diff options
Diffstat (limited to 'template/nginx')
| -rw-r--r-- | template/nginx/2fa.conf.template | 19 | ||||
| -rw-r--r-- | template/nginx/cert-only.conf.template | 13 | ||||
| -rw-r--r-- | template/nginx/code.conf.template | 22 | ||||
| -rw-r--r-- | template/nginx/common/acme-challenge | 3 | ||||
| -rw-r--r-- | template/nginx/common/https-redirect | 3 | ||||
| -rw-r--r-- | template/nginx/common/proxy-common | 7 | ||||
| -rw-r--r-- | template/nginx/git.conf.template | 22 | ||||
| -rw-r--r-- | template/nginx/mail.conf.template | 27 | ||||
| -rw-r--r-- | template/nginx/redirect.conf.template | 23 | ||||
| -rw-r--r-- | template/nginx/reverse-proxy.conf.template | 32 | ||||
| -rw-r--r-- | template/nginx/root.conf.template | 61 | ||||
| -rw-r--r-- | template/nginx/server.json | 39 | ||||
| -rw-r--r-- | template/nginx/server.schema.json | 93 | ||||
| -rw-r--r-- | template/nginx/server.ts | 36 | ||||
| -rw-r--r-- | template/nginx/static-file.conf.template | 23 | ||||
| -rw-r--r-- | template/nginx/timeline.conf.template | 7 |
16 files changed, 113 insertions, 317 deletions
diff --git a/template/nginx/2fa.conf.template b/template/nginx/2fa.conf.template new file mode 100644 index 0000000..aad66c1 --- /dev/null +++ b/template/nginx/2fa.conf.template @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name 2fa.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://2fauth:8000/; + } +} + +server { + listen 80; + listen [::]:80; + server_name 2fa.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/cert-only.conf.template b/template/nginx/cert-only.conf.template deleted file mode 100644 index 08daa8a..0000000 --- a/template/nginx/cert-only.conf.template +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 444; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/code.conf.template b/template/nginx/code.conf.template new file mode 100644 index 0000000..a67500d --- /dev/null +++ b/template/nginx/code.conf.template @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name code.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://debian-dev:8080/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name code.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/common/acme-challenge b/template/nginx/common/acme-challenge new file mode 100644 index 0000000..26054b8 --- /dev/null +++ b/template/nginx/common/acme-challenge @@ -0,0 +1,3 @@ +location /.well-known/acme-challenge { + root /srv/acme; +} diff --git a/template/nginx/common/https-redirect b/template/nginx/common/https-redirect new file mode 100644 index 0000000..56d095d --- /dev/null +++ b/template/nginx/common/https-redirect @@ -0,0 +1,3 @@ +location / { + return 301 https://$host$request_uri; +} diff --git a/template/nginx/common/proxy-common b/template/nginx/common/proxy-common new file mode 100644 index 0000000..4193548 --- /dev/null +++ b/template/nginx/common/proxy-common @@ -0,0 +1,7 @@ +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Real-IP $remote_addr; diff --git a/template/nginx/git.conf.template b/template/nginx/git.conf.template new file mode 100644 index 0000000..ea2a627 --- /dev/null +++ b/template/nginx/git.conf.template @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name git.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://forgejo:3000/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name git.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/mail.conf.template b/template/nginx/mail.conf.template new file mode 100644 index 0000000..ba2e44e --- /dev/null +++ b/template/nginx/mail.conf.template @@ -0,0 +1,27 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mail.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://roundcubemail:80/; + } + + location /rspamd/ { + include common/proxy-common; + proxy_pass http://mailserver:11334/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name mail.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/redirect.conf.template b/template/nginx/redirect.conf.template deleted file mode 100644 index b3122e2..0000000 --- a/template/nginx/redirect.conf.template +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 ${CRUPEST_NGINX_URL}$request_uri; - } -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 ${CRUPEST_NGINX_URL}$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/reverse-proxy.conf.template b/template/nginx/reverse-proxy.conf.template deleted file mode 100644 index 01442ab..0000000 --- a/template/nginx/reverse-proxy.conf.template +++ /dev/null @@ -1,32 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://${CRUPEST_NGINX_UPSTREAM_SERVER}; - } - - client_max_body_size 