eliribble
/
podman-services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add nginx configs.

This commit is contained in:
Eli Ribble 2024-02-21 13:37:30 -07:00
parent 5879f30582
commit da3cda28cd
110 changed files with 2631 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
etc/nginx/auth-endpoints.conf Normal file
View File

@ -0,0 +1,14 @@
error_page 401 = /oauth2/sign_in;
location ~ /oauth2/ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}

13
etc/nginx/auth.conf Normal file
View File

@ -0,0 +1,13 @@
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $auth_cookie $upstream_http_set_cookie;
proxy_set_header remote_user $email;
proxy_set_header X-User $email;
proxy_set_header X-Email $email;
add_header Set-Cookie $auth_cookie;
proxy_intercept_errors on;

39
etc/nginx/authelia.conf Normal file
View File

@ -0,0 +1,39 @@
# Added by Eli Ribble to support Authelia
# https://www.authelia.com/docs/deployment/supported-proxies/nginx.html
location = /authelia {
internal;
set $upstream_authelia http://127.0.0.1:10001/api/verify;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

27
etc/nginx/fastcgi.conf Normal file
View File

@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

26
etc/nginx/fastcgi_params Normal file
View File

@ -0,0 +1,26 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

109
etc/nginx/koi-utf Normal file
View File

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
etc/nginx/koi-win Normal file
View File

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
etc/nginx/mime.types Normal file
View File

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

1
etc/nginx/modules-enabled/50-mod-http-auth-pam.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-auth-pam.conf

1
etc/nginx/modules-enabled/50-mod-http-dav-ext.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-dav-ext.conf

1
etc/nginx/modules-enabled/50-mod-http-echo.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-echo.conf

1
etc/nginx/modules-enabled/50-mod-http-geoip.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip.conf

1
etc/nginx/modules-enabled/50-mod-http-geoip2.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip2.conf

1
etc/nginx/modules-enabled/50-mod-http-image-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-image-filter.conf

1
etc/nginx/modules-enabled/50-mod-http-subs-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-subs-filter.conf

1
etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf

1
etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf

1
etc/nginx/modules-enabled/50-mod-mail.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-mail.conf

1
etc/nginx/modules-enabled/50-mod-stream.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream.conf

1
etc/nginx/modules-enabled/70-mod-stream-geoip.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip.conf

1
etc/nginx/modules-enabled/70-mod-stream-geoip2.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip2.conf

92
etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,92 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Websocket Upgrade
#
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

88
etc/nginx/nginx.conf.dpkg-old Normal file
View File

@ -0,0 +1,88 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
# Debug local clients only
# debug_connection 192.168.1.0/24;
# debug_connection 192.168.1.153;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

42
etc/nginx/proxy-photo-upload.conf Normal file
View File

@ -0,0 +1,42 @@
client_body_buffer_size 1024k;
client_body_timeout 20m;
client_max_body_size 100G;
lingering_close always;
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 20m;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_connect_timeout 600;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Scheme $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

39
etc/nginx/proxy.conf Normal file
View File

@ -0,0 +1,39 @@
client_body_buffer_size 128k;
client_max_body_size 10G;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Scheme $scheme;
proxy_http_version 1.1;
# proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

4
etc/nginx/proxy_params Normal file
View File

@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

17
etc/nginx/scgi_params Normal file
View File

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

11
etc/nginx/sites-available/afaf.theribbles.org Normal file
View File

@ -0,0 +1,11 @@
server {
listen 80;
server_name afaf.theribbles.org;
root /concrete5;
index index.html;
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9001;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}

24
etc/nginx/sites-available/app-test.theribbles.org Normal file
View File

@ -0,0 +1,24 @@
server {
server_name app-test.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
root /home/eliribble/src/app-test;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name app-test.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/audiobooks.theribbles.org Normal file
View File

@ -0,0 +1,26 @@
server {
server_name audiobooks.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10110;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = audiobooks.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name audiobooks.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

55
etc/nginx/sites-available/auth.theribbles.org Normal file
View File

@ -0,0 +1,55 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name auth.suvereno.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
server_name auth.theribbles.org auth.suvereno.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/auth.theribbles.org.bak Normal file
View File

