Compare commits
	
		
			49 Commits
		
	
	
		
			bluebear
			...
			env-friend
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 2023d87e87 | |||
| da6dfcc4a2 | |||
| e379d852f0 | |||
| d39c70098a | |||
| 05dd6efc70 | |||
| e0758ee12e | |||
| d91e920219 | |||
| 6bf4eba59a | |||
| 4a4cd29472 | |||
| 9bb177a3bb | |||
| e1d25b6cc1 | |||
| 471e128d89 | |||
| bf72d2ea00 | |||
| ddd33967f5 | |||
| 5066d13bcc | |||
| 43f1db69d5 | |||
| ee4cd03dd9 | |||
| dc179598e7 | |||
| 21fad1fb0b | |||
| a455677073 | |||
| 326e1f6110 | |||
| 0d52538f12 | |||
| f281eb8943 | |||
| 757500d064 | |||
| d8ee0555ed | |||
| 4c7f53cbeb | |||
| 4256874a6b | |||
| 8ea09c6b36 | |||
| 19a1f964a1 | |||
| 323f6b4578 | |||
| ed14e678f2 | |||
| 7e213d0e50 | |||
| 9f444921e3 | |||
| bdebd12b2d | |||
| 01a4d40db4 | |||
| 4889a659a4 | |||
| a46f681282 | |||
| b4937f33d5 | |||
| 8a36db21f2 | |||
| 18df326262 | |||
| 6009e29bed | |||
| 2c01be4cad | |||
| 39d6020999 | |||
| 4acd5ed952 | |||
| 483e2f9447 | |||
| 7a67694769 | |||
| c68cf660bc | |||
| d453e00b5d | |||
| df2928513b | 
							
								
								
									
										5
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										5
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,5 +1,8 @@ | ||||
| *.j2 | ||||
| site/ | ||||
| letsencrypt/ | ||||
| letsencrypt_certs/ | ||||
| nginx.conf.default | ||||
| rojo.charlesreid1.com | ||||
| conf.d/ | ||||
| conf.d_templates/http.DOMAIN.conf | ||||
| conf.d_templates/https.DOMAIN.conf | ||||
|   | ||||
							
								
								
									
										100
									
								
								apply_templates.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								apply_templates.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | ||||
| import os, re, sys | ||||
| from jinja2 import Environment, FileSystemLoader, select_autoescape | ||||
|  | ||||
| """ | ||||
| Apply Default Values to Jinja Templates | ||||
|  | ||||
|  | ||||
| This script applies default values to  | ||||
| nginx configuration templates in the  | ||||
| conf.d_templates/ directory in order to | ||||
| create hard-coded default configuration files. | ||||
|  | ||||
| The configuration templates are useful for Ansible, | ||||
| but the hard-coded configuration files are useful | ||||
| for everyone else. | ||||
|  | ||||
| All configuration files are for charlesreid1.com | ||||
| docker pod, nginx, and realted infrastructure. | ||||
| """ | ||||
|  | ||||
|  | ||||
| # Where templates live | ||||
| TEMPLATEDIR = 'conf.d_templates' | ||||
|  | ||||
| # Where rendered templates will go | ||||
| #OUTDIR = 'conf.d_examples' | ||||
| OUTDIR = 'conf.d' | ||||
|  | ||||
| # Should existing files be overwritten | ||||
| OVERWRITE = True | ||||
|  | ||||
| # Template variables | ||||
| TV = { | ||||
|         'server_name_default':  'charlesreid1.com', | ||||
|  | ||||
|         # CHANGE THIS, OR THIS SCRIPT WILL NOT WORK | ||||
|         'nginx_subdomains_ip':  'localhost', | ||||
|  | ||||
|         'port_default':         '80', | ||||
|         'port_gitea':           '80', | ||||
|         'port_files':           '80', | ||||
|         'port_pages':           '80', | ||||
|         'port_hooks':           '80', | ||||
|         'port_bots':            '80', | ||||
|  | ||||
|         'port_ssl_default':     '443', | ||||
|         'port_ssl_gitea':       '443', | ||||
|         'port_ssl_files':       '443', | ||||
|         'port_ssl_pages':       '443', | ||||
|         'port_ssl_hooks':       '443', | ||||
|         'port_ssl_bots':        '443', | ||||
| } | ||||
|  | ||||
|  | ||||
|  | ||||
| def apply_templates(template_dir, output_dir, template_vars, overwrite=False): | ||||
|     """Apply the template variables to the template files | ||||
|     to create rendered nginx configuration files. | ||||
|     """ | ||||
|  | ||||
|     if not os.path.exists(output_dir): | ||||
|         msg = "Error: output dir %s does not exist!"%(output_dir) | ||||
|         raise Exception(msg) | ||||
|  | ||||
|     if not os.path.exists(template_dir): | ||||
|         msg = "Error: template dir %s does not exist!"%(output_dir) | ||||
|         raise Exception(msg) | ||||
|  | ||||
|     # Jinja env | ||||
|     env = Environment(loader=FileSystemLoader('conf.d_templates/')) | ||||
|  | ||||
|     # Render templates | ||||
|     render_files = ['http.DOMAIN.conf', 'https.DOMAIN.conf', 'https.DOMAIN.subdomains.conf'] | ||||
|     template_files = [f+'.j2' for f in render_files] | ||||
|  | ||||
|     render_files = [re.sub('DOMAIN',template_vars['server_name_default'],s) for s in render_files] | ||||
|  | ||||
|     for rfile,tfile in zip(render_files,template_files): | ||||
|  | ||||
|         # Get rendered template content | ||||
|         content = env.get_template(tfile).render(**template_vars) | ||||
|  | ||||
|         # Write to file | ||||
|         dest = os.path.join(output_dir,rfile) | ||||
|         if os.path.exists(dest) and overwrite is False: | ||||
|             msg = "Error: template rendering destination %s already exists!"%(dest) | ||||
|             raise Exception(msg) | ||||
|  | ||||
|         with open(dest,'w') as f: | ||||
|             f.write(content) | ||||
|  | ||||
|     print("Rendered the following templates:%s\nOutput files:%s\n"%( | ||||
|             "".join(["\n- "+os.path.join(template_dir,j) for j in template_files]), | ||||
|             "".join(["\n- "+os.path.join(output_dir,j) for j in render_files]) | ||||
|     )) | ||||
|  | ||||
|  | ||||
| if __name__=="__main__": | ||||
|     apply_templates(TEMPLATEDIR,OUTDIR,TV,OVERWRITE) | ||||
|  | ||||
							
