diff --git a/.drone.yml b/.drone.yml index 93687ff..f089a70 100644 --- a/.drone.yml +++ b/.drone.yml @@ -155,6 +155,7 @@ steps: --exclude=".*" --exclude="*_temp" * $NGINX_USER@$NGINX_HOST:/etc/nginx/ + - ssh -i .ssh/id_ed25519 -o StrictHostKeyChecking 'sudo systemctl reload nginx' environment: NGINX_USER: from_secret: NGINX_USER @@ -171,6 +172,6 @@ steps: --- kind: signature -hmac: 7e392f769559ba043b923bbc35197ad955864d15a179979949528362731cbf29 +hmac: af057f67070e2ea82be5b75874e0a5cc89ec8a912e71d2369f4d4537c02faecb ... diff --git a/nginx.conf b/nginx.conf index 0d02224..1b96ba3 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,7 +35,7 @@ http { # Headers # ################## - more_set_headers 'X-Web-Entry Bifrost'; + more_set_headers 'X-Web-Entry: Bifrost'; ################## # SSL settings # diff --git a/sites-available/000-default.conf b/sites-available/000-default.conf index 7e5f634..02f6157 100644 --- a/sites-available/000-default.conf +++ b/sites-available/000-default.conf @@ -10,8 +10,8 @@ server { server_name _; - more_set_headers 'X-Dead-End true'; - more_set_headers 'Content-Type text/plain'; + more_set_headers 'X-Dead-End: true'; + more_set_headers 'Content-Type: text/plain'; return 200 ok; } @@ -56,7 +56,7 @@ server { # listen 80 default_server; # listen [::]:80 default_server; # server_name planetposen.no *.leifsopplevelser.no ruterna.no *.kevinmidboe.com kevinmidboe.com knowit.vin seasoned.show request.movie *.schleppe.cloud *.k9e.no; -# add_header Upgrading Connection; +# more_set_headers Upgrading Connection; # return 302 https://$host$request_uri; #} diff --git a/sites-available/adtech.conf b/sites-available/adtech.conf index 13e1f05..2d8cb97 100644 --- a/sites-available/adtech.conf +++ b/sites-available/adtech.conf @@ -5,7 +5,7 @@ server { server_name adtech.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/blockchain.conf b/sites-available/blockchain.conf index ace0181..9788a44 100644 --- a/sites-available/blockchain.conf +++ b/sites-available/blockchain.conf @@ -5,7 +5,7 @@ server { server_name blockchain.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -23,4 +23,4 @@ server { ssl_certificate /etc/letsencrypt/live/blockchain.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/blockchain.schleppe.cloud/privkey.pem; # managed by Certbot -} \ No newline at end of file +} diff --git a/sites-available/blog.conf b/sites-available/blog.conf index 18c3c6d..81dd745 100644 --- a/sites-available/blog.conf +++ b/sites-available/blog.conf @@ -5,7 +5,7 @@ server { server_name blog.kevinmidboe.com; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -26,4 +26,4 @@ server { ssl_certificate /etc/letsencrypt/live/blog.kevinmidboe.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/blog.kevinmidboe.com/privkey.pem; # managed by Certbot -} \ No newline at end of file +} diff --git a/sites-available/brewpi.conf b/sites-available/brewpi.conf index e68cf4f..b38160a 100644 --- a/sites-available/brewpi.conf +++ b/sites-available/brewpi.conf @@ -5,7 +5,7 @@ server { server_name brew.schleppe.cloud beer.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -24,9 +24,9 @@ server { resolver 10.0.0.72; proxy_pass http://brewpi.schleppe:8080; - add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: brewpi.schleppe.cloud beer.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; @@ -53,9 +53,9 @@ server { resolver 10.0.0.72; proxy_pass http://brewpi.schleppe:8080; - add_header 'Access-Control-Allow-Origin' 'brewpi.schleppe.cloud beer.schleppe.cloud'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: brewpi.schleppe.cloud beer.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; diff --git a/sites-available/castdeck.conf b/sites-available/castdeck.conf index 2cc70e7..8c2bc98 100644 --- a/sites-available/castdeck.conf +++ b/sites-available/castdeck.conf @@ -5,7 +5,7 @@ server { server_name castdeck.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -24,9 +24,9 @@ server { resolver 10.0.0.72; proxy_pass http://castdeck.schleppe:80; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header Host $host; } diff --git a/sites-available/drone.conf b/sites-available/drone.conf index cce6b36..582a3cf 100644 --- a/sites-available/drone.conf +++ b/sites-available/drone.conf @@ -5,7 +5,7 @@ server { server_name drone.