KevinMidboe/nginx
1
0
Fork 0
mirror of https://github.com/KevinMidboe/nginx.git synced 2025-10-29 17:50:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup : all sites share a common syntax

Browse Source
This commit is contained in:
Kevin
2023-11-08 23:37:28 +01:00
parent b3f47a87bb
commit 89d1e15096
67 changed files with 1058 additions and 1535 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
nginx.conf
View File

@@ -7,47 +7,55 @@ pid /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type text/plain;
################## ##################
# SSL settings # # Basic settings #
################## ##################
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE sendfile on;
ssl_prefer_server_ciphers on; tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
################## ##################
# Log settings # # Gzip settings #
################## ##################
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' gzip on;
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; ##################
error_log /var/log/nginx/error.log; # Headers #
##################
################## add_header X-Web-Entry "Bifrost" always;
# Basic settings #
##################
sendfile on; ##################
tcp_nopush on; # SSL settings #
tcp_nodelay on; ##################
keepalive_timeout 65;
types_hash_max_size 2048;
################## ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
# Gzip settings # ssl_prefer_server_ciphers on;
##################
gzip on; ##################
# Log settings #
##################
include /etc/nginx/conf.d/*.conf; log_format main '$remote_addr - $remote_user [$time_local] '
include /etc/nginx/sites-enabled/*.conf; '"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/cloudflare;
} }

32
nginx.conf.default_1.20
View File

@@ -1,32 +0,0 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

77
sites-available/000-default.conf Normal file
View File

@@ -0,0 +1,77 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - -
# Default server configuration
# Any server_name not matched for port 80 or 443
# returns 200 ok or 425 not supported respectively
# - - - - - - - - - - - - - - - - - - - - - - - - - -
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
add_header X-Dead-End true;
add_header Content-Type text/plain;
return 200 ok;
}
# Don't want to return anything without a server_name.
# User a self signed snakeoil cert to deliver response.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
add_header X-Dead-End true;
add_header Content-Type text/plain;
return 425 "SSL not supported here.";
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
}
# Return stub status only for local local dns name
server {
listen 80;
server_name bifrost.schleppe;
location /nginx_status {
stub_status;
}
}
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin seasoned.show request.movie *.schleppe.cloud *.k9e.no;
# add_header Upgrading Connection;
# return 302 https://$host$request_uri;
#}
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name bookit.schleppe.cloud;
# root /usr/share/nginx/html/Bookit-Frontend/build;
# location / {
# index index.html;
# }
# ssl_certificate /etc/letsencrypt/live/bookit.schleppe.cloud/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/bookit.schleppe.cloud/privkey.pem; # managed by Certbot
# }

29
sites-available/adtech.conf Normal file
View File

@@ -0,0 +1,29 @@
server {
listen 80;
listen [::]:80;
server_name adtech.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name adtech.schleppe.cloud;
location / {
resolver 10.0.0.72;
proxy_pass http://adtech.schleppe:3000;
client_max_body_size 2000M;
include /etc/nginx/snippets/proxy-params.conf;
}
ssl_certificate /etc/letsencrypt/live/adtech.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/adtech.schleppe.cloud/privkey.pem; # managed by Certbot
}

26
sites-available/blockchain.conf Normal file
View File

@@ -0,0 +1,26 @@
server {
listen 80;
listen [::]:80;
server_name blockchain.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blockchain.schleppe.cloud;
location / {
root /home/kevin/blockchain;
autoindex off;
index index.html;
}
ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot
}

29
sites-available/blog.conf Normal file
View File

@@ -0,0 +1,29 @@
server {
listen 80;
listen [::]:80;
server_name blog.kevinmidboe.com;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.kevinmidboe.com;
location / {
resolver 10.0.0.72;
proxy_pass http://blog.schleppe:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot
}

42
sites-available/brewpi.conf
View File

@@ -1,3 +1,14 @@
server {
listen 80;
listen [::]:80;
server_name brew.schleppe.cloud beer.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
@@ -9,21 +20,21 @@ server {
gzip_min_length 1000; gzip_min_length 1000;
gzip_static on; gzip_static on;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
proxy_pass http://brewpi.schleppe:8080;
add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type'; add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://brewpi.schleppe:5000;
} }
ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot
} }
@@ -38,21 +49,20 @@ server {
gzip_min_length 1000; gzip_min_length 1000;
gzip_static on; gzip_static on;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
proxy_pass http://brewpi.schleppe:8080;
add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type'; add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://brewpi.schleppe:5000;
} }
ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot
} }

24
sites-available/castdeck.conf
View File

@@ -1,3 +1,14 @@
server {
listen 80;
listen [::]:80;
server_name castdeck.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
@@ -10,19 +21,16 @@ server {
gzip_static on; gzip_static on;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
proxy_pass http://castdeck.schleppe:80;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type'; add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://castdeck.schleppe:80;
} }
ssl_certificate /etc/letsencrypt/live/castdeck.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/castdeck.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/castdeck.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/castdeck.schleppe.cloud/privkey.pem; # managed by Certbot
} }

