From 8ad23b1307b7b1eb88a70879d66397d3177ef3df Mon Sep 17 00:00:00 2001 From: root Date: Sun, 14 Aug 2022 07:35:33 +0000 Subject: [PATCH] Initial Config --- conf.d/default.conf | 26 ++++++++++++ conf.d/fet.at/default.conf | 10 +++++ conf.d/fet.at/discord.conf | 8 ++++ conf.d/fet.at/docker.conf | 11 ++++++ conf.d/fet.at/facebook.conf | 8 ++++ conf.d/fet.at/git.conf | 14 +++++++ conf.d/fet.at/horde.conf.txt | 61 +++++++++++++++++++++++++++++ conf.d/fet.at/infoscreen.conf | 11 ++++++ conf.d/fet.at/instagram.conf | 8 ++++ conf.d/fet.at/instagram.fet.at | 11 ++++++ conf.d/fet.at/jenkins.conf | 11 ++++++ conf.d/fet.at/mail.conf | 61 +++++++++++++++++++++++++++++ conf.d/fet.at/telegram.conf | 8 ++++ conf.d/fet.at/ticket.conf | 11 ++++++ conf.d/luna.fet.at/patrick.conf | 45 +++++++++++++++++++++ conf.d/luna.fet.at/portainer.conf | 11 ++++++ conf.d/triton20.fet.at/default.conf | 44 +++++++++++++++++++++ conf.d/triton20.fet.at/patrick.conf | 45 +++++++++++++++++++++ 18 files changed, 404 insertions(+) create mode 100644 conf.d/default.conf create mode 100644 conf.d/fet.at/default.conf create mode 100644 conf.d/fet.at/discord.conf create mode 100644 conf.d/fet.at/docker.conf create mode 100644 conf.d/fet.at/facebook.conf create mode 100644 conf.d/fet.at/git.conf create mode 100644 conf.d/fet.at/horde.conf.txt create mode 100644 conf.d/fet.at/infoscreen.conf create mode 100644 conf.d/fet.at/instagram.conf create mode 100644 conf.d/fet.at/instagram.fet.at create mode 100644 conf.d/fet.at/jenkins.conf create mode 100644 conf.d/fet.at/mail.conf create mode 100644 conf.d/fet.at/telegram.conf create mode 100644 conf.d/fet.at/ticket.conf create mode 100644 conf.d/luna.fet.at/patrick.conf create mode 100644 conf.d/luna.fet.at/portainer.conf create mode 100644 conf.d/triton20.fet.at/default.conf create mode 100644 conf.d/triton20.fet.at/patrick.conf diff --git a/conf.d/default.conf b/conf.d/default.conf new file mode 100644 index 0000000..c939065 --- /dev/null +++ b/conf.d/default.conf @@ -0,0 +1,26 @@ +server { + listen 80 default_server; + location ^~ /.well-known/acme-challenge/ { + content_by_lua_block { + auto_ssl:challenge_server() + } + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + include ldap.conf; + include ssl.conf; + add_header X-debug-message "Fallback Entry" always; + return 404; +} + + +include /etc/nginx/conf.d/fet.at/*.conf; +include /etc/nginx/conf.d/triton20.fet.at/*.conf; +include /etc/nginx/conf.d/luna.fet.at/*.conf; + + diff --git a/conf.d/fet.at/default.conf b/conf.d/fet.at/default.conf new file mode 100644 index 0000000..326edb6 --- /dev/null +++ b/conf.d/fet.at/default.conf @@ -0,0 +1,10 @@ +server { + listen 443 ssl; + server_name fet.at; + include ssl.conf; + + set $proxy_host triton20; + set $proxy_port 8080; + + include default_proxy.conf; +} diff --git a/conf.d/fet.at/discord.conf b/conf.d/fet.at/discord.conf new file mode 100644 index 0000000..9c3fc6a --- /dev/null +++ b/conf.d/fet.at/discord.conf @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name discord.fet.at; + return 302 https://discord.gg/7qRuuMA; +} + diff --git a/conf.d/fet.at/docker.conf b/conf.d/fet.at/docker.conf new file mode 100644 index 0000000..0914abd --- /dev/null +++ b/conf.d/fet.at/docker.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name docker.fet.at; + set $proxy_host triton20; + set $proxy_port 5000; + + include default_proxy.conf; +} + diff --git a/conf.d/fet.at/facebook.conf b/conf.d/fet.at/facebook.conf new file mode 100644 index 0000000..c44b101 --- /dev/null +++ b/conf.d/fet.at/facebook.conf @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name facebook.fet.at; + return 302 https://www.facebook.com/FachschaftET/; +} + diff --git a/conf.d/fet.at/git.conf b/conf.d/fet.at/git.conf new file mode 100644 index 0000000..366c2af --- /dev/null +++ b/conf.d/fet.at/git.