Compare commits
40 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9bb177a3bb | |||
| e1d25b6cc1 | |||
| 471e128d89 | |||
| bf72d2ea00 | |||
| ddd33967f5 | |||
| 5066d13bcc | |||
| 43f1db69d5 | |||
| ee4cd03dd9 | |||
| dc179598e7 | |||
| 21fad1fb0b | |||
| a455677073 | |||
| 326e1f6110 | |||
| 0d52538f12 | |||
| f281eb8943 | |||
| 757500d064 | |||
| d8ee0555ed | |||
| 4c7f53cbeb | |||
| 4256874a6b | |||
| 8ea09c6b36 | |||
| 19a1f964a1 | |||
| 323f6b4578 | |||
| ed14e678f2 | |||
| 7e213d0e50 | |||
| 9f444921e3 | |||
| bdebd12b2d | |||
| 01a4d40db4 | |||
| 4889a659a4 | |||
| a46f681282 | |||
| b4937f33d5 | |||
| 8a36db21f2 | |||
| 18df326262 | |||
| 6009e29bed | |||
| 2c01be4cad | |||
| 39d6020999 | |||
| 4acd5ed952 | |||
| 483e2f9447 | |||
| 7a67694769 | |||
| c68cf660bc | |||
| d453e00b5d | |||
| df2928513b |
2
.gitignore
vendored
2
.gitignore
vendored
@@ -2,4 +2,4 @@ site/
|
|||||||
letsencrypt/
|
letsencrypt/
|
||||||
letsencrypt_certs/
|
letsencrypt_certs/
|
||||||
nginx.conf.default
|
nginx.conf.default
|
||||||
rojo.charlesreid1.com
|
conf.d/
|
||||||
|
|||||||
100
apply_templates.py
Normal file
100
apply_templates.py
Normal file
@@ -0,0 +1,100 @@
|
|||||||
|
import os, re, sys
|
||||||
|
from jinja2 import Environment, FileSystemLoader, select_autoescape
|
||||||
|
|
||||||
|
"""
|
||||||
|
Apply Default Values to Jinja Templates
|
||||||
|
|
||||||
|
|
||||||
|
This script applies default values to
|
||||||
|
nginx configuration templates in the
|
||||||
|
conf.d_templates/ directory in order to
|
||||||
|
create hard-coded default configuration files.
|
||||||
|
|
||||||
|
The configuration templates are useful for Ansible,
|
||||||
|
but the hard-coded configuration files are useful
|
||||||
|
for everyone else.
|
||||||
|
|
||||||
|
All configuration files are for charlesreid1.com
|
||||||
|
docker pod, nginx, and realted infrastructure.
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
# Where templates live
|
||||||
|
TEMPLATEDIR = 'conf.d_templates'
|
||||||
|
|
||||||
|
# Where rendered templates will go
|
||||||
|
#OUTDIR = 'conf.d_examples'
|
||||||
|
OUTDIR = 'conf.d'
|
||||||
|
|
||||||
|
# Should existing files be overwritten
|
||||||
|
OVERWRITE = True
|
||||||
|
|
||||||
|
# Template variables
|
||||||
|
TV = {
|
||||||
|
'server_name_default': 'charlesreid1.com',
|
||||||
|
|
||||||
|
# CHANGE THIS, OR THIS SCRIPT WILL NOT WORK
|
||||||
|
'nginx_subdomains_ip': 'localhost',
|
||||||
|
|
||||||
|
'port_default': '80',
|
||||||
|
'port_gitea': '80',
|
||||||
|
'port_files': '80',
|
||||||
|
'port_pages': '80',
|
||||||
|
'port_hooks': '80',
|
||||||
|
'port_bots': '80',
|
||||||
|
|
||||||
|
'port_ssl_default': '443',
|
||||||
|
'port_ssl_gitea': '443',
|
||||||
|
'port_ssl_files': '443',
|
||||||
|
'port_ssl_pages': '443',
|
||||||
|
'port_ssl_hooks': '443',
|
||||||
|
'port_ssl_bots': '443',
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def apply_templates(template_dir, output_dir, template_vars, overwrite=False):
|
||||||
|
"""Apply the template variables to the template files
|
||||||
|
to create rendered nginx configuration files.
