mirror of https://git.envs.net/envs/ops.git
update nginx and firewall conf for dimension and jitsi
This commit is contained in:
parent
0170cbe834
commit
05a293b71b
|
@ -259,6 +259,16 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||
|
||||
# jitsi
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 4443 -j DNAT --to-destination 192.168.1.19:4443
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.19 --dport 4443 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT
|
||||
|
||||
|
||||
# MASQUERADE.
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
### DIMENSION.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name dimension.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name dimension.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/dimension.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://dimension.envs.net;
|
||||
}
|
||||
}
|
|
@ -72,6 +72,12 @@ server {
|
|||
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/integrations {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
|
||||
}
|
||||
|
||||
location /_matrix {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
### JITSI.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_high.conf;
|
||||
server_name jitsi.envs.net;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_pass http://jitsi.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_high.conf;
|
||||
server_name jitsi.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/jitsi.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://jitsi.envs.net;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
#ALIAS
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name talk.envs.net;
|
||||
|
||||
location / {
|
||||
return 301 https://jitsi.envs.net/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name talk.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
include snippets/local_ssl_header.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://jitsi.envs.net/;
|
||||
}
|
||||
}
|
|
@ -30,9 +30,11 @@ server {
|
|||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,10 +22,11 @@ server {
|
|||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://pleroma.envs.net;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://pleroma.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/dimension.envs.net.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/jitsi.envs.net.conf
|
Loading…
Reference in New Issue