mirror of https://git.envs.net/envs/ops.git
update some internal server configs
This commit is contained in:
parent
6c3053eb53
commit
33066ec28e
1
Makefile
1
Makefile
|
@ -43,6 +43,7 @@ bin:
|
|||
|
||||
etc:
|
||||
@printf "$(GREEN)--- etc ------------------------------------------------\n$(RESET)"
|
||||
@install -m 644 etc/etc/hosts /etc
|
||||
@install -m 644 etc/etc/inetd.conf /etc
|
||||
@install -m 644 etc/etc/inputrc /etc
|
||||
@install -m 644 etc/etc/nanorc /etc
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||
|
||||
# !!! DO NOT SET ALIAS ENVS.NET TO localhost # mail problem !!!
|
||||
127.0.0.1 localhost
|
||||
127.0.0.1 core.envs.net bbj.envs.net gopher.envs.net help.envs.net ip.envs.net ip.envs.sh stats.envs.net ttbp.envs.net twtxt.envs.net webirc.envs.net znc.envs.net
|
||||
|
||||
89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423
|
||||
5.199.136.30 ssh.envs.net
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
||||
#
|
||||
# ENVS.NET - LXC
|
||||
#
|
||||
|
||||
192.168.1.2 ns1.envs.net ns1 dns
|
||||
192.168.1.3 mail.envs.net mail
|
||||
192.168.1.4 lists.envs.net lists
|
||||
192.168.1.5 ldap.envs.net ldap ldap1
|
||||
192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
|
||||
|
||||
192.168.1.10 git.envs.net gitea
|
||||
192.168.1.11 searx.envs.net searx
|
||||
192.168.1.12 cryptpad pad.envs.net pad cryptpad
|
||||
192.168.1.13 drone.envs.net drone
|
||||
192.168.1.14 matrix.envs.net matrix riot.envs.net riot dimension.envs.net dimension
|
||||
|
||||
192.168.1.15 envs.sh 0x0.envs.net null.envs.net 0x0 null
|
||||
192.168.1.15 tb.envs.net tb termbin.envs.net termbin
|
||||
192.168.1.16 rss.envs.net rss
|
||||
192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin
|
||||
192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon
|
||||
192.168.1.19 jitsi.envs.net jitsi
|
||||
|
|
@ -1,3 +1,5 @@
|
|||
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||
|
||||
# /etc/inetd.conf: see inetd(8) for further informations.
|
||||
#
|
||||
# Internet superserver configuration database
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||
|
||||
# /etc/inputrc - global inputrc for libreadline
|
||||
# See readline(3readline) and `info rluserman' for more information.
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||
#
|
||||
# This file MUST be edited with the 'visudo' command as root.
|
||||
#
|
||||
|
|
|
@ -197,6 +197,13 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29
|
||||
|
||||
# ldap
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.5 -j SNAT --to 89.163.145.170
|
||||
|
||||
# monitor (prometheus and grafana)
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.6 -j SNAT --to 89.163.145.170
|
||||
|
||||
# gitea
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
|
||||
|
@ -224,7 +231,11 @@ if [ "$1" = "start" ]; then
|
|||
#
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
|
||||
#
|
||||
# coturn
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||
|
@ -346,6 +357,9 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p udp --dport 53 -j ACCEPT
|
||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
# prometheus node
|
||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9100 -j ACCEPT
|
||||
|
||||
# finger
|
||||
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -p tcp --dport 79 -j ACCEPT
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/sh
|
||||
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
||||
|
||||
set -e
|
||||
|
||||
|
@ -24,6 +25,9 @@ for domain in $RENEWED_DOMAINS; do
|
|||
# pleroma
|
||||
lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
|
||||
|
||||
# monitor
|
||||
lxc-attach -n moni -- bash -c "systemctl reload nginx"
|
||||
|
||||
# mail
|
||||
# has a own letencrypt cert in container!
|
||||
##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
||||
|
|
|
@ -61,19 +61,19 @@ server {
|
|||
|
||||
# matrix
|
||||
location /.well-known/matrix/ {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.server": "envs.net:8448", "m.homeserver": {"base_url": "https://matrix.envs.net"}}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/support {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"admins": [{"matrix_id": "@creme:envs.net", "email_address": "hostmaster@envs.net", "role": "admin"}]}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/integrations {
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Content-Type application/json;
|
||||
return 200 '{"m.integrations": {"managers": [{"api_url": "https://dimension.envs.net/api/v1/scalar", "ui_url": "https://dimension.envs.net/riot"}]}}';
|
||||
}
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
### GRAFANA.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name grafana.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name grafana.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/grafana.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://grafana.envs.net;
|
||||
}
|
||||
}
|
|
@ -18,6 +18,8 @@ server {
|
|||
|
||||
error_log /var/log/nginx/matrix.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
|
|
|
@ -18,6 +18,8 @@ server {
|
|||
|
||||
error_log /var/log/nginx/pad.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
|
@ -52,4 +54,4 @@ server {
|
|||
location / {
|
||||
return 301 https://pad.envs.net/;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,6 +18,8 @@ server {
|
|||
|
||||
error_log /var/log/nginx/pleroma.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 64M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
### PROMETHEUS.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name prometheus.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name prometheus.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/prometheus.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://prometheus.envs.net;
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/grafana.envs.net.conf
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/prometheus.envs.net.conf
|
|
@ -1 +1 @@
|
|||
Subproject commit fa5613116baba05beead0186ea045287b8b01b1e
|
||||
Subproject commit 6997cdf8606bfc7a608a025eb883adef4dcefab5
|
Loading…
Reference in New Issue