chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working for homelab

Browse Source
This commit is contained in:
Chris
2023-03-23 20:29:29 +00:00
parent a6d5ceaa22
commit 678894d7db
18 changed files with 677 additions and 734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
nginx/nginx.conf.template
View File

@@ -68,142 +68,6 @@ http {
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
# upstream monica-handler {
# server monica:9000;
# }
#
# server {
# listen 443 ssl http2;
#
# ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
# ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
#
# server_name personel.${DOMAIN};
#
# ## HSTS ##
# # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
# # WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
# # This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
# # removed from this list could take several months.
# #
# #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
#
# add_header Referrer-Policy "no-referrer" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-Download-Options "noopen" always;
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-Permitted-Cross-Domain-Policies "none" always;
# add_header X-Robots-Tag "none" always;
# add_header X-XSS-Protection "1; mode=block" always;
#
# # Remove X-Powered-By, which is an information leak
# fastcgi_hide_header X-Powered-By;
#
# root /var/www/html/monica/public;
#
# index index.html index.htm index.php;
#
# charset utf-8;
#
# location / {
# try_files $uri $uri/ /index.php?$query_string;
# }
#
# location ~ ^/(?:robots.txt|security.txt) {
# allow all;
# log_not_found off;
# access_log off;
# }
#
# error_page 404 500 502 503 504 /index.php;
#
# location ~ /\.well-known/(?:carddav|caldav) {
# return 301 $scheme://$host/dav;
# }
# location = /.well-known/security.txt {
# return 301 $scheme://$host/security.txt;
# }
# location ~ /\.(?!well-known).* {
# deny all;
# }
#
# # set max upload size
# client_max_body_size 10G;
# fastcgi_buffers 64 4K;
#
# # Enable gzip but do not remove ETag headers
# gzip on;
# gzip_vary on;
# gzip_comp_level 4;
# gzip_min_length 256;
# gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
# gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
#
# # Uncomment if your server is build with the ngx_pagespeed module
# # This module is currently not supported.
# #pagespeed off;
#
# location ~ \.php$ {
# # regex to split $uri to $fastcgi_script_name and $fastcgi_path
# fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#
# # Check that the PHP script exists before passing it
# try_files $fastcgi_script_name =404;
#
# fastcgi_pass monica-handler;
# fastcgi_index index.php;
#
# include fastcgi_params;
#
# # Cannot use $document_root as the path to monica on the docker container
# # is different to the path to the public files in this nginx container.
# fastcgi_param SCRIPT_FILENAME /var/www/html/public$fastcgi_script_name;
# # Bypass the fact that try_files resets $fastcgi_path_info
# # see: http://trac.nginx.org/nginx/ticket/321
# set $path_info $fastcgi_path_info;
# fastcgi_param PATH_INFO $path_info;
# }
#
# # Adding the cache control header for js and css files
# # Make sure it is BELOW the PHP block
# location ~ \.(?:css|js|woff2?|svg|gif|json)$ {
# try_files $uri /index.php$request_uri;
# add_header Cache-Control "public, max-age=15778463";
#
# ## HSTS ##
# # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
# # Note it is intended to have those duplicated to the ones above.
# # WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
# # This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
# # removed from this list could take several months.
# #
# #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
#
# add_header Referrer-Policy "no-referrer" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-Download-Options "noopen" always;
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-Permitted-Cross-Domain-Policies "none" always;
# add_header X-Robots-Tag "none" always;
# add_header X-XSS-Protection "1; mode=block" always;
#
# # Optional: Don't log access to assets
# access_log off;
# }
#
# location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
# try_files $uri /index.php$request_uri;
#
# # Optional: Don't log access to assets
# access_log off;
# }
#
# # deny access to .htaccess files
# location ~ /\.ht {
# deny all;
# }
# }
upstream nextcloud-handler {
server nextcloud:9000;
}
@@ -352,7 +216,7 @@ http {
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
# static files
location ^~ /loleaflet {
location ^~ /browser {
proxy_pass http://collabora-handler;
proxy_set_header Host $http_host;
}
@@ -370,7 +234,7 @@ http {
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://collabora-handler;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
@@ -379,13 +243,13 @@ http {
}
# download, presentation and image upload
location ~ ^/lool {
location ~ ^/(c|l)ool {
proxy_pass http://collabora-handler;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
location ^~ /cool/adminws {
proxy_pass http://collabora-handler;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
@@ -447,50 +311,6 @@ http {
}
}
upstream dashboard-handler {
server dashboard:5000;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name command.${DOMAIN} ${DOMAIN};
location / {
proxy_pass http://dashboard-handler;
}
location /unauthorized {
return 301 https://$host/login;
}
}
upstream pinry-handler {
server pinry:80;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name research.${DOMAIN};
location / {
proxy_pass http://pinry-handler;
}
}
upstream jitsi-handler {
server jitsi:80;
}