From cb2fb9c46c4f7a85b13e5f49951ea6ede2a24429 Mon Sep 17 00:00:00 2001 From: Alex Huddleston Date: Fri, 5 Jun 2020 21:47:16 -0500 Subject: [PATCH] Added Remote server Nginx Configs. --- nginx/{ => local}/default | 0 nginx/{ => local}/default.dpkg-dist | 0 nginx/{ => local}/ebgamesreal.conf | 0 nginx/{ => local}/landing-page.conf | 0 nginx/{ => local}/letter.conf | 0 nginx/{ => local}/mastodon.conf | 0 nginx/{ => local}/pinafore.conf | 0 nginx/{ => local}/riot-client.conf | 0 nginx/public/default | 91 ++++++++++++ nginx/public/ebgamesreal.conf | 38 +++++ nginx/public/gitea.conf | 38 +++++ nginx/public/gitlab.conf | 39 +++++ nginx/public/halcyon.conf | 45 ++++++ nginx/public/letter.conf | 25 ++++ nginx/public/mastodon.conf | 41 ++++++ nginx/public/matrix.conf | 214 ++++++++++++++++++++++++++++ nginx/public/nextcloud.conf | 48 +++++++ nginx/public/pina.conf | 38 +++++ nginx/public/pleroma.conf | 89 ++++++++++++ nginx/public/portfolio.conf | 38 +++++ nginx/public/riot-client.conf | 25 ++++ nginx/public/rundeck.conf | 19 +++ 22 files changed, 788 insertions(+) rename nginx/{ => local}/default (100%) rename nginx/{ => local}/default.dpkg-dist (100%) rename nginx/{ => local}/ebgamesreal.conf (100%) rename nginx/{ => local}/landing-page.conf (100%) rename nginx/{ => local}/letter.conf (100%) rename nginx/{ => local}/mastodon.conf (100%) rename nginx/{ => local}/pinafore.conf (100%) rename nginx/{ => local}/riot-client.conf (100%) create mode 100644 nginx/public/default create mode 100644 nginx/public/ebgamesreal.conf create mode 100644 nginx/public/gitea.conf create mode 100644 nginx/public/gitlab.conf create mode 100644 nginx/public/halcyon.conf create mode 100644 nginx/public/letter.conf create mode 100644 nginx/public/mastodon.conf create mode 100644 nginx/public/matrix.conf create mode 100644 nginx/public/nextcloud.conf create mode 100644 nginx/public/pina.conf create mode 100644 nginx/public/pleroma.conf create mode 100644 nginx/public/portfolio.conf create mode 100644 nginx/public/riot-client.conf create mode 100644 nginx/public/rundeck.conf diff --git a/nginx/default b/nginx/local/default similarity index 100% rename from nginx/default rename to nginx/local/default diff --git a/nginx/default.dpkg-dist b/nginx/local/default.dpkg-dist similarity index 100% rename from nginx/default.dpkg-dist rename to nginx/local/default.dpkg-dist diff --git a/nginx/ebgamesreal.conf b/nginx/local/ebgamesreal.conf similarity index 100% rename from nginx/ebgamesreal.conf rename to nginx/local/ebgamesreal.conf diff --git a/nginx/landing-page.conf b/nginx/local/landing-page.conf similarity index 100% rename from nginx/landing-page.conf rename to nginx/local/landing-page.conf diff --git a/nginx/letter.conf b/nginx/local/letter.conf similarity index 100% rename from nginx/letter.conf rename to nginx/local/letter.conf diff --git a/nginx/mastodon.conf b/nginx/local/mastodon.conf similarity index 100% rename from nginx/mastodon.conf rename to nginx/local/mastodon.conf diff --git a/nginx/pinafore.conf b/nginx/local/pinafore.conf similarity index 100% rename from nginx/pinafore.conf rename to nginx/local/pinafore.conf diff --git a/nginx/riot-client.conf b/nginx/local/riot-client.conf similarity index 100% rename from nginx/riot-client.conf rename to nginx/local/riot-client.conf diff --git a/nginx/public/default b/nginx/public/default new file mode 100644 index 0000000..587a11c --- /dev/null +++ b/nginx/public/default @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +#server { + #listen 80 default_server; + #listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + #root /var/www/html; + + # Add index.php to the list if you are using PHP + #index index.html index.htm index.nginx-debian.html; + + #server_name _; + + #location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + #try_files $uri $uri/ =404; + #} + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +#} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/public/ebgamesreal.conf b/nginx/public/ebgamesreal.conf new file mode 100644 index 0000000..4d9c1cc --- /dev/null +++ b/nginx/public/ebgamesreal.conf @@ -0,0 +1,38 @@ +## +# EB Games Real Dot Live +## + +server { + listen 80; + server_name ebgamesreal.live; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:42069; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ebgamesreal.live/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ebgamesreal.live/privkey.pem; + server_name ebgamesreal.live; + + location / { + proxy_pass http://localhost:42069; + } +} + +# www Redirects + +server { + listen 80; + server_name www.ebgamesreal.live; + return 301 $scheme://ebgamesreal.live$request_uri; +} + +server { + listen 443; + server_name www.ebgamesreal.live; + return 301 $scheme://ebgamesreal.live$request_uri; +} diff --git a/nginx/public/gitea.conf b/nginx/public/gitea.conf new file mode 100644 index 0000000..2f6a396 --- /dev/null +++ b/nginx/public/gitea.conf @@ -0,0 +1,38 @@ +## +# Gitea service. +## + +server { + listen 80; + server_name gitea.