								
								
									
										1
									
								
								conf.d/csp.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								conf.d/csp.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' 'unsafe-eval';"; | ||||
							
								
								
									
										1
									
								
								conf.d/giteacsp.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								conf.d/giteacsp.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' 'unsafe-eval';"; | ||||
							
								
								
									
										29
									
								
								conf.d/http.DOMAIN.conf.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								conf.d/http.DOMAIN.conf.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| #################### | ||||
| #  | ||||
| # {{ server_name_default }} | ||||
| # http/{{ port_default }} | ||||
| #  | ||||
| # basically, just redirects to https | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name {{ server_name_default }}; | ||||
|     return 301 https://{{ server_name_default }}$request_uri; | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name www.{{ server_name_default }}; | ||||
|     return 301 https://www.{{ server_name_default }}$request_uri; | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name git.{{ server_name_default }}; | ||||
|     return 301 https://git.{{ server_name_default }}$request_uri; | ||||
| } | ||||
| @@ -1,46 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.blue | ||||
| # http | ||||
| # 80 | ||||
| #  | ||||
| # basically, just redirects to https | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name charlesreid1.blue; | ||||
|     location / { | ||||
|         return 301 https://charlesreid1.blue$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name www.charlesreid1.blue; | ||||
|     location / { | ||||
|         return 301 https://www.charlesreid1.blue$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name git.charlesreid1.blue; | ||||
|     location / { | ||||
|         return 301 https://git.charlesreid1.blue$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name files.charlesreid1.blue; | ||||
|     location / { | ||||
|         return 301 https://files.charlesreid1.blue$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| @@ -1,76 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.com | ||||
| # http | ||||
| # 80 | ||||
| #  | ||||
| # basically, just redirects to https | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name charlesreid1.com; | ||||
|     location / { | ||||
|         return 301 https://charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name www.charlesreid1.com; | ||||
|     location / { | ||||
|         return 301 https://www.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name git.charlesreid1.com; | ||||
|     location / { | ||||
|         return 301 https://git.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name files.charlesreid1.com; | ||||
|     location / { | ||||
|         return 301 https://files.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name pages.charlesreid1.com; | ||||
|     port_in_redirect off; | ||||
|     location / { | ||||
|         return 301 https://pages.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name hooks.charlesreid1.com; | ||||
|     port_in_redirect off; | ||||
|     location / { | ||||
|         return 301 https://hooks.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name bots.charlesreid1.com; | ||||
|     port_in_redirect off; | ||||
|     location / { | ||||
|         return 301 https://bots.charlesreid1.com$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| @@ -1,46 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.red | ||||
| # http | ||||
| # 80 | ||||
| #  | ||||
| # basically, just redirects to https | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name charlesreid1.red; | ||||
|     location / { | ||||
|         return 301 https://charlesreid1.red$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name www.charlesreid1.red; | ||||
|     location / { | ||||
|         return 301 https://www.charlesreid1.red$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name git.charlesreid1.red; | ||||
|     location / { | ||||
|         return 301 https://git.charlesreid1.red$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 80; | ||||
|     listen [::]:80; | ||||
|     server_name files.charlesreid1.red; | ||||
|     location / { | ||||
|         return 301 https://files.charlesreid1.red$request_uri; | ||||
|     } | ||||
| } | ||||
|  | ||||
							
