ada/powerpanel-webview
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added Remote server Nginx Configs.

Browse source
This commit is contained in:
Alex Huddleston 2020-06-05 21:47:16 -05:00
parent 8f932f3f93
commit cb2fb9c46c
22 changed files with 788 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
nginx/default → nginx/local/default
View file

0
nginx/default.dpkg-dist → nginx/local/default.dpkg-dist
View file

0
nginx/ebgamesreal.conf → nginx/local/ebgamesreal.conf
View file

0
nginx/landing-page.conf → nginx/local/landing-page.conf
View file

0
nginx/letter.conf → nginx/local/letter.conf
View file

0
nginx/mastodon.conf → nginx/local/mastodon.conf
View file

0
nginx/pinafore.conf → nginx/local/pinafore.conf
View file

0
nginx/riot-client.conf → nginx/local/riot-client.conf
View file

91
nginx/public/default Normal file
View file

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
#server {
#listen 80 default_server;
#listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
#root /var/www/html;
# Add index.php to the list if you are using PHP
#index index.html index.htm index.nginx-debian.html;
#server_name _;
#location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
#}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

38
nginx/public/ebgamesreal.conf Normal file
View file

@ -0,0 +1,38 @@
##
# EB Games Real Dot Live
##
server {
listen 80;
server_name ebgamesreal.live;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:42069;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/ebgamesreal.live/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ebgamesreal.live/privkey.pem;
server_name ebgamesreal.live;
location / {
proxy_pass http://localhost:42069;
}
}
# www Redirects
server {
listen 80;
server_name www.ebgamesreal.live;
return 301 $scheme://ebgamesreal.live$request_uri;
}
server {
listen 443;
server_name www.ebgamesreal.live;
return 301 $scheme://ebgamesreal.live$request_uri;
}

38
nginx/public/gitea.conf Normal file
View file

@ -0,0 +1,38 @@
##
# Gitea service.
##
server {
listen 80;
server_name gitea.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:3030;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name gitea.werefox.dev;
location / {
proxy_pass http://localhost:3030;
}
}
# werefoxsoftware.com Redirects
#
# server {
# listen 80;
# server_name gitea.werefoxsoftware.com;
# return 301 $scheme://gitea.werefox.dev$request_uri;
# }
#
# server {
# listen 443;
# server_name gitea.werefoxsoftware.com;
# return 301 $scheme://gitea.werefox.dev$request_uri;
# }

39
nginx/public/gitlab.conf Normal file
View file

@ -0,0 +1,39 @@
##
# Gitlab service
##
server {
listen 80;
server_name gitlab.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://gitlab.werefox.dev:2443;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name gitlab.werefox.dev;
location / {
proxy_pass http://gitlab.werefox.dev:2443;
proxy_set_header Host $http_host;
}
}
# werefoxsoftware.com Redirects
server {
listen 80;
server_name gitlab.werefoxsoftware.com;
return 301 $scheme://gitlab.werefox.dev$request_uri;
}
server {
listen 443;
server_name gitlab.werefoxsoftware.com;
return 301 $scheme://gitlab.werefox.dev$request_uri;
}

45
nginx/public/halcyon.conf Normal file
View file

@ -0,0 +1,45 @@
##
# Halcyon Front-end for Mastodon
##
server {
listen 80;
listen [::]:80;
server_name halcyon.werefox.dev;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name halcyon.werefox.dev;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-XSS-Protection "1; mode=block";
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/werefox.dev/dhparam.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 20m;
root /var/www/example.com;
location / {
proxy_pass http://halcyon.werefox.dev:8004;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto https;
# proxy_set_header Proxy "";
# proxy_buffering off;
# proxy_redirect off;
# proxy_http_version 1.1;
# proxy_set_header Upgrade "upgrade";
# proxy_set_header Connection "upgrade";
}
}

25
nginx/public/letter.conf Normal file
View file

@ -0,0 +1,25 @@
##
# Valentines Doodle
##
server {
listen 80;
server_name letter.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:6969;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name letter.werefox.dev;
location / {
proxy_pass http://localhost:6969;
}
}