@ -0,0 +1,27 @@
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10030;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name auth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

34
etc/nginx/sites-available/auth.theribbles.org.bak2 Normal file
View File

@ -0,0 +1,34 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10160;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name auth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/beets.theribbles.org Normal file
View File

@ -0,0 +1,25 @@
server {
server_name beets.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:8337;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = beets.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name beets.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/budget.theribbles.org Normal file
View File

@ -0,0 +1,25 @@
server {
server_name budget.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10100;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = budget.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name budget.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

47
etc/nginx/sites-available/chat.theribbles.org Normal file
View File

@ -0,0 +1,47 @@
server {
root /var/www/element;
# Add index.php to the list if you are using PHP
index index.html;
server_name chat.theribbles.org;
access_log /var/log/nginx/chat.theribbles.org-access.log;
error_log /var/log/nginx/chat.theribbles.org-error.log debug;
location = /index.html {
add_header Cache-Control "no-cache";
}
location = /version {
add_header Cache-Control "no-cache";
}
# covers config.json and config.hostname.json requests as it is prefix.
location /config {
add_header Cache-Control "no-cache";
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
listen 443 ssl http2; # manually changed, but added by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = chat.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name chat.theribbles.org;
return 404; # managed by Certbot
}

31
etc/nginx/sites-available/cloud.theribbles.org Normal file
View File

@ -0,0 +1,31 @@
server {
server_name cloud.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 10G;
client_body_buffer_size 400M;
location ~ {
proxy_pass http://127.0.0.1:10070;
proxy_set_header Connection "";
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = cloud.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cloud.theribbles.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}

29
etc/nginx/sites-available/contacts.theribbles.org Normal file
View File

@ -0,0 +1,29 @@
server {
server_name contacts.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10200;
include proxy.conf;
}
}
server {
if ($host = contacts.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name contacts.theribbles.org;
return 404; # managed by Certbot
}

28
etc/nginx/sites-available/db-test.theribbles.org Normal file
View File

@ -0,0 +1,28 @@
server {
server_name db-test.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10160;
include /etc/nginx/proxy.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name db-test.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

111
etc/nginx/sites-available/default Normal file
View File

@ -0,0 +1,111 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
server_name www.theribbles.org theribbles.org _;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name www.theribbles.org theribbles.org;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.theribbles.org"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /waiver {
return 301 https://app.waiversign.com/e/60f5a65891f983001947ac59/doc/60f5a7bce1ea2500193529e5?event=none;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

50
etc/nginx/sites-available/docs.theribbles.org Normal file
View File

@ -0,0 +1,50 @@
server {
server_name docs.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Adjust as required. This is the maximum size for file uploads.
# The default value 1M might be a little too small.
client_max_body_size 10M;
location / {
# Adjust host and port as required.
proxy_pass http://localhost:10190/;
client_body_buffer_size 1024k;
client_body_timeout 20m;
client_max_body_size 100G;
# These configuration options are required for WebSockets to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header P3P 'CP=""'; # may not be required in all setups
}
}
server {
if ($host = docs.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name docs.theribbles.org;
return 404; # managed by Certbot
}

36
etc/nginx/sites-available/email.theribbles.org Normal file
View File

@ -0,0 +1,36 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
index index.php;
location / {
root /var/lib/containers/storage/volumes/roundcube-web/_data;
}
location ~* \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:10120;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

30
etc/nginx/sites-available/email.theribbles.org.bak Normal file
View File

@ -0,0 +1,30 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
location ~ {
proxy_pass http://127.0.0.1:10120;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

36
etc/nginx/sites-available/email.theribbles.org.bak2 Normal file
View File

@ -0,0 +1,36 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
index index.php;
location / {
root /var/lib/containers/storage/volumes/roundcube-web/_data;
}
location ~* \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:10120;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

34
etc/nginx/sites-available/email.theribbles.org.bak3 Normal file
View File

@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name email.theribbles.org;
}
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
root /opt/src/jmap-demo-webmail;
# Add index.php to the list if you are using PHP
index index.html index.htm;
server_name email.theribbles.org;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}