								
								
									
										111
									
								
								conf.d/https.DOMAIN.conf.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										111
									
								
								conf.d/https.DOMAIN.conf.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,111 @@ | ||||
| #################### | ||||
| # | ||||
| # {{ server_name_default }} | ||||
| # https/443 | ||||
| #  | ||||
| # {{ server_name_default }} and www.{{ server_name_default }} | ||||
| # should handle the following cases: | ||||
| # - w/ and wiki/ should reverse proxy story_mw | ||||
| # - gitea subdomain should reverse proxy stormy_gitea | ||||
| # | ||||
| #################### | ||||
|  | ||||
|  | ||||
| # default  | ||||
| server { | ||||
|     listen 443 ssl; | ||||
|     listen [::]:443 ssl; | ||||
|     server_name {{ server_name_default }} default_server; | ||||
|  | ||||
|     ssl_certificate /etc/letsencrypt/live/{{ server_name_default }}/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/{{ server_name_default }}/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|     include /etc/nginx/conf.d/secheaders.conf; | ||||
|     include /etc/nginx/conf.d/csp.conf; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/{{ server_name_default }}/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     # ~ means case-sensitive regex match, rather than string literal | ||||
|     # (ignores .git, .gitignore, etc.) | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| # www | ||||
| server { | ||||
|     listen 443 ssl; | ||||
|     listen [::]:443 ssl; | ||||
|     server_name www.{{ server_name_default }}; | ||||
|  | ||||
|     ssl_certificate /etc/letsencrypt/live/www.{{ server_name_default }}/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/www.{{ server_name_default }}/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|     include /etc/nginx/conf.d/secheaders.conf; | ||||
|     include /etc/nginx/conf.d/csp.conf; | ||||
|  | ||||
|     root /www/{{ server_name_default }}/htdocs; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| # gitea  | ||||
| server { | ||||
|     listen 443 ssl; | ||||
|     listen [::]:443 ssl; | ||||
|     server_name git.{{ server_name_default }}; | ||||
|  | ||||
|     ssl_certificate /etc/letsencrypt/live/git.{{ server_name_default }}/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/git.{{ server_name_default }}/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|     include /etc/nginx/conf.d/secheaders.conf; | ||||
|     include /etc/nginx/conf.d/giteacsp.conf; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_gitea:3000/; | ||||
|     } | ||||
| } | ||||
| @@ -1,165 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.blue | ||||
| # https | ||||
| # 443 | ||||
| #  | ||||
| # charlesreid1.blue and www.charlesreid1.blue | ||||
| # should handle the following cases: | ||||
| # - w/ and wiki/ should reverse proxy story_mw | ||||
| # - phpMyAdmin/ should reverse proxy stormy_myadmin | ||||
| # | ||||
| # git.charlesreid1.blue should handle: | ||||
| # - all requests should reverse proxy stormy_gitea | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     # https://charlesreid1.blue | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.blue/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /wiki { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     location /w { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     # ~ means case-sensitive regex match, rather than string literal | ||||
|     # (ignores .git, .gitignore, etc.) | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://www.charlesreid1.blue | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name www.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/www.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.blue/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://git.charlesreid1.blue | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name git.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/git.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_gitea:3000/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://files.charlesreid1.blue | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name files.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/files.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_files:8081/; | ||||
|     } | ||||
| } | ||||
| @@ -1,77 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.blue subdomains | ||||
| # redirecting to blackbeard: | ||||
| # - pages | ||||
| # - hooks | ||||
| # - bots | ||||
| # | ||||
| # krash = 45.56.87.232 | ||||
| # blackbeard = 206.189.212.168 | ||||
| # bluebear = 206.189.212.168 | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name pages.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         # https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7777; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name hooks.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7778; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://bots.charlesreid1.blue | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name bots.charlesreid1.blue; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.blue/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.blue/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7779; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -1,151 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.com | ||||
| # https | ||||
| # 443 | ||||
| #  | ||||
| # charlesreid1.com and www.charlesreid1.com | ||||
| # should handle the following cases: | ||||
| # - w/ and wiki/ should reverse proxy story_mw | ||||
| # - phpMyAdmin/ should reverse proxy stormy_myadmin | ||||
| # | ||||
| # git.charlesreid1.com should handle: | ||||
| # - all requests should reverse proxy stormy_gitea | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     # https://charlesreid1.com | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name charlesreid1.com default_server; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.com/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     # ~ means case-sensitive regex match, rather than string literal | ||||
|     # (ignores .git, .gitignore, etc.) | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://www.charlesreid1.com | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name www.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/www.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.com/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://git.charlesreid1.com | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name git.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/git.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_gitea:3000/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://files.charlesreid1.com | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name files.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/files.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_files:8081/; | ||||
|     } | ||||
| } | ||||
| @@ -1,131 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.com subdomains | ||||
| # redirecting to blackbeard: | ||||
| # - pages | ||||
| # - hooks | ||||
| # - bots | ||||
| # | ||||
| # krash = 45.56.87.232 | ||||
