Compare commits
50 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1911785da4 | |||
| 2023d87e87 | |||
| da6dfcc4a2 | |||
| e379d852f0 | |||
| d39c70098a | |||
| 05dd6efc70 | |||
| e0758ee12e | |||
| d91e920219 | |||
| 6bf4eba59a | |||
| 4a4cd29472 | |||
| 9bb177a3bb | |||
| e1d25b6cc1 | |||
| 471e128d89 | |||
| bf72d2ea00 | |||
| ddd33967f5 | |||
| 5066d13bcc | |||
| 43f1db69d5 | |||
| ee4cd03dd9 | |||
| dc179598e7 | |||
| 21fad1fb0b | |||
| a455677073 | |||
| 326e1f6110 | |||
| 0d52538f12 | |||
| f281eb8943 | |||
| 757500d064 | |||
| d8ee0555ed | |||
| 4c7f53cbeb | |||
| 4256874a6b | |||
| 8ea09c6b36 | |||
| 19a1f964a1 | |||
| 323f6b4578 | |||
| ed14e678f2 | |||
| 7e213d0e50 | |||
| 9f444921e3 | |||
| bdebd12b2d | |||
| 01a4d40db4 | |||
| 4889a659a4 | |||
| a46f681282 | |||
| b4937f33d5 | |||
| 8a36db21f2 | |||
| 18df326262 | |||
| 6009e29bed | |||
| 2c01be4cad | |||
| 39d6020999 | |||
| 4acd5ed952 | |||
| 483e2f9447 | |||
| 7a67694769 | |||
| c68cf660bc | |||
| d453e00b5d | |||
| df2928513b |
5
.gitignore
vendored
5
.gitignore
vendored
@@ -1,5 +1,8 @@
|
||||
*.j2
|
||||
site/
|
||||
letsencrypt/
|
||||
letsencrypt_certs/
|
||||
nginx.conf.default
|
||||
rojo.charlesreid1.com
|
||||
conf.d/
|
||||
conf.d_templates/http.DOMAIN.conf
|
||||
conf.d_templates/https.DOMAIN.conf
|
||||
|
||||
100
apply_templates.py
Normal file
100
apply_templates.py
Normal file
@@ -0,0 +1,100 @@
|
||||
import os, re, sys
|
||||
from jinja2 import Environment, FileSystemLoader, select_autoescape
|
||||
|
||||
"""
|
||||
Apply Default Values to Jinja Templates
|
||||
|
||||
|
||||
This script applies default values to
|
||||
nginx configuration templates in the
|
||||
conf.d_templates/ directory in order to
|
||||
create hard-coded default configuration files.
|
||||
|
||||
The configuration templates are useful for Ansible,
|
||||
but the hard-coded configuration files are useful
|
||||
for everyone else.
|
||||
|
||||
All configuration files are for charlesreid1.com
|
||||
docker pod, nginx, and realted infrastructure.
|
||||
"""
|
||||
|
||||
|
||||
# Where templates live
|
||||
TEMPLATEDIR = 'conf.d_templates'
|
||||
|
||||
# Where rendered templates will go
|
||||
#OUTDIR = 'conf.d_examples'
|
||||
OUTDIR = 'conf.d'
|
||||
|
||||
# Should existing files be overwritten
|
||||
OVERWRITE = True
|
||||
|
||||
# Template variables
|
||||
TV = {
|
||||
'server_name_default': 'charlesreid1.com',
|
||||
|
||||
# CHANGE THIS, OR THIS SCRIPT WILL NOT WORK
|
||||
'nginx_subdomains_ip': 'localhost',
|
||||
|
||||
'port_default': '80',
|
||||
'port_gitea': '80',
|
||||
'port_files': '80',
|
||||
'port_pages': '80',
|
||||
'port_hooks': '80',
|
||||
'port_bots': '80',
|
||||
|
||||
'port_ssl_default': '443',
|
||||
'port_ssl_gitea': '443',
|
||||
'port_ssl_files': '443',
|
||||
'port_ssl_pages': '443',
|
||||
'port_ssl_hooks': '443',
|
||||
'port_ssl_bots': '443',
|
||||
}
|
||||
|
||||
|
||||
|
||||
def apply_templates(template_dir, output_dir, template_vars, overwrite=False):
|
||||
"""Apply the template variables to the template files
|
||||
to create rendered nginx configuration files.
