eliribble/podman-services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add nginx configs.

Browse source
This commit is contained in:
Eli Ribble 2024-02-21 13:37:30 -07:00
parent 5879f30582
commit da3cda28cd
110 changed files with 2631 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
etc/nginx/sites-available/afaf.theribbles.org Normal file
View file

@ -0,0 +1,11 @@
server {
listen 80;
server_name afaf.theribbles.org;
root /concrete5;
index index.html;
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9001;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}

24
etc/nginx/sites-available/app-test.theribbles.org Normal file
View file

@ -0,0 +1,24 @@
server {
server_name app-test.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
root /home/eliribble/src/app-test;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name app-test.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/audiobooks.theribbles.org Normal file
View file

@ -0,0 +1,26 @@
server {
server_name audiobooks.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10110;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = audiobooks.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name audiobooks.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

55
etc/nginx/sites-available/auth.theribbles.org Normal file
View file

@ -0,0 +1,55 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name auth.suvereno.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
server_name auth.theribbles.org auth.suvereno.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/auth.theribbles.org.bak Normal file
View file

@ -0,0 +1,27 @@
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10030;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name auth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

34
etc/nginx/sites-available/auth.theribbles.org.bak2 Normal file
View file

@ -0,0 +1,34 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name auth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10160;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name auth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/beets.theribbles.org Normal file
View file

@ -0,0 +1,25 @@
server {
server_name beets.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:8337;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = beets.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name beets.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/budget.theribbles.org Normal file
View file

@ -0,0 +1,25 @@
server {
server_name budget.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10100;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = budget.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name budget.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

47
etc/nginx/sites-available/chat.theribbles.org Normal file
View file

@ -0,0 +1,47 @@
server {
root /var/www/element;
# Add index.php to the list if you are using PHP
index index.html;
server_name chat.theribbles.org;
access_log /var/log/nginx/chat.theribbles.org-access.log;
error_log /var/log/nginx/chat.theribbles.org-error.log debug;
location = /index.html {
add_header Cache-Control "no-cache";
}
location = /version {
add_header Cache-Control "no-cache";
}
# covers config.json and config.hostname.json requests as it is prefix.
location /config {
add_header Cache-Control "no-cache";
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
listen 443 ssl http2; # manually changed, but added by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = chat.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name chat.theribbles.org;
return 404; # managed by Certbot
}

31
etc/nginx/sites-available/cloud.theribbles.org Normal file
View file

@ -0,0 +1,31 @@
server {
server_name cloud.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 10G;
client_body_buffer_size 400M;
location ~ {
proxy_pass http://127.0.0.1:10070;
proxy_set_header Connection "";
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = cloud.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cloud.theribbles.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}

29
etc/nginx/sites-available/contacts.theribbles.org Normal file
View file

@ -0,0 +1,29 @@
server {
server_name contacts.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10200;
include proxy.conf;
}
}
server {
if ($host = contacts.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name contacts.theribbles.org;
return 404; # managed by Certbot
}

28
etc/nginx/sites-available/db-test.theribbles.org Normal file
View file

@ -0,0 +1,28 @@
server {
server_name db-test.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10160;
include /etc/nginx/proxy.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name db-test.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

111
etc/nginx/sites-available/default Normal file
View file

@ -0,0 +1,111 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
server_name www.theribbles.org theribbles.org _;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name www.theribbles.org theribbles.org;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.theribbles.org"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /waiver {
return 301 https://app.waiversign.com/e/60f5a65891f983001947ac59/doc/60f5a7bce1ea2500193529e5?event=none;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

50
etc/nginx/sites-available/docs.theribbles.org Normal file
View file

@ -0,0 +1,50 @@
server {
server_name docs.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Adjust as required. This is the maximum size for file uploads.
# The default value 1M might be a little too small.
client_max_body_size 10M;
location / {
# Adjust host and port as required.
proxy_pass http://localhost:10190/;
client_body_buffer_size 1024k;
client_body_timeout 20m;
client_max_body_size 100G;
# These configuration options are required for WebSockets to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header P3P 'CP=""'; # may not be required in all setups
}
}
server {
if ($host = docs.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name docs.theribbles.org;
return 404; # managed by Certbot
}

