Compare commits
5 Commits
7b36b99e18
...
goaccess
| Author | SHA1 | Date | |
|---|---|---|---|
| dc320d83d4 | |||
| 382a3dd438 | |||
| ff464ef99f | |||
| b710eaa41b | |||
| 9a810fe545 |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -1,5 +1,8 @@
|
||||
.env
|
||||
/data/
|
||||
/certbot/
|
||||
/goaccess/
|
||||
/data/public/
|
||||
!/data/nginx.conf
|
||||
!/data/conf.d/**
|
||||
!/goaccess/goaccess.conf
|
||||
@@ -62,8 +62,8 @@ server {
|
||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/adminer.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/adminer.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/adminer.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/adminer.novicelab.io_error.log debug;
|
||||
|
||||
# Root and index
|
||||
# root /var/www/html;
|
||||
|
||||
@@ -62,8 +62,8 @@ server {
|
||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/auth.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/auth.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/auth.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/auth.novicelab.io_error.log debug;
|
||||
|
||||
# Root and index
|
||||
# root /var/www/html;
|
||||
|
||||
@@ -62,8 +62,8 @@ server {
|
||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/book.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/book.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/book.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/book.novicelab.io_error.log debug;
|
||||
|
||||
# Root and index
|
||||
# root /var/www/html;
|
||||
|
||||
@@ -38,8 +38,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/*.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/*.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/*.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/*.novicelab.io_error.log debug;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name collabora.novicelab.io;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl; # http2;
|
||||
server_name collabora.novicelab.io;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# Security headers
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
|
||||
# set $opencloud_backend 10.0.0.251:9980;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.0.0.251:9980;
|
||||
#proxy_pass http://$opencloud_backend/;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
location ~ ^/cool/(.*)/ws$ {
|
||||
proxy_pass http://10.0.0.251:9980;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
||||
@@ -1,92 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name couch.novicelab.io;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl; # http2;
|
||||
server_name couch.novicelab.io;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# Security headers
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
|
||||
set $couch_backend 10.0.0.251:5984;
|
||||
|
||||
# # Block access to _utils (Fauxton) in production
|
||||
# location /_utils {
|
||||
# deny all;
|
||||
# return 403;
|
||||
# }
|
||||
|
||||
# # Block _config endpoint externally
|
||||
# location /_config {
|
||||
# deny all;
|
||||
# return 403;
|
||||
# }
|
||||
|
||||
# # Block _node endpoint externally
|
||||
# location /_node {
|
||||
# # deny all;
|
||||
# # return 403;
|
||||
# proxy_pass http://$couch_backend/_node;
|
||||
# proxy_redirect off;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Timeouts
|
||||
# proxy_connect_timeout 10s;
|
||||
# proxy_read_timeout 60s;
|
||||
# }
|
||||
|
||||
location / {
|
||||
# Handle CORS preflight without hitting CouchDB auth
|
||||
if ($request_method = OPTIONS) {
|
||||
add_header Access-Control-Allow-Origin $http_origin always;
|
||||
add_header Access-Control-Allow-Methods "GET, PUT, POST, HEAD, DELETE, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "accept, authorization, content-type, origin, referer, x-csrf-token" always;
|
||||
add_header Access-Control-Allow-Credentials "true" always;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Content-Length 0;
|
||||
add_header Content-Type text/plain;
|
||||
return 204;
|
||||
}
|
||||
|
||||
# Pass all other requests to CouchDB
|
||||
# proxy_pass http://127.0.0.1:5984;
|
||||
proxy_pass http://$couch_backend/;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
proxy_method $request_method;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Forward CORS headers from CouchDB responses too
|
||||
add_header Access-Control-Allow-Origin $http_origin always;
|
||||
add_header Access-Control-Allow-Credentials "true" always;
|
||||
|
||||
proxy_connect_timeout 10s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
# Headers for WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
@@ -31,8 +31,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/gitea.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/gitea.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/gitea.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/gitea.novicelab.io_error.log debug;
|
||||
|
||||
set $gitea_backend gitea:3000;
|
||||
|
||||
|
||||
68
data/conf.d/goaccess.conf
Normal file
68
data/conf.d/goaccess.conf
Normal file
@@ -0,0 +1,68 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name goaccess.novicelab.io;
|
||||
|
||||
# ACME challenge for Let's Encrypt certificate renewal
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Server block for GoAccess dashboard
|
||||
server {
|
||||
listen 443 ssl; # http2;
|
||||
server_name goaccess.novicelab.io;
|
||||
|
||||
# SSL configuration
|
