diff --git a/fet.at/2020.conf b/fet.at/2020.conf index 1cb610e..7182bc9 100644 --- a/fet.at/2020.conf +++ b/fet.at/2020.conf @@ -24,11 +24,7 @@ server { proxy_pass http://fetsite4:9000; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; + } } @@ -47,11 +43,6 @@ server { proxy_pass http://fetsitedev:8980; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; } } @@ -72,17 +63,11 @@ server { include snippets/ldap.conf; proxy_pass http://fetsitedev:5000; include snippets/proxy_header.conf; - proxy_http_version 1.1; proxy_set_header REMOTE_USER $remote_user; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } location /income { proxy_pass http://fetsitedev:5000; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } } @@ -96,19 +81,14 @@ server { ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; include snippets/ssl.conf; - include snippets/header.conf; + client_max_body_size 100M; location / { - + include snippets/header.conf; #include snippets/ldap.conf; proxy_pass http://fetsite4:8001; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; } location /api { # deny all; @@ -116,9 +96,7 @@ server { # allow 128.130.95.200; proxy_pass http://fetsite4:8001; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + } @@ -141,20 +119,14 @@ server { proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; } } - server { listen 443 ssl http2; - server_name *.2020.fet.at; + server_name dev.2020.fet.at; ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; @@ -164,14 +136,55 @@ server { client_max_body_size 1000M; location / { +# include snippets/header.conf; include snippets/ldap.conf; proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } +} + + +server { + listen 443 ssl http2; + server_name design2.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + + client_max_body_size 1000M; + location / { + include snippets/header.conf; + include snippets/ldap.conf; + proxy_pass http://fetsitedev:8103; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + + proxy_set_header REMOTE_USER $remote_user; + } +} +server { + listen 443 ssl http2; + server_name *.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + + client_max_body_size 1000M; + location / { + include snippets/header.conf; + include snippets/ldap.conf; + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -185,9 +198,6 @@ server { # deny all; proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -200,9 +210,6 @@ server { # deny all; proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -217,26 +224,29 @@ server { ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; include snippets/ssl.conf; -# include snippets/header.conf; + client_max_body_size 1000M; location / { - + include snippets/header.conf; proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } - location /admin { - + location /dev { + + proxy_pass http://fetsitedev:80; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + location /admin { + + proxy_pass http://fetsitedev:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -253,16 +263,13 @@ server { ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem; include snippets/ssl.conf; -# include snippets/header.conf; + include snippets/header.conf; # include snippets/ldap.conf; client_max_body_size 1000M; location / { proxy_pass http://fetsite6:8001; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -276,9 +283,6 @@ server { # deny all; proxy_pass http://fetsite6:8001; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; proxy_set_header Authorization ""; proxy_set_header REMOTE_USER $remote_user; } @@ -286,3 +290,52 @@ server { } + + + + +server { + listen 443 ssl http2; + server_name test.fet.at; + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem; + + include snippets/ssl.conf; + include snippets/header.conf; + client_max_body_size 10M; + + location /etherpad { + proxy_pass http://triton20:8001; + include snippets/proxy_header.conf; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"; + } + + + #location /api { + #return 403 "Contact bofh@fet.at if you really need to access this"; + #} + location / { + + proxy_pass http://triton20:8001; + include snippets/proxy_header.conf; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'"; + + } + location /admin { + + proxy_pass http://triton20:8001; + include snippets/proxy_header.conf; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'"; + + } + location /api { + satisfy any; + allow 192.168.86.0/24; + include snippets/ldap.conf; + proxy_pass http://triton20:8001; + include snippets/proxy_header.conf; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'"; + + } +} diff --git a/fet.at/2020.prod.conf b/fet.at/2020.prod.conf index 95e549e..e6859ed 100644 --- a/fet.at/2020.prod.conf +++ b/fet.at/2020.prod.conf @@ -22,9 +22,6 @@ server { proxy_pass http://fetsite21:8001; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } } diff --git a/fet.at/corona.conf b/fet.at/corona.conf index 6656049..5a32a90 100644 --- a/fet.at/corona.conf +++ b/fet.at/corona.conf @@ -18,7 +18,7 @@ server { include snippets/header.conf; location / { - return 302 https://www.fet.at/rubriken/5/neuigkeiten/509; + return 302 https://fet.at/posts/covid19; } location /anwesenheit { proxy_pass http://proteus; diff --git a/fet.at/default.conf b/fet.at/default.conf index 27a5ce0..6887d4c 100644 --- a/fet.at/default.conf +++ b/fet.at/default.conf @@ -1,38 +1,14 @@ + + + # -*-nginx-*- server { listen 80; - server_name fet.at 128.131.95.208; + server_name fet.at 128.131.95.208 www.fet.at; include snippets/letsencrypt.conf; } -server { - listen 443 ssl http2; - server_name fet.at; - - ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem; - include snippets/ssl.conf; - - location / { - return 302 https://www.fet.at$request_uri; - } -} - -server { - listen 80; - server_name www.fet.at; - - include snippets/letsencrypt.conf; - - client_max_body_size 50M; - - location /etherpad { - proxy_pass http://192.168.95.11:3333; - include snippets/proxy_header.conf; - } -} server { listen 443 ssl http2; @@ -43,18 +19,120 @@ server { ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem; include snippets/ssl.conf; -# include snippets/ldap.conf; + location / { + return 302 https://fet.at$request_uri; + } +} + +server { + listen 80; + server_name legacy.fet.at; + + include snippets/letsencrypt.conf; + + client_max_body_size 50M; + + location /etherpad { + proxy_pass http://192.168.95.11:3333; + include snippets/proxy_header.conf; + } +} + +server { + listen 443 ssl http2; + server_name legacy.fet.at; + + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem; + include snippets/ssl.conf; + + client_max_body_size 50M; location / { + include snippets/ldap.conf; proxy_pass http://192.168.95.11:3333; include snippets/proxy_header.conf; } + location /etherpad { + proxy_pass http://192.168.95.11:3333; + include snippets/proxy_header.conf; + } + location ~ ^/(alt|twiki) { return 302 https://www.alt.fet.at$request_uri; } - location ~ ^/(labor) { - return 302 https://www.fet.at/themen/8; + # location ~ ^/(labor) { + # return 302 https://www.fet.at/themen/8; + # } +#} +} + + +server { + listen 443 ssl http2; + server_name fet.at; + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem; + + include snippets/ssl.conf; + + client_max_body_size 10M; + + location /etherpad { +# return 404 "Wir machen gerade ein Update"; + proxy_pass http://fetsite21:8001; + include snippets/proxy_header.conf; +# add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"; + } + + + #location /api { + #return 403 "Contact bofh@fet.at if you really need to access this"; + #} + location / { + include snippets/header.conf; + proxy_pass http://fetsite21:8001; + include snippets/proxy_header.conf; + + } + location /admin { +# return 404 "Wir machen gerade ein Update"; + proxy_pass http://fetsite21:8001; + include snippets/proxy_header.conf; + + + } + location /api { + satisfy any; + allow 192.168.86.0/24; + include snippets/ldap.conf; + proxy_pass http://fetsite21:8001; + include snippets/proxy_header.conf; + + + } +} + + +server { + listen 443 ssl http2; + server_name portainer.2020.fet.at; + + ssl_certificate /etc/letsencrypt/live/moses.2020.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/moses.2020.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/moses.2020.fet.at/chain.pem; + include snippets/ssl.conf; +# include snippets/ldap.conf; + client_max_body_size 10M; + + location / { + + proxy_pass http://fetsite21:9000; + include snippets/proxy_header.conf; + } } diff --git a/fet.at/discord.conf b/fet.at/discord.conf new file mode 100644 index 0000000..805e90a --- /dev/null +++ b/fet.at/discord.conf @@ -0,0 +1,31 @@ +# -*-nginx-*- +server { + listen 80; + server_name discord.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name discord.fet.at; + + ssl_certificate /etc/letsencrypt/live/discord.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/discord.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/discord.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + return 302 https://discord.gg/7qRuuMA; + } + + #location /LVA/LVAs { + # proxy_pass http://proteus; + # include snippets/proxy_header.conf; + # + # include snippets/ldap.conf; + #} + +} diff --git a/fet.at/facebook.conf b/fet.at/facebook.conf new file mode 100644 index 0000000..94c3289 --- /dev/null +++ b/fet.at/facebook.conf @@ -0,0 +1,31 @@ +# -*-nginx-*- +server { + listen 80; + server_name facebook.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name facebook.fet.at; + + ssl_certificate /etc/letsencrypt/live/facebook.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/facebook.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/facebook.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + return 302 https://www.facebook.com/FachschaftET/; + } + + #location /LVA/LVAs { + # proxy_pass http://proteus; + # include snippets/proxy_header.conf; + # + # include snippets/ldap.conf; + #} + +} diff --git a/fet.at/infoscreen.conf b/fet.at/infoscreen.conf new file mode 100644 index 0000000..9da6667 --- /dev/null +++ b/fet.at/infoscreen.conf @@ -0,0 +1,31 @@ +# -*-nginx-*- +server { + listen 80; + server_name infoscreen.