|
||||
"""
|
||||
|
||||
if not os.path.exists(output_dir):
|
||||
msg = "Error: output dir %s does not exist!"%(output_dir)
|
||||
raise Exception(msg)
|
||||
|
||||
if not os.path.exists(template_dir):
|
||||
msg = "Error: template dir %s does not exist!"%(output_dir)
|
||||
raise Exception(msg)
|
||||
|
||||
# Jinja env
|
||||
env = Environment(loader=FileSystemLoader('conf.d_templates/'))
|
||||
|
||||
# Render templates
|
||||
render_files = ['http.DOMAIN.conf', 'https.DOMAIN.conf', 'https.DOMAIN.subdomains.conf']
|
||||
template_files = [f+'.j2' for f in render_files]
|
||||
|
||||
render_files = [re.sub('DOMAIN',template_vars['server_name_default'],s) for s in render_files]
|
||||
|
||||
for rfile,tfile in zip(render_files,template_files):
|
||||
|
||||
# Get rendered template content
|
||||
content = env.get_template(tfile).render(**template_vars)
|
||||
|
||||
# Write to file
|
||||
dest = os.path.join(output_dir,rfile)
|
||||
if os.path.exists(dest) and overwrite is False:
|
||||
msg = "Error: template rendering destination %s already exists!"%(dest)
|
||||
raise Exception(msg)
|
||||
|
||||
with open(dest,'w') as f:
|
||||
f.write(content)
|
||||
|
||||
print("Rendered the following templates:%s\nOutput files:%s\n"%(
|
||||
"".join(["\n- "+os.path.join(template_dir,j) for j in template_files]),
|
||||
"".join(["\n- "+os.path.join(output_dir,j) for j in render_files])
|
||||
))
|
||||
|
||||
|
||||
if __name__=="__main__":
|
||||
apply_templates(TEMPLATEDIR,OUTDIR,TV,OVERWRITE)
|
||||
|
||||
1
conf.d/csp.conf
Normal file
1
conf.d/csp.conf
Normal file
@@ -0,0 +1 @@
|
||||
add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' 'unsafe-eval';";
|
||||
1
conf.d/giteacsp.conf
Normal file
1
conf.d/giteacsp.conf
Normal file
@@ -0,0 +1 @@
|
||||
add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' 'unsafe-eval';";
|
||||
29
conf.d/http.DOMAIN.conf.j2
Normal file
29
conf.d/http.DOMAIN.conf.j2
Normal file
@@ -0,0 +1,29 @@
|
||||
####################
|
||||
#
|
||||
# {{ server_name_default }}
|
||||
# http/{{ port_default }}
|
||||
#
|
||||
# basically, just redirects to https
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ server_name_default }};
|
||||
return 301 https://{{ server_name_default }}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.{{ server_name_default }};
|
||||
return 301 https://www.{{ server_name_default }}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name git.{{ server_name_default }};
|
||||
return 301 https://git.{{ server_name_default }}$request_uri;
|
||||
}
|
||||
@@ -1,46 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.blue
|
||||
# http
|
||||
# 80
|
||||
#
|
||||
# basically, just redirects to https
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name charlesreid1.blue;
|
||||
location / {
|
||||
return 301 https://charlesreid1.blue$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.charlesreid1.blue;
|
||||
location / {
|
||||
return 301 https://www.charlesreid1.blue$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name git.charlesreid1.blue;
|
||||
location / {
|
||||
return 301 https://git.charlesreid1.blue$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name files.charlesreid1.blue;
|
||||
location / {
|
||||
return 301 https://files.charlesreid1.blue$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.com
|
||||
# http
|
||||
# 80
|
||||
#
|
||||
# basically, just redirects to https
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name charlesreid1.com;
|
||||
location / {
|
||||
return 301 https://charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.charlesreid1.com;
|
||||
location / {
|
||||
return 301 https://www.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name git.charlesreid1.com;
|
||||
location / {
|
||||
return 301 https://git.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name files.charlesreid1.com;
|
||||
location / {
|
||||
return 301 https://files.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name pages.charlesreid1.com;
|
||||
port_in_redirect off;
|
||||
location / {
|
||||
return 301 https://pages.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name hooks.charlesreid1.com;
|
||||
port_in_redirect off;
|
||||
location / {
|
||||
return 301 https://hooks.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name bots.charlesreid1.com;
|
||||
port_in_redirect off;
|
||||
location / {
|
||||
return 301 https://bots.charlesreid1.com$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.red
|
||||
# http
|
||||
# 80
|
||||
#
|
||||
# basically, just redirects to https
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name charlesreid1.red;
|
||||
location / {
|
||||
return 301 https://charlesreid1.red$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.charlesreid1.red;
|
||||
location / {
|
||||
return 301 https://www.charlesreid1.red$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name git.charlesreid1.red;
|
||||
location / {
|
||||
return 301 https://git.charlesreid1.red$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name files.charlesreid1.red;
|
||||
location / {
|
||||
return 301 https://files.charlesreid1.red$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
111
conf.d/https.DOMAIN.conf.j2
Normal file
111
conf.d/https.DOMAIN.conf.j2
Normal file
@@ -0,0 +1,111 @@
|
||||
####################
|
||||
#
|
||||
# {{ server_name_default }}
|
||||
# https/443
|
||||
#
|
||||
# {{ server_name_default }} and www.{{ server_name_default }}
|
||||
# should handle the following cases:
|
||||
# - w/ and wiki/ should reverse proxy story_mw
|
||||
# - gitea subdomain should reverse proxy stormy_gitea
|
||||
#
|
||||
####################
|
||||
|
||||
|
||||
# default
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name {{ server_name_default }} default_server;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ server_name_default }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ server_name_default }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
include /etc/nginx/conf.d/secheaders.conf;
|
||||
include /etc/nginx/conf.d/csp.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/{{ server_name_default }}/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