36
etc/nginx/sites-available/email.theribbles.org Normal file
View file

@ -0,0 +1,36 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
index index.php;
location / {
root /var/lib/containers/storage/volumes/roundcube-web/_data;
}
location ~* \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:10120;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

30
etc/nginx/sites-available/email.theribbles.org.bak Normal file
View file

@ -0,0 +1,30 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
location ~ {
proxy_pass http://127.0.0.1:10120;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

36
etc/nginx/sites-available/email.theribbles.org.bak2 Normal file
View file

@ -0,0 +1,36 @@
server {
server_name email.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
index index.php;
location / {
root /var/lib/containers/storage/volumes/roundcube-web/_data;
}
location ~* \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:10120;
include /etc/nginx/snippets/fastcgi-php.conf;
}
}
server {
if ($host = email.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email.theribbles.org;
return 404; # managed by Certbot
}

34
etc/nginx/sites-available/email.theribbles.org.bak3 Normal file
View file

@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
server_name email.theribbles.org;
}
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
root /opt/src/jmap-demo-webmail;
# Add index.php to the list if you are using PHP
index index.html index.htm;
server_name email.theribbles.org;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}

30
etc/nginx/sites-available/email2.theribbles.org Normal file
View file

@ -0,0 +1,30 @@
server {
server_name email2.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 40M;
client_body_buffer_size 10M;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
if ($host = email2.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name email2.theribbles.org;
return 404; # managed by Certbot
}

30
etc/nginx/sites-available/habits.theribbles.org Normal file
View file

@ -0,0 +1,30 @@
server {
server_name habits.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10091;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = habits.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name habits.theribbles.org;
return 404; # managed by Certbot
}

41
etc/nginx/sites-available/home.theribbles.org Normal file
View file

@ -0,0 +1,41 @@
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name home.theribbles.org;
access_log /var/log/nginx/home.theribbles.org-access.log;
error_log /var/log/nginx/home.theribbles.org-error.log debug;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = home.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name home.theribbles.org;
return 404; # managed by Certbot
}

28
etc/nginx/sites-available/ipa.theribbles.org Normal file
View file

@ -0,0 +1,28 @@
server {
server_name ipa.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10021;
proxy_set_header X-Real-IP $remote_addr;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = auth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ipa.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

53
etc/nginx/sites-available/mail.theribbles.org Normal file
View file

@ -0,0 +1,53 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name mail.theribbles.org;
location ~ {
proxy_pass https://127.0.0.1:10230;
proxy_set_header Upgrade $http_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name mail.suvereno.org;
location ~ {
proxy_pass http://127.0.0.1:10030;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
server_name mail.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

53
etc/nginx/sites-available/matrix.theribbles.org Normal file
View file

@ -0,0 +1,53 @@
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name matrix.theribbles.org;
access_log /var/log/nginx/matrix.theribbles.org-access.log;
error_log /var/log/nginx/matrix.theribbles.org-error.log debug;
location ~ {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:10180;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
listen 443 ssl http2; # manually changed, but added by Certbot
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = matrix.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name matrix.theribbles.org;
return 404; # managed by Certbot
}

80
etc/nginx/sites-available/media.theribbles.org Normal file
View file

@ -0,0 +1,80 @@
server {
server_name media.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location = / {
return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://127.0.0.1:10170;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://127.0.0.1:10170/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://127.0.0.1:10170;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
if ($host = media.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name media.theribbles.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/money-import.theribbles.org Normal file
View file

@ -0,0 +1,27 @@
server {
server_name money-import.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
include /etc/nginx/auth-endpoints.conf;
location ~ {
proxy_pass http://127.0.0.1:10061;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
}
server {
if ($host = money-import.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name money-import.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

41
etc/nginx/sites-available/money.theribbles.org Normal file
View file

@ -0,0 +1,41 @@
server {
server_name money.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ /oauth2/ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}
location ~ {
proxy_pass http://127.0.0.1:10060;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
error_page 401 = /oauth2/sign_in;
}
server {
if ($host = money.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name money.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/oauth.theribbles.org Normal file
View file

@ -0,0 +1,27 @@
server {
server_name oauth.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = oauth.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name oauth.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

