multiple config changes until 09/2021

fet.at/2020.conf

@@ -24,11 +24,7 @@ server {
 
         proxy_pass http://fetsite4:9000;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
+
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
 }
 
@@ -47,11 +43,6 @@ server {
 
         proxy_pass http://fetsitedev:8980;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
 }
 
@@ -72,17 +63,11 @@ server {
         include snippets/ldap.conf;
         proxy_pass http://fetsitedev:5000;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
         proxy_set_header REMOTE_USER $remote_user; 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
     }
     location /income {
         proxy_pass http://fetsitedev:5000;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
 
     }
 }
@@ -96,19 +81,14 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem;
     include snippets/ssl.conf;
-    include snippets/header.conf;
+
 
     client_max_body_size 100M;
     location / {
-
+    include snippets/header.conf;
         #include snippets/ldap.conf;
         proxy_pass http://fetsite4:8001;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
     location /api {
 #        deny all;
@@ -116,9 +96,7 @@ server {
 #        allow 128.130.95.200;
         proxy_pass http://fetsite4:8001;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
+
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
 
     }
 
@@ -141,20 +119,14 @@ server {
 
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
 }
 
 
 
-
 server {
     listen 443 ssl http2;
-    server_name *.2020.fet.at;
+    server_name dev.2020.fet.at;
 
     ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
@@ -164,14 +136,55 @@ server {
 
     client_max_body_size 1000M;
     location / {
+#        include snippets/header.conf;
         include snippets/ldap.conf;
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
 
+        proxy_set_header REMOTE_USER $remote_user; 
+    }
+}
+
+
+server {
+    listen 443 ssl http2;
+    server_name design2.2020.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem;
+    include snippets/ssl.conf;
+    include snippets/header.conf;
+
+    client_max_body_size 1000M;
+    location / {
+        include snippets/header.conf;
+        include snippets/ldap.conf;
+        proxy_pass http://fetsitedev:8103;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+
+        proxy_set_header REMOTE_USER $remote_user; 
+    }
+}
+server {
+    listen 443 ssl http2;
+    server_name *.2020.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/2020.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem;
+    include snippets/ssl.conf;
+    include snippets/header.conf;
+
+    client_max_body_size 1000M;
+    location / {
+        include snippets/header.conf;
+        include snippets/ldap.conf;
+        proxy_pass http://fetsitedev:80;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
 
         proxy_set_header REMOTE_USER $remote_user; 
     }
@@ -185,9 +198,6 @@ server {
         #        deny all;
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user; 
     }
@@ -200,9 +210,6 @@ server {
         #        deny all;
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user; 
     }
@@ -217,26 +224,29 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem;
     include snippets/ssl.conf;
-#    include snippets/header.conf;
+
     client_max_body_size 1000M;
     location / {
-
+    include snippets/header.conf;
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user;
     }
+        location /dev {
+
+        proxy_pass http://fetsitedev:80;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
     location /admin {
 
         
+
         proxy_pass http://fetsitedev:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user;
     }
@@ -253,16 +263,13 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/2020.fet.at/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/2020.fet.at/chain.pem;
     include snippets/ssl.conf;
-#    include snippets/header.conf;
+    include snippets/header.conf;
 #    include snippets/ldap.conf;
     client_max_body_size 1000M;
     location / {
 
         proxy_pass http://fetsite6:8001;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user;
     }
@@ -276,9 +283,6 @@ server {
         #        deny all;
         proxy_pass http://fetsite6:8001;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Authorization "";
         proxy_set_header REMOTE_USER $remote_user; 
     }
@@ -286,3 +290,52 @@ server {
 
 }
 
+
+
+
+
+server {
+    listen 443 ssl http2;
+    server_name test.fet.at;
+    ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
+
+    include snippets/ssl.conf;
+    include snippets/header.conf;
+    client_max_body_size 10M;
+    
+    location /etherpad {
+        proxy_pass http://triton20:8001;
+        include snippets/proxy_header.conf;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
+    }
+
+    
+    #location /api {
+        #return 403 "Contact bofh@fet.at if you really need to access this";
+    #}
+    location / {
+
+        proxy_pass http://triton20:8001;
+        include snippets/proxy_header.conf;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+
+    }
+    location /admin {
+
+        proxy_pass http://triton20:8001;
+        include snippets/proxy_header.conf;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+
+    }
+    location /api {
+        satisfy any;
+        allow 192.168.86.0/24;
+        include snippets/ldap.conf;
+        proxy_pass http://triton20:8001;
+        include snippets/proxy_header.conf;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+
+    }
+}

fet.at/2020.prod.conf

@@ -22,9 +22,6 @@ server {
 
         proxy_pass http://fetsite21:8001;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
 