|
||||||
|
"""
|
||||||
|
|
||||||
|
if not os.path.exists(output_dir):
|
||||||
|
msg = "Error: output dir %s does not exist!"%(output_dir)
|
||||||
|
raise Exception(msg)
|
||||||
|
|
||||||
|
if not os.path.exists(template_dir):
|
||||||
|
msg = "Error: template dir %s does not exist!"%(output_dir)
|
||||||
|
raise Exception(msg)
|
||||||
|
|
||||||
|
# Jinja env
|
||||||
|
env = Environment(loader=FileSystemLoader('conf.d_templates/'))
|
||||||
|
|
||||||
|
# Render templates
|
||||||
|
render_files = ['http.DOMAIN.conf', 'https.DOMAIN.conf', 'https.DOMAIN.subdomains.conf']
|
||||||
|
template_files = [f+'.j2' for f in render_files]
|
||||||
|
|
||||||
|
render_files = [re.sub('DOMAIN',template_vars['server_name_default'],s) for s in render_files]
|
||||||
|
|
||||||
|
for rfile,tfile in zip(render_files,template_files):
|
||||||
|
|
||||||
|
# Get rendered template content
|
||||||
|
content = env.get_template(tfile).render(**template_vars)
|
||||||
|
|
||||||
|
# Write to file
|
||||||
|
dest = os.path.join(output_dir,rfile)
|
||||||
|
if os.path.exists(dest) and overwrite is False:
|
||||||
|
msg = "Error: template rendering destination %s already exists!"%(dest)
|
||||||
|
raise Exception(msg)
|
||||||
|
|
||||||
|
with open(dest,'w') as f:
|
||||||
|
f.write(content)
|
||||||
|
|
||||||
|
print("Rendered the following templates:%s\nOutput files:%s\n"%(
|
||||||
|
"".join(["\n- "+os.path.join(template_dir,j) for j in template_files]),
|
||||||
|
"".join(["\n- "+os.path.join(output_dir,j) for j in render_files])
|
||||||
|
))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__=="__main__":
|
||||||
|
apply_templates(TEMPLATEDIR,OUTDIR,TV,OVERWRITE)
|
||||||
|
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
####################
|
|
||||||
#
|
|
||||||
# charlesreid1.blue
|
|
||||||
# http
|
|
||||||
# 80
|
|
||||||
#
|
|
||||||
# basically, just redirects to https
|
|
||||||
#
|
|
||||||
####################
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name charlesreid1.blue;
|
|
||||||
location / {
|
|
||||||
return 301 https://charlesreid1.blue$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name www.charlesreid1.blue;
|
|
||||||
location / {
|
|
||||||
return 301 https://www.charlesreid1.blue$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name git.charlesreid1.blue;
|
|
||||||
location / {
|
|
||||||
return 301 https://git.charlesreid1.blue$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name files.charlesreid1.blue;
|
|
||||||
location / {
|
|
||||||
return 301 https://files.charlesreid1.blue$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
####################
|
|
||||||
#
|
|
||||||
# charlesreid1.red
|
|
||||||
# http
|
|
||||||
# 80
|
|
||||||
#
|
|
||||||
# basically, just redirects to https
|
|
||||||
#
|
|
||||||
####################
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name charlesreid1.red;
|
|
||||||
location / {
|
|
||||||
return 301 https://charlesreid1.red$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name www.charlesreid1.red;
|
|
||||||
location / {
|
|
||||||
return 301 https://www.charlesreid1.red$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name git.charlesreid1.red;
|
|
||||||
location / {
|
|
||||||
return 301 https://git.charlesreid1.red$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name files.charlesreid1.red;
|
|
||||||
location / {
|
|
||||||
return 301 https://files.charlesreid1.red$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,165 +0,0 @@
|
|||||||
####################
|
|
||||||
#
|
|
||||||
# charlesreid1.blue
|
|
||||||
# https
|
|
||||||
# 443
|
|
||||||
#
|
|
||||||
# charlesreid1.blue and www.charlesreid1.blue
|
|
||||||
# should handle the following cases:
|
|
||||||
# - w/ and wiki/ should reverse proxy story_mw
|
|
||||||
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
|
||||||
#
|
|
||||||
# git.charlesreid1.blue should handle:
|
|
||||||
# - all requests should reverse proxy stormy_gitea
|
|
||||||
#
|
|
||||||
####################
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://charlesreid1.blue
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
root /www/charlesreid1.blue/htdocs;
|
|
||||||
index index.html;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /wiki/ {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/wiki/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /wiki {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/wiki;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /w/ {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/w/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /w {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/w;
