mirror of https://git.envs.net/envs/ops.git
update current server configs
This commit is contained in:
parent
292fdfd924
commit
95cebff9a6
|
@ -5,7 +5,6 @@
|
|||
|
||||
89.163.145.170 envs.net core core.envs.net ve423.venus.dedi.server-hosting.expert ve423
|
||||
5.199.136.30 ssh.envs.net
|
||||
|
||||
168.119.12.180 srv01.envs.net
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
|
@ -17,24 +16,18 @@ ff02::2 ip6-allrouters
|
|||
# ENVS.NET - LXC
|
||||
#
|
||||
|
||||
192.168.1.2 ns1.envs.net ns1
|
||||
192.168.1.3 mail.envs.net mail
|
||||
192.168.1.4 lists.envs.net lists
|
||||
192.168.1.5 ldap.envs.net ldap
|
||||
192.168.1.6 moni.envs.net moni prometheus.envs.net prometheus grafana.envs.net grafana
|
||||
192.168.1.2 ns1.envs.net ns1
|
||||
192.168.1.3 mail.envs.net mail
|
||||
192.168.1.4 lists.envs.net lists
|
||||
192.168.1.5 ldap.envs.net ldap
|
||||
|
||||
192.168.1.10 git.envs.net gitea
|
||||
192.168.1.11 searx.envs.net searx
|
||||
192.168.1.12 cryptpad pad.envs.net pad cryptpad
|
||||
192.168.1.13 drone.envs.net drone
|
||||
192.168.1.14 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
|
||||
#168.119.12.180 matrix.envs.net matrix element.envs.net element lag.envs.net lag riot.envs.net riot dimension.envs.net dimension
|
||||
192.168.1.10 git.envs.net gitea
|
||||
192.168.1.11 searx.envs.net searx
|
||||
192.168.1.12 cryptpad pad.envs.net pad cryptpad
|
||||
192.168.1.13 drone.envs.net drone
|
||||
192.168.1.14 codimd.envs.net codimd
|
||||
192.168.1.15 envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net
|
||||
192.168.1.16 rss.envs.net rss
|
||||
192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin
|
||||
|
||||
192.168.1.15 envs.sh 0x0.envs.net 0x0 null.envs.net null ix.envs.net io.envs.net
|
||||
192.168.1.16 rss.envs.net rss
|
||||
192.168.1.17 pb.envs.net pb pastebin.envs.net pastbin bin.envs.net bin
|
||||
192.168.1.18 pleroma.envs.net pleroma social halcyon.envs.net halcyon
|
||||
#144.76.146.17 pleroma.envs.net pleroma social halcyon.envs.net halcyon
|
||||
192.168.1.19 jitsi.envs.net jitsi meet.envs.net meet
|
||||
|
||||
192.168.1.22 dns.envs.net pubdns
|
||||
192.168.1.22 dns.envs.net pubdns
|
||||
|
|
|
@ -212,10 +212,6 @@ if [ "$1" = "start" ]; then
|
|||
# ldap
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.5 -j SNAT --to 89.163.145.170
|
||||
|
||||
# monitor (prometheus and grafana)
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.6 -j SNAT --to 89.163.145.170
|
||||
|
||||
# gitea
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A PREROUTING -d 5.199.130.141 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10:22
|
||||
|
@ -238,23 +234,8 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.13 -j SNAT --to 5.199.130.141
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.13 -j SNAT --to 5.199.130.141
|
||||
|
||||
# matrix
|
||||
# codimd
|
||||
# => apache2 proxy (http/https)
|
||||
#
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT
|
||||
# coturn
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 3478 -j DNAT --to-destination 192.168.1.14:3478
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 3478 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 5349 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 5349 -j DNAT --to-destination 192.168.1.14:5349
|
||||
$IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 5349 -j ACCEPT
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 64000:65535 -j DNAT --to-destination 192.168.1.14 --sport 64000:65535
|
||||
$IPT -w -A FORWARD -p udp -d 192.168.1.14 --dport 64000:65535 -j ACCEPT
|
||||
#
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.14 -j SNAT --to 89.163.145.170
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170
|
||||
|
||||
|
@ -271,22 +252,6 @@ if [ "$1" = "start" ]; then
|
|||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.17 -j SNAT --to 89.163.145.170
|
||||
|
||||
# pleroma / social
|
||||
# => apache2 proxy (http/https)
|
||||
$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.18:22
|
||||
$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 70 -j DNAT --to-destination 192.168.1.18:7070
|
||||
$IPT -w -t nat -A PREROUTING -d 5.199.136.29 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
|
||||
$IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 7070 -j DNAT --to-destination 192.168.1.18:7070
|
||||
$IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||
$IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.18 -j SNAT --to 5.199.136.29
