Initial Config

conf.d/default.conf

@@ -0,0 +1,26 @@
+server {
+    listen 80 default_server;
+    location ^~ /.well-known/acme-challenge/ {
+      content_by_lua_block {
+        auto_ssl:challenge_server()
+      }
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+    
+server {
+    listen 443 ssl http2;
+    include ldap.conf;
+    include ssl.conf;
+    add_header X-debug-message "Fallback Entry" always;
+    return 404;
+}
+
+
+include /etc/nginx/conf.d/fet.at/*.conf;
+include /etc/nginx/conf.d/triton20.fet.at/*.conf;
+include /etc/nginx/conf.d/luna.fet.at/*.conf;
+
+

conf.d/fet.at/default.conf

@@ -0,0 +1,10 @@
+server {
+    listen 443 ssl;
+    server_name fet.at;
+    include ssl.conf;
+    
+    set $proxy_host triton20;
+    set $proxy_port 8080;
+
+    include default_proxy.conf;
+}

conf.d/fet.at/discord.conf

@@ -0,0 +1,8 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name discord.fet.at;
+    return 302 https://discord.gg/7qRuuMA;
+}
+

conf.d/fet.at/docker.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+
+    server_name docker.fet.at;
+    set $proxy_host triton20;
+    set $proxy_port 5000;
+
+    include default_proxy.conf;
+}
+

conf.d/fet.at/facebook.conf

@@ -0,0 +1,8 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name facebook.fet.at;
+    return 302 https://www.facebook.com/FachschaftET/;
+}
+

conf.d/fet.at/git.conf

@@ -0,0 +1,14 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name git.fet.at;
+    set $proxy_host zyklon;
+    set $proxy_port 3000;
+    location / {
+        include proxy.conf;
+#        add_header Content-Security-Policy "default-src 'none'; img-src 'self';  script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';  font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'none'";
+        proxy_pass http://zyklon:3000;
+    }
+}
+

conf.d/fet.at/horde.conf.txt

@@ -0,0 +1,61 @@
+
+server {
+    listen 443 ssl;
+    include ssl.conf;
+
+    server_name  fet.htu.tuwien.ac.at;
+    location / {
+    return 302 https://mail.fet.at$request_uri;
+    }
+
+}
+
+
+server {
+    listen 443 ssl;
+    include ssl.conf;
+
+    server_name  mail.fet.at www.mail.fet.at;
+
+#    add_header "Strict-Transport-Security max-age=63072000; includeSubdomains; preload" always;
+
+    location / {
+	include secure.conf;
+        root /var/www/mail;
+    }
+    
+    location /mail5/ {
+#        include proxy.conf;
+#        include secure.conf;
+        proxy_pass http://192.168.249.4/;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host horde.fet.htu.tuwien.ac.at;
+	proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /mail3/ {
+        include proxy.conf;
+        include secure.conf;
+        proxy_pass http://192.168.249.4/;
+        proxy_set_header Host squirrelmail.fet.htu.tuwien.ac.at;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_buffering off;
+    }
+
+    location /images/ {
+        include secure.conf;
+        root /var/www/mail;
+    }
+
+    location = /mail {
+        return 301 https://$host;	        
+    }
+
+    location /mail/ {
+        include secure.conf;
+        root /var/www/mail;
+    }
+
+
+}
+

conf.d/fet.at/infoscreen.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name infoscreen.fet.at;
+    set $proxy_host proteus;
+    set $proxy_port 80;
+
+    include default_proxy.conf;
+}
+

conf.d/fet.at/instagram.conf

@@ -0,0 +1,8 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name instagram.fet.at;
+    return 302 https://www.instagram.com/fet_tuwien;
+}
+

conf.d/fet.at/instagram.fet.at

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name instagram.fet.at;
+
+	location / {
+	return 302 https://www.instagram.com/fet_tuwien/;
+	}
+}
+

conf.d/fet.at/jenkins.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name jenkins.fet.at;
+    set $proxy_host triton20;
+    set $proxy_port 49155;
+
+    include default_proxy.conf;
+}
+