80
etc/nginx/sites-available/passwords-psono.theribbles.org Normal file
View file

@ -0,0 +1,80 @@
server {
if ($host = passwords.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name passwords.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name passwords.theribbles.org;
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy same-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# If you have the admin fileserver installed too behind this reverse proxy domain, add your fileserver URL e.g. https://fs01.example.com as connect-src too:
# add_header Content-Security-Policy "default-src 'none'; manifest-src 'self'; connect-src 'self' https://static.psono.com https://api.pwnedpasswords.com https://storage.googleapis.com https://*.digitaloceanspaces.com https://*.s3.amazonaws.com; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'";
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 256m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
index index.html;
try_files $uri /index.html;
location / {
add_header Pragma public;
add_header Cache-Control "public";
root /var/www/html/psono/webclient;
}
location /portal {
add_header Pragma public;
add_header Cache-Control "public";
alias /var/www/html/psono/admin-webclient;
}
location /server {
rewrite ^/server/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Last-Modified $date_gmt;
add_header Pragma "no-cache";
add_header Cache-Control "private, max-age=0, no-cache, no-store";
if_modified_since off;
expires off;
etag off;
proxy_pass http://127.0.0.1:10040;
}
}

33
etc/nginx/sites-available/passwords.theribbles.org Normal file
View file

@ -0,0 +1,33 @@
server {
server_name passwords.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10040;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://$http_host/ https://$http_host/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = passwords.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name passwords.theribbles.org;
return 404; # managed by Certbot
}

32
etc/nginx/sites-available/photos.theribbles.org Normal file
View file

@ -0,0 +1,32 @@
server {
server_name photos.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10080;
include "/etc/nginx/proxy-photo-upload.conf";
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
if ($host = photos.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name photos.theribbles.org;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/pihole.theribbles.org Normal file
View file

@ -0,0 +1,33 @@
server {
server_name pihole.theribbles.org;
allow 192.168.1.0/24;
deny all;
location ~ {
proxy_pass http://127.0.0.1:10000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = pihole.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name pihole.theribbles.org;
return 404; # managed by Certbot
}

97
etc/nginx/sites-available/plex.theribbles.org Normal file
View file

@ -0,0 +1,97 @@
# Must be set in the global scope see: https://forum.nginx.org/read.php?2,152294,152294
# Why this is important especially with Plex as it makes a lot of requests http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html / https://www.peterbe.com/plog/ssl_session_cache-ab
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Upstream to Plex
upstream plex_backend {
# Set this to the IP address that appears in `ifconfig` (NATTED LAN IP or Public IP address) if you want the bandwidth meter in the server status page to work
server 127.0.0.1:32400;
keepalive 32;
}
server {
# Enabling http2 can cause some issues with some devices, see #29 - Disable it if you experience issues
listen 443 ssl http2; # http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/
listen [::]:443 ssl http2;
server_name plex.theribbles.org;
send_timeout 100m; # Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause (e.g. Chrome)
# Faster resolving, improves stapling time. Timeout and nameservers may need to be adjusted for your location Google's have been used here.
# resolver 8.8.4.4 8.8.8.8 valid=300s;
# resolver_timeout 10s;
# Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
# Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
# Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Disables compression between Plex and Nginx, required if using sub_filter below.
# May also improve loading time by a very marginal amount, as nginx will compress anyway.
# proxy_set_header Accept-Encoding "";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location / {
# Example of using sub_filter to alter what Plex displays, this disables Plex News.
# sub_filter ',news,' ',';
# sub_filter_once on;
# sub_filter_types text/xml;
proxy_pass http://plex_backend;
}
# PlexPy forward example, works the same for other services.
# location /plexpy {
# proxy_pass http://127.0.0.1:8181;
#}
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
}
server {
if ($host = plex.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name plex.theribbles.org;
return 404; # managed by Certbot
}

25
etc/nginx/sites-available/podcast.theribbles.org Normal file
View file

@ -0,0 +1,25 @@
server {
server_name podcast.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10150;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = podcast.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name podcast.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

15
etc/nginx/sites-available/ranbato.familyds.net Normal file
View file

@ -0,0 +1,15 @@
server {
server_name ranbato.familyds.net;
location ~ {
proxy_pass http://192.168.1.31:5081;
}
listen 80;
listen [::]:80;
}