12
sites-available/chatbot.kevinmidboe.conf
View File

@@ -1,12 +0,0 @@
server {
listen 443;
server_name chatbot.kevinmidboe.com;
location / {
proxy_pass http://localhost:31458;
}
ssl_certificate /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chatbot.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}

411
sites-available/default.conf
View File

@@ -1,411 +0,0 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server {
if ($host = es.schleppe.cloud) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = elastic.schleppe.cloud) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = elastic.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = blog.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = vinlottis.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = seasoned.show) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = ruterna.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = request.movie) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = planetposen.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = upload.leifsopplevelser.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.leifsopplevelser.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = knowit.vin) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = xoa.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = tau.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = sonarr.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = planet.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = kibana.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = dev.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = chatbot.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hitler.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = proxy.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = prox.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = memestream.schleppe.cloud) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = drone.kevinmidboe.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin vinlottis.no seasoned.show request.movie;
return 302 https://$host$request_uri;
}
server {
listen 443;
server_name sonarr.kevinmidboe.com;
location / {
proxy_pass http://10.0.0.51:8989;
}
ssl_certificate /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sonarr.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
server_name tau.kevinmidboe.com;
location / {
proxy_pass http://10.0.0.51:8181;
}
ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
server_name xoa.kevinmidboe.com;
location / {
auth_basic "User authentication";
auth_basic_user_file /etc/apache2/.htpasswd;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy configuration
proxy_pass http://10.0.0.43/;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_redirect default;
# Issue https://github.com/vatesfr/xen-orchestra/issues/1471
proxy_read_timeout 1800; # Error will be only every 30m
# For the VM import feature, this size must be larger than the file we want to upload.
# Without a proper value, nginx will have error "client intended to send too large body"
client_max_body_size 4G;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
server_name dev.kevinmidboe.com;
location / {
proxy_pass http://localhost:11001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/dev.kevinmidboe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.kevinmidboe.com/privkey.pem; # managed by Certbot
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name blog.kevinmidboe.com;
location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://10.0.0.59:80;
}
ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name bookit.schleppe.cloud;
root /usr/share/nginx/html/Bookit-Frontend/build;
location / {
index index.html;
}
ssl_certificate /etc/letsencrypt/live/bookit.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bookit.schleppe.cloud/privkey.pem; # managed by Certbot
}
server {
listen 443;
listen [::]:443;
server_name kevinmidboe.com;
root /usr/share/nginx/html/;
location /jobb {
index index.html;
}
location /km {
index index.html plex.html;
}
location /seasoned {
index index.html verified.html;
}
location /seasonedUI {
index index.html;
}
location /vibrate {
index index.html;
}
location /assets {
alias /www/data/assets;
autoindex on;
}
location /clipboard {
index index.html;
}
location /cubewave {
alias /home/kevin/cubewave;
index index.html;
}
location /bookit {
alias /home/kevin/Bookit-Frontend/build;
index index.html;
}
location /klp {
index index.html;
}
location /kurs {
alias /usr/share/nginx/html/kurs;
}
location /camera {
alias /usr/share/nginx/html/camera/dist/;
index index.html;
}
location /shows {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "https://kevinmidboe.com";
add_header Access-Control-Allow-Methods "GET, OPTIONS, POST";
add_header 'Access-Control-Allow-Headers' 'Content-Type';
return 200;
}
proxy_pass http://10.0.0.115:9301;
}
location /api {
# if ($request_method = OPTIONS) {
# return 204;
# }
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# proxy_set_header X-Forwarded-for 'request.movie';
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-for 'request.movie';
# add_header X-Forwarded-for 'request.movie';
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_pass_header Set-Cookie;
# proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie';
# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT';
# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie';
# proxy_set_header 'Access-Control-Allow-Credentials' 'true';
# proxy_set_header Origin 'https://request.movie';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://seasoned.schleppe:31459;
# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
}
location / {
proxy_pass http://10.0.0.54:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
error_page 502 /502.html;
location = /502.html {
root /home/kevin;
}
ssl_certificate /etc/letsencrypt/live/kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}

91
sites-available/default.dpkg-dist
View File

@@ -1,91 +0,0 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

30
sites-available/drone.conf
View File

@@ -1,24 +1,32 @@
server { server {
# auth_basic "Drone admin access"; listen 80;
# auth_basic_user_file /etc/nginx/.htpasswd; listen [::]:80;
server_name drone.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name drone.schleppe.cloud; server_name drone.schleppe.cloud;
# auth_basic "Drone admin access";
# auth_basic_user_file /etc/nginx/.htpasswd;
location / { location / {
proxy_pass http://10.0.0.62:80; resolver 10.0.0.72;
proxy_http_version 1.1; proxy_pass http://drone.schleppe:80;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
} }
ssl_certificate /etc/letsencrypt/live/drone.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/drone.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/drone.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/drone.schleppe.cloud/privkey.pem; # managed by Certbot
} }