30
etc/nginx/sites-available/email2.theribbles.org Normal file
View File

@ -0,0 +1,30 @@
server {
server_name email2.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
if ($host = email2.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email2.theribbles.org;
return 404; # managed by Certbot
}

30
etc/nginx/sites-available/habits.theribbles.org Normal file
View File

@ -0,0 +1,30 @@
server {
server_name habits.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10091;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = habits.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name habits.theribbles.org;
return 404; # managed by Certbot
}

41
etc/nginx/sites-available/home.theribbles.org Normal file
View File

@ -0,0 +1,41 @@
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name home.theribbles.org;
access_log /var/log/nginx/home.theribbles.org-access.log;
error_log /var/log/nginx/home.theribbles.org-error.log debug;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = home.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name home.theribbles.org;
return 404; # managed by Certbot
}

28
etc/nginx/sites-available/ipa.theribbles.org Normal file
View File

@ -0,0 +1,28 @@
server {
server_name ipa.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10021;
proxy_set_header X-Real-IP $remote_addr;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ipa.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

53
etc/nginx/sites-available/mail.theribbles.org Normal file
View File

@ -0,0 +1,53 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name mail.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10230;
proxy_set_header Upgrade $http_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name mail.suvereno.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
server_name mail.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

53
etc/nginx/sites-available/matrix.theribbles.org Normal file
View File

@ -0,0 +1,53 @@
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name matrix.theribbles.org;
access_log /var/log/nginx/matrix.theribbles.org-access.log;
error_log /var/log/nginx/matrix.theribbles.org-error.log debug;
location ~ {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:10180;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
listen 443 ssl http2; # manually changed, but added by Certbot
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = matrix.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name matrix.theribbles.org;
return 404; # managed by Certbot
}

80
etc/nginx/sites-available/media.theribbles.org Normal file
View File

@ -0,0 +1,80 @@
server {
server_name media.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location = / {
return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://127.0.0.1:10170;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://127.0.0.1:10170/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://127.0.0.1:10170;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
if ($host = media.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name media.theribbles.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/money-import.theribbles.org Normal file
View File

@ -0,0 +1,27 @@
server {
server_name money-import.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
include /etc/nginx/auth-endpoints.conf;
location ~ {
proxy_pass http://127.0.0.1:10061;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
}
server {
if ($host = money-import.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name money-import.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

41
etc/nginx/sites-available/money.theribbles.org Normal file
View File

@ -0,0 +1,41 @@
server {
server_name money.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ /oauth2/ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}
location ~ {
proxy_pass http://127.0.0.1:10060;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
error_page 401 = /oauth2/sign_in;
}
server {
if ($host = money.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name money.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/oauth.theribbles.org Normal file
View File

@ -0,0 +1,27 @@
server {
server_name oauth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = oauth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name oauth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

80
etc/nginx/sites-available/passwords-psono.theribbles.org Normal file
View File

@ -0,0 +1,80 @@
server {
if ($host = passwords.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name passwords.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name passwords.theribbles.org;
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy same-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# If you have the admin fileserver installed too behind this reverse proxy domain, add your fileserver URL e.g. https://fs01.example.com as connect-src too:
# add_header Content-Security-Policy "default-src 'none'; manifest-src 'self'; connect-src 'self' https://static.psono.com https://api.pwnedpasswords.com https://storage.googleapis.com https://*.digitaloceanspaces.com https://*.s3.amazonaws.com; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'";
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 256m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
index index.html;
try_files $uri /index.html;
location / {
add_header Pragma public;
add_header Cache-Control "public";
root /var/www/html/psono/webclient;
}
location /portal {
add_header Pragma public;
add_header Cache-Control "public";
alias /var/www/html/psono/admin-webclient;
}
location /server {
rewrite ^/server/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Last-Modified $date_gmt;
add_header Pragma "no-cache";
add_header Cache-Control "private, max-age=0, no-cache, no-store";
if_modified_since off;
expires off;
etag off;
proxy_pass http://127.0.0.1:10040;
}
}