conf.d/fet.at/mail.conf

@@ -0,0 +1,61 @@
+
+server {
+    listen 443 ssl;
+    include ssl.conf;
+
+    server_name  fet.htu.tuwien.ac.at;
+    location / {
+    return 302 https://mail.fet.at$request_uri;
+    }
+
+}
+
+
+server {
+    listen 443 ssl;
+    include ssl.conf;
+
+    server_name  mail.fet.at www.mail.fet.at;
+
+#    add_header "Strict-Transport-Security max-age=63072000; includeSubdomains; preload" always;
+
+    location / {
+	include secure.conf;
+        root /var/www/mail;
+    }
+    
+    location /mail5/ {
+#        include proxy.conf;
+#        include secure.conf;
+        proxy_pass http://192.168.249.4/;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host horde.fet.htu.tuwien.ac.at;
+	proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location /mail3/ {
+        include proxy.conf;
+        include secure.conf;
+        proxy_pass http://192.168.249.4/;
+        proxy_set_header Host squirrelmail.fet.htu.tuwien.ac.at;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_buffering off;
+    }
+
+    location /images/ {
+        include secure.conf;
+        root /var/www/mail;
+    }
+
+    location = /mail {
+        return 301 https://$host;	        
+    }
+
+    location /mail/ {
+        include secure.conf;
+        root /var/www/mail;
+    }
+
+
+}
+

conf.d/fet.at/telegram.conf

@@ -0,0 +1,8 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name telegram.fet.at;
+    return 302 https://t.me/FETInfo;
+}
+

conf.d/fet.at/ticket.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name ticket.fet.at;
+    set $proxy_host proteus;
+    set $proxy_port 80;
+
+    include default_proxy.conf;
+}
+

conf.d/luna.fet.at/patrick.conf

@@ -0,0 +1,45 @@
+server {
+    listen 443 ssl http2;
+    server_name patrick.luna.fet.at;
+    include ssl.conf;
+    include ldap.conf;
+    client_max_body_size 1000M;
+    location / {
+        include secure.conf;
+	include proxy.conf;
+        proxy_pass http://lunochod:8001;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+        #proxy_pass_header content-security-policy; ##pet, 3.1.22
+    }
+
+    location /dev {
+	include proxy.conf;
+        proxy_pass http://lunochod:8001;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+    location /etherpad {
+	include proxy.conf;
+        proxy_pass http://lunochod:8001;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
+}
+
+    location /admin {
+	include proxy.conf;
+        proxy_pass http://lunochod:8001;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+
+}
+
+
+

conf.d/luna.fet.at/portainer.conf

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name portainer.luna.fet.at;
+    set $proxy_host luna;
+    set $proxy_port 9000;
+
+    include default_proxy.conf;
+}
+

conf.d/triton20.fet.at/default.conf

@@ -0,0 +1,44 @@
+server {
+    listen 443 ssl;
+    include ssl.conf;
+    
+    server_name *.triton20.fet.at triton20.fet.at;
+    set $proxy_host triton20;
+    set $proxy_port 443;
+
+    include default_proxy.conf;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name portainer.triton20.fet.at www.portainer.triton20.fet.at;
+    include ssl.conf;
+
+    location / {
+	
+        proxy_pass http://triton20:9000;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "";
+
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+
+    }
+    location /api/websocket/ {
+        set $upstream_endpoint http://triton20:9000;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Upstream $upstream_addr;
+        proxy_http_version 1.1;
+        proxy_pass $upstream_endpoint;
+        proxy_redirect http://triton20:9000 $scheme://$host/;
+    }
+}
+

conf.d/triton20.fet.at/patrick.conf

@@ -0,0 +1,45 @@
+server {
+    listen 443 ssl http2;
+    server_name patrick.triton20.fet.at;
+    include ssl.conf;
+    include ldap.conf;
+    client_max_body_size 1000M;
+    location / {
+        include secure.conf;
+	include proxy.conf;
+        proxy_pass http://triton20:8107;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+        #proxy_pass_header content-security-policy; ##pet, 3.1.22
+    }
+
+    location /dev {
+	include proxy.conf;
+        proxy_pass http://triton20:8107;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+    location /etherpad {
+	include proxy.conf;
+        proxy_pass http://triton20:8107;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
+}
+
+    location /admin {
+	include proxy.conf;
+        proxy_pass http://triton20:8107;
+#        include snippets/proxy_header.conf;
+        proxy_set_header Authorization "";
+        proxy_set_header REMOTE_USER $remote_user;
+    }
+
+
+}
+
+
+