29
etc/nginx/sites-available/recipes.theribbles.org Normal file
View file

@ -0,0 +1,29 @@
server {
server_name recipes.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10050;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = recipes.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name recipes.theribbles.org;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/source.theribbles.org Normal file
View file

@ -0,0 +1,33 @@
server {
server_name source.theribbles.org;
location / {
proxy_pass http://127.0.0.1:10110;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://$http_host/ https://$http_host/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = source.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name source.theribbles.org;
return 404; # managed by Certbot
}

27
etc/nginx/sites-available/todo-api.theribbles.org Normal file
View file

@ -0,0 +1,27 @@
server {
server_name todo-api.theribbles.org;
location ~ {
proxy_pass http://127.0.0.1:3456;
include /etc/nginx/proxy.conf;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = todo-api.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name todo-api.theribbles.org;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}

33
etc/nginx/sites-available/todo.theribbles.org Normal file
View file

@ -0,0 +1,33 @@
server {
server_name todo.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
root /var/opt/todo/frontend/current;
try_files $uri $uri/ /;
index index.html index.htm;
}
location ~* ^/(api|dav|\.well-known)/ {
proxy_pass http://localhost:3456;
include /etc/nginx/proxy.conf;
}
}
server {
if ($host = todo.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name todo.theribbles.org;
return 404; # managed by Certbot
}

43
etc/nginx/sites-available/torrents.theribbles.org Normal file
View file

@ -0,0 +1,43 @@
server {
server_name torrents.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ /oauth2/ {
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:10031;
include /etc/nginx/proxy.conf;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}
location ~ {
proxy_pass http://127.0.0.1:10140;
include /etc/nginx/proxy.conf;
include /etc/nginx/auth.conf;
}
error_page 401 = /oauth2/sign_in;
}
server {
if ($host = torrents.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name torrents.theribbles.org;
return 404; # managed by Certbot
}

56
etc/nginx/sites-available/unifi.theribbles.org Normal file
View file

@ -0,0 +1,56 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name unifi.theribbles.org;
client_max_body_size 50m;
ssl_trusted_certificate /etc/nginx/certificates/unifi.pem;
# Needed to allow the websockets to forward well.
# Information adopted from here: https://community.ubnt.com/t5/EdgeMAX/Access-Edgemax-gui-via-nginx-reverse-proxy-websocket-problem/td-p/1544354
location /wss/ {
proxy_pass https://127.0.0.1:8443;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Suggested at
# https://community.ui.com/questions/Websocket-issue-with-Unifi-Controller-behind-nginx/21030109-95b1-47e2-91fb-0153a89dd04d
# Adding it removed a websocket connection failure
proxy_set_header Origin '';
proxy_read_timeout 86400;
}
location / {
proxy_pass https://127.0.0.1:8443; #The UniFi Controller Port
proxy_redirect https://127.0.0.1:8443/ /;
proxy_buffering off;
proxy_read_timeout 60s;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
}
server {
if ($host = unifi.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name unifi.theribbles.org;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/web-crypto-explorer.theribbles.org Normal file
View file

@ -0,0 +1,26 @@
server {
server_name web-crypto-explorer.theribbles.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location ~ {
proxy_pass http://127.0.0.1:10210;
include /etc/nginx/proxy.conf;
proxy_set_header Host $host;
}
}
server {
if ($host = web-crypto-explorer.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name web-crypto-explorer.theribbles.org;
listen 80;
return 404; # managed by Certbot
}

26
etc/nginx/sites-available/wiki.suvereno.org Normal file
View file

@ -0,0 +1,26 @@
server {
server_name wiki.suvereno.org;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suvereno.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suvereno.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:11100;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = wiki.suvereno.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name wiki.suvereno.org;
listen 80;
return 404; # managed by Certbot
}

29
etc/nginx/sites-available/wiki.theribbles.org Normal file
View file

@ -0,0 +1,29 @@
server {
server_name wiki.theribbles.org;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:10130;
include "/etc/nginx/proxy.conf";
}
}
server {
if ($host = wiki.theribbles.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name wiki.theribbles.org;
return 404; # managed by Certbot
}