| # blackbeard = 206.189.212.168 | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name pages.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|     port_in_redirect off; | ||||
|  | ||||
|     location / { | ||||
|         # https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7777/; | ||||
|         proxy_redirect http://206.189.212.168:7777/ http://pages.charlesreid1.com/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name hooks.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     gzip              on; | ||||
|     gzip_http_version 1.0; | ||||
|     gzip_proxied      any; | ||||
|     gzip_min_length   500; | ||||
|     gzip_disable      "MSIE [1-6]\."; | ||||
|     gzip_types        text/plain text/xml text/css | ||||
|                       text/comma-separated-values | ||||
|                       text/javascript | ||||
|                       application/x-javascript | ||||
|                       application/atom+xml; | ||||
|  | ||||
|     location / { | ||||
|         # / takes user to static hooks subdomain page | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7778; | ||||
|     } | ||||
|  | ||||
|     location /webhook { | ||||
|         # /webhook* anything takes user to port 5000, api | ||||
|         proxy_set_header   X-Real-IP  $remote_addr; | ||||
|         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|         proxy_set_header   Host $host; | ||||
|         proxy_pass http://206.189.212.168:5000/webhook; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://bots.charlesreid1.com | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name bots.charlesreid1.com; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.com/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.com/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|     port_in_redirect off; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7779; | ||||
|         proxy_redirect http://206.189.212.168:7779/ http://bots.charlesreid1.com/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| #server { | ||||
| #    listen 443; | ||||
| #    listen [::]:443; | ||||
| #    server_name api.charlesreid1.com; | ||||
| # | ||||
| #    ssl on; | ||||
| #    ssl_certificate /etc/letsencrypt/live/api.charlesreid1.com/fullchain.pem; | ||||
| #    ssl_certificate_key /etc/letsencrypt/live/api.charlesreid1.com/privkey.pem; | ||||
| #    include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
| # | ||||
| #    client_max_body_size 100m; | ||||
| # | ||||
| #    location / { | ||||
| #        # / takes user to static api subdomain page | ||||
| #        proxy_set_header X-Real-IP  $remote_addr; | ||||
| #        proxy_set_header X-Forwarded-For $remote_addr; | ||||
| #        proxy_set_header Host $host; | ||||
| #        proxy_pass http://206.189.212.168:7780; | ||||
| #    } | ||||
| # | ||||
| #    #location ~ ^/[a-zA-Z0-9].* { | ||||
| #    #    # /anything else takes user to port 5000, api | ||||
| #    #    proxy_set_header X-Real-IP  $remote_addr; | ||||
| #    #    proxy_set_header X-Forwarded-Host $host:$server_port; | ||||
| #    #    proxy_set_header X-Forwarded-Server $host; | ||||
| #    #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
| #    #    proxy_set_header Host $host; | ||||
| #    #    proxy_pass http://206.189.212.168:5000; | ||||
| #    #} | ||||
| # | ||||
| #} | ||||
|  | ||||
| @@ -1,165 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.red | ||||
| # https | ||||
| # 443 | ||||
| # | ||||
| # charlesreid1.red and www.charlesreid1.red | ||||
| # should handle the following cases: | ||||
| # - w/ and wiki/ should reverse proxy story_mw | ||||
| # - phpMyAdmin/ should reverse proxy stormy_myadmin | ||||
| # | ||||
| # git.charlesreid1.red should handle: | ||||
| # - all requests should reverse proxy stormy_gitea | ||||
| #  | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     # https://charlesreid1.red | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.red/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /wiki { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     location /w { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     # ~ means case-sensitive regex match, rather than string literal | ||||
|     # (ignores .git, .gitignore, etc.) | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://www.charlesreid1.red | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name www.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/www.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         try_files $uri $uri/ =404; | ||||
|         root /www/charlesreid1.red/htdocs; | ||||
|         index index.html; | ||||
|     } | ||||
|  | ||||
|     location /wiki/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/wiki/; | ||||
|     } | ||||
|  | ||||
|     location /w/ { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_mw:8989/w/; | ||||
|     } | ||||
|  | ||||
|     #location /phpMyAdmin/ { | ||||
|     #    proxy_set_header X-Real-IP  $remote_addr; | ||||
|     #    proxy_set_header X-Forwarded-For $remote_addr; | ||||
|     #    proxy_set_header Host $host; | ||||
|     #    proxy_pass http://stormy_myadmin:80/; | ||||
|     #} | ||||
|  | ||||
|     location ~ /\.git { | ||||
|         deny all; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| server { | ||||
|     # https://git.charlesreid1.red | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name git.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/git.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_gitea:3000/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://files.charlesreid1.red | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name files.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/files.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://stormy_files:8081/; | ||||
|     } | ||||
| } | ||||
| @@ -1,76 +0,0 @@ | ||||
| #################### | ||||
| # | ||||
| # charlesreid1.red subdomains | ||||
| # redirecting to blackbeard: | ||||
| # - pages | ||||
| # - hooks | ||||
| # - bots | ||||
| # | ||||
| # krash = 45.56.87.232 | ||||
| # blackbeard = 206.189.212.168 | ||||
| # | ||||
| #################### | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name pages.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         # https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7777; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name hooks.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7778; | ||||
|     } | ||||
| } | ||||
|  | ||||
| server { | ||||
|     # https://bots.charlesreid1.red | ||||
|     listen 443; | ||||
|     listen [::]:443; | ||||
|     server_name bots.charlesreid1.red; | ||||
|  | ||||
|     ssl on; | ||||
|     ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.red/fullchain.pem; | ||||
|     ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.red/privkey.pem; | ||||
|     include /etc/letsencrypt/options-ssl-nginx.conf; | ||||
|  | ||||
|     client_max_body_size 100m; | ||||
|  | ||||
|     location / { | ||||
|         proxy_set_header X-Real-IP  $remote_addr; | ||||
|         proxy_set_header X-Forwarded-For $remote_addr; | ||||
|         proxy_set_header Host $host; | ||||
|         proxy_pass http://206.189.212.168:7779; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
							
