diff options
Diffstat (limited to 'template')
| -rw-r--r-- | template/docker-compose.yaml.template | 1 | ||||
| -rw-r--r-- | template/nginx/forbid_unknown_domain.conf | 8 | ||||
| -rw-r--r-- | template/nginx/https-redirect.conf | 12 | ||||
| -rw-r--r-- | template/nginx/reverse-proxy.conf.template | 10 | ||||
| -rw-r--r-- | template/nginx/root.conf.template | 14 | ||||
| -rw-r--r-- | template/nginx/server.json | 8 | ||||
| -rw-r--r-- | template/nginx/static-file.conf.template | 12 |
7 files changed, 53 insertions, 12 deletions
diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template index d8e1b85..8cb617a 100644 --- a/template/docker-compose.yaml.template +++ b/template/docker-compose.yaml.template @@ -58,6 +58,7 @@ services: ports: - "80:80" - "443:443" + - "443:443/udp" volumes: - "./nginx-config:/etc/nginx/conf.d:ro" - "./site:/srv/www:ro" diff --git a/template/nginx/forbid_unknown_domain.conf b/template/nginx/forbid_unknown_domain.conf new file mode 100644 index 0000000..ae96393 --- /dev/null +++ b/template/nginx/forbid_unknown_domain.conf @@ -0,0 +1,8 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + return 444; +} diff --git a/template/nginx/https-redirect.conf b/template/nginx/https-redirect.conf deleted file mode 100644 index 6301836..0000000 --- a/template/nginx/https-redirect.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/reverse-proxy.conf.template b/template/nginx/reverse-proxy.conf.template index f8efc69..d7eebdf 100644 --- a/template/nginx/reverse-proxy.conf.template +++ b/template/nginx/reverse-proxy.conf.template @@ -21,3 +21,13 @@ server { proxy_set_header X-Real-IP $remote_addr; } } + +server { + listen 80; + listen [::]:80; + server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/template/nginx/root.conf.template b/template/nginx/root.conf.template index 8af8fff..a6992c7 100644 --- a/template/nginx/root.conf.template +++ b/template/nginx/root.conf.template @@ -8,3 +8,17 @@ server { root /srv/www; } + +server { + listen 80; + listen [::]:80; + server_name ${CRUPEST_DOMAIN}; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge { + root /srv/acme; + } +} diff --git a/template/nginx/server.json b/template/nginx/server.json index 1c3165c..56f3845 100644 --- a/template/nginx/server.json +++ b/template/nginx/server.json @@ -18,6 +18,14 @@ } }, { + "type": "reverse-proxy", + "subdomain": "timeline", + "upstream": { + "name": "timeline", + "server": "timeline:5000" + } + }, + { "type": "cert-only", "subdomain": "mail" } diff --git a/template/nginx/static-file.conf.template b/template/nginx/static-file.conf.template index 2097302..1597d10 100644 --- a/template/nginx/static-file.conf.template +++ b/template/nginx/static-file.conf.template @@ -7,4 +7,16 @@ server { ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem; root ${CRUPEST_NGINX_ROOT}; + + client_max_body_size 5G; +} + +server { + listen 80; + listen [::]:80; + server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; + + location / { + return 301 https://$host$request_uri; + } } |