162
sites-available/elastic.conf
View File

@@ -1,4 +1,23 @@
upstream elastic {
server elastic.schleppe:9200;
server elastic-2.schleppe:9200;
server elastic-3.schleppe:9200;
}
upstream kibana {
server elastic.schleppe:5601;
}
server {
listen 80;
listen [::]:80;
server_name kibana.schleppe.cloud elastic.schleppe.cloud es.schleppe.cloud elastic.keivnmidboe.com;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@@ -6,26 +25,13 @@ server {
server_name kibana.schleppe.cloud; server_name kibana.schleppe.cloud;
location /ui {
add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud';
proxy_pass http://10.0.0.55:5601/ui;
}
location /app/visualize {
add_header 'Access-Control-Allow-Origin' 'brew.schleppe.cloud';
proxy_pass http://10.0.0.55:5601/app/visualize;
}
location / { location / {
auth_basic "Administrator's Area"; resolver 10.0.0.72;
auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://kibana;
add_header 'Access-Control-Allow-Origin' 'kibana.schleppe.cloud';
proxy_pass http://10.0.0.55:5601;
} }
ssl_certificate /etc/letsencrypt/live/kibana.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/kibana.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kibana.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/kibana.schleppe.cloud/privkey.pem; # managed by Certbot
} }
server { server {
@@ -35,43 +41,14 @@ server {
server_name elastic.schleppe.cloud; server_name elastic.schleppe.cloud;
location / { location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length';
add_header 'Content-Type' 'application/json; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
resolver 10.0.0.72; resolver 10.0.0.72;
proxy_pass http://elastic.schleppe:9200; proxy_pass https://elastic;
add_header X-Upstream $upstream_addr always;
} }
ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud-0001/privkey.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud-0001/privkey.pem; # managed by Certbot
} }
@@ -82,44 +59,14 @@ server {
server_name es.schleppe.cloud; server_name es.schleppe.cloud;
location / { location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length';
add_header 'Content-Type' 'application/json; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
resolver 10.0.0.72; resolver 10.0.0.72;
proxy_pass http://elastic.schleppe:9200; proxy_pass http://elastic;
add_header X-Upstream $upstream_addr always;
} }
ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/elastic.schleppe.cloud/privkey.pem; # managed by Certbot
} }
@@ -130,41 +77,12 @@ server {
server_name elastic.kevinmidboe.com; server_name elastic.kevinmidboe.com;
location / { location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Content-Length';
add_header 'Content-Type' 'application/json; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
resolver 10.0.0.72; resolver 10.0.0.72;
proxy_pass http://elastic.schleppe:9200; proxy_pass http://elastic;
add_header X-Upstream $upstream_addr always;
} }
ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/privkey.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
} }

1
sites-available/fjordmap.conf
View File

@@ -1,3 +1,4 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;

31
sites-available/gitea.conf Normal file
View File

@@ -0,0 +1,31 @@
server {
listen 80;
listen [::]:80;
server_name git.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.schleppe.cloud;
location / {
resolver 10.0.0.72;
proxy_pass http://git.schleppe:3000;
client_max_body_size 2000M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/git.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.schleppe.cloud/privkey.pem; # managed by Certbot
}

87
sites-available/grafana.conf
View File

@@ -1,43 +1,50 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration map $http_upgrade $connection_upgrade {
default upgrade;
# Default should define all the routes to upgrade to https and global rules! '' close;
}
server {
listen 443; upstream grafana {
listen [::]:443; server grafana.schleppe:80;
}
server_name grafana.schleppe.cloud;
location / { server {
proxy_http_version 1.1; listen 80;
listen [::]:80;
proxy_set_header X-Forwarded-Host grafana.schleppe.cloud;
proxy_set_header X-Forwarded-Proto https; server_name grafana.schleppe.cloud;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; add_header Upgrading Connection;
proxy_set_header Host $host; return 302 https://$host$request_uri;
}
proxy_pass http://grafana.schleppe:3000;
} server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/grafana.schleppe.cloud/fullchain.pem; # managed by Certbot listen [::]:443 ssl http2;
ssl_certificate_key /etc/letsencrypt/live/grafana.schleppe.cloud/privkey.pem; # managed by Certbot
server_name grafana.schleppe.cloud;
# Serve Grafana
location / {
# proxy_set_header Host $host;
# rewrite ^/grafana/(.*) /$1 break;
proxy_pass http://grafana.schleppe:3000/;
# Relax "413 Request Entity Too Large"
client_max_body_size 20M;
# If upstream is slow
proxy_send_timeout 5m;
proxy_read_timeout 5m;
# If downstream is slow
#client_header_timeout 3m;
client_body_timeout 5m;
send_timeout 5m;
}
ssl_certificate /etc/letsencrypt/live/grafana.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/grafana.schleppe.cloud/privkey.pem; # managed by Certbot
} }

