 120000 index 82ba3d1..0000000 --- a/sites-enabled/memetream.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/memestream.conf \ No newline at end of file diff --git a/sites-enabled/mondrian.conf b/sites-enabled/mondrian.conf deleted file mode 120000 index 535309a..0000000 --- a/sites-enabled/mondrian.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/mondrian.conf \ No newline at end of file diff --git a/sites-enabled/planetposen.conf b/sites-enabled/planetposen.conf deleted file mode 120000 index 00ed1e5..0000000 --- a/sites-enabled/planetposen.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/planetposen.conf \ No newline at end of file diff --git a/sites-enabled/plex.conf b/sites-enabled/plex.conf deleted file mode 120000 index bddad86..0000000 --- a/sites-enabled/plex.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/plex.conf \ No newline at end of file diff --git a/sites-enabled/proxmox.conf b/sites-enabled/proxmox.conf deleted file mode 120000 index e775e38..0000000 --- a/sites-enabled/proxmox.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/proxmox.conf \ No newline at end of file diff --git a/sites-enabled/request.conf b/sites-enabled/request.conf deleted file mode 120000 index 697190d..0000000 --- a/sites-enabled/request.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/request.conf \ No newline at end of file diff --git a/sites-enabled/ruterna.conf b/sites-enabled/ruterna.conf deleted file mode 120000 index 2d3f2d9..0000000 --- a/sites-enabled/ruterna.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/ruterna.conf \ No newline at end of file diff --git a/sites-enabled/schleppecloud.config b/sites-enabled/schleppecloud.config deleted file mode 120000 index 6b6857d..0000000 --- a/sites-enabled/schleppecloud.config +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/schleppecloud.config \ No newline at end of file diff --git a/sites-enabled/vinlottis.conf b/sites-enabled/vinlottis.conf deleted file mode 120000 index 7ec0603..0000000 --- a/sites-enabled/vinlottis.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/vinlottis.conf \ No newline at end of file