33
etc/nginx/sites-available/passwords.theribbles.org Normal file
View File

@ -0,0 +1,33 @@
server {
server_name passwords.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10040;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://$http_host/ https://$http_host/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = passwords.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name passwords.theribbles.org;
return 404; # managed by Certbot
}

32
etc/nginx/sites-available/photos.theribbles.org Normal file
View File

@ -0,0 +1,32 @@
server {
server_name photos.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10080;
include "/etc/nginx/proxy-photo-upload.conf";
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
if ($host = photos.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name photos.theribbles.org;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/pihole.theribbles.org Normal file
View File

@ -0,0 +1,33 @@
server {
server_name pihole.theribbles.org;
allow 192.168.1.0/24;
deny all;
location ~ {
proxy_pass http://127.0.0.1:10000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = pihole.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name pihole.theribbles.org;
return 404; # managed by Certbot
}

97
etc/nginx/sites-available/plex.theribbles.org Normal file
View File

@ -0,0 +1,97 @@
# Must be set in the global scope see: https://forum.nginx.org/read.php?2,152294,152294
# Why this is important especially with Plex as it makes a lot of requests http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html / https://www.peterbe.com/plog/ssl_session_cache-ab
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Upstream to Plex
upstream plex_backend {
# Set this to the IP address that appears in `ifconfig` (NATTED LAN IP or Public IP address) if you want the bandwidth meter in the server status page to work
server 127.0.0.1:32400;
keepalive 32;
}
server {
# Enabling http2 can cause some issues with some devices, see #29 - Disable it if you experience issues
listen 443 ssl http2; # http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/
listen [::]:443 ssl http2;
server_name plex.theribbles.org;
send_timeout 100m; # Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause (e.g. Chrome)
# Faster resolving, improves stapling time. Timeout and nameservers may need to be adjusted for your location Google's have been used here.
# resolver 8.8.4.4 8.8.8.8 valid=300s;
# resolver_timeout 10s;
# Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
# Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
# Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
# proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location / {
# Example of using sub_filter to alter what Plex displays, this disables Plex News.
# sub_filter ',news,' ',';
# sub_filter_once on;
# sub_filter_types text/xml;
proxy_pass http://plex_backend;
}
# PlexPy forward example, works the same for other services.
# location /plexpy {
# proxy_pass http://127.0.0.1:8181;
#}
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
}
server {
if ($host = plex.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name plex.theribbles.org;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/podcast.theribbles.org Normal file
View File

@ -0,0 +1,25 @@
server {
server_name podcast.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10150;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name podcast.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

15
etc/nginx/sites-available/ranbato.familyds.net Normal file
View File

@ -0,0 +1,15 @@
server {
server_name ranbato.familyds.net;
location ~ {
proxy_pass http://192.168.1.31:5081;
}
listen 80;
listen [::]:80;
}

29
etc/nginx/sites-available/recipes.theribbles.org Normal file
View File

@ -0,0 +1,29 @@
server {
server_name recipes.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10050;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = recipes.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name recipes.theribbles.org;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/source.theribbles.org Normal file
View File

@ -0,0 +1,33 @@
server {
server_name source.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10110;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://$http_host/ https://$http_host/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = source.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name source.theribbles.org;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/todo-api.theribbles.org Normal file
View File

@ -0,0 +1,27 @@
server {
server_name todo-api.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:3456;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = todo-api.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name todo-api.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/todo.theribbles.org Normal file
View File

@ -0,0 +1,33 @@
server {
server_name todo.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
root /var/opt/todo/frontend/current;
try_files $uri $uri/ /;
index index.html index.htm;
}
location ~* ^/(api|dav|\.well-known)/ {
proxy_pass http://localhost:3456;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = todo.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name todo.theribbles.org;
return 404; # managed by Certbot
}

43
etc/nginx/sites-available/torrents.theribbles.org Normal file
View File

@ -0,0 +1,43 @@
server {
server_name torrents.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ /oauth2/ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}
location ~ {
proxy_pass http://127.0.0.1:10140;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
error_page 401 = /oauth2/sign_in;
}
server {
if ($host = torrents.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name torrents.theribbles.org;
return 404; # managed by Certbot
}