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name infoscreen.fet.at; + + ssl_certificate /etc/letsencrypt/live/infoscreen.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/infoscreen.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/infoscreen.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + proxy_pass http://proteus; + include snippets/proxy_header.conf; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' "; + } + #location /da/daten { + # proxy_pass http://proteus; + # include snippets/proxy_header.conf; + # + # include snippets/ldap.conf; + #} +} diff --git a/fet.at/instagram.conf b/fet.at/instagram.conf new file mode 100644 index 0000000..94eabd6 --- /dev/null +++ b/fet.at/instagram.conf @@ -0,0 +1,31 @@ +# -*-nginx-*- +server { + listen 80; + server_name instagram.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name instagram.fet.at; + + ssl_certificate /etc/letsencrypt/live/instagram.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/instagram.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/instagram.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + return 302 https://www.instagram.com/fet_tuwien/; + } + + #location /LVA/LVAs { + # proxy_pass http://proteus; + # include snippets/proxy_header.conf; + # + # include snippets/ldap.conf; + #} + +} diff --git a/fet.at/t2.conf b/fet.at/t2.conf new file mode 100644 index 0000000..d5519e1 --- /dev/null +++ b/fet.at/t2.conf @@ -0,0 +1,23 @@ + +server { + listen 80; + server_name *.t2.fet.at; + include snippets/letsencrypt.conf; + # root /var/www/html +# return 301 https://$host$request_uri; +} + +server { + listen 443; + server_name t2.fet.at *.t2.fet.at; + include snippets/ssl.conf; + include snippets/ldap.conf; + + location / { +# include snippets/header.conf; + proxy_pass https://rancher:443; + include snippets/proxy_header.conf; + + # include snippets/proxy_header.conf; + } +} diff --git a/fet.at/telegram.conf b/fet.at/telegram.conf new file mode 100644 index 0000000..7ef2324 --- /dev/null +++ b/fet.at/telegram.conf @@ -0,0 +1,31 @@ +# -*-nginx-*- +server { + listen 80; + server_name telegram.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name telegram.fet.at; + + ssl_certificate /etc/letsencrypt/live/telegram.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/telegram.fet.at/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/telegram.fet.at/chain.pem; + include snippets/ssl.conf; + + include snippets/header.conf; + + location / { + return 302 https://t.me/FETInfo; + } + + #location /LVA/LVAs { + # proxy_pass http://proteus; + # include snippets/proxy_header.conf; + # + # include snippets/ldap.conf; + #} + +} diff --git a/fet.at/triton20.conf b/fet.at/triton20.conf new file mode 100644 index 0000000..147edc1 --- /dev/null +++ b/fet.at/triton20.conf @@ -0,0 +1,84 @@ +server { + listen 80; + server_name *.triton20.fet.at; + include snippets/letsencrypt.conf; +} + + +# server { +# listen 80; +# server_name triton20.fet.at *.triton20.fet.at; +# location / { +# proxy_pass http://triton20:80; +# # include snippets/proxy_header.conf; +# } +#} +server { + listen 443; + server_name triton20.fet.at *.triton20.fet.at; + location / { + proxy_pass https://triton20:443; + # include snippets/proxy_header.conf; + } +} + +server { + listen 443; + server_name andis.triton20.fet.at; + location / { + include snippets/ldap.conf; + proxy_pass http://triton20:8101; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + +} +} + +server { + listen 443 ssl http2; + server_name patrick.triton20.fet.at; + +# ssl_certificate /etc/letsencrypt/live/triton20.fet.at/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/triton20.fet.at/privkey.pem; +# ssl_trusted_certificate /etc/letsencrypt/live/triton20.fet.at/chain.pem; + include snippets/ssl.conf; +include snippets/ldap.conf; + client_max_body_size 1000M; + location / { + include snippets/header.conf; + proxy_pass http://triton20:8107; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + location /dev { + + proxy_pass http://triton20:8107; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + location /etherpad { + + proxy_pass http://triton20:8107; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"; +} + + + location /admin { + + + proxy_pass http://triton20:8107; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} + diff --git a/triton.fet.at/docker.conf b/triton.fet.at/docker.conf new file mode 100644 index 0000000..23b4a03 --- /dev/null +++ b/triton.fet.at/docker.conf @@ -0,0 +1,177 @@ +server { + listen 80; + server_name triton2.fet.at *.triton2.fet.at www.triton2.fet.at triton2.local; + + include snippets/letsencrypt.conf; +} +server { + listen 80; + server_name portainer.triton20.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name portainer.triton2.fet.at www.portainer.triton2.