Remove commented out config sections #3
@@ -1,7 +1,7 @@
|
|||||||
upstream adminer_backend {
|
upstream adminer_backend {
|
||||||
server adminer:8080;
|
server adminer:8080;
|
||||||
|
|
||||||
# Keep up to 32 idle connections per worker
|
# Keep up to 16 idle connections per worker
|
||||||
keepalive 16;
|
keepalive 16;
|
||||||
|
|
||||||
# Maximum time a connection can be idle
|
# Maximum time a connection can be idle
|
||||||
@@ -27,26 +27,14 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl;
|
||||||
server_name adminer.novicelab.io;
|
server_name adminer.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
|
|
||||||
# Trusted certificate for OCSP stapling
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
|
|
||||||
|
|
||||||
# Cloudflare Origin CA certificate for client verification
|
|
||||||
# Cloudflare Origin CA for authenticated origin pulls (optional)
|
|
||||||
# Only enable if you want to restrict to Cloudflare only
|
|
||||||
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
|
|
||||||
# ssl_verify_client on;
|
|
||||||
|
|
||||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
|
||||||
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
|
|
||||||
# Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
|
# Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
|
||||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers off;
|
||||||
@@ -56,9 +44,6 @@ server {
|
|||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# OCSP Stapling
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
@@ -70,32 +55,17 @@ server {
|
|||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
|
||||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/adminer.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/adminer.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/adminer.novicelab.io_error.log debug;
|
error_log /var/log/nginx/adminer.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# Root and index
|
|
||||||
# root /var/www/html;
|
|
||||||
# index index.html index.htm;
|
|
||||||
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
# set $adminer_backend adminer:8080;
|
# set $adminer_backend adminer:8080;
|
||||||
|
|
||||||
location / { #/adminer {
|
location / {
|
||||||
# rewrite ^/adminer/(.*)$ /$1 break;
|
|
||||||
|
|
||||||
# proxy_pass http://10.0.0.251:9080/;
|
|
||||||
proxy_pass http://adminer_backend;
|
proxy_pass http://adminer_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme; #https;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
#$scheme;
|
|
||||||
|
|
||||||
# Handle redirects (like after login) so they stay under /adminer/
|
|
||||||
# proxy_redirect / /adminer/;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -28,23 +28,14 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl; #
|
||||||
server_name auth.novicelab.io;
|
server_name auth.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
|
|
||||||
# Trusted certificate for OCSP stapling
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
|
|
||||||
|
|
||||||
# Cloudflare Origin CA certificate for client verification
|
|
||||||
# Cloudflare Origin CA for authenticated origin pulls (optional)
|
|
||||||
# Only enable if you want to restrict to Cloudflare only
|
|
||||||
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
|
|
||||||
# ssl_verify_client on;
|
|
||||||
|
|
||||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
# SSL Protocol - TLS 1.2 and 1.3 only
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
||||||
@@ -57,9 +48,6 @@ server {
|
|||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# OCSP Stapling
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
@@ -71,22 +59,12 @@ server {
|
|||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
|
||||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/auth.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/auth.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/auth.novicelab.io_error.log debug;
|
error_log /var/log/nginx/auth.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# Root and index
|
|
||||||
# root /var/www/html;
|
|
||||||
# index index.html index.htm;
|
|
||||||
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
# set $keycloak_backend keycloak:80;
|
# set $keycloak_backend keycloak:80;
|
||||||
|
|
||||||
# client_max_body_size 0;
|
|
||||||
location / {
|
location / {
|
||||||
# proxy_pass http://10.0.0.253:8085/auth/;
|
# proxy_pass http://10.0.0.253:8085/auth/;
|
||||||
proxy_pass http://keycloak_backend;
|
proxy_pass http://keycloak_backend;
|
||||||
@@ -94,7 +72,7 @@ server {
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-Scheme $scheme;
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||||