31
sites-available/headscale.conf Normal file
View File

@@ -0,0 +1,31 @@
# TODO
# - Move SSL termination here and remove from headscale.schleppe
map $http_upgrade $connection_upgrade {
default keep-alive;
'websocket' upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name flow.schleppe.cloud;
location / {
resolver 10.0.0.72;
proxy_pass http://headscale.schleppe:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $server_name;
proxy_redirect http:// https://;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
}

41
sites-available/hiveMonitor.conf
View File

@@ -1,27 +1,40 @@
upstream backend {
# enable sticky session based on IP
ip_hash;
server 10.0.0.150;
}
server {
listen 80;
listen [::]:80;
server_name hive.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name rosendal.buzz; server_name hive.schleppe.cloud;
gzip on;
gzip_types application/json;
gzip_min_length 1000;
location / { location / {
proxy_http_version 1.1; proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' 'rosendal.buzz';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:30040; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host hive.kazan.schleppe;
resolver ns1.schleppe;
proxy_pass http://hive.kazan.schleppe;
# proxy_pass http://backend;
} }
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
}
ssl_certificate /etc/letsencrypt/live/hive.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hive.schleppe.cloud/privkey.pem; # managed by Certbot
}

13
sites-available/jelly.conf Normal file
View File

@@ -0,0 +1,13 @@
server {
listen 443 ssl http2;
server_name jelly.schleppe.cloud;
location / {
proxy_pass http://jelly.schleppe:8096;
}
ssl_certificate /etc/letsencrypt/live/jelly.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jelly.schleppe.cloud/privkey.pem; # managed by Certbot
}

38
sites-available/k9e.conf Normal file
View File

@@ -0,0 +1,38 @@
upstream kazan {
server kazan.schleppe;
# server kazan-apollo.schleppe;
# server kazan-ambrosia.schleppe;
# server kazan-cerberus.schleppe;
}
server {
listen 80;
listen [::]:80;
server_name k9e.no;
location / {
proxy_pass http://k9e.kazan.schleppe;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name k9e.no;
location / {
proxy_pass http://k9e.kazan.schleppe;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/k9e.no/fullchain.pem; # managed by Kevin
ssl_certificate_key /etc/letsencrypt/live/k9e.no/privkey.pem; # managed by Kevin
}

28
sites-available/k9ee.conf Normal file
View File

@@ -0,0 +1,28 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name k9ee.no;
error_page 404 /404.html;
location = /404.html {
root /home/kevin/;
}
location / {
resolver 10.0.0.72;
proxy_http_version 1.1;
add_header Proxy Bifrost;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://k9e.kazan.schleppe;
}
ssl_certificate /etc/letsencrypt/live/k9e.no/fullchain.pem; # managed by Kevin
ssl_certificate_key /etc/letsencrypt/live/k9e.no/privkey.pem; # managed by Kevin
}

77
sites-available/kevinmidboe.conf Normal file
View File

@@ -0,0 +1,77 @@
server {
listen 80;
listen [::]:80;
server_name kevinmidboe.com;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kevinmidboe.com;
root /usr/share/nginx/html/;
autoindex off;
location /jobb {
index index.html;
}
location /km {
index index.html plex.html;
}
location /vibrate {
index index.html;
}
location /assets {
alias /www/data/assets;
}
location /clipboard {
index index.html;
}
location /cubewave {
alias /home/kevin/cubewave;
index index.html;
}
location /bookit {
alias /home/kevin/Bookit-Frontend/build;
index index.html;
}
location /klp {
index index.html;
}
location /kurs {
alias /usr/share/nginx/html/kurs;
}
location /camera {
alias /usr/share/nginx/html/camera/dist/;
index index.html;
}
location / {
return 404;
}
# location /seasoned {
# index index.html verified.html;
# }
# location /seasonedUI {
# index index.html;
# }
ssl_certificate /etc/letsencrypt/live/kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}

70
sites-available/leifsopplevelser.conf
View File

@@ -1,50 +1,60 @@
# TODO
# Move from localhost to vm
server { server {
listen 443 ssl http2; listen 80;
listen [::]:443 ssl http2; listen [::]:80;
server_name api.leifsopplevelser.no;
location / {
proxy_pass http://localhost:30021;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
server_name *.leifsopplevelser.no leifsopplevelser.no;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name upload.leifsopplevelser.no; server_name api.leifsopplevelser.no;
location / { location / {
proxy_pass http://localhost:30022; proxy_pass http://localhost:30021;
} }
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name upload.leifsopplevelser.no;
location / {
proxy_pass http://localhost:30022;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name leifsopplevelser.no; server_name leifsopplevelser.no;
location /assets { location /assets {
root /home/kevin/leifs-image-processor; root /home/kevin/leifs-image-processor;
} }
location / {
proxy_pass http://localhost:30020;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
location / {
proxy_pass http://localhost:30020;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0001/privkey.pem; # managed by Certbot
} }

