diff --git a/conf.d/fet.at/bierwiegen.conf b/conf.d/fet.at/bierwiegen.conf new file mode 100644 index 0000000..ff147e0 --- /dev/null +++ b/conf.d/fet.at/bierwiegen.conf @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name bierwiegen.fet.at; + return 302 https://bierwiegen.com/; +} + diff --git a/conf.d/fet.at/crashkurs.conf b/conf.d/fet.at/crashkurs.conf new file mode 100644 index 0000000..277dfa1 --- /dev/null +++ b/conf.d/fet.at/crashkurs.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name crashkurs.fet.at; + set $proxy_host proteus; + set $proxy_port 80; + more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + + include insecure_proxy.conf; +} + diff --git a/conf.d/fet.at/default.conf.save b/conf.d/fet.at/default.conf.save new file mode 100644 index 0000000..e4d6050 --- /dev/null +++ b/conf.d/fet.at/default.conf.save @@ -0,0 +1,25 @@ +server { + listen 443 ssl; + server_name fet.at; + include ssl.conf; + + + set $proxy_host triton20; + set $proxy_port 8080; + + location / { + include proxy.conf; + include secure.conf; + proxy_pass http://$proxy_host:$proxy_port; + } + location /etherpad { + include proxy.conf; + include secure.conf; + more_clear_headers Content-Security-Policy; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + proxy_pass http://$proxy_host:$proxy_port; + } +} + + diff --git a/conf.d/fet.at/legacy.conf b/conf.d/fet.at/legacy.conf new file mode 100644 index 0000000..f7956c6 --- /dev/null +++ b/conf.d/fet.at/legacy.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name legacy.fet.at; + set $proxy_host 192.168.86.39; + set $proxy_port 3333; + + + include internal_proxy.conf; +} + diff --git a/conf.d/fet.at/legacy.conf~ b/conf.d/fet.at/legacy.conf~ new file mode 100644 index 0000000..04d85a4 --- /dev/null +++ b/conf.d/fet.at/legacy.conf~ @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name legacy.fet.at; + set $proxy_host 192.168.249.5; + set $proxy_port 3333; + + include internal_proxy.conf; +} + diff --git a/conf.d/fet.at/mail.conf.save b/conf.d/fet.at/mail.conf.save new file mode 100644 index 0000000..5fc0577 --- /dev/null +++ b/conf.d/fet.at/mail.conf.save @@ -0,0 +1,83 @@ + +server { + listen 443 ssl; + include ssl.conf; + + server_name fet.htu.tuwien.ac.at; + location / { + return 302 https://mail.fet.at$request_uri; + } + +} + + +server { + listen 443 ssl; + include ssl.conf; + + server_name mail.fet.at www.mail.fet.at; + proxy_cookie_domain fet.htu.tuwien.ac.at mail.fet.at; + + location / { + include secure.conf; + root /var/www/mail; + } + + location /mail5/ { +# include proxy.conf; + include secure.conf; + more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self' 'https://fet.htu.tuwien.ac.at'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'self'"; + proxy_pass http://192.168.249.4/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host horde.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Accept-Encoding ""; + sub_filter_types text/xml text/javascript application/javascript; + sub_filter_once off; + sub_filter 'fet.htu.tuwien.ac.at' 'mail.fet.at'; + + } + + location /mail3/ { + include secure.conf; + return 302 https://mail3.fet.at$request_uri; + } + + location /images/ { + include secure.conf; + root /var/www/mail; + } + + location = /mail { + return 301 https://$host; + } + + location /mail/ { + include secure.conf; + root /var/www/mail; + } + +} + +server { + listen 443 ssl; + include ssl.conf; + server_name mail3.fet.at; + + proxy_cookie_domain fet.htu.tuwien.ac.at mail3.fet.at; # fix cookies + + location / { + include secure.conf; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self' 'https://fet.htu.tuwien.ac.at'; script-src 'self' ; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'self' ; frame-src 'self'"; + rewrite ^/mail3(.*)$ $1; + more_set_headers "X-Frame-Options: sameorigin"; + proxy_pass http://192.168.249.4/; + proxy_set_header Host squirrelmail.fet.htu.tuwien.ac.at; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $host; + sub_filter_types text/xml; + sub_filter_once off; + sub_filter 'fet.htu.tuwien.ac.at' 'mail3.fet.at'; + + } +} diff --git a/conf.d/fet.at/mail2022.conf b/conf.d/fet.at/mail2022.conf new file mode 100644 index 0000000..6681346 --- /dev/null +++ b/conf.d/fet.at/mail2022.conf @@ -0,0 +1,34 @@ +server { + listen 80; + server_name mail2022.fet.at;# autodiscover.* autoconfig.