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:3030; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name gitea.werefox.dev; + + location / { + proxy_pass http://localhost:3030; + } +} + +# werefoxsoftware.com Redirects +# +# server { +# listen 80; +# server_name gitea.werefoxsoftware.com; +# return 301 $scheme://gitea.werefox.dev$request_uri; +# } +# +# server { +# listen 443; +# server_name gitea.werefoxsoftware.com; +# return 301 $scheme://gitea.werefox.dev$request_uri; +# } diff --git a/nginx/public/gitlab.conf b/nginx/public/gitlab.conf new file mode 100644 index 0000000..e7b533a --- /dev/null +++ b/nginx/public/gitlab.conf @@ -0,0 +1,39 @@ +## +# Gitlab service +## + +server { + listen 80; + server_name gitlab.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://gitlab.werefox.dev:2443; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name gitlab.werefox.dev; + + location / { + proxy_pass http://gitlab.werefox.dev:2443; + proxy_set_header Host $http_host; + } +} + +# werefoxsoftware.com Redirects + +server { + listen 80; + server_name gitlab.werefoxsoftware.com; + return 301 $scheme://gitlab.werefox.dev$request_uri; +} + +server { + listen 443; + server_name gitlab.werefoxsoftware.com; + return 301 $scheme://gitlab.werefox.dev$request_uri; +} diff --git a/nginx/public/halcyon.conf b/nginx/public/halcyon.conf new file mode 100644 index 0000000..12311a9 --- /dev/null +++ b/nginx/public/halcyon.conf @@ -0,0 +1,45 @@ +## +# Halcyon Front-end for Mastodon +## + +server { + listen 80; + listen [::]:80; + server_name halcyon.werefox.dev; + return 301 https://$server_name$request_uri; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name halcyon.werefox.dev; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_stapling on; + ssl_stapling_verify on; + add_header Strict-Transport-Security "max-age=31536000"; + add_header X-XSS-Protection "1; mode=block"; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + ssl_dhparam /etc/letsencrypt/live/werefox.dev/dhparam.pem; + keepalive_timeout 70; + sendfile on; + client_max_body_size 20m; + root /var/www/example.com; + + location / { + proxy_pass http://halcyon.werefox.dev:8004; +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto https; +# proxy_set_header Proxy ""; +# proxy_buffering off; +# proxy_redirect off; +# proxy_http_version 1.1; +# proxy_set_header Upgrade "upgrade"; +# proxy_set_header Connection "upgrade"; + } +} + diff --git a/nginx/public/letter.conf b/nginx/public/letter.conf new file mode 100644 index 0000000..37d6c4a --- /dev/null +++ b/nginx/public/letter.conf @@ -0,0 +1,25 @@ +## +# Valentines Doodle +## + +server { + listen 80; + server_name letter.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:6969; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name letter.werefox.dev; + + location / { + proxy_pass http://localhost:6969; + } +} + diff --git a/nginx/public/mastodon.conf b/nginx/public/mastodon.conf new file mode 100644 index 0000000..06e9dfd --- /dev/null +++ b/nginx/public/mastodon.conf @@ -0,0 +1,41 @@ +server { + listen 80; + listen [::]:80; + server_name masto.werefox.dev; + # Useful for Let's Encrypt + location /.well-known/acme-challenge/ { allow all; } + location / { proxy_pass http://localhost:8888; + return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name masto.werefox.dev; + + ssl_protocols TLSv1.2; + ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + + keepalive_timeout 70; + sendfile on; + client_max_body_size 80m; + + location / { + proxy_pass http://localhost:8888; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade "upgrade"; + proxy_set_header Connection "upgrade"; + } +} diff --git a/nginx/public/matrix.conf b/nginx/public/matrix.conf new file mode 100644 index 0000000..de21d74 --- /dev/null +++ b/nginx/public/matrix.conf @@ -0,0 +1,214 @@ +## +# Main werefox.dev domain site. +## + +server { + listen 8008; + server_name matrix.werefox.dev; + + client_max_body_size 300M; + + location / { + proxy_pass http://localhost:8088; + } + + location /_matrix { + proxy_pass http://localhost:8088; + } + + location ~ /.well-known { + allow all; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name matrix.werefox.dev; + + root /etc/nginx/werefoxsoftware-subdomains/; + client_max_body_size 300M; + + location / { + proxy_pass http://localhost:8444; + } + + location /_matrix { + proxy_pass