From 7eb898fce7f30ce6e8c70aa4352539facd40f1c6 Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Sun, 17 Jul 2022 00:57:59 +0300 Subject: [PATCH 1/7] Added sites-enabled config and docker copy files --- .DS_Store | Bin 0 -> 6148 bytes Dockerfile | 9 +- nginx/.DS_Store | Bin 0 -> 6148 bytes nginx/.htpasswd | 1 + nginx/nginx.conf | 1 + nginx/sites-enabled/homebridge.kuzmich.xyz | 33 ++++++ nginx/sites-enabled/owncloud.kuzmich.xyz | 121 +++++++++++++++++++++ nginx/sites-enabled/plex.kuzmich.xyz | 31 ++++++ nginx/sites-enabled/router.kuzmich.xyz | 22 ++++ nginx/sites-enabled/torrent.kuzmich.xyz | 31 ++++++ 10 files changed, 248 insertions(+), 1 deletion(-) create mode 100644 .DS_Store create mode 100644 nginx/.DS_Store create mode 100644 nginx/.htpasswd create mode 100644 nginx/sites-enabled/homebridge.kuzmich.xyz create mode 100644 nginx/sites-enabled/owncloud.kuzmich.xyz create mode 100644 nginx/sites-enabled/plex.kuzmich.xyz create mode 100644 nginx/sites-enabled/router.kuzmich.xyz create mode 100644 nginx/sites-enabled/torrent.kuzmich.xyz diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..ac81026709434fc85356be9eedf9620de99aa76b GIT binary patch literal 6148 zcmeHKL2uJA6n^e9nsh>{5JGfI#;9{ZE0zJvz`xA^f4dI#XiOPZjqmpuZN1-0)Fe7aCi=&TX_ z*Tt4`T~5vU^&_6=O)K@ vt&j8`iG}S}8kGw&a~-P!U&Z@KO3>zW0T>uuX@mx1e*_c_HnR*|Dg%E2b<3#x literal 0 HcmV?d00001 diff --git a/Dockerfile b/Dockerfile index 5c9a4f0..c060a3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,16 @@ -FROM alpine:3.2 +FROM alpine:latest + RUN apk add --update nginx && rm -rf /var/cache/apk/* RUN mkdir -p /tmp/nginx/client-body +RUN apk add --no-cache bash +RUN apk add --no-cache openssh COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/default.conf /etc/nginx/conf.d/default.conf +COPY nginx/.htpasswd /etc/nginx/.htpasswd COPY website /usr/share/nginx/html +RUN mkdir -p /etc/nginx/sites-enabled +COPY nginx/sites-enabled /etc/nginx/sites-enabled + CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/.DS_Store b/nginx/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..fade95b6a65adf890682b96d07332302119b8b31 GIT binary patch literal 6148 zcmeHKL2uJA6n^eHmTpYy0i<1!B5~bDVQ2zz$;vozC1^VgRFWkd5y76CluoKDXJ4?EuUQ5v z+sBAXs%e{!$t+|`#s8=P&)sdxD5n!j==b^4bn>z^$7yL& z<+-2pMb6g?oOP|~M^!%=9`V&{W6E?EC+R_vj|bg5&yB8=LgzzED6$+WZw?EcnQ`BY zbXHkz>>7ej&>3_$CX<~fz0L6PZg097PM$vEcxQJy?F4u4KX~?P@S*&u&1V)2p9#Jb zYwI3o@CCsiwD}Ydb!qe|vSvNZn1Z5!C?E=4Uje_81Z&r)3PThS1#Y+kygr0*#>ivi z&@LS)>=6LiMzuA>{Hw^E&|~DWaflX}a#WzBDu2XKj*j}!=S3bHhmKClA3l^HS@{!+ zvZJH_(591$97-t)hywEpEV;`r@Bc5ZKL5{? Date: Sun, 17 Jul 2022 01:18:27 +0300 Subject: [PATCH 2/7] Exclude all websites except router in docker file --- Dockerfile | 2 +- nginx/default.conf | 22 ++++++++++++++-------- nginx/nginx.conf | 2 +- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index c060a3c..3fe0c32 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,6 @@ COPY nginx/.htpasswd /etc/nginx/.htpasswd COPY website /usr/share/nginx/html RUN mkdir -p /etc/nginx/sites-enabled -COPY nginx/sites-enabled /etc/nginx/sites-enabled +COPY nginx/sites-enabled/router.kuzmich.xyz /etc/nginx/sites-enabled/router.kuzmich.xyz CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/default.conf b/nginx/default.conf index 4a039fc..a83a7c2 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -1,13 +1,19 @@ server { - location / { - root /usr/share/nginx/html; - } + listen 80 default_server; + listen [::]:80 default_server; - location /item { - alias /usr/share/nginx/html; - } + root /usr/share/nginx/html; - location /post { - alias /usr/share/nginx/html; + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server_name localhost; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; } } diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 