								
								
									
										8
									
								
								conf.d/secheaders.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								conf.d/secheaders.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| server_tokens off; | ||||
|  | ||||
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; | ||||
| add_header X-Frame-Options SAMEORIGIN; | ||||
| add_header X-Content-Type-Options nosniff; | ||||
| add_header X-XSS-Protection "1; mode=block"; | ||||
|  | ||||
| client_max_body_size 100m; | ||||
							
								
								
									
										30
									
								
								scripts/clean_config.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								scripts/clean_config.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | ||||
| import glob | ||||
| import os | ||||
| import subprocess | ||||
|  | ||||
| """ | ||||
| Clean d-nginx-charlesreid1 conf.d directory | ||||
|  | ||||
|  | ||||
| This script cleans out the conf.d directory | ||||
| in the d-nginx-charlesreid1 repo. | ||||
|  | ||||
| This script should be run before you generate a new set | ||||
| of config files from the nginx config file templates in | ||||
| d-nginx-charlesreid1/conf.d_templates/ | ||||
|  | ||||
| This script cleans out all the config files in the folder | ||||
| d-nginx-charlesreid1/conf.d/ | ||||
|  | ||||
| That way there are no old config files to clash with the | ||||
| new ones. | ||||
| """ | ||||
|  | ||||
| HERE = os.path.abspath(os.path.dirname(__file__)) | ||||
| CONF = os.path.abspath(os.path.join(HERE,'..','conf.d')) | ||||
|  | ||||
| for f in glob.glob(os.path.join(CONF,"*.conf")): | ||||
|     if os.path.basename(f)!="_.conf": | ||||
|         cmd = ['rm','-fr',f] | ||||
|         subprocess.call(cmd) | ||||
|  | ||||
		Reference in New Issue
	
	Block a user