mirror of https://git.envs.net/envs/ops.git
update nginx and firewall conf for dimension and jitsi
This commit is contained in:
parent
0170cbe834
commit
05a293b71b
|
@ -259,6 +259,16 @@ if [ "$1" = "start" ]; then
|
||||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||||
|
|
||||||
|
# jitsi
|
||||||
|
# => apache2 proxy (http/https)
|
||||||
|
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||||
|
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||||
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 4443 -j DNAT --to-destination 192.168.1.19:4443
|
||||||
|
$IPT -w -A FORWARD -p tcp -d 192.168.1.19 --dport 4443 -j ACCEPT
|
||||||
|
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000
|
||||||
|
$IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT
|
||||||
|
|
||||||
|
|
||||||
# MASQUERADE.
|
# MASQUERADE.
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
### DIMENSION.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name dimension.envs.net;
|
||||||
|
|
||||||
|
return 307 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_mid.conf;
|
||||||
|
server_name dimension.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/dimension.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_pass https://dimension.envs.net;
|
||||||
|
}
|
||||||
|
}
|
|
@ -72,6 +72,12 @@ server {
|
||||||
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/integrations {
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Content-Type application/json;
|
||||||
|
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
|
||||||
|
}
|
||||||
|
|
||||||
location /_matrix {
|
location /_matrix {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
### JITSI.ENVS.NET - lxc ###
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name jitsi.envs.net;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_pass http://jitsi.envs.net;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_high.conf;
|
||||||
|
server_name jitsi.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/jitsi.envs.net-error.log crit;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include proxy_params;
|
||||||
|
proxy_ssl_name $http_host;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
|
proxy_pass https://jitsi.envs.net;
|
||||||
|
tcp_nodelay on;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#ALIAS
|
||||||
|
server {
|
||||||
|
include snippets/listen.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name talk.envs.net;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://jitsi.envs.net/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include snippets/listen_ssl.conf;
|
||||||
|
# include snippets/ddos_def.conf;
|
||||||
|
server_name talk.envs.net;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
include ssl/envs_net_wild.conf;
|
||||||
|
include snippets/local_ssl_header.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://jitsi.envs.net/;
|
||||||
|
}
|
||||||
|
}
|
|
@ -30,9 +30,11 @@ server {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
proxy_ssl_server_name on;
|
proxy_ssl_server_name on;
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
|
proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,10 +22,11 @@ server {
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
proxy_ssl_name $http_host;
|
proxy_ssl_name $http_host;
|
||||||
proxy_ssl_server_name on;
|
proxy_ssl_server_name on;
|
||||||
proxy_pass https://pleroma.envs.net;
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
|
proxy_pass https://pleroma.envs.net;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/dimension.envs.net.conf
|
|
@ -0,0 +1 @@
|
||||||
|
/etc/nginx/sites-available/jitsi.envs.net.conf
|
Loading…
Reference in New Issue