https://localhost:8444; + } + + location /.well-known/matrix { + #{ + # A somewhat long expires value is used to prevent outages + # in case this is unreachable due to network failure or + # due to the base domain's server completely dying. + #} + expires 4h; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } +} + +server { + listen 8448 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name matrix.werefox.dev; + + root /etc/nginx/werefoxsoftware-subdomains/; + client_max_body_size 300M; + + location / { + proxy_pass http://localhost:8444; + } + + location /_matrix { + proxy_pass https://localhost:8444; + } + + location /.well-known/matrix { + #{ + # A somewhat long expires value is used to prevent outages + # in case this is unreachable due to network failure or + # due to the base domain's server completely dying. + #} + expires 4h; + default_type application/json; + add_header Access-Control-Allow-Origin *; + } +} + +server { + listen 9000 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name matrix.werefox.dev; + + root /etc/nginx/werefoxsoftware-subdomains/; + client_max_body_size 300M; + + location / { + proxy_pass http://matrix.werefox.dev:9005; + } +} + +server { + listen 8222 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name matrix.werefox.dev; + + root /etc/nginx/werefoxsoftware-subdomains/; + client_max_body_size 300M; + + location / { + proxy_pass http://matrix.werefox.dev:8228; + } +} + +#server { +# listen 8008; +# server_name matrix.werefox.dev; +# +# client_max_body_size 300M; +# +# location / { +# proxy_pass http://localhost:8088; +# } +# +# location /_matrix { +# proxy_pass http://localhost:8088; +# } +# +# location ~ /.well-known { +# allow all; +# } +#} + +#server { +# listen 443 ssl; +# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; +# server_name matrix.werefox.dev; +# +# root /etc/nginx/werefoxsoftware-subdomains/; +# client_max_body_size 300M; +# +# location / { +# proxy_pass http://localhost:8444; +# } +# +# location /_matrix { +# proxy_pass https://localhost:8444; +# } +# +# location /.well-known/matrix { + #{ + # A somewhat long expires value is used to prevent outages + # in case this is unreachable due to network failure or + # due to the base domain's server completely dying. + #} +# expires 4h; +# default_type application/json; +# add_header Access-Control-Allow-Origin *; +# } +#} + +#server { +# listen 8448 ssl; +# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; +# server_name matrix.werefox.dev; +# +# root /etc/nginx/werefoxsoftware-subdomains/; +# client_max_body_size 300M; +# +# location / { +# proxy_pass http://localhost:8444; +# } +# +# location /_matrix { +# proxy_pass https://localhost:8444; +# } +# +# location /.well-known/matrix { + #{ + # A somewhat long expires value is used to prevent outages + # in case this is unreachable due to network failure or + # due to the base domain's server completely dying. + #} +# expires 4h; +# default_type application/json; +# add_header Access-Control-Allow-Origin *; +# } +#} + +#server { +# listen 9000 ssl; +# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; +# server_name matrix.werefox.dev; +# +# root /etc/nginx/werefoxsoftware-subdomains/; +# client_max_body_size 300M; +# +# location / { +# proxy_pass http://matrix.werefox.dev:9005; +# } +#} + +#server { +# listen 8222 ssl; +# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; +# server_name matrix.werefox.dev; +# +# root /etc/nginx/werefoxsoftware-subdomains/; +# client_max_body_size 300M; +# +# location / { +# proxy_pass http://matrix.werefox.dev:8228; +# } +#} + diff --git a/nginx/public/nextcloud.conf b/nginx/public/nextcloud.conf new file mode 100644 index 0000000..966020f --- /dev/null +++ b/nginx/public/nextcloud.conf @@ -0,0 +1,48 @@ +## +# Nextcloud service. +## + +server { + listen 80; + server_name cloud.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:9696; + proxy_redirect https://localhost:9696/ https://cloud.werefox.dev/; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name cloud.werefox.dev; + + add_header Strict-Transport-Security 15552000; + client_max_body_size 250G; + + location / { + proxy_pass http://localhost:9696; + proxy_redirect http:// https://; + proxy_redirect https://localhost:9696/ https://cloud.werefox.dev/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# werefoxsoftware.com Redirects + +# server { +# listen 80; +# server_name cloud.werefoxsoftware.com; +# return 301 $scheme://cloud.werefox.dev$request_uri; +# } +# +# server { +# listen 443; +# server_name cloud.werefoxsoftware.com; +# return 301 $scheme://cloud.werefox.dev$request_uri; +# } diff --git a/nginx/public/pina.conf b/nginx/public/pina.conf new file mode 100644 index 0000000..76d359d --- /dev/null +++ b/nginx/public/pina.conf @@ -0,0 +1,38 @@ +## +# Pinafore Front-end for Mastodon +## + +server { + listen 80; + server_name pina.