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name git.fet.at; + set $proxy_host zyklon; + set $proxy_port 3000; + location / { + include proxy.conf; +# add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'none'"; + proxy_pass http://zyklon:3000; + } +} + diff --git a/conf.d/fet.at/horde.conf.txt b/conf.d/fet.at/horde.conf.txt new file mode 100644 index 0000000..a2b11be --- /dev/null +++ b/conf.d/fet.at/horde.conf.txt @@ -0,0 +1,61 @@ + +server { + listen 443 ssl; + include ssl.conf; + + server_name fet.htu.tuwien.ac.at; + location / { + return 302 https://mail.fet.at$request_uri; + } + +} + + +server { + listen 443 ssl; + include ssl.conf; + + server_name mail.fet.at www.mail.fet.at; + +# add_header "Strict-Transport-Security max-age=63072000; includeSubdomains; preload" always; + + location / { + include secure.conf; + root /var/www/mail; + } + + location /mail5/ { +# include proxy.conf; +# include secure.conf; + proxy_pass http://192.168.249.4/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host horde.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-Host $host; + } + + location /mail3/ { + include proxy.conf; + include secure.conf; + proxy_pass http://192.168.249.4/; + proxy_set_header Host squirrelmail.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_buffering off; + } + + location /images/ { + include secure.conf; + root /var/www/mail; + } + + location = /mail { + return 301 https://$host; + } + + location /mail/ { + include secure.conf; + root /var/www/mail; + } + + +} + diff --git a/conf.d/fet.at/infoscreen.conf b/conf.d/fet.at/infoscreen.conf new file mode 100644 index 0000000..2488249 --- /dev/null +++ b/conf.d/fet.at/infoscreen.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name infoscreen.fet.at; + set $proxy_host proteus; + set $proxy_port 80; + + include default_proxy.conf; +} + diff --git a/conf.d/fet.at/instagram.conf b/conf.d/fet.at/instagram.conf new file mode 100644 index 0000000..2b35613 --- /dev/null +++ b/conf.d/fet.at/instagram.conf @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name instagram.fet.at; + return 302 https://www.instagram.com/fet_tuwien; +} + diff --git a/conf.d/fet.at/instagram.fet.at b/conf.d/fet.at/instagram.fet.at new file mode 100644 index 0000000..5395014 --- /dev/null +++ b/conf.d/fet.at/instagram.fet.at @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name instagram.fet.at; + + location / { + return 302 https://www.instagram.com/fet_tuwien/; + } +} + diff --git a/conf.d/fet.at/jenkins.conf b/conf.d/fet.at/jenkins.conf new file mode 100644 index 0000000..b2d0793 --- /dev/null +++ b/conf.d/fet.at/jenkins.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name jenkins.fet.at; + set $proxy_host triton20; + set $proxy_port 49155; + + include default_proxy.conf; +} + diff --git a/conf.d/fet.at/mail.conf b/conf.d/fet.at/mail.conf new file mode 100644 index 0000000..a2b11be --- /dev/null +++ b/conf.d/fet.at/mail.conf @@ -0,0 +1,61 @@ + +server { + listen 443 ssl; + include ssl.conf; + + server_name fet.htu.tuwien.ac.at; + location / { + return 302 https://mail.fet.at$request_uri; + } + +} + + +server { + listen 443 ssl; + include ssl.conf; + + server_name mail.fet.at www.mail.fet.at; + +# add_header "Strict-Transport-Security max-age=63072000; includeSubdomains; preload" always; + + location / { + include secure.conf; + root /var/www/mail; + } + + location /mail5/ { +# include proxy.conf; +# include secure.conf; + proxy_pass http://192.168.249.4/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host horde.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-Host $host; + } + + location /mail3/ { + include proxy.conf; + include secure.conf; + proxy_pass http://192.168.249.4/; + proxy_set_header Host squirrelmail.