180
sites-available/lottis.conf
View File

@@ -1,56 +1,75 @@
upstream kxo-lottis {
server vinlottis.schleppe:30030;
}
upstream aller-lottis {
server allerlottis.schleppe:30030;
}
upstream beta-lottis {
server vinlottis-beta.schleppe:30030;
}
server {
listen 80;
listen [::]:80;
server_name .lottis.vin .vinlottis.no aller.vin knowit.vin;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
# - - - - - - - -
# KXO start
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name lottis.vin; server_name lottis.vin;
gzip on; # TODO: does this do anything other than what nginx.conf does (?)
gzip_types application/javascript; # gzip on;
gzip_min_length 1000; # gzip_types application/javascript;
# gzip_min_length 1000;
location / { location / {
resolver 10.0.0.72;
proxy_pass http://kxo-lottis;
proxy_http_version 1.1; proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' 'lottis.vin';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin';
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://vinlottis.schleppe:30030;
} }
ssl_certificate /etc/letsencrypt/live/lottis.vin-0001/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/lottis.vin-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lottis.vin-0001/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/lottis.vin-0001/privkey.pem; # managed by Certbot
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name beta.lottis.vin; server_name vinlottis.no;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
add_header 'Access-Control-Allow-Origin' 'beta.lottis.vin'; proxy_pass http://kxo-lottis;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://vinlottis-beta.schleppe:30030;
} }
ssl_certificate /etc/letsencrypt/live/beta.lottis.vin/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0003/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0003/privkey.pem; # managed by Certbot
} }
server { server {
@@ -59,21 +78,16 @@ server {
server_name kxo.lottis.vin; server_name kxo.lottis.vin;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
add_header 'Access-Control-Allow-Origin' 'lottis.vin'; proxy_pass http://kxo-lottis;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://vinlottis.schleppe:30030;
} }
ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot
@@ -84,31 +98,51 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name aller.lottis.vin; server_name knowit.vin;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
add_header 'Access-Control-Allow-Origin' 'lottis.vin'; proxy_pass http://kxo-lottis;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://allerlottis.schleppe:30030;
} }
ssl_certificate /etc/letsencrypt/live/kxo.lottis.vin/fullchain.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/kxo.lottis.vin/privkey.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aller.lottis.vin/privkey.pem; # managed by Certbot
} }
# KXO end
# - - - - - - - -
# - - - - - - - -
# Aller start
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name aller.lottis.vin;
location / {
resolver 10.0.0.72;
proxy_pass http://aller-lottis;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin';
}
ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aller.lottis.vin/privkey.pem; # managed by Certbot
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@@ -116,25 +150,49 @@ server {
server_name aller.vin; server_name aller.vin;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
gzip_static on;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
add_header 'Access-Control-Allow-Origin' 'aller.vin'; proxy_pass http://aller-lottis;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://allerlottis.schleppe:30030; add_header 'Access-Control-Allow-Headers' 'Content-Type';
} }
ssl_certificate /etc/letsencrypt/live/aller.vin/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/aller.vin/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aller.vin/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aller.vin/privkey.pem; # managed by Certbot
} }
# Aller end
# - - - - - - - -
# - - - - - - - -
# Beta start
# - - - - - - - -
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name beta.lottis.vin;
location / {
resolver 10.0.0.72;
proxy_pass http://beta-lottis;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/beta.lottis.vin/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot
}
# Beta end
# - - - - - - - -

59
sites-available/maps.conf
View File

@@ -1,43 +1,30 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server { server {
listen 443; listen 80;
listen [::]:443; listen [::]:80;
server_name maps.schleppe.cloud; server_name maps.schleppe.cloud;
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host maps.schleppe.cloud; add_header Upgrading Connection;
proxy_set_header X-Forwarded-Proto https; return 302 https://$host$request_uri;
proxy_set_header Upgrade $http_upgrade; }
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host; server {
listen 443 ssl http2;
proxy_pass http://mosaic.schleppe:3650; listen [::]:443 ssl http2;
}
server_name maps.schleppe.cloud;
ssl_certificate /etc/letsencrypt/live/maps.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/maps.schleppe.cloud/privkey.pem; # managed by Certbot location / {
resolver 10.0.0.72;
proxy_pass http://mosaic.schleppe:3650;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/maps.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/maps.schleppe.cloud/privkey.pem; # managed by Certbot
} }