41
nginx/public/mastodon.conf Normal file
View file

@ -0,0 +1,41 @@
server {
listen 80;
listen [::]:80;
server_name masto.werefox.dev;
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; }
location / { proxy_pass http://localhost:8888;
return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name masto.werefox.dev;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
location / {
proxy_pass http://localhost:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade "upgrade";
proxy_set_header Connection "upgrade";
}
}

214
nginx/public/matrix.conf Normal file
View file

@ -0,0 +1,214 @@
##
# Main werefox.dev domain site.
##
server {
listen 8008;
server_name matrix.werefox.dev;
client_max_body_size 300M;
location / {
proxy_pass http://localhost:8088;
}
location /_matrix {
proxy_pass http://localhost:8088;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name matrix.werefox.dev;
root /etc/nginx/werefoxsoftware-subdomains/;
client_max_body_size 300M;
location / {
proxy_pass http://localhost:8444;
}
location /_matrix {
proxy_pass https://localhost:8444;
}
location /.well-known/matrix {
#{
# A somewhat long expires value is used to prevent outages
# in case this is unreachable due to network failure or
# due to the base domain's server completely dying.
#}
expires 4h;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
}
server {
listen 8448 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name matrix.werefox.dev;
root /etc/nginx/werefoxsoftware-subdomains/;
client_max_body_size 300M;
location / {
proxy_pass http://localhost:8444;
}
location /_matrix {
proxy_pass https://localhost:8444;
}
location /.well-known/matrix {
#{
# A somewhat long expires value is used to prevent outages
# in case this is unreachable due to network failure or
# due to the base domain's server completely dying.
#}
expires 4h;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
}
server {
listen 9000 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name matrix.werefox.dev;
root /etc/nginx/werefoxsoftware-subdomains/;
client_max_body_size 300M;
location / {
proxy_pass http://matrix.werefox.dev:9005;
}
}
server {
listen 8222 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name matrix.werefox.dev;
root /etc/nginx/werefoxsoftware-subdomains/;
client_max_body_size 300M;
location / {
proxy_pass http://matrix.werefox.dev:8228;
}
}
#server {
# listen 8008;
# server_name matrix.werefox.dev;
#
# client_max_body_size 300M;
#
# location / {
# proxy_pass http://localhost:8088;
# }
#
# location /_matrix {
# proxy_pass http://localhost:8088;
# }
#
# location ~ /.well-known {
# allow all;
# }
#}
#server {
# listen 443 ssl;
# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
# server_name matrix.werefox.dev;
#
# root /etc/nginx/werefoxsoftware-subdomains/;
# client_max_body_size 300M;
#
# location / {
# proxy_pass http://localhost:8444;
# }
#
# location /_matrix {
# proxy_pass https://localhost:8444;
# }
#
# location /.well-known/matrix {
#{
# A somewhat long expires value is used to prevent outages
# in case this is unreachable due to network failure or
# due to the base domain's server completely dying.
#}
# expires 4h;
# default_type application/json;
# add_header Access-Control-Allow-Origin *;
# }
#}
#server {
# listen 8448 ssl;
# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
# server_name matrix.werefox.dev;
#
# root /etc/nginx/werefoxsoftware-subdomains/;
# client_max_body_size 300M;
#
# location / {
# proxy_pass http://localhost:8444;
# }
#
# location /_matrix {
# proxy_pass https://localhost:8444;
# }
#
# location /.well-known/matrix {
#{
# A somewhat long expires value is used to prevent outages
# in case this is unreachable due to network failure or
# due to the base domain's server completely dying.
#}
# expires 4h;
# default_type application/json;
# add_header Access-Control-Allow-Origin *;
# }
#}
#server {
# listen 9000 ssl;
# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
# server_name matrix.werefox.dev;
#
# root /etc/nginx/werefoxsoftware-subdomains/;
# client_max_body_size 300M;
#
# location / {
# proxy_pass http://matrix.werefox.dev:9005;
# }
#}
#server {
# listen 8222 ssl;
# ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
# server_name matrix.werefox.dev;
#
# root /etc/nginx/werefoxsoftware-subdomains/;
# client_max_body_size 300M;
#
# location / {
# proxy_pass http://matrix.werefox.dev:8228;
# }
#}