proxy_set_header X-Forwarded-Proto https; #$scheme;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
|||||||
@@ -29,23 +29,14 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl;
|
||||||
server_name book.novicelab.io;
|
server_name book.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
|
|
||||||
# Trusted certificate for OCSP stapling
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
|
|
||||||
|
|
||||||
# Cloudflare Origin CA certificate for client verification
|
|
||||||
# Cloudflare Origin CA for authenticated origin pulls (optional)
|
|
||||||
# Only enable if you want to restrict to Cloudflare only
|
|
||||||
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
|
|
||||||
# ssl_verify_client on;
|
|
||||||
|
|
||||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
# SSL Protocol - TLS 1.2 and 1.3 only
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
||||||
@@ -58,9 +49,6 @@ server {
|
|||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# OCSP Stapling
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
@@ -72,32 +60,17 @@ server {
|
|||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
|
||||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/book.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/book.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/book.novicelab.io_error.log debug;
|
error_log /var/log/nginx/book.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# Root and index
|
|
||||||
# root /var/www/html;
|
|
||||||
# index index.html index.htm;
|
|
||||||
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
|
|
||||||
# set $bookstack_backend bookstack:80;
|
# set $bookstack_backend bookstack:80;
|
||||||
|
|
||||||
# client_max_body_size 0;
|
|
||||||
# BookStack (/docs)
|
|
||||||
location / {
|
location / {
|
||||||
# rewrite ^/docs/(.*) /$1 break;
|
|
||||||
proxy_pass http://bookstack_backend;
|
proxy_pass http://bookstack_backend;
|
||||||
# proxy_pass http://10.0.0.251:6875/;
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto https; #$scheme;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
|
||||||
# proxy_redirect / /docs/;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -6,8 +6,8 @@ upstream haproxy_backend {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl;
|
||||||
server_name *.novicelab.io;
|
server_name *.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
@@ -38,11 +38,11 @@ server {
|
|||||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/*.novicelab.io_access.log VCOMBINED;
|
access_log /var/log/nginx/*.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/*.novicelab.io_error.log debug;
|
error_log /var/log/nginx/*.novicelab.io_error.log debug;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080
|
proxy_pass http://10.0.0.20:80;
|
||||||
# proxy_pass http://haproxy_backend;
|
# proxy_pass http://haproxy_backend;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Connection "";
|
proxy_set_header Connection "";
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; # http2;
|
listen 443 ssl;
|
||||||
server_name drone.novicelab.io;
|
server_name drone.novicelab.io;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
@@ -40,9 +40,7 @@ server {
|
|||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
# set $couch_backend 10.0.0.251:9001;
|
|
||||||
# set $drone_backend drone:80;
|
# set $drone_backend drone:80;
|
||||||
# set $drone_runner_backend drone-runner-1:3000;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://drone_backend;
|
proxy_pass http://drone_backend;
|
||||||
@@ -62,24 +60,4 @@ server {
|
|||||||
proxy_read_timeout 300;
|
proxy_read_timeout 300;
|
||||||
send_timeout 300;
|
send_timeout 300;
|
||||||
}
|
}
|
||||||
|
|
||||||
# location /runner-1 {
|
|
||||||
# proxy_pass http://$drone_runner_backend;
|
|
||||||
# proxy_set_header Host $http_host;
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# # WebSocket support for real-time updates
|
|
||||||
# proxy_http_version 1.1;
|
|
||||||
# proxy_set_header Upgrade $http_upgrade;
|
|
||||||
# proxy_set_header Connection "upgrade";
|
|
||||||
|
|
||||||
# # Timeouts
|
|
||||||
# proxy_connect_timeout 300;
|
|
||||||
# proxy_send_timeout 300;
|
|
||||||
# proxy_read_timeout 300;
|
|
||||||
# send_timeout 300;
|
|
||||||
# }
|
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -12,8 +12,8 @@ upstream gitea_backend {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl; #
|
||||||
server_name gitea.novicelab.io;
|
server_name gitea.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
|
|||||||
@@ -45,11 +45,6 @@ server {
|
|||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
|
|
||||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
# add_header X-Content-Type-Options nosniff;
|
|
||||||
# add_header X-Frame-Options DENY;
|