*; + return 301 https://mail2022.fet.at$request_uri; +} + +server { + listen 443 ssl; + server_name mail2022.fet.at;# autodiscover.* autoconfig.*; + include ssl.conf; + include ldap.conf; + + set $proxy_host phobos; + set $proxy_port 80; + + client_max_body_size 50M; + #ssl_protocols TLSv1.2; + #ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; + #ssl_prefer_server_ciphers off; + location / { + include proxy.conf; + include secure.conf; + #proxy_set_header Host $http_host; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Authorization ""; +# proxy_pass_header Authorization; + more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' https://mail2022.fet.at/; style-src 'self' 'unsafe-inline' https://mail2022.fet.at/; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://mail2022.fet.at/ ; frame-ancestors 'self' "; + proxy_ssl_verify off; + proxy_pass http://$proxy_host:$proxy_port; + } +} + diff --git a/conf.d/fet.at/mail2022.conf.save b/conf.d/fet.at/mail2022.conf.save new file mode 100644 index 0000000..9aab0c9 --- /dev/null +++ b/conf.d/fet.at/mail2022.conf.save @@ -0,0 +1,32 @@ +server { + listen 80; + server_name mail2022.fet.at;# autodiscover.* autoconfig.*; + return 301 https://mail2022.fet.at$request_uri; +} + +server { + listen 443 ssl; + server_name mail2022.fet.at;# autodiscover.* autoconfig.*; + include ssl.conf; + include ldap.conf; + + set $proxy_host phobos; + set $proxy_port 443; + + client_max_body_size 50M; + #ssl_protocols TLSv1.2; + #ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; + #ssl_prefer_server_ciphers off; + location / { + include proxy.conf; + include secure.conf; + #proxy_set_header Host $http_host; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Proto $scheme; + + more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' https://mail2022.fet.at/; style-src 'self' 'unsafe-inline' https://mail2022.fet.at/; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://mail2022.fet.at/ ; frame-ancestors 'self' "; + proxy_pass https://$proxy_host:$proxy_port; + } +} + diff --git a/conf.d/fet.at/mailtest.conf b/conf.d/fet.at/mailtest.conf new file mode 100644 index 0000000..ca82b9d --- /dev/null +++ b/conf.d/fet.at/mailtest.conf @@ -0,0 +1,34 @@ +server { + listen 80; + server_name mailtest.fet.at;# autodiscover.* autoconfig.*; + return 301 https://mailtest.fet.at$request_uri; +} + +server { + listen 443 ssl; + server_name mailtest.fet.at;# autodiscover.* autoconfig.*; + include ssl.conf; + #include ldap.conf; + + set $proxy_host phobos; + set $proxy_port 443; + + client_max_body_size 50M; + #ssl_protocols TLSv1.2; + #ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; + #ssl_prefer_server_ciphers off; + location / { + include proxy.conf; + include secure.conf; + proxy_set_header Host 127.0.0.1; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' https://mail2022.fet.at/; style-src 'self' 'unsafe-inline' https://mail2022.fet.at/; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://mail2022.fet.at/ ; frame-ancestors 'self' "; + proxy_pass https://$proxy_host:$proxy_port; + proxy_buffer_size 128k; + proxy_buffers 64 512k; + proxy_busy_buffers_size 512k; + } +} + diff --git a/conf.d/fet.at/onlyschafe.conf b/conf.d/fet.at/onlyschafe.conf new file mode 100644 index 0000000..16bfe12 --- /dev/null +++ b/conf.d/fet.at/onlyschafe.conf @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name onlyschafe.fet.at; + set $proxy_host onlyschafe; + set $proxy_port 8080; + #more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + + #location ~ ^(/index.php/Intern/.+|/index.php/Spezial) { + # allow 192.168.86.0/24; + # deny all; + # error_page 403 https://wiki.fet.at/index.php/Interne_Seite; + #} + + include insecure_proxy.conf; +} + diff --git a/conf.d/fet.at/patrickdev2022.conf b/conf.d/fet.at/patrickdev2022.conf new file mode 100644 index 0000000..b639dfd --- /dev/null +++ b/conf.d/fet.at/patrickdev2022.conf @@ -0,0 +1,44 @@ +server { + listen 443 ssl; + server_name patrickdev2022.fet.at; + include ssl.conf; + include ldap.conf; + #changed 22.9.22, andis + client_max_body_size 50M; + + + set $proxy_host patrickDEV2022; + set $proxy_port 8107; + +# include default_proxy.conf; + location / { + include proxy.conf; + include secure.conf; + proxy_pass http://$proxy_host:$proxy_port; + } + location /etherpad { + include proxy.conf; + include secure.conf; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fet.at; style-src 'self' 'unsafe-inline' *.fet.at; font-src 