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/elastic.conf b/sites-available/elastic.conf index 5af49cb..06eb19a 100644 --- a/sites-available/elastic.conf +++ b/sites-available/elastic.conf @@ -15,7 +15,7 @@ server { server_name kibana.schleppe.cloud elastic.schleppe.cloud es.schleppe.cloud elastic.keivnmidboe.com; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -44,7 +44,7 @@ server { resolver 10.0.0.72; proxy_pass https://elastic; - add_header X-Upstream $upstream_addr always; + more_set_headers 'X-Upstream: $upstream_addr'; } ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud-0001/fullchain.pem; # managed by Certbot @@ -62,7 +62,7 @@ server { resolver 10.0.0.72; proxy_pass http://elastic; - add_header X-Upstream $upstream_addr always; + more_set_headers 'X-Upstream: $upstream_addr'; } ssl_certificate /etc/letsencrypt/live/elastic.schleppe.cloud/fullchain.pem; # managed by Certbot @@ -80,7 +80,7 @@ server { resolver 10.0.0.72; proxy_pass http://elastic; - add_header X-Upstream $upstream_addr always; + more_set_headers 'X-Upstream $upstream_addr'; } ssl_certificate /etc/letsencrypt/live/elastic.kevinmidboe.com-0001/fullchain.pem; # managed by Certbot diff --git a/sites-available/fjordmap.conf b/sites-available/fjordmap.conf index 2da2155..408de40 100644 --- a/sites-available/fjordmap.conf +++ b/sites-available/fjordmap.conf @@ -13,9 +13,9 @@ server { location / { proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'fjordmap.schleppe.cloud'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: fjordmap.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; diff --git a/sites-available/gitea.conf b/sites-available/gitea.conf index 231be57..c94a0a3 100644 --- a/sites-available/gitea.conf +++ b/sites-available/gitea.conf @@ -5,7 +5,7 @@ server { server_name git.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/grafana.conf b/sites-available/grafana.conf index d00851e..287b056 100644 --- a/sites-available/grafana.conf +++ b/sites-available/grafana.conf @@ -14,7 +14,7 @@ server { server_name grafana.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/headscale.conf b/sites-available/headscale.conf index addd4d4..591c033 100644 --- a/sites-available/headscale.conf +++ b/sites-available/headscale.conf @@ -26,6 +26,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + more_set_headers 'Strict-Transport-Security: max-age=15552000; includeSubDomains'; } } diff --git a/sites-available/hitler.conf b/sites-available/hitler.conf index 183e385..c6241bd 100644 --- a/sites-available/hitler.conf +++ b/sites-available/hitler.conf @@ -11,9 +11,9 @@ server { location / { proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'hitler.kevinmidboe.com'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: hitler.kevinmidboe.com'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; diff --git a/sites-available/hiveMonitor.conf b/sites-available/hiveMonitor.conf index a87f315..a66391d 100644 --- a/sites-available/hiveMonitor.conf +++ b/sites-available/hiveMonitor.conf @@ -11,7 +11,7 @@ server { server_name hive.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/k9ee.conf b/sites-available/k9ee.conf deleted file mode 100644 index a5d15dc..0000000 --- a/sites-available/k9ee.conf +++ /dev/null @@ -1,28 +0,0 @@ - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name k9ee.no; - - error_page 404 /404.html; - location = /404.html { - root /home/kevin/; - } - - location / { - resolver 10.0.0.72; - - proxy_http_version 1.1; - add_header Proxy Bifrost; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://k9e.kazan.schleppe; - } - - ssl_certificate /etc/letsencrypt/live/k9e.no/fullchain.pem; # managed by Kevin - ssl_certificate_key /etc/letsencrypt/live/k9e.no/privkey.pem; # managed by Kevin -} - diff --git a/sites-available/kevinmidboe.conf b/sites-available/kevinmidboe.conf index 8de63ba..718f8ae 100644 --- a/sites-available/kevinmidboe.conf +++ b/sites-available/kevinmidboe.conf @@ -5,7 +5,7 @@ server { server_name kevinmidboe.com; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/leifsopplevelser.conf b/sites-available/leifsopplevelser.conf index 61bfee5..5296c5c 100644 --- a/sites-available/leifsopplevelser.conf +++ b/sites-available/leifsopplevelser.conf @@ -8,7 +8,7 @@ server { server_name *.leifsopplevelser.no leifsopplevelser.no; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/lottis.conf b/sites-available/lottis.conf index 987e4e6..3638be4 100644 --- a/sites-available/lottis.conf +++ b/sites-available/lottis.conf @@ -17,7 +17,7 @@ server { server_name .lottis.vin .vinlottis.no aller.vin knowit.vin; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } @@ -137,7 +137,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - add_header 'Access-Control-Allow-Headers' 'Content-Type, vinlottis-admin'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type, vinlottis-admin'; } ssl_certificate /etc/letsencrypt/live/aller.lottis.vin/fullchain.pem; # managed by Certbot @@ -161,7 +161,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; } ssl_certificate /etc/letsencrypt/live/aller.vin/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aller.vin/privkey.pem; # managed by Certbot @@ -195,4 +195,4 @@ server { ssl_certificate_key /etc/letsencrypt/live/beta.lottis.vin/privkey.pem; # managed by Certbot } # Beta end -# - - - - - - - - \ No newline at end of file +# - - - - - - - - diff --git a/sites-available/maps.conf b/sites-available/maps.conf index da21c73..526b74f 100644 --- a/sites-available/maps.conf +++ b/sites-available/maps.conf @@ -5,7 +5,7 @@ server { server_name maps.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/memestream.conf b/sites-available/memestream.conf index 5b417af..cfeac0f 100644 --- a/sites-available/memestream.conf +++ b/sites-available/memestream.conf @@ -5,7 +5,7 @@ server { server_name memestream.