diff options
Diffstat (limited to 'services/docker/nginx/configs/templates')
5 files changed, 103 insertions, 0 deletions
diff --git a/services/docker/nginx/configs/templates/code.conf.template b/services/docker/nginx/configs/templates/code.conf.template new file mode 100644 index 0000000..aa70ebc --- /dev/null +++ b/services/docker/nginx/configs/templates/code.conf.template @@ -0,0 +1,6 @@ +server { + server_name code.${CRUPEST_DOMAIN}; + include common/http-listen; + + include common/acme-challenge; +} diff --git a/services/docker/nginx/configs/templates/mail.conf.template b/services/docker/nginx/configs/templates/mail.conf.template new file mode 100644 index 0000000..7f5f215 --- /dev/null +++ b/services/docker/nginx/configs/templates/mail.conf.template @@ -0,0 +1,29 @@ +server { + server_name mail.${CRUPEST_DOMAIN}; + include common/https-listen; + + location = /robots.txt { + root /srv/mail; + } + + location / { + include common/proxy-common; + proxy_pass http://roundcubemail:80/; + } + + location /rspamd/ { + include common/proxy-common; + proxy_pass http://mailserver:11334/; + } + + client_max_body_size 5G; +} + + +server { + server_name mail.${CRUPEST_DOMAIN}; + include common/http-listen; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/services/docker/nginx/configs/templates/root.conf.template b/services/docker/nginx/configs/templates/root.conf.template new file mode 100644 index 0000000..e3e93ad --- /dev/null +++ b/services/docker/nginx/configs/templates/root.conf.template @@ -0,0 +1,45 @@ +server { + server_name ${CRUPEST_DOMAIN}; + include common/https-listen; + + location / { + root /srv/www; + } + + location /2fa/ { + include common/proxy-common; + proxy_pass http://2fauth:8000/; + } + + location /git/ { + include common/proxy-common; + client_max_body_size 5G; + proxy_pass http://git-server:3636; + } + + location = /github { + return 301 ${CRUPEST_GITHUB}; + } + + location = /github/ { + return 301 ${CRUPEST_GITHUB}; + } + + location /_${CRUPEST_V2RAY_PATH} { + if ($http_upgrade != "websocket") { + return 404; + } + + proxy_redirect off; + include common/proxy-common; + proxy_pass http://v2ray:10000; + } +} + +server { + server_name ${CRUPEST_DOMAIN}; + include common/http-listen; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/services/docker/nginx/configs/templates/ssl.conf.template b/services/docker/nginx/configs/templates/ssl.conf.template new file mode 100644 index 0000000..54205f1 --- /dev/null +++ b/services/docker/nginx/configs/templates/ssl.conf.template @@ -0,0 +1,17 @@ +# This file contains important security parameters. If you modify this file +# manually, Certbot will be unable to automatically provide future security +# updates. Instead, Certbot will print and log an error message with a path to +# the up-to-date file that you will need to refer to when manually updating +# this file. Contents are based on https://ssl-config.mozilla.org + +ssl_certificate /etc/letsencrypt/live/${CRUPEST_DOMAIN}/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem; + +ssl_session_cache shared:le_nginx_SSL:10m; +ssl_session_timeout 1440m; +ssl_session_tickets off; + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; + +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; diff --git a/services/docker/nginx/configs/templates/timeline.conf.template b/services/docker/nginx/configs/templates/timeline.conf.template new file mode 100644 index 0000000..a467594 --- /dev/null +++ b/services/docker/nginx/configs/templates/timeline.conf.template @@ -0,0 +1,6 @@ +server { + server_name timeline.${CRUPEST_DOMAIN}; + include common/http-listen; + + include common/acme-challenge; +} |