|
|
||||||
}
|
|
||||||
|
|
||||||
#location /phpMyAdmin/ {
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
# proxy_set_header Host $host;
|
|
||||||
# proxy_pass http://stormy_myadmin:80/;
|
|
||||||
#}
|
|
||||||
|
|
||||||
# ~ means case-sensitive regex match, rather than string literal
|
|
||||||
# (ignores .git, .gitignore, etc.)
|
|
||||||
location ~ /\.git {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://www.charlesreid1.blue
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name www.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
root /www/charlesreid1.blue/htdocs;
|
|
||||||
index index.html;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /wiki/ {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/wiki/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /w/ {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/w/;
|
|
||||||
}
|
|
||||||
|
|
||||||
#location /phpMyAdmin/ {
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
# proxy_set_header Host $host;
|
|
||||||
# proxy_pass http://stormy_myadmin:80/;
|
|
||||||
#}
|
|
||||||
|
|
||||||
location ~ /\.git {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://git.charlesreid1.blue
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name git.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_gitea:3000/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://files.charlesreid1.blue
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name files.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_files:8081/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
####################
|
|
||||||
#
|
|
||||||
# charlesreid1.blue subdomains
|
|
||||||
# redirecting to blackbeard:
|
|
||||||
# - pages
|
|
||||||
# - hooks
|
|
||||||
# - bots
|
|
||||||
#
|
|
||||||
# krash = 45.56.87.232
|
|
||||||
# blackbeard = 206.189.212.168
|
|
||||||
# bluebear = 206.189.212.168
|
|
||||||
#
|
|
||||||
####################
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name pages.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7777;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name hooks.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7778;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://bots.charlesreid1.blue
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name bots.charlesreid1.blue;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.blue/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.blue/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7779;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
####################
|
|
||||||
#
|
|
||||||
# charlesreid1.red subdomains
|
|
||||||
# redirecting to blackbeard:
|
|
||||||
# - pages
|
|
||||||
# - hooks
|
|
||||||
# - bots
|
|
||||||
#
|
|
||||||
# krash = 45.56.87.232
|
|
||||||
# blackbeard = 206.189.212.168
|
|
||||||
#
|
|
||||||
####################
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name pages.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.red/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7777;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name hooks.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.red/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7778;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
# https://bots.charlesreid1.red
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name bots.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.red/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://206.189.212.168:7779;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,8 +1,7 @@
|
|||||||
####################
|
####################
|
||||||
#
|
#
|
||||||
# charlesreid1.com
|
# charlesreid1.com
|
||||||
# http
|
# http/80
|
||||||
# 80
|
|
||||||
#
|
#
|
||||||
# basically, just redirects to https
|
# basically, just redirects to https
|
||||||
#
|
#
|
||||||
@@ -35,20 +34,10 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name files.charlesreid1.com;
|
|
||||||
location / {
|
|
||||||
return 301 https://files.charlesreid1.com$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name pages.charlesreid1.com;