|
||||||
# add_header X-XSS-Protection "1; mode=block";
|
|
||||||
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
|
|||||||
@@ -61,9 +61,6 @@ server {
|
|||||||
location / {
|
location / {
|
||||||
proxy_pass http://$harbor_backend;
|
proxy_pass http://$harbor_backend;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# WebSocket support for real-time updates
|
# WebSocket support for real-time updates
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
upstream hugo_backend {
|
upstream hugo_backend {
|
||||||
server hugo:1313;
|
# server hugo:1313;
|
||||||
|
server 10.0.0.250:8000;
|
||||||
|
|
||||||
# Keep up to 32 idle connections per worker
|
# Keep up to 32 idle connections per worker
|
||||||
keepalive 16;
|
keepalive 16;
|
||||||
@@ -28,23 +29,14 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl; #
|
||||||
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
|
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
|
|
||||||
# Trusted certificate for OCSP stapling
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
|
|
||||||
|
|
||||||
# Cloudflare Origin CA certificate for client verification
|
|
||||||
# Cloudflare Origin CA for authenticated origin pulls (optional)
|
|
||||||
# Only enable if you want to restrict to Cloudflare only
|
|
||||||
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
|
|
||||||
# ssl_verify_client on;
|
|
||||||
|
|
||||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
# SSL Protocol - TLS 1.2 and 1.3 only
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
||||||
@@ -78,18 +70,11 @@ server {
|
|||||||
access_log /var/log/nginx/novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/novicelab.io_error.log debug;
|
error_log /var/log/nginx/novicelab.io_error.log debug;
|
||||||
|
|
||||||
# Root and index
|
|
||||||
# root /var/www/html;
|
|
||||||
# index index.html index.htm;
|
|
||||||
|
|
||||||
# Only allow traffic from Cloudflare IPs (optional but recommended)
|
|
||||||
# include /etc/nginx/cloudflare-ips.conf;
|
|
||||||
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
# set $hugo_backend hugo:1313;
|
# set $hugo_backend hugo:1313;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# proxy_pass http://10.0.0.251:9200/;
|
# proxy_pass http://10.0.0.250:8000/;
|
||||||
proxy_pass http://hugo_backend;
|
proxy_pass http://hugo_backend;
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|||||||
@@ -31,14 +31,13 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl; #
|
||||||
server_name minio.novicelab.io;
|
server_name minio.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
||||||
|
|
||||||
# # SSL Protocol - TLS 1.2 and 1.3 only
|
# # SSL Protocol - TLS 1.2 and 1.3 only
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
@@ -52,9 +51,6 @@ server {
|
|||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
@@ -73,9 +69,6 @@ server {
|
|||||||
# resolver 127.0.0.11 valid=30s;
|
# resolver 127.0.0.11 valid=30s;
|
||||||
# set $minio_backend minio:9001;
|
# set $minio_backend minio:9001;
|
||||||
|
|
||||||
# if ($http_x_forwarded_proto != "https") {
|
|
||||||
# return 301 https://$host$request_uri;
|
|
||||||
# }
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://minio_backend;
|
proxy_pass http://minio_backend;
|
||||||
@@ -107,8 +100,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl;
|
||||||
server_name s3.novicelab.io;
|
server_name s3.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
|
|||||||
@@ -37,17 +37,15 @@ upstream backend_api {
|
|||||||
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name plane.novicelab.io;
|
||||||
if ($host = plane.novicelab.io) {
|
if ($host = plane.novicelab.io) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# listen 80;
|
|
||||||
# server_name plane.novicelab.io;
|
|
||||||
# return 404;
|
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl; #http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl; # http2;
|
listen [::]:443 ssl;
|
||||||
server_name plane.novicelab.io;
|
server_name plane.novicelab.io;
|
||||||
|
|
||||||
# SSL Certificate paths
|
# SSL Certificate paths
|
||||||
@@ -81,7 +79,6 @@ server {
|
|||||||
access_log /var/log/nginx/plane.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/plane.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/plane.novicelab.io_error.log debug;
|
error_log /var/log/nginx/plane.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# resolver 127.0.0.11 valid=30s;
|
|
||||||
# set $plane_backend 10.0.0.251:9020;
|
# set $plane_backend 10.0.0.251:9020;
|
||||||
# set $backend_web plane-web:3000;
|
# set $backend_web plane-web:3000;
|
||||||
# set $backend_space plane-space:3000;
|
# set $backend_space plane-space:3000;
|
||||||
@@ -160,9 +157,6 @@ server {
|
|||||||