4
sites-available/mc.conf
View File

@@ -7,7 +7,9 @@ server {
} }
listen 443 ssl; # managed by Certbot listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mc.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mc.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mc.kevinmidboe.com-0001/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mc.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

30
sites-available/memestream.conf
View File

@@ -1,23 +1,31 @@
server { server {
listen 443 http2; listen 80;
listen [::]:443 http2; listen [::]:80;
server_name memestream.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name memestream.schleppe.cloud; server_name memestream.schleppe.cloud;
location / { location / {
proxy_http_version 1.1; resolver 10.0.0.72;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://memestream.schleppe:80; proxy_pass http://memestream.schleppe:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
} }
ssl_certificate /etc/letsencrypt/live/memestream.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/memestream.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/memestream.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/memestream.schleppe.cloud/privkey.pem; # managed by Certbot
} }

37
sites-available/mondrian.conf
View File

@@ -1,29 +1,36 @@
server {
listen 80;
listen [::]:80;
server_name mondrian.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name mondrian.schleppe.cloud; server_name mondrian.schleppe.cloud;
gzip on; # TODO: does this do anything other than what nginx.conf does (?)
gzip_types application/javascript; # gzip on;
gzip_min_length 1000; # gzip_types application/javascript;
gzip_static on; # gzip_min_length 1000;
# gzip_static on;
location / { location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
resolver 10.0.0.72; resolver 10.0.0.72;
proxy_pass http://mondrian.schleppe:3000; proxy_pass http://mondrian.schleppe:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
ssl_certificate /etc/letsencrypt/live/mondrian.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mondrian.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mondrian.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mondrian.schleppe.cloud/privkey.pem; # managed by Certbot
} }

98
sites-available/planetposen.conf
View File

@@ -1,37 +1,107 @@
upstream planetposen-frontend {
server planetposen.schleppe:4173;
}
upstream planetposen-backend {
server planetposen.schleppe:30010;
}
upstream planetposen-images {
server planetposen.schleppe:8000;
}
upstream planetposen-ws {
# enable sticky session based on IP
ip_hash;
server planetposen.schleppe:30010;
}
server { server {
listen 443 http2; listen 80;
listen [::]:443 http2; listen [::]:80;
server_name planetposen.no planet.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name planetposen.no; server_name planetposen.no;
location / { location / {
root /opt/planetposen-original/; root /opt/planetposen-original/;
autoindex on; autoindex off;
} }
ssl_certificate /etc/letsencrypt/live/planetposen.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/planetposen.no-0001/privkey.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/planetposen.no-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/planetposen.no-0001/privkey.pem; # managed by Certbot
} }
server { server {
listen 443 http2; listen 443 ssl http2;
listen [::]:443 http2; listen [::]:443 ssl http2;
server_name planet.schleppe.cloud; server_name planet.schleppe.cloud;
location / { location /ws {
resolver 10.0.0.72;
proxy_pass http://planetposen-ws;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/v1/images {
resolver 10.0.0.72;
proxy_pass http://planetposen-images/api/v1/images;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_request_buffering off;
add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type'; add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade; client_max_body_size 5M;
proxy_set_header Connection "Upgrade"; }
proxy_set_header Host $host;
location /api {
resolver 10.0.0.72; resolver 10.0.0.72;
proxy_pass http://planetposen.schleppe:30010; proxy_pass http://planetposen-backend/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
}
location / {
resolver 10.0.0.72;
proxy_pass http://planetposen-frontend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
} }
ssl_certificate /etc/letsencrypt/live/planet.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/planet.schleppe.cloud/fullchain.pem; # managed by Certbot

36
sites-available/plex.conf
View File

@@ -1,25 +1,45 @@
server { server {
listen 443; listen 80;
listen [::]:80;
server_name sonarr.schleppe.cloud tau.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name sonarr.schleppe.cloud; server_name sonarr.schleppe.cloud;
location / { location / {
proxy_pass http://blex.schleppe:8989; resolver 10.0.0.72;
proxy_pass http://plex.schleppe:8989;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
} }
ssl_certificate /etc/letsencrypt/live/sonarr.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sonarr.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sonarr.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sonarr.schleppe.cloud/privkey.pem; # managed by Certbot
} }
server { server {
listen 443; listen 443 ssl http2;
server_name tau.schleppe.cloud; server_name tau.schleppe.cloud;
location / { location / {
proxy_pass http://blex.schleppe:8181; resolver 10.0.0.72;
proxy_pass http://plex.schleppe:8181;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
} }
ssl_certificate /etc/letsencrypt/live/tau.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/tau.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tau.schleppe.cloud/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/tau.schleppe.cloud/privkey.pem; # managed by Certbot
} }

26
sites-available/proxmox.conf
View File

@@ -1,26 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name prox.kevinmidboe.com;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header X-Frame-Options SAMEORIGIN;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "User authentication";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass https://10.0.0.80:8006;
}
ssl_certificate /etc/letsencrypt/live/prox.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/prox.kevinmidboe.com-0001/privkey.pem; # managed by Certbot
}