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_buffering off; + } + + location /images/ { + include secure.conf; + root /var/www/mail; + } + + location = /mail { + return 301 https://$host; + } + + location /mail/ { + include secure.conf; + root /var/www/mail; + } + + +} + diff --git a/conf.d/fet.at/telegram.conf b/conf.d/fet.at/telegram.conf new file mode 100644 index 0000000..9452c96 --- /dev/null +++ b/conf.d/fet.at/telegram.conf @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name telegram.fet.at; + return 302 https://t.me/FETInfo; +} + diff --git a/conf.d/fet.at/ticket.conf b/conf.d/fet.at/ticket.conf new file mode 100644 index 0000000..e1d939a --- /dev/null +++ b/conf.d/fet.at/ticket.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name ticket.fet.at; + set $proxy_host proteus; + set $proxy_port 80; + + include default_proxy.conf; +} + diff --git a/conf.d/luna.fet.at/patrick.conf b/conf.d/luna.fet.at/patrick.conf new file mode 100644 index 0000000..66deb30 --- /dev/null +++ b/conf.d/luna.fet.at/patrick.conf @@ -0,0 +1,45 @@ +server { + listen 443 ssl http2; + server_name patrick.luna.fet.at; + include ssl.conf; + include ldap.conf; + client_max_body_size 1000M; + location / { + include secure.conf; + include proxy.conf; + proxy_pass http://lunochod:8001; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + #proxy_pass_header content-security-policy; ##pet, 3.1.22 + } + + location /dev { + include proxy.conf; + proxy_pass http://lunochod:8001; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + location /etherpad { + include proxy.conf; + proxy_pass http://lunochod:8001; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"; +} + + location /admin { + include proxy.conf; + proxy_pass http://lunochod:8001; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} + + + diff --git a/conf.d/luna.fet.at/portainer.conf b/conf.d/luna.fet.at/portainer.conf new file mode 100644 index 0000000..9402809 --- /dev/null +++ b/conf.d/luna.fet.at/portainer.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name portainer.luna.fet.at; + set $proxy_host luna; + set $proxy_port 9000; + + include default_proxy.conf; +} + diff --git a/conf.d/triton20.fet.at/default.conf b/conf.d/triton20.fet.at/default.conf new file mode 100644 index 0000000..8f32a1b --- /dev/null +++ b/conf.d/triton20.fet.at/default.conf @@ -0,0 +1,44 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name *.triton20.fet.at triton20.fet.at; + set $proxy_host triton20; + set $proxy_port 443; + + include default_proxy.conf; +} + +server { + listen 443 ssl http2; + server_name portainer.triton20.fet.at www.portainer.triton20.fet.at; + include ssl.conf; + + location / { + + proxy_pass http://triton20:9000; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection ""; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + + } + location /api/websocket/ { + set $upstream_endpoint http://triton20:9000; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Upstream $upstream_addr; + proxy_http_version 1.1; + proxy_pass $upstream_endpoint; + proxy_redirect http://triton20:9000 $scheme://$host/; + } +} + diff --git a/conf.d/triton20.fet.at/patrick.conf b/conf.d/triton20.fet.at/patrick.conf new file mode 100644 index 0000000..001cf56 --- /dev/null +++ b/conf.d/triton20.fet.at/patrick.conf @@ -0,0 +1,45 @@ +server { + listen 443 ssl http2; + server_name patrick.triton20.fet.at; + include ssl.conf; + include ldap.conf; + client_max_body_size 1000M; + location / { + include secure.conf; + include proxy.conf; + proxy_pass http://triton20:8107; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + #proxy_pass_header content-security-policy; ##pet, 3.1.22 + } + + location /dev { + include proxy.conf; + proxy_pass http://triton20:8107; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + location /etherpad { + include proxy.conf; + proxy_pass http://triton20:8107; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"; +} + + location /admin { + include proxy.conf; + proxy_pass http://triton20:8107; +# include snippets/proxy_header.conf; + proxy_set_header Authorization ""; + proxy_set_header REMOTE_USER $remote_user; + } + + +} + + +