From 91f366ad0cba65e4c431735db44e765b57cfb61f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kevin=20Midb=C3=B8e?= Date: Mon, 29 Jul 2019 15:33:26 +0200 Subject: [PATCH] Moved all domains to separate config files --- sites-available/api.kevinmidboe.conf | 37 ++++ sites-available/default | 219 ++--------------------- sites-available/elastic.kevinmidboe.conf | 54 ++++++ sites-available/leifsopplevelser.conf | 48 +++++ sites-available/ruterna | 18 -- sites-available/ruterna.conf | 22 +++ sites-available/textbars.app.conf | 23 +++ 7 files changed, 201 insertions(+), 220 deletions(-) create mode 100644 sites-available/api.kevinmidboe.conf create mode 100644 sites-available/elastic.kevinmidboe.conf create mode 100644 sites-available/leifsopplevelser.conf delete mode 100644 sites-available/ruterna create mode 100644 sites-available/ruterna.conf create mode 100644 sites-available/textbars.app.conf diff --git a/sites-available/api.kevinmidboe.conf b/sites-available/api.kevinmidboe.conf new file mode 100644 index 0000000..f26683a --- /dev/null +++ b/sites-available/api.kevinmidboe.conf @@ -0,0 +1,37 @@ + +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name api.kevinmidboe.com; + + ssl_certificate /etc/letsencrypt/live/api.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/api.kevinmidboe.com/privkey.pem; # managed by Certbot + + location /files { + alias /var/Www/public_files; + } + + location /messenger { + proxy_pass http://localhost:12322; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + location /api { + proxy_pass http://localhost:31459; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} diff --git a/sites-available/default b/sites-available/default index 2e0bc7d..338933a 100644 --- a/sites-available/default +++ b/sites-available/default @@ -18,37 +18,19 @@ # Default server configuration + + +# Default should define all the routes to upgrade to https and global rules! + server { - listen 80 default_server; listen [::]:80 default_server; - server_name leifsopplevelser.no elastic.kevinmidboe.com kibana.kevinmidboe.com ruterna.no api.kevinmidboe.com dev.kevinmidboe.com kevinmidboe.com; + server_name leifsopplevelser.no ruterna.no textbars.app *.kevinmidboe.com kevinmidboe.com; return 302 https://$host$request_uri; } -server { - listen 443; - listen [::]:443; - - server_name ruterna.no; - - location / { - proxy_pass http://localhost:30011/; -proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - - ssl_certificate /etc/letsencrypt/live/ruterna.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ruterna.no/privkey.pem; # managed by Certbot -} - server { listen 443; server_name sonarr.kevinmidboe.com; @@ -61,6 +43,18 @@ server { ssl_certificate_key /etc/letsencrypt/live/sonarr.kevinmidboe.com/privkey.pem; # managed by Certbot } +server { + listen 443; + server_name tau.kevinmidboe.com; + + location / { + proxy_pass http://10.0.0.44:8181; + } + + ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com/privkey.pem; # managed by Certbot +} + server { listen 443; server_name xoa.kevinmidboe.com; @@ -92,29 +86,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/xoa.kevinmidboe.com/privkey.pem; # managed by Certbot } -server { - listen 443; - server_name tau.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.44:8181; - } - - ssl_certificate /etc/letsencrypt/live/tau.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/tau.kevinmidboe.com/privkey.pem; # managed by Certbot -} - -server { - listen 443; - server_name kibana.kevinmidboe.com; - - location / { - proxy_pass http://10.0.0.115:5601; - } - - ssl_certificate /etc/letsencrypt/live/kibana.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/kibana.kevinmidboe.com/privkey.pem; # managed by Certbot -} server { listen 443; @@ -133,44 +104,7 @@ server { } } -server { - # SSL configuration - # - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - - server_name api.kevinmidboe.com; - location /files { - alias /var/www/public_files/; - } - - location /messenger { - proxy_pass http://localhost:12322; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - ssl_certificate /etc/letsencrypt/live/api.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.kevinmidboe.com/privkey.pem; # managed by Certbot - - location /api { - proxy_pass http://localhost:31459; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - ssl_certificate /etc/letsencrypt/live/api.