     }
 }

fet.at/corona.conf

@@ -18,7 +18,7 @@ server {
     include snippets/header.conf;
 
    location / {
-       return 302 https://www.fet.at/rubriken/5/neuigkeiten/509;
+       return 302 https://fet.at/posts/covid19;
     }
     location /anwesenheit {
         proxy_pass http://proteus;

fet.at/default.conf

@@ -1,38 +1,14 @@
+
+
+
 # -*-nginx-*-
 server {
     listen 80;
-    server_name fet.at 128.131.95.208;
+    server_name fet.at 128.131.95.208 www.fet.at;
 
     include snippets/letsencrypt.conf;
 }
 
-server {
-    listen 443 ssl http2;
-    server_name fet.at;
-
-    ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem;
-    include snippets/ssl.conf;
-
-    location / {
-        return 302 https://www.fet.at$request_uri;
-    }
-}
-
-server {
-    listen 80;
-    server_name www.fet.at;
-
-    include snippets/letsencrypt.conf;
-
-    client_max_body_size 50M;
-
-    location /etherpad {
-        proxy_pass http://192.168.95.11:3333;
-        include snippets/proxy_header.conf;
-    }
-}
 
 server {
     listen 443 ssl http2;
@@ -43,18 +19,120 @@ server {
     ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
     include snippets/ssl.conf;
 
-#    include snippets/ldap.conf;
+    location / {
+        return 302 https://fet.at$request_uri;
+    }
+}
+
+server {
+    listen 80;
+   server_name legacy.fet.at;
+
+   include snippets/letsencrypt.conf;
+
+    client_max_body_size 50M;
+
+    location /etherpad {
+        proxy_pass http://192.168.95.11:3333;
+        include snippets/proxy_header.conf;
+   }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name legacy.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+
 
     client_max_body_size 50M;
 
     location / {
+    include snippets/ldap.conf;
         proxy_pass http://192.168.95.11:3333;
         include snippets/proxy_header.conf;
     }
+    location /etherpad {
+        proxy_pass http://192.168.95.11:3333;
+        include snippets/proxy_header.conf;
+   }
+ 
     location ~ ^/(alt|twiki) {
         return 302 https://www.alt.fet.at$request_uri;
     }
-    location ~ ^/(labor) {
+ #   location ~ ^/(labor) {
-        return 302 https://www.fet.at/themen/8;
+ #       return 302 https://www.fet.at/themen/8;
+  #  }
+#}
+}
+
+
+server {
+    listen 443 ssl http2;
+    server_name fet.at;
+    ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
+
+    include snippets/ssl.conf;
+
+    client_max_body_size 10M;
+    
+    location /etherpad {
+#                return 404 "Wir machen gerade ein Update";
+        proxy_pass http://fetsite21:8001;
+        include snippets/proxy_header.conf;
+#        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
+    }
+
+    
+    #location /api {
+        #return 403 "Contact bofh@fet.at if you really need to access this";
+    #}
+    location / {
+    include snippets/header.conf;
+        proxy_pass http://fetsite21:8001;
+        include snippets/proxy_header.conf;
+
+    }
+    location /admin {
+#        return 404 "Wir machen gerade ein Update";
+        proxy_pass http://fetsite21:8001;
+        include snippets/proxy_header.conf;
+
+
+    }
+    location /api {
+        satisfy any;
+        allow 192.168.86.0/24;
+        include snippets/ldap.conf;
+        proxy_pass http://fetsite21:8001;
+        include snippets/proxy_header.conf;
+
+
+    }
+}
+
+
+server {
+    listen 443 ssl http2;
+    server_name portainer.2020.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/moses.2020.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/moses.2020.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/moses.2020.fet.at/chain.pem;
+    include snippets/ssl.conf;
+#    include snippets/ldap.conf;
+    client_max_body_size 10M;
+    
+    location / {
+
+        proxy_pass http://fetsite21:9000;
+        include snippets/proxy_header.conf;
+
     }
 }

fet.at/discord.conf

@@ -0,0 +1,31 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name discord.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name discord.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/discord.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/discord.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/discord.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+    include snippets/header.conf;
+
+    location / {
+	return 302 https://discord.gg/7qRuuMA;
+    }
+
+    #location /LVA/LVAs {
+    #    proxy_pass http://proteus;
+    #    include snippets/proxy_header.conf;
+    #
+    #    include snippets/ldap.conf;
+    #}
+
+}

fet.at/facebook.conf

@@ -0,0 +1,31 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name facebook.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name facebook.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/facebook.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/facebook.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/facebook.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+    include snippets/header.conf;
+
+    location / {
+	return 302 https://www.facebook.com/FachschaftET/;
+    }
+
+    #location /LVA/LVAs {
+    #    proxy_pass http://proteus;
+    #    include snippets/proxy_header.conf;
+    #
+    #    include snippets/ldap.conf;
+    #}
+
+}