# ~ means case-sensitive regex match, rather than string literal
|
||||
# (ignores .git, .gitignore, etc.)
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# www
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.{{ server_name_default }};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/www.{{ server_name_default }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.{{ server_name_default }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
include /etc/nginx/conf.d/secheaders.conf;
|
||||
include /etc/nginx/conf.d/csp.conf;
|
||||
|
||||
root /www/{{ server_name_default }}/htdocs;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# gitea
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name git.{{ server_name_default }};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/git.{{ server_name_default }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.{{ server_name_default }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
include /etc/nginx/conf.d/secheaders.conf;
|
||||
include /etc/nginx/conf.d/giteacsp.conf;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_gitea:3000/;
|
||||
}
|
||||
}
|
||||
@@ -1,165 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.blue
|
||||
# https
|
||||
# 443
|
||||
#
|
||||
# charlesreid1.blue and www.charlesreid1.blue
|
||||
# should handle the following cases:
|
||||
# - w/ and wiki/ should reverse proxy story_mw
|
||||
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
||||
#
|
||||
# git.charlesreid1.blue should handle:
|
||||
# - all requests should reverse proxy stormy_gitea
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
# https://charlesreid1.blue
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.blue/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /wiki {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
location /w {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
# ~ means case-sensitive regex match, rather than string literal
|
||||
# (ignores .git, .gitignore, etc.)
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://www.charlesreid1.blue
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name www.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.blue/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://git.charlesreid1.blue
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name git.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_gitea:3000/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://files.charlesreid1.blue
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name files.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_files:8081/;
|
||||
}
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.blue subdomains
|
||||
# redirecting to blackbeard:
|
||||
# - pages
|
||||
# - hooks
|
||||
# - bots
|
||||
#
|
||||
# krash = 45.56.87.232
|
||||
# blackbeard = 206.189.212.168
|
||||
# bluebear = 206.189.212.168
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name pages.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7777;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name hooks.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7778;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://bots.charlesreid1.blue
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name bots.charlesreid1.blue;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.blue/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.blue/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7779;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,151 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.com
|
||||
# https
|
||||
# 443
|
||||
#
|
||||
# charlesreid1.com and www.charlesreid1.com
|
||||
# should handle the following cases:
|
||||
# - w/ and wiki/ should reverse proxy story_mw
|
||||
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
||||
#
|
||||
# git.charlesreid1.com should handle:
|
||||
# - all requests should reverse proxy stormy_gitea
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
# https://charlesreid1.com
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name charlesreid1.com default_server;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.com/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