|
server_name pages.charlesreid1.com;
|
||||||
port_in_redirect off;
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://pages.charlesreid1.com$request_uri;
|
return 301 https://pages.charlesreid1.com$request_uri;
|
||||||
}
|
}
|
||||||
@@ -58,7 +47,6 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name hooks.charlesreid1.com;
|
server_name hooks.charlesreid1.com;
|
||||||
port_in_redirect off;
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://hooks.charlesreid1.com$request_uri;
|
return 301 https://hooks.charlesreid1.com$request_uri;
|
||||||
}
|
}
|
||||||
@@ -68,9 +56,16 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name bots.charlesreid1.com;
|
server_name bots.charlesreid1.com;
|
||||||
port_in_redirect off;
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://bots.charlesreid1.com$request_uri;
|
return 301 https://bots.charlesreid1.com$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
### server {
|
||||||
|
### listen 80;
|
||||||
|
### listen [::]:80;
|
||||||
|
### server_name files.charlesreid1.com;
|
||||||
|
### location / {
|
||||||
|
### return 301 https://files.charlesreid1.com$request_uri;
|
||||||
|
### }
|
||||||
|
### }
|
||||||
@@ -1,8 +1,7 @@
|
|||||||
####################
|
####################
|
||||||
#
|
#
|
||||||
# charlesreid1.com
|
# charlesreid1.com
|
||||||
# https
|
# https/443
|
||||||
# 443
|
|
||||||
#
|
#
|
||||||
# charlesreid1.com and www.charlesreid1.com
|
# charlesreid1.com and www.charlesreid1.com
|
||||||
# should handle the following cases:
|
# should handle the following cases:
|
||||||
@@ -14,13 +13,13 @@
|
|||||||
#
|
#
|
||||||
####################
|
####################
|
||||||
|
|
||||||
|
|
||||||
|
# default
|
||||||
server {
|
server {
|
||||||
# https://charlesreid1.com
|
listen 443 ssl;
|
||||||
listen 443;
|
listen [::]:443 ssl;
|
||||||
listen [::]:443;
|
|
||||||
server_name charlesreid1.com default_server;
|
server_name charlesreid1.com default_server;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
@@ -62,22 +61,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# www
|
||||||
server {
|
server {
|
||||||
# https://www.charlesreid1.com
|
listen 443 ssl;
|
||||||
listen 443;
|
listen [::]:443 ssl;
|
||||||
listen [::]:443;
|
|
||||||
server_name www.charlesreid1.com;
|
server_name www.charlesreid1.com;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|
||||||
|
root /www/charlesreid1.com/htdocs;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
root /www/charlesreid1.com/htdocs;
|
|
||||||
index index.html;
|
index index.html;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -108,13 +107,12 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# gitea
|
||||||
server {
|
server {
|
||||||
# https://git.charlesreid1.com
|
listen 443 ssl;
|
||||||
listen 443;
|
listen [::]:443 ssl;
|
||||||
listen [::]:443;
|
|
||||||
server_name git.charlesreid1.com;
|
server_name git.charlesreid1.com;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
@@ -129,23 +127,22 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
### # files
|
||||||
# https://files.charlesreid1.com
|
### server {
|
||||||
listen 443;
|
### listen 443 ssl;
|
||||||
listen [::]:443;
|
### listen [::]:443 ssl;
|
||||||
server_name files.charlesreid1.com;
|
### server_name files.charlesreid1.com;
|
||||||
|
###
|
||||||
ssl on;
|
### ssl_certificate /etc/letsencrypt/live/files.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.com/fullchain.pem;
|
### ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.com/privkey.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.com/privkey.pem;
|
### include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
###
|
||||||
|
### client_max_body_size 100m;
|
||||||
client_max_body_size 100m;
|
###
|
||||||
|
### location / {
|
||||||
location / {
|
### proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
### proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
### proxy_set_header Host $host;
|
||||||
proxy_set_header Host $host;
|
### proxy_pass http://stormy_files:8081/;
|
||||||
proxy_pass http://stormy_files:8081/;