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.kevinmidboe.com/privkey.pem; # managed by Certbot -} server { listen 443; @@ -240,122 +174,3 @@ if ($request_method = OPTIONS ) { ssl_certificate_key /etc/letsencrypt/live/kevinmidboe.com/privkey.pem; # managed by Certbot } -server { - listen 443; - listen [::]:443; - - server_name textbars.app; - - location / { - root /home/kevin/wavecube; - include /etc/nginx/mime.types; - - proxy_pass http://localhost:3000; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - } - ssl_certificate /etc/letsencrypt/live/textbars.app/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/textbars.app/privkey.pem; # managed by Certbot - - -} - -server { - listen 443; - listen [::]:443; - - server_name api.leifsopplevelser.no; - - location / { - proxy_pass http://localhost:30021; - } - - ssl_certificate /etc/letsencrypt/live/api.leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/api.leifsopplevelser.no/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name upload.leifsopplevelser.no; - - location / { - proxy_pass http://localhost:30022; - } - - ssl_certificate /etc/letsencrypt/live/upload.leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/upload.leifsopplevelser.no/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name leifsopplevelser.no; - - location /assets { - root /home/kevin/leifs-image-processor/; - } - - location / { - proxy_pass http://localhost:30020; - } - - ssl_certificate /etc/letsencrypt/live/leifsopplevelser.no/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/leifsopplevelser.no/privkey.pem; # managed by Certbot -} - -server { - listen 443; - listen [::]:443; - - server_name elastic.kevinmidboe.com kevinmidboe.com; - - location / { - add_header 'Access-Control-Allow-Origin' "https://kevinmidboe.com"; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - -if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - # - # Tell client that this pre-flight info is valid for 20 days - # - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - } - - proxy_pass http://10.0.0.115:9301; - } - - ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/elastic.kevinmidboe.com/privkey.pem; # managed by Certbot -} - - diff --git a/sites-available/elastic.kevinmidboe.conf b/sites-available/elastic.kevinmidboe.conf new file mode 100644 index 0000000..2706811 --- /dev/null +++ b/sites-available/elastic.kevinmidboe.conf @@ -0,0 +1,54 @@ + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name kibana.kevinmidboe.com; + + location / { + + proxy_pass http://10.0.0.115:5601; + } + + ssl_certificate /etc/letsencrypt/live/kibana.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kibana.kevinmidboe.com/privkey.pem; # managed by Certbot +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name elastic.kevinmidboe.com; + + location / { + add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Content-Type' 'application/json; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' 'https://kevinmidboe.com'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + proxy_pass http://10.0.0.115:9301; + } + + ssl_certificate /etc/letsencrypt/live/kibana.kevinmidboe.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/kibana.kevinmidboe.com/privkey.pem; # managed by Certbot +} diff --git a/sites-available/leifsopplevelser.conf b/sites-available/leifsopplevelser.conf new file mode 100644 index 0000000..6c9b240 --- /dev/null +++ b/sites-available/leifsopplevelser.conf @@ -0,0 +1,48 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /etc/letsencrypt/live/leifsopplevelser.no/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/leifsopplevelser.no/privkey.pem; + + server_name *.leifsopplevelser.no, leifsopplevelser.no; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name api.leifsopplevelser.no; + + location / { + proxy_pass http://localhost:30021; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name upload.leifsopplevelser.no; + + location / { + proxy_pass http://localhost:30022; + } +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name leifsopplevelser.no; + + location /assets { + root /home/kevin/leifs-image-processor; + } + + location / { + proxy_pass http://localhost:30020; + } +} diff --git a/sites-available/ruterna b/sites-available/ruterna deleted file mode 100644 index 6436e97..0000000 --- a/sites-available/ruterna +++ /dev/null @@ -1,18 +0,0 @@ -# upstream s3 { -# server s3.eu-central-1.amazonaws.com:443; -# } - -server { - if ($host = ruterna.no) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name ruterna.no; - - location / { - proxy_pass https://s3.eu-central-1.amazonaws.com/miljohack; - } - - -} diff --git a/sites-available/ruterna.conf b/sites-available/ruterna.conf new file mode 100644 index 0000000..81bfe91 --- /dev/null +++ b/sites-available/ruterna.conf @@ -0,0 +1,22 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ruterna.no; + + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + proxy_pass http://localhost:30011/; + } + + ssl_certificate /etc/letsencrypt/live/ruterna.no/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ruterna.no/privkey.pem; # managed by Certbot +} diff --git a/sites-available/textbars.app.conf b/sites-available/textbars.app.conf new file mode 100644 index 0000000..634ac8e --- /dev/null +++ b/sites-available/textbars.app.conf @@ -0,0 +1,23 @@ + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + + location / { + root /home/kevin/wavecube; + include /etc/nginx/mime.types; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-REAL-IP $remote_addr; + proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + proxy_pass http://localhost:3000; + } + + ssl_certificate /etc/letsencrypt/live/textbars.app/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/textbars.app/privkey.pem; # managed by Certbot +}