# location ~ ^/${BUCKET_NAME}(/.*)?$ {
|
# location ~ ^/${BUCKET_NAME}(/.*)?$ {
|
||||||
location ~ ^/plane(/.*)?$ {
|
location ~ ^/plane(/.*)?$ {
|
||||||
proxy_pass http://$backend_minio/plane;
|
proxy_pass http://$backend_minio/plane;
|
||||||
# proxy_pass https://s3.novicelab.io/plane;
|
|
||||||
# location ~ ^/test(/.*)?$ {
|
|
||||||
# proxy_pass http://$backend_minio/test;
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
# Standard proxy headers
|
# Standard proxy headers
|
||||||
@@ -181,17 +175,6 @@ server {
|
|||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
# proxy_pass https://s3.novicelab.io/plane;
|
# proxy_pass https://s3.novicelab.io/plane;
|
||||||
}
|
}
|
||||||
# location ~* ^/(?<bucket>.+)(?<path>/.*)?$ {
|
|
||||||
# # Check if the first part of the URI matches our bucket variable
|
|
||||||
# if ($bucket = $bucket_name) {
|
|
||||||
# proxy_pass http://$backend_minio;
|
|
||||||
# break;
|
|
||||||
# }
|
|
||||||
|
|
||||||
# # Fallback to the main web app if the path isn't the bucket
|
|
||||||
# set $upstream_web "web:3000";
|
|
||||||
# proxy_pass http://$upstream_web;
|
|
||||||
# }
|
|
||||||
|
|
||||||
# Web (Default catch-all)
|
# Web (Default catch-all)
|
||||||
location / {
|
location / {
|
||||||
@@ -202,19 +185,4 @@ server {
|
|||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
# location / {
|
|
||||||
# # proxy_pass http://10.0.0.251:9020;
|
|
||||||
# proxy_pass http://$plane_backend;
|
|
||||||
# # Set headers for proxied request
|
|
||||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
# proxy_set_header X-Forwarded-Host $host;
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
# proxy_set_header Upgrade $http_upgrade;
|
|
||||||
# proxy_set_header Connection "upgrade";
|
|
||||||
# proxy_set_header Host $http_host;
|
|
||||||
# proxy_http_version 1.1;
|
|
||||||
# }
|
|
||||||
}
|
}
|
||||||
@@ -36,15 +36,6 @@ server {
|
|||||||
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
|
||||||
|
|
||||||
# Trusted certificate for OCSP stapling
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
|
|
||||||
|
|
||||||
# Cloudflare Origin CA certificate for client verification
|
|
||||||
# Cloudflare Origin CA for authenticated origin pulls (optional)
|
|
||||||
# Only enable if you want to restrict to Cloudflare only
|
|
||||||
# ssl_client_certificate /etc/nginx/ssl/client-cert.pem;
|
|
||||||
# ssl_verify_client on;
|
|
||||||
|
|
||||||
# SSL Protocol - TLS 1.2 and 1.3 only
|
# SSL Protocol - TLS 1.2 and 1.3 only
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
||||||
@@ -57,9 +48,6 @@ server {
|
|||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# OCSP Stapling
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
@@ -71,29 +59,20 @@ server {
|
|||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
|
||||||
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/umami.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/umami.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/umami.novicelab.io_error.log debug;
|
error_log /var/log/nginx/umami.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# Root and index
|
|
||||||
# root /var/www/html;
|
|
||||||
# index index.html index.htm;
|
|
||||||
|
|
||||||
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
# set $umami_backend umami:3000;
|
# set $umami_backend umami:3000;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# proxy_pass http://10.0.0.251:9200/;
|
|
||||||
# proxy_pass http://$umami_backend;
|
# proxy_pass http://$umami_backend;
|
||||||
proxy_pass http://umami_backend;
|
proxy_pass http://umami_backend;
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto https; # $scheme;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ upstream vault_backend {
|
|||||||
keepalive_requests 100;
|
keepalive_requests 100;
|
||||||
}
|
}
|
||||||
|
|
||||||
# # Redirect HTTP to HTTPS
|
# Redirect HTTP to HTTPS
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
@@ -62,11 +62,11 @@ server {
|
|||||||
# Logging
|
# Logging
|
||||||
access_log /var/log/nginx/vault.novicelab.io_access.log json_combined;
|
access_log /var/log/nginx/vault.novicelab.io_access.log json_combined;
|
||||||
error_log /var/log/nginx/vault.novicelab.io_error.log debug;
|
error_log /var/log/nginx/vault.novicelab.io_error.log debug;
|
||||||
|
|
||||||
# set $vault_backend vaultwarden:443;
|
# set $vault_backend vaultwarden:443;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# proxy_pass http://$vault_backend;
|
# proxy_pass http://$vault_backend;
|
||||||
# proxy_pass http://10.0.0.250:8090;
|
|
||||||
proxy_pass http://vault_backend;
|
proxy_pass http://vault_backend;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
Reference in New Issue
Block a user