168
sites-available/request.conf
View File

@@ -1,160 +1,59 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server { server {
listen 443; listen 80;
listen [::]:443; listen [::]:80;
server_name .request.movie;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name request.movie; server_name request.movie;
location /api { location /api {
# if ($request_method = OPTIONS) { resolver 10.0.0.72;
# return 204;
# }
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
# add_header X-Forwarded-for 'request.movie';
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_pass_header Set-Cookie;
# proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie';
# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT';
# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie';
# proxy_set_header 'Access-Control-Allow-Credentials' 'true';
# proxy_set_header Origin 'https://request.movie';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://seasoned.schleppe:31459; proxy_pass http://seasoned.schleppe:31459;
# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; include /etc/nginx/snippets/proxy-params.conf;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; }
# add_header 'Access-Control-Allow-Credentials' 'true' always;
}
location / { location / {
# proxy_http_version 1.1; resolver 10.0.0.72;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Proto https;
# proxy_set_header X-Forwarded-for $remote_addr;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $http_host;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_pass_header Set-Cookie;
# proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
# add_header 'Access-Control-Allow-Origin' 'request.movie';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://seasoned.schleppe:5000; proxy_pass http://seasoned.schleppe:5000;
include /etc/nginx/snippets/proxy-params.conf;
} }
error_page 502 /502.html; ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot
location = /502.html { ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot
root /home/kevin;
}
ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot
} }
server { server {
listen 443; listen 443 ssl http2;
listen [::]:443; listen [::]:443 ssl http2;
server_name api.request.movie; server_name api.request.movie;
location /api { location /api {
# if ($request_method = OPTIONS) { resolver 10.0.0.72;
# return 204;
# }
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# proxy_set_header X-Forwarded-for 'request.movie';
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-for 'request.movie';
# add_header X-Forwarded-for 'request.movie';
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_pass_header Set-Cookie;
# proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
# proxy_set_header 'Access-Control-Allow-Origin' 'http://request.movie';
# proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT';
# proxy_set_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Set-Cookie';
# proxy_set_header 'Access-Control-Allow-Credentials' 'true';
# proxy_set_header Origin 'https://request.movie';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://seasoned.schleppe:31459; proxy_pass http://seasoned.schleppe:31459;
# add_header 'Access-Control-Allow-Origin' 'https://request.movie' always; include /etc/nginx/snippets/proxy-params.conf;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT' always; }
# add_header 'Access-Control-Allow-Credentials' 'true' always;
}
ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot
} }
server { server {
listen 443; listen 443 ssl http2;
listen [::]:443; listen [::]:443 ssl http2;
server_name warden.request.movie; server_name warden.request.movie;
@@ -162,13 +61,12 @@ server {
proxy_pass http://seasoned.schleppe:31458; proxy_pass http://seasoned.schleppe:31458;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade'; proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
include /etc/nginx/snippets/proxy-params.conf;
} }
ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot
} }

112
sites-available/rerequest.conf
View File

@@ -1,112 +0,0 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server {
listen 443;
listen [::]:443;
server_name request.movie;
location / {
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Proto https;
# proxy_set_header X-Forwarded-for $remote_addr;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $http_host;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_pass_header Set-Cookie;
# proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
# add_header 'Access-Control-Allow-Origin' 'request.movie';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://seasoned.schleppe:5000;
}
error_page 502 /502.html;
location = /502.html {
root /home/kevin;
}
ssl_certificate /etc/letsencrypt/live/request.movie-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/request.movie-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
listen [::]:443;
server_name api.request.movie;
location /api {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_pass_header Set-Cookie;
proxy_cache_bypass $http_upgrade;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_pass http://seasoned.schleppe:31459;
}
ssl_certificate /etc/letsencrypt/live/api.request.movie/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.request.movie/privkey.pem; # managed by Certbot
}
server {
listen 443;
listen [::]:443;
server_name warden.request.movie;
location / {
proxy_pass http://seasoned.schleppe:31458;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/warden.request.movie/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/warden.request.movie/privkey.pem; # managed by Certbot
}

4
sites-available/ruterna.conf
View File

@@ -31,9 +31,11 @@ server {
location / { location / {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;

24
sites-available/schleppecloud.conf Normal file
View File

@@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name schleppe.cloud;
location / {
return 404;
}
ssl_certificate /etc/letsencrypt/live/schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/schleppe.cloud/privkey.pem; # managed by Certbot
}