'self' 'unsafe-inline' *.fet.at; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' *.fet.at ; frame-ancestors 'none'"; + proxy_pass http://$proxy_host:$proxy_port; + } + + location /admin { + include proxy.conf; + include secure.conf; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + proxy_pass http://$proxy_host:$proxy_port; + } + + location /dev { + include proxy.conf; + include secure.conf; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + proxy_pass http://$proxy_host:$proxy_port; + } + + +} diff --git a/conf.d/fet.at/test.conf b/conf.d/fet.at/test.conf new file mode 100644 index 0000000..53b047e --- /dev/null +++ b/conf.d/fet.at/test.conf @@ -0,0 +1,55 @@ +server { + listen 443 ssl; + server_name test.fet.at; + include ssl.conf; + + #changed 22.9.22, andis + client_max_body_size 50M; + + +# set $proxy_host triton20; +# set $proxy_port 8080; + + + set $proxy_host fetsite2022; + set $proxy_port 8005; + + + + +# location / { return 503 'Andis rulez'; } + #include default_proxy.conf; + + location / { + include proxy.conf; + include secure.conf; + proxy_pass http://$proxy_host:$proxy_port; + #more_set_headers "Content-Security-Policy: default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' ; frame-ancestors 'self'"; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self'; connect-src 'self'; frame-ancestors 'none'"; + } + + + location /etherpad { + include proxy.conf; + include secure.conf; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + #more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://test.fet.at/; style-src 'self' 'unsafe-inline' https://test.fet.at/; font-src 'self' 'unsafe-inline' https://test.fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://test.fet.at/ ; frame-ancestors 'none'"; + more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://test.fet.at/; style-src 'self' 'unsafe-inline' https://test.fet.at/; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://test.fet.at/ ; frame-ancestors 'self' "; + proxy_pass http://$proxy_host:$proxy_port; + } + + location /admin { + include proxy.conf; + include secure.conf; + proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none"; + more_set_headers "Content-Security-Policy: default-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://test.fet.at/; style-src 'self' 'unsafe-inline' https://test.fet.at/; font-src 'self' 'unsafe-inline' https://test.fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://test.fet.at/ ; frame-ancestors 'none'"; + proxy_pass http://$proxy_host:$proxy_port; + } +} + +server { + listen 443 ssl; + server_name www.test.fet.at; + include ssl.conf; + return 302 https://test.fet.at$request_uri; +} diff --git a/conf.d/fet.at/unterlagen.conf b/conf.d/fet.at/unterlagen.conf new file mode 100644 index 0000000..9b91c0a --- /dev/null +++ b/conf.d/fet.at/unterlagen.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name unterlagen.fet.at; + set $proxy_host proteus; + set $proxy_port 80; + more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + + include insecure_proxy.conf; +} + diff --git a/conf.d/fet.at/wiki.conf b/conf.d/fet.at/wiki.conf new file mode 100644 index 0000000..70221ef --- /dev/null +++ b/conf.d/fet.at/wiki.conf @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name wiki.fet.at; + set $proxy_host wiki; + set $proxy_port 8080; + #more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + + #location ~ ^(/index.php/Intern/.+|/index.php/Spezial) { + # allow 192.168.86.0/24; + # deny all; + # error_page 403 https://wiki.fet.at/index.php/Interne_Seite; + #} + + include insecure_proxy.conf; +} + diff --git a/conf.d/fet.at/workshop.conf b/conf.d/fet.at/workshop.conf new file mode 100644 index 0000000..6738e30 --- /dev/null +++ b/conf.d/fet.at/workshop.conf @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + include ssl.conf; + + server_name workshop.fet.at; + set $proxy_host proteus; + set $proxy_port 80; + #more_set_headers "Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fet.at/; style-src 'self' 'unsafe-inline' https://fet.at/; font-src 'self' 'unsafe-inline' https://fet.at/; base-uri 'self'; form-action 'self'; connect-src 'self' 'unsafe-inline' https://fet.at/ ; frame-ancestors 'none'"; + + #location ~ ^(/index.php/Intern/.+|/index.php/Spezial) { + # allow 192.168.86.0/24; + # deny all; + # error_page 403 https://wiki.fet.at/index.php/Interne_Seite; + #} + + include insecure_proxy.conf; +} +