bofh/nginx_sites
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

multiple config changes until 09/2021

Browse Source
This commit is contained in:
root
2021-09-18 14:59:54 +02:00
parent 0c02fac0ba
commit b30bdb4fa3
13 changed files with 666 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
triton.fet.at/docker.conf Normal file
View File

@@ -0,0 +1,177 @@
server {
listen 80;
server_name triton2.fet.at *.triton2.fet.at www.triton2.fet.at triton2.local;
include snippets/letsencrypt.conf;
}
server {
listen 80;
server_name portainer.triton20.fet.at;
include snippets/letsencrypt.conf;
}
server {
listen 443 ssl http2;
server_name portainer.triton2.fet.at www.portainer.triton2.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
include snippets/ssl.conf;
location / {
proxy_pass http://rancher:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
}
location /api/websocket/ {
set $upstream_endpoint http://rancher:9000;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_pass $upstream_endpoint;
proxy_redirect http://rancher:9000 $scheme://$host/;
}
}
server {
listen 443 ssl http2;
server_name portainer.triton20.fet.at www.portainer.triton20.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
include snippets/ssl.conf;
location / {
proxy_pass http://triton20:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
}
location /api/websocket/ {
set $upstream_endpoint http://triton20:9000;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_pass $upstream_endpoint;
proxy_redirect http://triton20:9000 $scheme://$host/;
}
}
server {
listen 443 ssl http2;
server_name www.triton2.fet.at *.triton2.fet.at triton2.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
include snippets/ssl.conf;
client_max_body_size 1000M;
location /dev {
include snippets/ldap.conf;
proxy_pass http://rancher:80;
include snippets/proxy_header.conf;
}
location /dokuwiki {
include snippets/ldap.conf;
proxy_pass http://rancher:80;
include snippets/proxy_header.conf;
}
location /etherpad {
proxy_pass http://rancher:80;
include snippets/proxy_header.conf;
proxy_set_header Authorization "";
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header X-Authenticated-User $remote_user;
}
location / {
include snippets/ldap.conf;
#include snippets/header.conf; # security headers
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
proxy_pass http://rancher:80;
include snippets/proxy_header.conf;
}
}
server {
listen 443 ssl http2;
server_name proxy.triton2.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
include snippets/ssl.conf;
include snippets/header.conf;
# include snippets/ldap.conf;
client_max_body_size 1000M;
location / {
proxy_pass https://rancher:443;
include snippets/proxy_header.conf;
}
}
server {
listen 443 ssl http2;
server_name docker.triton2.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
include snippets/ssl.conf;
include snippets/header.conf;
# satisfy any;
# allow 192.168.86.0/24;
client_max_body_size 1000M;
location / {
proxy_pass https://rancher:443;
include snippets/proxy_header.conf;
proxy_set_header Authorization "";
proxy_set_header REMOTE_USER $remote_user;
}
location /v2/ {
proxy_pass https://rancher:443;
include snippets/proxy_header.conf;
include snippets/ldap.conf;
proxy_set_header Authorization "";
proxy_set_header REMOTE_USER $remote_user;
}
}

65
triton.fet.at/welcome.conf
View File

@@ -24,67 +24,19 @@ server {
server {
listen 443 ssl http2;
server_name portainer.triton.fet.at www.portainer.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
location / {
proxy_pass http://rancher:9000;
# include snippets/proxy_header.conf;
# proxy_set_header Authorization "";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
}
location /api/websocket/ {
set $upstream_endpoint http://rancher:9000;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_pass $upstream_endpoint;
proxy_redirect http://rancher:9000 $scheme://$host/;
}
}
server {
listen 80;
server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at;
server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at;
client_max_body_size 1000M;
location / {
#include snippets/ldap.conf;
include snippets/ldap.conf;
proxy_pass http://rancher:80;
include snippets/proxy_header.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header Authorization "";
# proxy_set_header REMOTE_USER $remote_user;
}
location /.well-known/ {
@@ -101,7 +53,7 @@ location = /.well-known/acme-challenge/ {
server {
listen 443 ssl http2;
server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at;
server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at;
ssl_certificate /etc/letsencrypt/live/triton2.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at/privkey.pem;
@@ -116,11 +68,6 @@ server {
#include snippets/ldap.conf;
proxy_pass https://rancher:443;
include snippets/proxy_header.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header Authorization "";
# proxy_set_header REMOTE_USER $remote_user;
}
}
@@ -137,12 +84,10 @@ server {
client_max_body_size 1000M;
location / {
#include snippets/ldap.conf;
#include snippets/ldap.conf;
proxy_pass http://rancher:81;
include snippets/proxy_header.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header Authorization "";
# proxy_set_header REMOTE_USER $remote_user;
}