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/mondrian.conf b/sites-available/mondrian.conf index 4ec6922..6dd5e8c 100644 --- a/sites-available/mondrian.conf +++ b/sites-available/mondrian.conf @@ -5,7 +5,7 @@ server { server_name mondrian.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/planetposen.conf b/sites-available/planetposen.conf index 2476289..fdb709a 100644 --- a/sites-available/planetposen.conf +++ b/sites-available/planetposen.conf @@ -24,7 +24,7 @@ server { server_name planetposen.no planet.schleppe.cloud; - more_set_headers Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } @@ -66,9 +66,9 @@ server { proxy_request_buffering off; - more_set_headers 'Access-Control-Allow-Origin planet.schleppe.cloud'; - more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; - more_set_headers 'Access-Control-Allow-Headers Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: planet.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; client_max_body_size 5M; } @@ -77,19 +77,19 @@ server { resolver 10.0.0.72; proxy_pass http://planetposen-backend/api; -# add_header 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; - more_set_headers 'Access-Control-Allow-Origin *'; - more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; - more_set_headers 'Access-Control-Allow-Headers Content-Type'; +# more_set_headers 'Access-Control-Allow-Origin' 'planet.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; } location / { resolver 10.0.0.72; proxy_pass http://planetposen-frontend; - more_set_headers 'Access-Control-Allow-Origin planet.schleppe.cloud'; - more_set_headers 'Access-Control-Allow-Methods GET, POST, OPTIONS'; - more_set_headers 'Access-Control-Allow-Headers Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: planet.schleppe.cloud'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; } ssl_certificate /etc/letsencrypt/live/planet.schleppe.cloud/fullchain.pem; # managed by Certbot diff --git a/sites-available/plex.conf b/sites-available/plex.conf index 1ce1102..9b1b738 100644 --- a/sites-available/plex.conf +++ b/sites-available/plex.conf @@ -5,7 +5,7 @@ server { server_name sonarr.schleppe.cloud tau.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers "Upgrading: Connection"; return 302 https://$host$request_uri; } diff --git a/sites-available/proxy.conf b/sites-available/proxy.conf index e01dfc4..9b7bc59 100644 --- a/sites-available/proxy.conf +++ b/sites-available/proxy.conf @@ -7,9 +7,9 @@ server { location / { proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; diff --git a/sites-available/request.conf b/sites-available/request.conf index 8636b55..98bf148 100644 --- a/sites-available/request.conf +++ b/sites-available/request.conf @@ -5,7 +5,7 @@ server { server_name .request.movie; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/ruterna.conf b/sites-available/ruterna.conf index e5f9fd8..cee3051 100644 --- a/sites-available/ruterna.conf +++ b/sites-available/ruterna.conf @@ -7,9 +7,9 @@ server { location / { proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' 'lottis.vin'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Origin: lottis.vin'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; diff --git a/sites-available/schleppecloud.conf b/sites-available/schleppecloud.conf index 127acbb..23e64a3 100644 --- a/sites-available/schleppecloud.conf +++ b/sites-available/schleppecloud.conf @@ -5,7 +5,7 @@ server { server_name schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-available/wagovipps.conf b/sites-available/wagovipps.conf index ce4f8b8..abae616 100644 --- a/sites-available/wagovipps.conf +++ b/sites-available/wagovipps.conf @@ -5,7 +5,7 @@ server { server_name wagovipps.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } @@ -25,10 +25,10 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Content-Type'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: Content-Type'; } ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot -} \ No newline at end of file +} diff --git a/sites-available/warden.conf b/sites-available/warden.conf index 12461aa..877b2d2 100644 --- a/sites-available/warden.conf +++ b/sites-available/warden.conf @@ -5,7 +5,7 @@ server { server_name warden.schleppe.cloud; - add_header Upgrading Connection; + more_set_headers 'Upgrading: Connection'; return 302 https://$host$request_uri; } diff --git a/sites-enabled/k9ee.conf b/sites-enabled/k9ee.conf deleted file mode 120000 index 3028675..0000000 --- a/sites-enabled/k9ee.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/k9ee.conf \ No newline at end of file diff --git a/snippets/proxy-params.conf b/snippets/proxy-params.conf index c9a4ab4..4181a6c 100644 --- a/snippets/proxy-params.conf +++ b/snippets/proxy-params.conf @@ -3,4 +3,4 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; -more_set_headers 'X-Proxy-Params Applied'; +more_set_headers 'X-Proxy-Params: Applied';