56
etc/nginx/sites-available/unifi.theribbles.org Normal file
View File

@ -0,0 +1,56 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name unifi.theribbles.org;
client_max_body_size 50m;
ssl_trusted_certificate /etc/nginx/certificates/unifi.pem;
# Needed to allow the websockets to forward well.
# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
location /wss/ {
proxy_pass https://127.0.0.1:8443;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Suggested at
# https://community.ui.com/questions/Websocket-issue-with-Unifi-Controller-behind-nginx/21030109-95b1-47e2-91fb-0153a89dd04d
# Adding it removed a websocket connection failure
proxy_set_header Origin '';
proxy_read_timeout 86400;
}
location / {
proxy_pass https://127.0.0.1:8443; #The UniFi Controller Port
proxy_redirect https://127.0.0.1:8443/ /;
proxy_buffering off;
proxy_read_timeout 60s;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
}
server {
if ($host = unifi.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name unifi.theribbles.org;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/web-crypto-explorer.theribbles.org Normal file
View File

@ -0,0 +1,26 @@
server {
server_name web-crypto-explorer.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10210;
include /etc/nginx/proxy.conf;
proxy_set_header Host $host;
}
}
server {
if ($host = web-crypto-explorer.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name web-crypto-explorer.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/wiki.suvereno.org Normal file
View File

@ -0,0 +1,26 @@
server {
server_name wiki.suvereno.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:11100;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = wiki.suvereno.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name wiki.suvereno.org;
listen 80;
return 404; # managed by Certbot
}

29
etc/nginx/sites-available/wiki.theribbles.org Normal file
View File

@ -0,0 +1,29 @@
server {
server_name wiki.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10130;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = wiki.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name wiki.theribbles.org;
return 404; # managed by Certbot
}

1
etc/nginx/sites-enabled/afaf.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/afaf.theribbles.org

1
etc/nginx/sites-enabled/app-test.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/app-test.theribbles.org

1
etc/nginx/sites-enabled/audiobooks.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/audiobooks.theribbles.org

1
etc/nginx/sites-enabled/auth.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/auth.theribbles.org

1
etc/nginx/sites-enabled/beets.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/beets.theribbles.org

1
etc/nginx/sites-enabled/budget.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/budget.theribbles.org

1
etc/nginx/sites-enabled/chat.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/chat.theribbles.org

1
etc/nginx/sites-enabled/cloud.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/cloud.theribbles.org

1
etc/nginx/sites-enabled/contacts.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/contacts.theribbles.org

1
etc/nginx/sites-enabled/db-test.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/db-test.theribbles.org

1
etc/nginx/sites-enabled/default Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/default

1
etc/nginx/sites-enabled/docs.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/docs.theribbles.org

1
etc/nginx/sites-enabled/email.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/email.theribbles.org

1
etc/nginx/sites-enabled/email2.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/email2.theribbles.org

1
etc/nginx/sites-enabled/home.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/home.theribbles.org

1
etc/nginx/sites-enabled/mail.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/mail.theribbles.org

1
etc/nginx/sites-enabled/matrix.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/matrix.theribbles.org

1
etc/nginx/sites-enabled/media.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/media.theribbles.org

1
etc/nginx/sites-enabled/oauth.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/oauth.theribbles.org

1
etc/nginx/sites-enabled/passwords.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/passwords.theribbles.org

1
etc/nginx/sites-enabled/photos.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/photos.theribbles.org

1
etc/nginx/sites-enabled/pihole.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/pihole.theribbles.org

1
etc/nginx/sites-enabled/plex.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/plex.theribbles.org

1
etc/nginx/sites-enabled/podcast.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/podcast.theribbles.org

1
etc/nginx/sites-enabled/ranbato.familydns.net Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/ranbato.familyds.net

1
etc/nginx/sites-enabled/recipes.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/recipes.theribbles.org

1
etc/nginx/sites-enabled/source.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/source.theribbles.org

1
etc/nginx/sites-enabled/todo.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/todo.theribbles.org

1
etc/nginx/sites-enabled/torrents.theribbles.org Symbolic link
View File

@ -0,0 +1 @@
/etc/nginx/sites-available/torrents.theribbles.org

Some files were not shown because too many files have changed in this diff Show More