From 0c02fac0ba088cbaca86fce7525ead8b7f7ac1c4 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 10 Jan 2021 08:10:06 +0100 Subject: [PATCH] multiple changes --- fet.at/2020.conf | 288 +++++++++++++++++++++++++++++++++++++ fet.at/2020.prod.conf | 30 ++++ fet.at/baroness.conf | 26 ++++ fet.at/corona.conf | 30 +++- fet.at/git.conf | 1 + fet.at/mail.conf | 8 +- fet.at/ticket.conf | 29 ++++ triton.fet.at/git.conf | 8 +- triton.fet.at/welcome.conf | 142 ++++++++++++++++++ young.ove.at/cloud.conf | 23 +++ 10 files changed, 572 insertions(+), 13 deletions(-) create mode 100644 fet.at/2020.conf create mode 100644 fet.at/2020.prod.conf create mode 100644 fet.at/baroness.conf create mode 100644 fet.at/ticket.conf create mode 100644 young.ove.at/cloud.conf diff --git a/fet.at/2020.conf b/fet.at/2020.conf new file mode 100644 index 0000000..1cb610e --- /dev/null +++ b/fet.at/2020.conf @@ -0,0 +1,288 @@ +# -*-nginx-*- +server { + listen 80; + server_name *.2020.fet.at; + include snippets/letsencrypt.conf; + # root /var/www/html +# return 301 https://$host$request_uri; +} + + + +server { + listen 443 ssl http2; + server_name docker.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + include snippets/ldap.conf; + client_max_body_size 100M; + location / { + + proxy_pass http://fetsite4:9000; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } +} + +server { + listen 443 ssl http2; + server_name solr.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + include snippets/ldap.conf; + client_max_body_size 100M; + location / { + + proxy_pass http://fetsitedev:8980; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } +} + + +server { + listen 443 ssl http2; + server_name bot.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/header.conf; + + + client_max_body_size 100M; + location / { + include snippets/ldap.conf; + proxy_pass http://fetsitedev:5000; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header REMOTE_USER $remote_user; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + location /income { + proxy_pass http://fetsitedev:5000; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + } +} + + +server { + listen 443 ssl http2; + server_name uat1.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + + client_max_body_size 100M; + location / { + + #include snippets/ldap.conf; + proxy_pass http://fetsite4:8001; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } + location /api { +# deny all; +# allow 192.168.86.1/24; +# allow 128.130.95.200; + proxy_pass http://fetsite4:8001; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + } + + +} + + +server { + listen 443 ssl http2; + server_name etherpad2.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/header.conf; + # include snippets/ldap.conf; + client_max_body_size 1000M; + location / { + + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } +} + + + + +server { + listen 443 ssl http2; + server_name *.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/header.conf; + + client_max_body_size 1000M; + location / { + include snippets/ldap.conf; + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + + + proxy_set_header REMOTE_USER $remote_user; + } + + location /api { + satisfy any; + allow 192.168.86.0/24; + allow 128.130.95.206; + allow 128.130.95.200; + include snippets/ldap.conf; + # deny all; + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + location /dev { + satisfy any; + allow 192.168.86.0/24; + allow 128.130.95.206; + allow 128.130.95.200; + include snippets/ldap.conf; + # deny all; + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} +server { + listen 443 ssl http2; + server_name patrick.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/header.conf; + client_max_body_size 1000M; + location / { + + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + location /admin { + + + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} + + +server { + listen 443 ssl http2; + server_name alpha.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/header.conf; +# include snippets/ldap.conf; + client_max_body_size 1000M; + location / { + + proxy_pass http://fetsite6:8001; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + location /api { + satisfy any; + allow 192.168.86.0/24; + allow 128.130.95.206; + allow 128.130.95.200; + include snippets/ldap.conf; + # deny all; + proxy_pass http://fetsite6:8001; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} + diff --git a/fet.at/2020.prod.conf b/fet.at/2020.prod.conf new file mode 100644 index 0000000..95e549e --- /dev/null +++ b/fet.at/2020.prod.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name 2020.fet.at; + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name 2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/moses.2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/moses.2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/moses.2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + client_max_body_size 10M; + + location /api { + return 403 "Contact bofh@fet.at if you really need to access this"; + } + location / { + + proxy_pass http://fetsite21:8001; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + } +} diff --git a/fet.at/baroness.conf b/fet.at/baroness.conf new file mode 100644 index 0000000..ba39626 --- /dev/null +++ b/fet.at/baroness.conf @@ -0,0 +1,26 @@ +# -*-nginx-*- +server { + listen 80; + server_name baroness.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name baroness.fet.at; + + ssl_certificate /etc/letsencrypt/live/baroness.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/baroness.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/baroness.