|
### }
|
||||||
}
|
### }
|
||||||
}
|
|
||||||
@@ -1,22 +1,26 @@
|
|||||||
####################
|
####################
|
||||||
#
|
#
|
||||||
|
# charlesreid1.com
|
||||||
|
# https/443
|
||||||
|
#
|
||||||
# charlesreid1.com subdomains
|
# charlesreid1.com subdomains
|
||||||
# redirecting to blackbeard:
|
# reverse-proxied by the server
|
||||||
# - pages
|
# running pod-webhooks.
|
||||||
# - hooks
|
# - pages.charlesreid1.com
|
||||||
# - bots
|
# - hooks.charlesreid1.com
|
||||||
#
|
# - bots.charlesreid1.com
|
||||||
# krash = 45.56.87.232
|
|
||||||
# blackbeard = 206.189.212.168
|
|
||||||
#
|
#
|
||||||
|
# address of pod-webhooks server:
|
||||||
|
# localhost
|
||||||
####################
|
####################
|
||||||
|
|
||||||
|
|
||||||
|
# pages
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443 ssl;
|
||||||
listen [::]:443;
|
listen [::]:443 ssl;
|
||||||
server_name pages.charlesreid1.com;
|
server_name pages.charlesreid1.com;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/pages.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/pages.charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
@@ -29,17 +33,17 @@ server {
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass http://206.189.212.168:7777/;
|
proxy_pass http://localhost:7777/;
|
||||||
proxy_redirect http://206.189.212.168:7777/ http://pages.charlesreid1.com/;
|
proxy_redirect http://localhost:7777/ http://pages.charlesreid1.com/;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# webhooks
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443 ssl;
|
||||||
listen [::]:443;
|
listen [::]:443 ssl;
|
||||||
server_name hooks.charlesreid1.com;
|
server_name hooks.charlesreid1.com;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/hooks.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/hooks.charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
@@ -62,7 +66,7 @@ server {
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass http://206.189.212.168:7778;
|
proxy_pass http://localhost:7778;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /webhook {
|
location /webhook {
|
||||||
@@ -70,17 +74,16 @@ server {
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass http://206.189.212.168:5000/webhook;
|
proxy_pass http://localhost:5000/webhook;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# bots
|
||||||
server {
|
server {
|
||||||
# https://bots.charlesreid1.com
|
listen 443 ssl;
|
||||||
listen 443;
|
listen [::]:443 ssl;
|
||||||
listen [::]:443;
|
|
||||||
server_name bots.charlesreid1.com;
|
server_name bots.charlesreid1.com;
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/bots.charlesreid1.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/bots.charlesreid1.com/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
@@ -92,40 +95,7 @@ server {
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass http://206.189.212.168:7779;
|
proxy_pass http://localhost:7779;
|
||||||
proxy_redirect http://206.189.212.168:7779/ http://bots.charlesreid1.com/;
|
proxy_redirect http://localhost:7779/ http://bots.charlesreid1.com/;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#server {
|
|
||||||
# listen 443;
|
|
||||||
# listen [::]:443;
|
|
||||||
# server_name api.charlesreid1.com;
|
|
||||||
#
|
|
||||||
# ssl on;
|
|
||||||
# ssl_certificate /etc/letsencrypt/live/api.charlesreid1.com/fullchain.pem;
|
|
||||||
# ssl_certificate_key /etc/letsencrypt/live/api.charlesreid1.com/privkey.pem;
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
#
|
|
||||||
# client_max_body_size 100m;
|
|
||||||
#
|
|
||||||
# location / {
|
|
||||||
# # / takes user to static api subdomain page
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
# proxy_set_header Host $host;
|
|
||||||
# proxy_pass http://206.189.212.168:7780;
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# #location ~ ^/[a-zA-Z0-9].* {
|
|
||||||
# # # /anything else takes user to port 5000, api
|
|
||||||
# # proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# # proxy_set_header X-Forwarded-Host $host:$server_port;
|
|
||||||
# # proxy_set_header X-Forwarded-Server $host;
|
|
||||||
# # proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
# # proxy_set_header Host $host;
|
|
||||||
# # proxy_pass http://206.189.212.168:5000;
|
|
||||||
# #}
|
|
||||||
#
|
|
||||||
#}
|
|
||||||
|
|
||||||
72
conf.d_templates/http.DOMAIN.conf.j2
Normal file
72
conf.d_templates/http.DOMAIN.conf.j2
Normal file
@@ -0,0 +1,72 @@
|
|||||||
|
####################
|
||||||
|
#
|
||||||
|
# {{ server_name_default }}
|
||||||
|