# ~ means case-sensitive regex match, rather than string literal
|
||||
# (ignores .git, .gitignore, etc.)
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://www.charlesreid1.com
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name www.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.com/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://git.charlesreid1.com
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name git.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_gitea:3000/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://files.charlesreid1.com
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name files.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_files:8081/;
|
||||
}
|
||||
}
|
||||
@@ -1,131 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.com subdomains
|
||||
# redirecting to blackbeard:
|
||||
# - pages
|
||||
# - hooks
|
||||
# - bots
|
||||
#
|
||||
# krash = 45.56.87.232
|
||||
# blackbeard = 206.189.212.168
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name pages.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
port_in_redirect off;
|
||||
|
||||
location / {
|
||||
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7777/;
|
||||
proxy_redirect http://206.189.212.168:7777/ http://pages.charlesreid1.com/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name hooks.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
gzip on;
|
||||
gzip_http_version 1.0;
|
||||
gzip_proxied any;
|
||||
gzip_min_length 500;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
gzip_types text/plain text/xml text/css
|
||||
text/comma-separated-values
|
||||
text/javascript
|
||||
application/x-javascript
|
||||
application/atom+xml;
|
||||
|
||||
location / {
|
||||
# / takes user to static hooks subdomain page
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7778;
|
||||
}
|
||||
|
||||
location /webhook {
|
||||
# /webhook* anything takes user to port 5000, api
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:5000/webhook;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://bots.charlesreid1.com
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name bots.charlesreid1.com;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
port_in_redirect off;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7779;
|
||||
proxy_redirect http://206.189.212.168:7779/ http://bots.charlesreid1.com/;
|
||||
}
|
||||
}
|
||||
|
||||
#server {
|
||||
# listen 443;
|
||||
# listen [::]:443;
|
||||
# server_name api.charlesreid1.com;
|
||||
#
|
||||
# ssl on;
|
||||
# ssl_certificate /etc/letsencrypt/live/api.charlesreid1.com/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/api.charlesreid1.com/privkey.pem;
|
||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
#
|
||||
# client_max_body_size 100m;
|
||||
#
|
||||
# location / {
|
||||
# # / takes user to static api subdomain page
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://206.189.212.168:7780;
|
||||
# }
|
||||
#
|
||||
# #location ~ ^/[a-zA-Z0-9].* {
|
||||
# # # /anything else takes user to port 5000, api
|
||||
# # proxy_set_header X-Real-IP $remote_addr;
|
||||
# # proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
# # proxy_set_header X-Forwarded-Server $host;
|
||||
# # proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# # proxy_set_header Host $host;
|
||||
# # proxy_pass http://206.189.212.168:5000;
|
||||
# #}
|
||||
#
|
||||
#}
|
||||
|
||||
@@ -1,165 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.red
|
||||
# https
|
||||
# 443
|
||||
#
|
||||
# charlesreid1.red and www.charlesreid1.red
|
||||
# should handle the following cases:
|
||||
# - w/ and wiki/ should reverse proxy story_mw
|
||||
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
||||
#
|
||||
# git.charlesreid1.red should handle:
|
||||
# - all requests should reverse proxy stormy_gitea
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
# https://charlesreid1.red
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.red/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /wiki {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
location /w {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
# ~ means case-sensitive regex match, rather than string literal
|
||||
# (ignores .git, .gitignore, etc.)
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://www.charlesreid1.red
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name www.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
root /www/charlesreid1.red/htdocs;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /wiki/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/wiki/;
|
||||
}
|
||||
|
||||
location /w/ {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_mw:8989/w/;
|
||||
}
|
||||
|
||||
#location /phpMyAdmin/ {
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_pass http://stormy_myadmin:80/;
|
||||
#}
|
||||
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
# https://git.charlesreid1.red
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name git.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_gitea:3000/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://files.charlesreid1.red
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name files.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://stormy_files:8081/;
|
||||
}
|
||||
}
|
||||
@@ -1,76 +0,0 @@
|
||||
####################
|
||||
#
|
||||
# charlesreid1.red subdomains
|
||||
# redirecting to blackbeard:
|
||||
# - pages
|
||||
# - hooks
|
||||
# - bots
|
||||
#
|
||||
# krash = 45.56.87.232
|
||||
# blackbeard = 206.189.212.168
|
||||
#
|
||||
####################
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name pages.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7777;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name hooks.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7778;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# https://bots.charlesreid1.red
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
server_name bots.charlesreid1.red;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.red/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.red/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://206.189.212.168:7779;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
8
conf.d/secheaders.conf
Normal file
8
conf.d/secheaders.conf
Normal file
@@ -0,0 +1,8 @@
|
||||
server_tokens off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
client_max_body_size 100m;
|
||||
30
scripts/clean_config.py
Normal file
30
scripts/clean_config.py
Normal file
@@ -0,0 +1,30 @@
|
||||
import glob
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
"""
|
||||
Clean d-nginx-charlesreid1 conf.d directory
|
||||
|
||||
|
||||
This script cleans out the conf.d directory
|
||||
in the d-nginx-charlesreid1 repo.
|
||||
|
||||
This script should be run before you generate a new set
|
||||
of config files from the nginx config file templates in
|
||||
d-nginx-charlesreid1/conf.d_templates/
|
||||
|
||||
This script cleans out all the config files in the folder
|
||||
d-nginx-charlesreid1/conf.d/
|
||||
|
||||
That way there are no old config files to clash with the
|
||||
new ones.
|
||||
"""
|
||||
|
||||
HERE = os.path.abspath(os.path.dirname(__file__))
|
||||
CONF = os.path.abspath(os.path.join(HERE,'..','conf.d'))
|
||||
|
||||
for f in glob.glob(os.path.join(CONF,"*.conf")):
|
||||
if os.path.basename(f)!="_.conf":
|
||||
cmd = ['rm','-fr',f]
|
||||
subprocess.call(cmd)
|
||||
|
||||
Reference in New Issue
Block a user