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/ldap.conf; + + include snippets/header.conf; + + location / { + proxy_pass http://baroness; + include snippets/proxy_header.conf; + } +} diff --git a/fet.at/corona.conf b/fet.at/corona.conf index 4fd7ce7..6656049 100644 --- a/fet.at/corona.conf +++ b/fet.at/corona.conf @@ -17,7 +17,33 @@ server { include snippets/header.conf; - location / { - return 302 https://www.fet.at/rubriken/5/neuigkeiten/509; + location / { + return 302 https://www.fet.at/rubriken/5/neuigkeiten/509; } + location /anwesenheit { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + } + location /da { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + } + location /da/daten { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + + include snippets/ldap.conf; + } + + location /LVA { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + } + location /LVA/LVAs { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + + include snippets/ldap.conf; + } + } diff --git a/fet.at/git.conf b/fet.at/git.conf index ada73e7..24937eb 100644 --- a/fet.at/git.conf +++ b/fet.at/git.conf @@ -16,6 +16,7 @@ server { include snippets/ssl.conf; include snippets/header.conf; + client_max_body_size 1000M; location / { proxy_pass http://zyklon:3000; diff --git a/fet.at/mail.conf b/fet.at/mail.conf index 7ecb86a..6c4dd71 100644 --- a/fet.at/mail.conf +++ b/fet.at/mail.conf @@ -25,13 +25,7 @@ server { # proxy_redirect https://$host:8000/ https://$host:443/; include snippets/proxy_header.conf; } - location /http { - index index.html; - rewrite_log on; - #rewrite ^/http(.*) $1 break; - alias /srv/www/mail/static; - } location = / { - return 302 https://mail.fet.at/http/; + return 302 https://mail.fet.at/mail; } } diff --git a/fet.at/ticket.conf b/fet.at/ticket.conf new file mode 100644 index 0000000..f126146 --- /dev/null +++ b/fet.at/ticket.conf @@ -0,0 +1,29 @@ +# -*-nginx-*- +server { + listen 80; + server_name ticket.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name ticket.fet.at; + + ssl_certificate /etc/letsencrypt/live/ticket.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ticket.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/ticket.fet.at/chain.pem; + include snippets/ssl.conf; + + location / { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + } + + location /pma { + proxy_pass http://proteus/pma; + include snippets/proxy_header.conf; + + include snippets/ldap.conf; + } +} diff --git a/triton.fet.at/git.conf b/triton.fet.at/git.conf index fd14b0f..e7b161f 100644 --- a/triton.fet.at/git.conf +++ b/triton.fet.at/git.conf @@ -61,10 +61,10 @@ server { root /mnt/git_repo/; } location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { - satisfy any; - allow 192.168.95.0/24; - allow 127.0.0.1; - deny all; +# satisfy any; +# allow 192.168.95.0/24; +# allow 127.0.0.1; +# deny all; include snippets/ldap.conf; diff --git a/triton.fet.at/welcome.conf b/triton.fet.at/welcome.conf index 0d3cb2c..4b19598 100644 --- a/triton.fet.at/welcome.conf +++ b/triton.fet.at/welcome.conf @@ -7,6 +7,148 @@ server { include snippets/letsencrypt.conf; } +server { + listen 80; + + server_name confrancher.triton.fet.at; +# deny all; +# satisfy any; + allow 192.168.86.0/24; +# allow 128.130.95.206; +# allow 128.130.95.200; + + root /var/www/rancher; + index index.html; + +} + + + +server { + listen 443 ssl http2; + server_name portainer.triton.fet.at www.portainer.triton.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; + include snippets/ssl.conf; + +# include snippets/ldap.conf; + + location / { + + proxy_pass http://rancher:9000; +# include snippets/proxy_header.conf; + # proxy_set_header Authorization ""; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection ""; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + + } + location /api/websocket/ { + set $upstream_endpoint http://rancher:9000; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + proxy_http_version 1.1; + proxy_pass $upstream_endpoint; + proxy_redirect http://rancher:9000 $scheme://$host/; + } + + + + +} + +server { + listen 80; + server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at; + + client_max_body_size 1000M; + + + location / { + + #include snippets/ldap.conf; + proxy_pass http://rancher:80; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } + +location /.well-known/ { + default_type "text/plain"; + root /var/www/html; +} +location = /.well-known/acme-challenge/ { + return 404; +} + + # include snippets/letsencrypt.conf; + +} + +server { + listen 443 ssl http2; + server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + + client_max_body_size 1000M; + + location / { + + #include snippets/ldap.conf; + proxy_pass https://rancher:443; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } +} + +server { + listen 443 ssl http2; + server_name proxy.rancher.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + + client_max_body_size 1000M; + location / { + + #include snippets/ldap.conf; + proxy_pass http://rancher:81; + include snippets/proxy_header.conf; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +# proxy_set_header Authorization ""; +# proxy_set_header REMOTE_USER $remote_user; + } +} + + server { listen 443 ssl http2; diff --git a/young.ove.at/cloud.conf b/young.ove.at/cloud.conf new file mode 100644 index 0000000..1923c71 --- /dev/null +++ b/young.ove.at/cloud.conf @@ -0,0 +1,23 @@ +# -*-nginx-*- +server { + listen 80; + server_name cloud.young.ove.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name cloud.young.ove.at; + +# ssl_certificate /etc/letsencrypt/live/cloud.young.ove.at/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/cloud.young.ove.at/privkey.pem; +# ssl_trusted_certificate /etc/letsencrypt/live/cloud.young.ove.at/chain.pem; +# include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + return 302 https://young.ove.at; + } +}