5G; -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/root.conf.template b/template/nginx/root.conf.template index 21d144c..3f20cf1 100644 --- a/template/nginx/root.conf.template +++ b/template/nginx/root.conf.template @@ -13,27 +13,9 @@ server { } proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; + include common/proxy-common; proxy_pass http://v2ray:10000; } - - location /api { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://crupest-api:5000; - } - } server { @@ -41,43 +23,6 @@ server { listen [::]:80; server_name ${CRUPEST_DOMAIN}; - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} - -# For mail temporarily -# TODO: Make subpath supported in aio. -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name mail.${CRUPEST_DOMAIN}; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://roundcubemail:80/; - } - - location /rspamd/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://mailserver:11334/; - } - - client_max_body_size 5G; + include common/https-redirect; + include common/acme-challenge; } diff --git a/template/nginx/server.json b/template/nginx/server.json deleted file mode 100644 index fa84030..0000000 --- a/template/nginx/server.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "./server.schema.json", - "sites": [ - { - "type": "reverse-proxy", - "subdomain": "timeline", - "upstream": "timeline:5000" - }, - { - "type": "reverse-proxy", - "subdomain": "code", - "upstream": "debian-dev:8080" - }, - { - "type": "reverse-proxy", - "subdomain": "git", - "upstream": "forgejo:3000" - }, - { - "type": "cert-only", - "subdomain": "mail" - }, - { - "type": "reverse-proxy", - "subdomain": "2fa", - "upstream": "2fauth:8000" - }, - { - "type": "static-file", - "subdomain": "blog", - "root": "/srv/blog" - }, - { - "type": "redirect", - "subdomain": "github", - "url": "https://github.com/crupest" - } - ] -} diff --git a/template/nginx/server.schema.json b/template/nginx/server.schema.json deleted file mode 100644 index c3bc7c0..0000000 --- a/template/nginx/server.schema.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "definitions": { - "CertOnlySite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "cert-only" - ], - "type": "string" - } - }, - "type": "object" - }, - "RedirectSite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "redirect" - ], - "type": "string" - }, - "url": { - "type": "string" - } - }, - "type": "object" - }, - "ReverseProxySite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "reverse-proxy" - ], - "type": "string" - }, - "upstream": { - "type": "string" - } - }, - "type": "object" - }, - "StaticFileSite": { - "properties": { - "root": { - "type": "string" - }, - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "static-file" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "properties": { - "sites": { - "items": { - "anyOf": [ - { - "$ref": "#/definitions/ReverseProxySite" - }, - { - "$ref": "#/definitions/StaticFileSite" - }, - { - "$ref": "#/definitions/RedirectSite" - }, - { - "$ref": "#/definitions/CertOnlySite" - } - ] - }, - "type": "array" - } - }, - "type": "object" -} - diff --git a/template/nginx/server.ts b/template/nginx/server.ts deleted file mode 100644 index 368e5ff..0000000 --- a/template/nginx/server.ts +++ /dev/null @@ -1,36 +0,0 @@ -// Used to generate json schema. - -export interface ReverseProxySite { - type: "reverse-proxy"; - subdomain: string; - upstream: string; -} - -export interface StaticFileSite { - type: "static-file"; - subdomain: string; - root: string; -} - -export interface RedirectSite { - type: "redirect"; - subdomain: string; - url: string; -} - -export interface CertOnlySite { - type: "cert-only"; - subdomain: string; -} - -export type Site = - | ReverseProxySite - | StaticFileSite - | RedirectSite - | CertOnlySite; - -export type Sites = Site[]; - -export interface Server { - sites: Sites; -} diff --git a/template/nginx/static-file.conf.template b/template/nginx/static-file.conf.template deleted file mode 100644 index 3022886..0000000 --- a/template/nginx/static-file.conf.template +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - root ${CRUPEST_NGINX_ROOT}; - } -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/timeline.conf.template b/template/nginx/timeline.conf.template new file mode 100644 index 0000000..db908e8 --- /dev/null +++ b/template/nginx/timeline.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + listen [::]:80; + server_name timeline.${CRUPEST_DOMAIN}; + + include common/acme-challenge; +} |