|
||||
|
||||
# jitsi
|
||||
# => apache2 proxy (http/https)
|
||||
# $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.19 --sport 10000:20000
|
||||
# $IPT -w -A FORWARD -p udp -d 192.168.1.19 --dport 10000:20000 -j ACCEPT
|
||||
# $IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||
# $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.19 -j SNAT --to 89.163.145.170
|
||||
|
||||
|
||||
# MASQUERADE.
|
||||
#------------------------------------------------------------------------------
|
||||
|
@ -366,8 +331,8 @@ if [ "$1" = "start" ]; then
|
|||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
# prometheus node
|
||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9100 -j ACCEPT
|
||||
$IPT -w -A INPUT -m state --state NEW -d 192.168.1.1 -s 192.168.1.6 -p tcp --dport 9113 -j ACCEPT
|
||||
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -s 144.76.146.17 -p tcp --dport 9100 -j ACCEPT
|
||||
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -s 144.76.146.17 -p tcp --dport 9113 -j ACCEPT
|
||||
|
||||
# finger
|
||||
$IPT -w -A INPUT -m state --state NEW -d 89.163.145.170 -p tcp --dport 79 -j ACCEPT
|
||||
|
|
|
@ -13,27 +13,11 @@ for domain in $RENEWED_DOMAINS; do
|
|||
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||
|
||||
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
|
||||
#ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
|
||||
|
||||
# matrix
|
||||
matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse
|
||||
cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/
|
||||
cp "$daemon_cert_root/chain.pem" "$matrix_dir"/
|
||||
cp "$daemon_cert_root/fullchain.pem" "$matrix_dir"/
|
||||
chmod 644 "$matrix_dir"/*.pem
|
||||
chown 108:0 "$matrix_dir"/*.pem
|
||||
lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart coturn"
|
||||
|
||||
# pleroma
|
||||
lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
|
||||
|
||||
# monitor
|
||||
lxc-attach -n moni -- bash -c "systemctl reload nginx"
|
||||
# rsync -av "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
|
||||
# ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
|
||||
|
||||
# mail
|
||||
# has a own letencrypt cert in container!
|
||||
##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
||||
|
||||
# mailinglists
|
||||
lxc-attach -n lists -- bash -c "systemctl reload nginx postfix"
|
||||
|
@ -44,6 +28,9 @@ for domain in $RENEWED_DOMAINS; do
|
|||
# drone-ci
|
||||
lxc-attach -n drone -- bash -c "systemctl reload nginx"
|
||||
|
||||
# codimd
|
||||
lxc-attach -n codimd -- bash -c "systemctl reload nginx"
|
||||
|
||||
# searx
|
||||
lxc-attach -n searx -- bash -c "systemctl reload nginx"
|
||||
|
||||
|
@ -65,9 +52,7 @@ for domain in $RENEWED_DOMAINS; do
|
|||
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
||||
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
||||
|
||||
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
|
||||
|
||||
# 0x0 / fiche
|
||||
# 0x0
|
||||
lxc-attach -n null -- bash -c "systemctl reload nginx"
|
||||
;;
|
||||
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
### CODIMD.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name codimd.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_high.conf;
|
||||
server_name codimd.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/codimd.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 32M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://codimd.envs.net;
|
||||
}
|
||||
}
|
|
@ -1,91 +0,0 @@
|
|||
##
|
||||
# You should look at the following URL's in order to grasp a solid understanding
|
||||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||
# https://www.nginx.com/resources/wiki/start/
|
||||
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
||||
# https://wiki.debian.org/Nginx/DirectoryStructure
|
||||
#
|
||||
# In most cases, administrators will remove this file from sites-enabled/ and
|
||||
# leave it as reference inside of sites-available where it will continue to be
|
||||
# updated by the nginx packaging team.
|
||||
#
|
||||
# This file will automatically load configuration files provided by other
|
||||
# applications, such as Drupal or Wordpress. These applications will be made
|
||||
# available underneath a path with that package name, such as /drupal8.
|
||||
#
|
||||
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||||
##
|
||||
|
||||
# Default server configuration
|
||||
#
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
# SSL configuration
|
||||
#
|
||||
# listen 443 ssl default_server;
|
||||
# listen [::]:443 ssl default_server;
|
||||
#
|
||||
# Note: You should disable gzip for SSL traffic.
|
||||
# See: https://bugs.debian.org/773332
|
||||
#
|
||||
# Read up on ssl_ciphers to ensure a secure configuration.
|
||||
# See: https://bugs.debian.org/765782
|
||||
#
|
||||
# Self signed certs generated by the ssl-cert package
|
||||
# Don't use them in a production server!
|
||||
#
|
||||
# include snippets/snakeoil.conf;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# pass PHP scripts to FastCGI server
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# include snippets/fastcgi-php.conf;