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem; + include snippets/ssl.conf; + + location / { + + proxy_pass http://rancher:9000; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection ""; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + + } + location /api/websocket/ { + set $upstream_endpoint http://rancher:9000; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + proxy_http_version 1.1; + proxy_pass $upstream_endpoint; + proxy_redirect http://rancher:9000 $scheme://$host/; + } +} +server { + listen 443 ssl http2; + server_name portainer.triton20.fet.at www.portainer.triton20.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem; + include snippets/ssl.conf; + + location / { + + proxy_pass http://triton20:9000; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection ""; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + + } + location /api/websocket/ { + set $upstream_endpoint http://triton20:9000; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + proxy_http_version 1.1; + proxy_pass $upstream_endpoint; + proxy_redirect http://triton20:9000 $scheme://$host/; + } +} + +server { + listen 443 ssl http2; + server_name www.triton2.fet.at *.triton2.fet.at triton2.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem; + include snippets/ssl.conf; + + client_max_body_size 1000M; + location /dev { + include snippets/ldap.conf; + proxy_pass http://rancher:80; + include snippets/proxy_header.conf; + + } + location /dokuwiki { + include snippets/ldap.conf; + proxy_pass http://rancher:80; + include snippets/proxy_header.conf; + + } + location /etherpad { + proxy_pass http://rancher:80; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + proxy_set_header X-Authenticated-User $remote_user; + } + location / { + include snippets/ldap.conf; + #include snippets/header.conf; # security headers + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'"; + proxy_pass http://rancher:80; + include snippets/proxy_header.conf; + + + } +} +server { + listen 443 ssl http2; + server_name proxy.triton2.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; + +# include snippets/ldap.conf; + client_max_body_size 1000M; + + location / { + proxy_pass https://rancher:443; + include snippets/proxy_header.conf; + + } +} +server { + listen 443 ssl http2; + server_name docker.triton2.fet.at; + + ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem; + include snippets/ssl.conf; + include snippets/header.conf; +# satisfy any; +# allow 192.168.86.0/24; + + client_max_body_size 1000M; + + location / { + proxy_pass https://rancher:443; + include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + + } + location /v2/ { + proxy_pass https://rancher:443; + include snippets/proxy_header.conf; + include snippets/ldap.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + +} + + + +} diff --git a/triton.fet.at/welcome.conf b/triton.fet.at/welcome.conf index 4b19598..63265ee 100644 --- a/triton.fet.at/welcome.conf +++ b/triton.fet.at/welcome.conf @@ -24,67 +24,19 @@ server { -server { - listen 443 ssl http2; - server_name portainer.triton.fet.at www.portainer.triton.fet.at; - - ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; - -# include snippets/ldap.conf; - - location / { - - proxy_pass http://rancher:9000; -# include snippets/proxy_header.conf; - # proxy_set_header Authorization ""; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection ""; - - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Upstream $upstream_addr; - - } - location /api/websocket/ { - set $upstream_endpoint http://rancher:9000; - proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Upstream $upstream_addr; - proxy_http_version 1.1; - proxy_pass $upstream_endpoint; - proxy_redirect http://rancher:9000 $scheme://$host/; - } - - - - -} server { listen 80; - server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at; + server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at; client_max_body_size 1000M; location / { - #include snippets/ldap.conf; + include snippets/ldap.conf; proxy_pass http://rancher:80; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; } location /.well-known/ { @@ -101,7 +53,7 @@ location = /.well-known/acme-challenge/ { server { listen 443 ssl http2; - server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at; + server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at; ssl_certificate /etc/letsencrypt/live/triton2.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at/privkey.pem; @@ -116,11 +68,6 @@ server { #include snippets/ldap.conf; proxy_pass https://rancher:443; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; -# proxy_set_header Authorization ""; -# proxy_set_header REMOTE_USER $remote_user; } } @@ -137,12 +84,10 @@ server { client_max_body_size 1000M; location / { - #include snippets/ldap.conf; + #include snippets/ldap.conf; proxy_pass http://rancher:81; include snippets/proxy_header.conf; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + # proxy_set_header Authorization ""; # proxy_set_header REMOTE_USER $remote_user; }