||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-Frame-Options DENY;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/goaccess.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/goaccess.novicelab.io_error.log debug;
|
||||
|
||||
set $goaccess_backend goaccess:7890;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
index report.html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://$goaccess_backend;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
#enable ws upgrade
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
}
|
||||
@@ -31,8 +31,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/harbor.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/harbor.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/harbor.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/harbor.novicelab.io_error.log debug;
|
||||
|
||||
# set $harbor_backend 10.0.0.251:9090;
|
||||
set $harbor_backend nginx-harbor:80;
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name novicelab.io www.novicelab.io;
|
||||
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
|
||||
|
||||
# ACME challenge for Let's Encrypt certificate renewal
|
||||
location /.well-known/acme-challenge/ {
|
||||
@@ -17,7 +17,7 @@ server {
|
||||
server {
|
||||
listen 443 ssl; #http2;
|
||||
listen [::]:443 ssl; # http2;
|
||||
server_name novicelab.io www.novicelab.io;
|
||||
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
|
||||
|
||||
# SSL Certificate paths
|
||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||
@@ -62,8 +62,8 @@ server {
|
||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/novicelab.io_access.log;
|
||||
error_log /var/log/nginx/novicelab.io_error.log;
|
||||
access_log /var/log/nginx/novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/novicelab.io_error.log debug;
|
||||
|
||||
# Root and index
|
||||
# root /var/www/html;
|
||||
|
||||
@@ -41,8 +41,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/minio.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/minio.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/minio.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/minio.novicelab.io_error.log debug;
|
||||
|
||||
# resolver 127.0.0.11 valid=30s;
|
||||
set $minio_backend minio:9001;
|
||||
@@ -107,8 +107,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/s3.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/s3.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/s3.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/s3.novicelab.io_error.log debug;
|
||||
|
||||
# resolver 127.0.0.11 valid=30s;
|
||||
set $s3_backend minio:9000;
|
||||
|
||||
@@ -15,8 +15,8 @@ server {
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/opencloud.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/opencloud.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/opencloud.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/opencloud.novicelab.io_error.log debug;
|
||||
|
||||
# Security headers
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
||||
@@ -40,8 +40,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/plane.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/plane.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/plane.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/plane.novicelab.io_error.log debug;
|
||||
|
||||
# resolver 127.0.0.11 valid=30s;
|
||||
# set $plane_backend 10.0.0.251:9020;
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
server {
|
||||
# listen 80;
|
||||
# server_name *.novicelab.io;
|
||||
# resolver 127.0.0.11 valid=30s;
|
||||
# set $haproxy_backend haproxy:80;
|
||||
listen 443 ssl; #http2;
|
||||
listen [::]:443 ssl; # http2;
|
||||
server_name tre.novicelab.io;
|
||||
|
||||
# SSL Certificate paths
|
||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||
|
||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
# Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# SSL session configuration
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
|
||||
# Security Headers
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/tre.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/tre.novicelab.io_error.log;
|
||||
|
||||
location /data-catalog {
|
||||
proxy_pass https://10.0.0.251:8888; # Assuming HAProxy is on port 8080
|
||||
# proxy_pass http://haproxy_backend;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Performance optimizations
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_connect_timeout 5s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_read_timeout 30s;
|
||||
}
|
||||
}
|
||||
@@ -62,8 +62,8 @@ server {
|
||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/umami.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/umami.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/umami.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/umami.novicelab.io_error.log debug;
|
||||
|
||||
# Root and index
|
||||
# root /var/www/html;
|
||||
|
||||
@@ -31,8 +31,8 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/vault.novicelab.io_access.log;
|
||||
error_log /var/log/nginx/vault.novicelab.io_error.log;
|
||||
access_log /var/log/nginx/vault.novicelab.io_access.log VCOMBINED;
|
||||
error_log /var/log/nginx/vault.novicelab.io_error.log debug;
|
||||
set $vault_backend vaultwarden:443;
|
||||
|
||||
location / {
|
||||
|
||||
@@ -10,7 +10,7 @@ events {
|
||||
}
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
keepalive_timeout 65;
|
||||
@@ -23,30 +23,31 @@ http {
|
||||
resolver 8.8.8.8 valid=30s ipv6=off;