fet.at/infoscreen.conf

@@ -0,0 +1,31 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name infoscreen.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name infoscreen.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/infoscreen.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/infoscreen.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/infoscreen.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+    include snippets/header.conf;
+
+   location / {
+        proxy_pass http://proteus;
+        include snippets/proxy_header.conf;
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' ";
+    }
+    #location /da/daten {
+    #    proxy_pass http://proteus;
+    #    include snippets/proxy_header.conf;
+    #
+    #	include snippets/ldap.conf;
+    #}
+}

fet.at/instagram.conf

@@ -0,0 +1,31 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name instagram.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name instagram.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/instagram.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/instagram.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/instagram.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+    include snippets/header.conf;
+
+    location / {
+	return 302 https://www.instagram.com/fet_tuwien/;
+    }
+
+    #location /LVA/LVAs {
+    #    proxy_pass http://proteus;
+    #    include snippets/proxy_header.conf;
+    #
+    #    include snippets/ldap.conf;
+    #}
+
+}

fet.at/t2.conf

@@ -0,0 +1,23 @@
+
+server {
+    listen 80;
+    server_name *.t2.fet.at;
+    include snippets/letsencrypt.conf;
+ #   root /var/www/html
+#    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443;
+    server_name t2.fet.at *.t2.fet.at;
+    include snippets/ssl.conf;
+    include snippets/ldap.conf;
+
+    location / {
+#            include snippets/header.conf;
+	    proxy_pass https://rancher:443;
+            include snippets/proxy_header.conf;
+
+    #    include snippets/proxy_header.conf;
+    }
+}

fet.at/telegram.conf

@@ -0,0 +1,31 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name telegram.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name telegram.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/telegram.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/telegram.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/telegram.fet.at/chain.pem;
+    include snippets/ssl.conf;
+
+    include snippets/header.conf;
+
+    location / {
+	return 302 https://t.me/FETInfo;
+    }
+
+    #location /LVA/LVAs {
+    #    proxy_pass http://proteus;
+    #    include snippets/proxy_header.conf;
+    #
+    #    include snippets/ldap.conf;
+    #}
+
+}

fet.at/triton20.conf

@@ -0,0 +1,84 @@
+server {
+    listen 80;
+    server_name *.triton20.fet.at;
+    include snippets/letsencrypt.conf;
+}
+
+
+# server {
+#    listen 80;
+#    server_name triton20.fet.at *.triton20.fet.at;
+#    location / {
+#    proxy_pass http://triton20:80;
+#     #   include snippets/proxy_header.conf;
+#    }
+#}
+server {
+    listen 443;
+    server_name triton20.fet.at *.triton20.fet.at;
+    location / {
+    proxy_pass https://triton20:443;
+    #    include snippets/proxy_header.conf;
+    }
+}
+
+server {
+    listen 443;
+    server_name andis.triton20.fet.at;
+    location / {
+    include snippets/ldap.conf;
+    proxy_pass http://triton20:8101;
+       include snippets/proxy_header.conf;
+    proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    
+}
+}
+
+server {
+    listen 443 ssl http2;
+    server_name patrick.triton20.fet.at;
+
+#    ssl_certificate /etc/letsencrypt/live/triton20.fet.at/fullchain.pem;
+#    ssl_certificate_key /etc/letsencrypt/live/triton20.fet.at/privkey.pem;
+#    ssl_trusted_certificate /etc/letsencrypt/live/triton20.fet.at/chain.pem;
+    include snippets/ssl.conf;
+include snippets/ldap.conf;
+    client_max_body_size 1000M;
+    location / {
+        include snippets/header.conf;
+        proxy_pass http://triton20:8107;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+        location /dev {
+
+        proxy_pass http://triton20:8107;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+        location /etherpad {
+
+        proxy_pass http://triton20:8107;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
+}
+
+
+    location /admin {
+
+       
+        proxy_pass http://triton20:8107;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+
+}
+