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:4002; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name pina.werefox.dev; + + location / { + proxy_pass http://localhost:4002; + } +} + +# werefoxsoftware.com Redirects + +server { + listen 80; + server_name pina.werefoxsoftware.com; + return 301 $scheme://pina.werefox.dev$request_uri; +} + +server { + listen 443; + server_name pina.werefoxsoftware.com; + return 301 $scheme://pina.werefox.dev$request_uri; +} diff --git a/nginx/public/pleroma.conf b/nginx/public/pleroma.conf new file mode 100644 index 0000000..d3aacbc --- /dev/null +++ b/nginx/public/pleroma.conf @@ -0,0 +1,89 @@ +# default nginx site config for Pleroma +# +# Simple installation instructions: +# 1. Install your TLS certificate, possibly using Let's Encrypt. +# 2. Replace 'example.tld' with your instance's domain wherever it appears. +# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it +# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx. + +proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g + inactive=720m use_temp_path=off; + +server { + listen 80; + server_name pleroma.werefox.dev; + return 301 https://$server_name$request_uri; + + # Uncomment this if you need to use the 'webroot' method with certbot. Make sure + # that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and + # that is is accessible by the webserver. You may need to load this file with the ssl + # server block commented out, run certbot to get the certificate, and then uncomment it. + # + # location ~ /\.well-known/acme-challenge { + # root /pleroma/priv/static/; + # } +} + +server { + listen 443 ssl http2; + ssl on; + ssl_session_timeout 5m; + + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; + ssl_prefer_server_ciphers on; + + server_name pleroma.werefox.dev; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; + + # the nginx default is 1m, not enough for large media uploads + client_max_body_size 16m; + + location / { + # if you do not want remote frontends to be able to access your Pleroma backend + # server, remove these lines. + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always; + add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always; + if ($request_method = OPTIONS) { + return 204; + } + # stop removing lines here. + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy same-origin; + add_header X-Download-Options noopen; + + # Uncomment this only after you get HTTPS working. + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + + proxy_pass http://localhost:30303; + + client_max_body_size 16m; + } + + location /proxy { + proxy_cache pleroma_media_cache; + proxy_cache_lock on; + proxy_ignore_client_abort on; + proxy_pass http://localhost:30303; + } +} diff --git a/nginx/public/portfolio.conf b/nginx/public/portfolio.conf new file mode 100644 index 0000000..0e8e4a8 --- /dev/null +++ b/nginx/public/portfolio.conf @@ -0,0 +1,38 @@ +## +# Portfolio service. +## + +server { + listen 80; + server_name pf.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass http://localhost:8880; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name pf.werefox.dev; + + location / { + proxy_pass http://localhost:8880; + } +} + +# werefoxsoftware.com Redirects + +server { + listen 80; + server_name pf.werefoxsoftware.com; + return 301 $scheme://pf.werefox.dev$request_uri; +} + +server { + listen 443; + server_name pf.werefoxsoftware.com; + return 301 $scheme://pf.werefox.dev$request_uri; +} diff --git a/nginx/public/riot-client.conf b/nginx/public/riot-client.conf new file mode 100644 index 0000000..f54bd9a --- /dev/null +++ b/nginx/public/riot-client.conf @@ -0,0 +1,25 @@ +## +# Riot-Client +## + +server { + listen 80; + server_name riot.werefox.dev; + + location / { + rewrite ^(.*)$ https://$host$1 permanent; + proxy_pass https://riot.werefox.dev; + } +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + server_name riot.werefox.dev; + + location / { + proxy_pass http://localhost:8808; + } +} + diff --git a/nginx/public/rundeck.conf b/nginx/public/rundeck.conf new file mode 100644 index 0000000..3f1d154 --- /dev/null +++ b/nginx/public/rundeck.conf @@ -0,0 +1,19 @@ +## +# Rundeck, Ansible front-end +## + +server { + listen 4444 ssl http2; + listen [::]:4444 ssl http2; + + ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem; + ssl_dhparam /etc/letsencrypt/live/werefox.dev/dhparam.pem; + + keepalive_timeout 70; + sendfile on; + + location / { + proxy_pass http://localhost:4440; + } +}