|
||||
resolver_timeout 11s;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
# JSON format — preferred for log aggregators (ELK, Loki, Datadog, etc.)
|
||||
log_format json_log escape=json
|
||||
'{'
|
||||
'"time":"$time_iso8601",'
|
||||
'"remote_addr":"$remote_addr",'
|
||||
'"method":"$request_method",'
|
||||
'"uri":"$request_uri",'
|
||||
'"status":$status,'
|
||||
'"bytes_sent":$body_bytes_sent,'
|
||||
'"request_time":$request_time,'
|
||||
'"upstream_response_time":"$upstream_response_time",'
|
||||
'"referer":"$http_referer",'
|
||||
'"user_agent":"$http_user_agent",'
|
||||
'"x_forwarded_for":"$http_x_forwarded_for",'
|
||||
'"host":"$host"'
|
||||
'}';
|
||||
# log_format json_combined escape=json '{'
|
||||
# '"method":"$request_method",'
|
||||
# '"scheme":"$scheme",'
|
||||
# '"domain":"$host",'
|
||||
# '"uri":"$request_uri",'
|
||||
# '"query_string":"$query_string",'
|
||||
# '"referer":"$http_referer",'
|
||||
# '"content_type":"$sent_http_content_type",'
|
||||
# '"status": $status,'
|
||||
# '"bytes_sent":$body_bytes_sent,'
|
||||
# '"request_time":$request_time,'
|
||||
# '"user_agent":"$http_user_agent",'
|
||||
# '"cache":"$upstream_cache_status",'
|
||||
# '"upstream_time": "$upstream_response_time",'
|
||||
# '"timestamp":"$time_iso8601",'
|
||||
# '"ip":"$http_x_forwarded_for"'
|
||||
# '}';
|
||||
log_format VCOMBINED '$host:$server_port '
|
||||
'$remote_addr $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
|
||||
|
||||
access_log /var/log/nginx/access.log json_log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log VCOMBINED;
|
||||
error_log /var/log/nginx/error.log debug;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
@@ -94,33 +95,3 @@ http {
|
||||
# Include all server configurations
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
||||
# Existing http {} block stays as-is...
|
||||
|
||||
# TCP stream proxy for SMTP ports
|
||||
# stream {
|
||||
|
||||
# upstream mailserver_smtp {
|
||||
# server mailserver:25; # docker-mailserver container name
|
||||
# }
|
||||
|
||||
# upstream mailserver_submission {
|
||||
# server mailserver:587;
|
||||
# }
|
||||
|
||||
# # Port 25 — inbound MTA-to-MTA (if you ever receive external mail)
|
||||
# server {
|
||||
# listen 25;
|
||||
# proxy_pass mailserver_smtp;
|
||||
# proxy_timeout 1m;
|
||||
# proxy_connect_timeout 10s;
|
||||
# }
|
||||
|
||||
# # Port 587 — STARTTLS submission (for mail clients or apps)
|
||||
# server {
|
||||
# listen 587;
|
||||
# proxy_pass mailserver_submission;
|
||||
# proxy_timeout 1m;
|
||||
# proxy_connect_timeout 10s;
|
||||
# }
|
||||
# }
|
||||
@@ -1,5 +1,5 @@
|
||||
services:
|
||||
web:
|
||||
nginx:
|
||||
container_name: nginx
|
||||
image: nginx:latest
|
||||
ports:
|
||||
@@ -8,6 +8,8 @@ services:
|
||||
volumes:
|
||||
- ./data/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./data/conf.d:/etc/nginx/conf.d:ro
|
||||
- ./data/logs:/var/log/nginx
|
||||
- ./data/public:/usr/share/nginx/html:rw
|
||||
- ./certbot/conf:/etc/letsencrypt
|
||||
- ./certbot/www:/var/www/certbot
|
||||
restart: always
|
||||
@@ -16,6 +18,7 @@ services:
|
||||
- nginx
|
||||
|
||||
certbot:
|
||||
container_name: certbot
|
||||
image: certbot/dns-cloudflare:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
@@ -26,6 +29,27 @@ services:
|
||||
networks:
|
||||
- nginx
|
||||
|
||||
goaccess:
|
||||
container_name: goaccess
|
||||
image: allinurl/goaccess
|
||||
user: "0:0"
|
||||
ports:
|
||||
- 0.0.0.0:7890:7890
|
||||
volumes:
|
||||
- ./goaccess/goaccess.conf:/srv/config/goaccess.conf
|
||||
- ./data/logs:/srv/logs:rw
|
||||
- ./data/public:/srv/report:rw
|
||||
- ./certbot/conf:/etc/letsencrypt
|
||||
command: ["--no-global-config",
|
||||
"--config-file=/srv/config/goaccess.conf",
|
||||
"--ssl-cert=/etc/letsencrypt/live/novicelab.io/fullchain.pem",
|
||||
"--ssl-key=/etc/letsencrypt/live/novicelab.io/privkey.pem"]
|
||||
environment:
|
||||
- TZ=Africa/Nairobi
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- nginx
|
||||
|
||||
networks:
|
||||
nginx:
|
||||
driver: bridge
|
||||
|
||||
Reference in New Issue
Block a user