triton.fet.at/docker.conf

@@ -0,0 +1,177 @@
+server {
+    listen 80;
+    server_name triton2.fet.at *.triton2.fet.at www.triton2.fet.at triton2.local;
+
+    include snippets/letsencrypt.conf;
+}
+server {
+    listen 80;
+    server_name portainer.triton20.fet.at;
+
+    include snippets/letsencrypt.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name portainer.triton2.fet.at www.portainer.triton2.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
+    include snippets/ssl.conf;
+    
+    location / {
+
+        proxy_pass http://rancher:9000;
+	
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "";
+
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+
+    }
+    location /api/websocket/ {
+        set $upstream_endpoint http://rancher:9000;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+        proxy_http_version 1.1;
+        proxy_pass $upstream_endpoint;
+        proxy_redirect http://rancher:9000 $scheme://$host/;
+    }   
+}
+server {
+    listen 443 ssl http2;
+    server_name portainer.triton20.fet.at www.portainer.triton20.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
+    include snippets/ssl.conf;
+    
+    location / {
+
+        proxy_pass http://triton20:9000;
+	
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "";
+
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+
+    }
+    location /api/websocket/ {
+        set $upstream_endpoint http://triton20:9000;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+        proxy_http_version 1.1;
+        proxy_pass $upstream_endpoint;
+        proxy_redirect http://triton20:9000 $scheme://$host/;
+    }   
+}
+
+server {
+    listen 443 ssl http2;
+    server_name www.triton2.fet.at *.triton2.fet.at triton2.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
+    include snippets/ssl.conf;
+
+    client_max_body_size 1000M;
+    location /dev {
+    include snippets/ldap.conf;
+    proxy_pass http://rancher:80;
+        include snippets/proxy_header.conf;
+
+    }
+    location /dokuwiki {
+        include snippets/ldap.conf;
+        proxy_pass http://rancher:80;
+        include snippets/proxy_header.conf;
+    	     
+    }
+    location /etherpad {
+     proxy_pass http://rancher:80;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+	proxy_set_header X-Authenticated-User $remote_user; 
+    }
+    location / {
+        include snippets/ldap.conf;
+    	#include snippets/header.conf; # security headers	
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
+	proxy_pass http://rancher:80;	  
+        include snippets/proxy_header.conf;
+
+
+    }
+}
+server {
+    listen 443 ssl http2;
+    server_name proxy.triton2.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
+    include snippets/ssl.conf;
+    include snippets/header.conf;
+
+#    include snippets/ldap.conf;
+    client_max_body_size 1000M;
+
+    location / {
+        proxy_pass https://rancher:443;
+        include snippets/proxy_header.conf;
+
+    }
+}
+server {
+    listen 443 ssl http2;
+    server_name docker.triton2.fet.at;
+
+    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
+    include snippets/ssl.conf;
+    include snippets/header.conf;
+#    satisfy any;
+#    allow 192.168.86.0/24;
+
+    client_max_body_size 1000M;
+
+    location / {
+        proxy_pass https://rancher:443;
+        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user; 
+
+    }
+    location /v2/ {
+        proxy_pass https://rancher:443;
+        include snippets/proxy_header.conf;
+    include snippets/ldap.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user; 
+
+}
+
+
+
+}

triton.fet.at/welcome.conf

@@ -24,67 +24,19 @@ server {
 
 
 
-server {
-    listen 443 ssl http2;
-    server_name portainer.triton.fet.at www.portainer.triton.fet.at;
-
-    ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
-    include snippets/ssl.conf;
-
-#    include snippets/ldap.conf;
-    
-    location / {
-
-        proxy_pass http://rancher:9000;
-#        include snippets/proxy_header.conf;
-        #        proxy_set_header Authorization "";
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "";
-
-        proxy_set_header X-Forwarded-Host $server_name;
-        proxy_set_header X-Upstream $upstream_addr;
-
-    }
-    location /api/websocket/ {
-        set $upstream_endpoint http://rancher:9000;
-        proxy_buffering off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Server $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Host $server_name;
-        proxy_set_header X-Upstream $upstream_addr;
-        proxy_http_version 1.1;
-        proxy_pass $upstream_endpoint;
-        proxy_redirect http://rancher:9000 $scheme://$host/;
-    }
-    
-
-
-    
-}
 
 server {
     listen 80;
-    server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at;
+    server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at;
 
     client_max_body_size 1000M;
 
 
     location / {
 
-        #include snippets/ldap.conf;
+        include snippets/ldap.conf;
         proxy_pass http://rancher:80;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
 
 location /.well-known/ {
@@ -101,7 +53,7 @@ location = /.well-known/acme-challenge/ {
 
 server {
     listen 443 ssl http2;
-    server_name www.rancher.fet.at www.triton2.fet.at rancher.fet.at *.rancher.fet.at *.triton2.fet.at triton2.fet.at;
+    server_name www.rancher.fet.at rancher.fet.at *.rancher.fet.at;
 
     ssl_certificate /etc/letsencrypt/live/triton2.fet.at/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at/privkey.pem;
@@ -116,11 +68,6 @@ server {
         #include snippets/ldap.conf;
         proxy_pass https://rancher:443;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-#        proxy_set_header Authorization "";
-#        proxy_set_header REMOTE_USER $remote_user;
     }
 }
 
@@ -137,12 +84,10 @@ server {
     client_max_body_size 1000M;
     location / {
 
-        #include snippets/ldap.conf;
+       #include snippets/ldap.conf;
         proxy_pass http://rancher:81;
         include snippets/proxy_header.conf;
-        proxy_http_version 1.1;
+
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
 #        proxy_set_header Authorization "";
 #        proxy_set_header REMOTE_USER $remote_user;
     }