|
||||
#
|
||||
# # With php-fpm (or other unix sockets):
|
||||
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
||||
# # With php-cgi (or other tcp sockets):
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
|
||||
# Virtual Host configuration for example.com
|
||||
#
|
||||
# You can move that to a different file under sites-available/ and symlink that
|
||||
# to sites-enabled/ to enable it.
|
||||
#
|
||||
#server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# server_name example.com;
|
||||
#
|
||||
# root /var/www/example.com;
|
||||
# index index.html;
|
||||
#
|
||||
# location / {
|
||||
# try_files $uri $uri/ =404;
|
||||
# }
|
||||
#}
|
|
@ -1,26 +0,0 @@
|
|||
### DIMENSION.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name dimension.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name dimension.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/dimension.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://dimension.envs.net;
|
||||
}
|
||||
}
|
|
@ -1,47 +0,0 @@
|
|||
### ELEMENT.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name element.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name element.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/element.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://element.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
#ALIAS
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name riot.envs.net;
|
||||
|
||||
return 301 https://element.envs.net/;
|
||||
}
|
||||
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
server_name riot.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
include snippets/local_ssl_header.conf;
|
||||
|
||||
return 301 https://element.envs.net/;
|
||||
}
|
|
@ -20,7 +20,6 @@ server {
|
|||
location /nginx_status {
|
||||
stub_status on;
|
||||
allow 127.0.0.1;
|
||||
allow 192.168.1.6;
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
@ -80,22 +79,27 @@ server {
|
|||
return 200 '{"m.server": "matrix.envs.net:443", "m.homeserver": {"base_url": "https://matrix.envs.net"}, "m.integrations": {"managers": [{"ui_url": "https://dimension.envs.net/riot", "api_url": "https://dimension.envs.net/api/v1/scalar"}, {"ui_url": "https://scalar.vector.im/", "api_url": "https://scalar.vector.im/api"}]}, "m.integrations_widget": {"url": "https://dimension.envs.net/riot", "data": {"api_url": "https://dimension.envs.net/api/v1/scalar"}}}';
|
||||
}
|
||||
|
||||
location ~* ^(\/_matrix|\/_synapse) {
|
||||
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_pass https://matrix.envs.net;
|
||||
}
|
||||
|
||||
# maubot logs
|
||||
# maubot
|
||||
location /_matrix/maubot/v1/logs {
|
||||
# location /_matrix/maubot {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_pass https://matrix.envs.net;
|
||||
|
||||
# return 302 https://matrix.envs.net$request_uri;
|
||||
}
|
||||
|
||||
# users
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
### GRAFANA.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name grafana.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name grafana.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/grafana.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://grafana.envs.net;
|
||||
}
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
### HALCYON.ENVS.NET - lxc on pleroma ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name halcyon.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name halcyon.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/halcyon.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://halcyon.envs.net;
|
||||
}
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
### JITSI.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_high.conf;
|
||||
server_name jitsi.envs.net;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_pass http://jitsi.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_high.conf;
|
||||
server_name jitsi.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/jitsi.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://jitsi.envs.net:4444;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
#ALIAS
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name talk.envs.net meet.envs.net;
|
||||
|
||||
location / {
|
||||
return 301 https://jitsi.envs.net/;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_def.conf;
|
||||
server_name talk.envs.net meet.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
include snippets/local_ssl_header.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://jitsi.envs.net/;
|
||||
}
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
### LAG.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name lag.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name lag.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/lag.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://lag.envs.net;
|
||||
}
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
### MATRIX.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name matrix.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name matrix.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/matrix.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://matrix.envs.net;
|
||||
}
|
||||
|
||||
# maubot log
|
||||
location /_matrix/maubot/v1/logs {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://matrix.envs.net/_matrix/maubot/v1/logs;
|
||||
}
|
||||
}
|
|
@ -23,10 +23,12 @@ server {
|
|||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://pad.envs.net;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://pad.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
### PLEROMA.ENVS.NET - lxc ###
|
||||
server {
|
||||
listen 5.199.136.29:80;
|
||||
server_name pleroma.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
listen 5.199.136.29:443 ssl http2;
|
||||
# include snippets/ddos_mid.conf;
|
||||
server_name pleroma.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/pleroma.envs.net-error.log crit;
|
||||
|
||||
client_max_body_size 64M;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass https://pleroma.envs.net;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#ALIAS
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name social.envs.net;
|
||||
|
||||
return 301 https://pleroma.envs.net/;
|
||||
}
|
||||
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
server_name social.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
include snippets/local_ssl_header.conf;
|
||||
|
||||
return 301 https://pleroma.envs.net/;
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
### PROMETHEUS.ENVS.NET - lxc ###
|
||||
server {
|
||||
include snippets/listen.conf;
|
||||
server_name prometheus.envs.net;
|
||||
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
|
||||
# SSL
|
||||
server {
|
||||
include snippets/listen_ssl.conf;
|
||||
server_name prometheus.envs.net;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include ssl/envs_net_wild.conf;
|
||||
|
||||
error_log /var/log/nginx/prometheus.envs.net-error.log crit;
|
||||
|
||||
location / {
|
||||
include proxy_params;
|
||||
proxy_ssl_name $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://prometheus.envs.net;
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/etc/nginx/sites-available/codimd.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/dimension.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/element.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/grafana.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/halcyon.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/lag.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/matrix.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/pleroma.envs.net.conf
|
|
@ -1 +0,0 @@
|
|||
/etc/nginx/sites-available/prometheus.envs.net.conf
|
Loading…
Reference in New Issue