# http/{{ port_default }}
|
||||||
|
#
|
||||||
|
# basically, just redirects to https
|
||||||
|
#
|
||||||
|
####################
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ port_default }};
|
||||||
|
listen [::]:{{ port_default }};
|
||||||
|
server_name {{ server_name_default }};
|
||||||
|
location / {
|
||||||
|
return 301 https://{{ server_name_default }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ port_default }};
|
||||||
|
listen [::]:{{ port_default }};
|
||||||
|
server_name www.{{ server_name_default }};
|
||||||
|
location / {
|
||||||
|
return 301 https://www.{{ server_name_default }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ port_gitea }};
|
||||||
|
listen [::]:{{ port_gitea }};
|
||||||
|
server_name git.{{ server_name_default }};
|
||||||
|
location / {
|
||||||
|
return 301 https://git.{{ server_name_default }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# listen {{ port_pages }};
|
||||||
|
# listen [::]:{{ port_pages }};
|
||||||
|
# server_name pages.{{ server_name_default }};
|
||||||
|
# location / {
|
||||||
|
# return 301 https://pages.{{ server_name_default }}$request_uri;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# listen {{ port_hooks }};
|
||||||
|
# listen [::]:{{ port_hooks }};
|
||||||
|
# server_name hooks.{{ server_name_default }};
|
||||||
|
# location / {
|
||||||
|
# return 301 https://hooks.{{ server_name_default }}$request_uri;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# listen {{ port_bots }};
|
||||||
|
# listen [::]:{{ port_bots }};
|
||||||
|
# server_name bots.{{ server_name_default }};
|
||||||
|
# location / {
|
||||||
|
# return 301 https://bots.{{ server_name_default }}$request_uri;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
### server {
|
||||||
|
### listen {{ port_files }};
|
||||||
|
### listen [::]:{{ port_files }};
|
||||||
|
### server_name files.{{ server_name_default }};
|
||||||
|
### location / {
|
||||||
|
### return 301 https://files.{{ server_name_default }}$request_uri;
|
||||||
|
### }
|
||||||
|
### }
|
||||||
|
|
||||||
@@ -1,35 +1,31 @@
|
|||||||
####################
|
####################
|
||||||
#
|
#
|
||||||
# charlesreid1.red
|
# {{ server_name_default }}
|
||||||
# https
|
# https/{{ port_ssl_default }}
|
||||||
# 443
|
|
||||||
#
|
#
|
||||||
# charlesreid1.red and www.charlesreid1.red
|
# {{ server_name_default }} and www.{{ server_name_default }}
|
||||||
# should handle the following cases:
|
# should handle the following cases:
|
||||||
# - w/ and wiki/ should reverse proxy story_mw
|
# - w/ and wiki/ should reverse proxy story_mw
|
||||||
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
# - phpMyAdmin/ should reverse proxy stormy_myadmin
|
||||||
#
|
#
|
||||||
# git.charlesreid1.red should handle:
|
|
||||||
# - all requests should reverse proxy stormy_gitea
|
|
||||||
#
|
|
||||||
####################
|
####################
|
||||||
|
|
||||||
server {
|
|
||||||
# https://charlesreid1.red
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
# default
|
||||||
ssl_certificate /etc/letsencrypt/live/charlesreid1.red/fullchain.pem;
|
server {
|
||||||
ssl_certificate_key /etc/letsencrypt/live/charlesreid1.red/privkey.pem;
|
listen {{ port_ssl_default }} ssl;
|
||||||
|
listen [::]:{{ port_ssl_default }} ssl;
|
||||||
|
server_name {{ server_name_default }} default_server;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ server_name_default }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ server_name_default }}/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
root /www/charlesreid1.red/htdocs;
|
root /www/{{ server_name_default }}/htdocs;
|
||||||
index index.html;
|
index index.html;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -40,13 +36,6 @@ server {
|
|||||||
proxy_pass http://stormy_mw:8989/wiki/;
|
proxy_pass http://stormy_mw:8989/wiki/;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /wiki {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/wiki;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /w/ {
|
location /w/ {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
@@ -54,13 +43,6 @@ server {
|
|||||||
proxy_pass http://stormy_mw:8989/w/;
|
proxy_pass http://stormy_mw:8989/w/;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /w {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_mw:8989/w;
|
|
||||||
}
|
|
||||||
|
|
||||||
#location /phpMyAdmin/ {
|
#location /phpMyAdmin/ {
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
@@ -76,22 +58,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# www
|
||||||
server {