81
sites-available/schleppecloud.config
View File

@@ -1,81 +0,0 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server {
listen 443;
listen [::]:443;
server_name schleppe.cloud;
location / {
root /usr/share/nginx/schleppecloud/;
autoindex off;
index index.html;
}
ssl_certificate /etc/letsencrypt/live/schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/schleppe.cloud/privkey.pem; # managed by Certbot
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name blockchain.schleppe.cloud;
location / {
root /home/kevin/blockchain;
autoindex off;
index index.html;
}
ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name wagovipps.schleppe.cloud;
# gzip on;
# gzip_min_length 1000;
# gzip_types text/plain application/json;
# TODO restrict to allow vipps servers
location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://10.0.0.58:80;
}
ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot
}

87
sites-available/seasoned.conf
View File

@@ -1,87 +0,0 @@
#
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
# Default should define all the routes to upgrade to https and global rules!
server {
listen 443;
listen [::]:443;
server_name seasoned.show;
location / {
proxy_pass http://10.0.0.54:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
error_page 502 /502.html;
location = /502.html {
root /home/kevin;
}
ssl_certificate /etc/letsencrypt/live/seasoned.show-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/seasoned.show-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
listen [::]:443;
server_name api.seasoned.show;
location /api {
proxy_pass http://10.0.0.54:31459;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/api.seasoned.show-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.seasoned.show-0001/privkey.pem; # managed by Certbot
}
server {
listen 443;
listen [::]:443;
server_name warden.seasoned.show;
location /api {
proxy_pass http://seasoned.schleppe:31458;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

23
sites-available/textbars.app.conf
View File

@@ -1,23 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
location / {
root /home/kevin/wavecube;
include /etc/nginx/mime.types;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000;
}
ssl_certificate /etc/letsencrypt/live/textbars.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/textbars.app/privkey.pem; # managed by Certbot
}

26
sites-available/valg.conf
View File

@@ -1,26 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name valg.schleppe.cloud;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
gzip_static on;
location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' 'knowit.vin';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://valg.schleppe:30030;
}
}

57
sites-available/vinlottis.conf
View File

@@ -1,57 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name knowit.vin;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
gzip_static on;
location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' 'knowit.vin';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://vinlottis.schleppe:30030;
}
ssl_certificate /etc/letsencrypt/live/knowit.vin-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/knowit.vin-0001/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vinlottis.no;
gzip on;
gzip_types application/javascript;
gzip_min_length 1000;
location / {
proxy_http_version 1.1;
add_header 'Access-Control-Allow-Origin' 'vinlottis.no';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
resolver 10.0.0.72;
proxy_pass http://vinlottis.schleppe:30030;
}
ssl_certificate /etc/letsencrypt/live/vinlottis.no-0003/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vinlottis.no-0003/privkey.pem; # managed by Certbot
}

34
sites-available/wagovipps.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
server_name wagovipps.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wagovipps.schleppe.cloud;
# TODO restrict to allow vipps servers
location / {
resolver 10.0.0.72;
proxy_pass http://wagovipps.schleppe:80;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
}
ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot
}

32
sites-available/warden.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 80;
listen [::]:80;
server_name warden.schleppe.cloud;
add_header Upgrading Connection;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name warden.schleppe.cloud;
location / {
resolver 10.0.0.72;
proxy_pass http://bitwarden.schleppe:80;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/warden.schleppe.cloud/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/warden.schleppe.cloud/privkey.pem; # managed by Certbot
}

1
sites-enabled/000-default.conf Symbolic link
View File

@@ -0,0 +1 @@
sites-available/000-default.conf

1
sites-enabled/api.kevinmidboe.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/api.kevinmidboe.conf

1
sites-enabled/brewpi.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/brewpi.conf

1
sites-enabled/castdeck.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/castdeck.conf

1
sites-enabled/chatbot.kevinmidboe.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/chatbot.kevinmidboe.conf

1
sites-enabled/default.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/default.conf

1
sites-enabled/drone.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/drone.conf

1
sites-enabled/elastic.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/elastic.conf

1
sites-enabled/fjordmap.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/fjordmap.conf

1
sites-enabled/grafana.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/grafana.conf

1
sites-enabled/hitler.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/hitler.conf

1
sites-enabled/hiveMonitor.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/hiveMonitor.conf

1
sites-enabled/leifsopplevelser.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/leifsopplevelser.conf

1
sites-enabled/lottis.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/lottis.conf

1
sites-enabled/maps.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/maps.conf

1
sites-enabled/mc.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/mc.conf

1
sites-enabled/memetream.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/memestream.conf

1
sites-enabled/mondrian.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/mondrian.conf

1
sites-enabled/planetposen.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/planetposen.conf

1
sites-enabled/plex.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/plex.conf

1
sites-enabled/proxmox.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/proxmox.conf

1
sites-enabled/request.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/request.conf

1
sites-enabled/ruterna.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/ruterna.conf

1
sites-enabled/schleppecloud.config
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/schleppecloud.config

1
sites-enabled/vinlottis.conf
View File

@@ -1 +0,0 @@
/etc/nginx/sites-available/vinlottis.conf