48
nginx/public/nextcloud.conf Normal file
View file

@ -0,0 +1,48 @@
##
# Nextcloud service.
##
server {
listen 80;
server_name cloud.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:9696;
proxy_redirect https://localhost:9696/ https://cloud.werefox.dev/;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name cloud.werefox.dev;
add_header Strict-Transport-Security 15552000;
client_max_body_size 250G;
location / {
proxy_pass http://localhost:9696;
proxy_redirect http:// https://;
proxy_redirect https://localhost:9696/ https://cloud.werefox.dev/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# werefoxsoftware.com Redirects
# server {
# listen 80;
# server_name cloud.werefoxsoftware.com;
# return 301 $scheme://cloud.werefox.dev$request_uri;
# }
#
# server {
# listen 443;
# server_name cloud.werefoxsoftware.com;
# return 301 $scheme://cloud.werefox.dev$request_uri;
# }

38
nginx/public/pina.conf Normal file
View file

@ -0,0 +1,38 @@
##
# Pinafore Front-end for Mastodon
##
server {
listen 80;
server_name pina.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:4002;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name pina.werefox.dev;
location / {
proxy_pass http://localhost:4002;
}
}
# werefoxsoftware.com Redirects
server {
listen 80;
server_name pina.werefoxsoftware.com;
return 301 $scheme://pina.werefox.dev$request_uri;
}
server {
listen 443;
server_name pina.werefoxsoftware.com;
return 301 $scheme://pina.werefox.dev$request_uri;
}

89
nginx/public/pleroma.conf Normal file
View file

@ -0,0 +1,89 @@
# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
server {
listen 80;
server_name pleroma.werefox.dev;
return 301 https://$server_name$request_uri;
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
# that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and
# that is is accessible by the webserver. You may need to load this file with the ssl
# server block commented out, run certbot to get the certificate, and then uncomment it.
#
# location ~ /\.well-known/acme-challenge {
# root <path to install>/pleroma/priv/static/;
# }
}
server {
listen 443 ssl http2;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
server_name pleroma.werefox.dev;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
location / {
# if you do not want remote frontends to be able to access your Pleroma backend
# server, remove these lines.
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
# stop removing lines here.
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
# Uncomment this only after you get HTTPS working.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://localhost:30303;
client_max_body_size 16m;
}
location /proxy {
proxy_cache pleroma_media_cache;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_pass http://localhost:30303;
}
}

38
nginx/public/portfolio.conf Normal file
View file

@ -0,0 +1,38 @@
##
# Portfolio service.
##
server {
listen 80;
server_name pf.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass http://localhost:8880;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name pf.werefox.dev;
location / {
proxy_pass http://localhost:8880;
}
}
# werefoxsoftware.com Redirects
server {
listen 80;
server_name pf.werefoxsoftware.com;
return 301 $scheme://pf.werefox.dev$request_uri;
}
server {
listen 443;
server_name pf.werefoxsoftware.com;
return 301 $scheme://pf.werefox.dev$request_uri;
}

25
nginx/public/riot-client.conf Normal file
View file

@ -0,0 +1,25 @@
##
# Riot-Client
##
server {
listen 80;
server_name riot.werefox.dev;
location / {
rewrite ^(.*)$ https://$host$1 permanent;
proxy_pass https://riot.werefox.dev;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
server_name riot.werefox.dev;
location / {
proxy_pass http://localhost:8808;
}
}

19
nginx/public/rundeck.conf Normal file
View file

@ -0,0 +1,19 @@
##
# Rundeck, Ansible front-end
##
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
ssl_certificate /etc/letsencrypt/live/werefox.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/werefox.dev/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/werefox.dev/dhparam.pem;
keepalive_timeout 70;
sendfile on;
location / {
proxy_pass http://localhost:4440;
}
}