|
server {
|
||||||
# https://www.charlesreid1.red
|
listen {{ port_ssl_default }} ssl;
|
||||||
listen 443;
|
listen [::]:{{ port_ssl_default }} ssl;
|
||||||
listen [::]:443;
|
server_name www.{{ server_name_default }};
|
||||||
server_name www.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
ssl_certificate /etc/letsencrypt/live/www.{{ server_name_default }}/fullchain.pem;
|
||||||
ssl_certificate /etc/letsencrypt/live/www.charlesreid1.red/fullchain.pem;
|
ssl_certificate_key /etc/letsencrypt/live/www.{{ server_name_default }}/privkey.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|
||||||
|
root /www/{{ server_name_default }}/htdocs;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
root /www/charlesreid1.red/htdocs;
|
|
||||||
index index.html;
|
index index.html;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -122,15 +104,14 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# gitea
|
||||||
server {
|
server {
|
||||||
# https://git.charlesreid1.red
|
listen {{ port_ssl_gitea}} ssl;
|
||||||
listen 443;
|
listen [::]:{{ port_ssl_gitea }} ssl;
|
||||||
listen [::]:443;
|
server_name git.{{ server_name_default }};
|
||||||
server_name git.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
ssl_certificate /etc/letsencrypt/live/git.{{ server_name_default }}/fullchain.pem;
|
||||||
ssl_certificate /etc/letsencrypt/live/git.charlesreid1.red/fullchain.pem;
|
ssl_certificate_key /etc/letsencrypt/live/git.{{ server_name_default }}/privkey.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
@@ -142,24 +123,3 @@ server {
|
|||||||
proxy_pass http://stormy_gitea:3000/;
|
proxy_pass http://stormy_gitea:3000/;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
|
||||||
# https://files.charlesreid1.red
|
|
||||||
listen 443;
|
|
||||||
listen [::]:443;
|
|
||||||
server_name files.charlesreid1.red;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/files.charlesreid1.red/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/files.charlesreid1.red/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://stormy_files:8081/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
32
conf.d_templates/https.DOMAIN.subdomains.conf.j2
Normal file
32
conf.d_templates/https.DOMAIN.subdomains.conf.j2
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
####################
|
||||||
|
#
|
||||||
|
# {{ server_name_default }}
|
||||||
|
# https/{{ port_ssl_default }}
|
||||||
|
#
|
||||||
|
# charlesreid1.com subdomains
|
||||||
|
# reverse-proxied by the server
|
||||||
|
####################
|
||||||
|
|
||||||
|
|
||||||
|
# # pages
|
||||||
|
# server {
|
||||||
|
# listen {{ port_ssl_pages }} ssl;
|
||||||
|
# listen [::]:{{ port_ssl_pages }} ssl;
|
||||||
|
# server_name pages.{{ server_name_default }};
|
||||||
|
#
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/pages.{{ server_name_default }}/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/pages.{{ server_name_default }}/privkey.pem;
|
||||||
|
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
#
|
||||||
|
# client_max_body_size 100m;
|
||||||
|
# port_in_redirect off;
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# # https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_pass http://{{ nginx_subdomains_ip }}:7777/;
|
||||||
|
# proxy_redirect http://{{ nginx_subdomains_ip }}:7777/ http://pages.{{ server_name_default }}/;
|
||||||
|
# }
|
||||||
|
# }
|
||||||
30
scripts/clean_config.py
Normal file
30
scripts/clean_config.py
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
import glob
|
||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
"""
|
||||||
|
Clean d-nginx-charlesreid1 conf.d directory
|
||||||
|
|
||||||
|
|
||||||
|
This script cleans out the conf.d directory
|
||||||
|
in the d-nginx-charlesreid1 repo.
|
||||||
|
|
||||||
|
This script should be run before you generate a new set
|
||||||
|
of config files from the nginx config file templates in
|
||||||
|
d-nginx-charlesreid1/conf.d_templates/
|
||||||
|
|
||||||
|
This script cleans out all the config files in the folder
|
||||||
|
d-nginx-charlesreid1/conf.d/
|
||||||
|
|
||||||
|
That way there are no old config files to clash with the
|
||||||
|
new ones.
|
||||||
|
"""
|
||||||
|
|
||||||
|
HERE = os.path.abspath(os.path.dirname(__file__))
|
||||||
|
CONF = os.path.abspath(os.path.join(HERE,'..','conf.d'))
|
||||||
|
|
||||||
|
for f in glob.glob(os.path.join(CONF,"*.conf")):
|
||||||
|
if os.path.basename(f)!="_.conf":
|
||||||
|
cmd = ['rm','-fr',f]
|
||||||
|
subprocess.call(cmd)
|
||||||
|
|
||||||
Reference in New Issue
Block a user