9762c9b..ada7e8c 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -29,5 +29,5 @@ http { #gzip on; include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*.conf; + include /etc/nginx/sites-enabled/*; } From 3e1f685febd5d9531c3d9674cc6f3feeac11c1c8 Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Sun, 17 Jul 2022 01:29:24 +0300 Subject: [PATCH 3/7] Set keepalive_timeout to 0 --- nginx/default.conf | 2 +- nginx/nginx.conf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx/default.conf b/nginx/default.conf index a83a7c2..97b7d71 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -6,7 +6,7 @@ server { # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; - access_log /var/log/nginx/access.log; +# access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; server_name localhost; diff --git a/nginx/nginx.conf b/nginx/nginx.conf index ada7e8c..61fcd11 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -19,12 +19,12 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; +# access_log /var/log/nginx/access.log main; sendfile off; #tcp_nopush on; - keepalive_timeout 65; + keepalive_timeout 0; #gzip on; From f6f070b8521a3898ae1e785841b1734755982107 Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Mon, 18 Jul 2022 00:04:16 +0300 Subject: [PATCH 4/7] Added certbot but commented out --- Dockerfile | 39 +++++++++-- docker-entrypoint.sh | 92 ++++++++++++++++++++++++++ nginx/sites-enabled/plex.kuzmich.xyz | 32 ++------- nginx/sites-enabled/router.kuzmich.xyz | 25 +++---- 4 files changed, 142 insertions(+), 46 deletions(-) create mode 100644 docker-entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 3fe0c32..72fe8ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,45 @@ FROM alpine:latest -RUN apk add --update nginx && rm -rf /var/cache/apk/* +### Environment variables +ENV LANG='en_US.UTF-8' \ + LANGUAGE='en_US.UTF-8' \ + TERM='xterm' + +### Install Applications +RUN apk --no-cache update && \ + apk add --no-cache \ + nginx \ + bash \ + openssh +# certbot + +### Remove cache and tmp data +RUN rm -rf \ + /var/cache/apk/* \ + /tmp/* \ + /var/tmp/* + RUN mkdir -p /tmp/nginx/client-body -RUN apk add --no-cache bash -RUN apk add --no-cache openssh +RUN mkdir -p /etc/nginx/sites-enabled + +### Volume +VOLUME ["/etc/letsencrypt"] +### Copy Nginx configs COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/default.conf /etc/nginx/conf.d/default.conf COPY nginx/.htpasswd /etc/nginx/.htpasswd COPY website /usr/share/nginx/html - -RUN mkdir -p /etc/nginx/sites-enabled COPY nginx/sites-enabled/router.kuzmich.xyz /etc/nginx/sites-enabled/router.kuzmich.xyz +### Expose ports +EXPOSE 80 +EXPOSE 443 + +#COPY ./docker-entrypoint.sh / +#RUN chmod +x docker-entrypoint.sh + +#ENTRYPOINT ["/docker-entrypoint.sh"] +#CMD ["certbot"] + CMD ["nginx", "-g", "daemon off;"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 0000000..836d067 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash + +OS="" +MYUPGRADE="0" + +DectectOS(){ + if [ -e /etc/alpine-release ]; then + OS="alpine" + elif [ -e /etc/os-release ]; then + if grep -q "NAME=\"Ubuntu\"" /etc/os-release ; then + OS="ubuntu" + fi + if grep -q "NAME=\"CentOS Linux\"" /etc/os-release ; then + OS="centos" + fi + fi +} + +AutoUpgrade(){ + if [ "$(id -u)" = '0' ]; then + if [ -n "${DOCKUPGRADE}" ]; then + MYUPGRADE="${DOCKUPGRADE}" + fi + if [ "${MYUPGRADE}" == 1 ]; then + if [ "${OS}" == "alpine" ]; then + apk --no-cache upgrade + rm -rf /var/cache/apk/* + elif [ "${OS}" == "ubuntu" ]; then + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get -y --no-install-recommends dist-upgrade + apt-get -y autoclean + apt-get -y clean + apt-get -y autoremove + rm -rf /var/lib/apt/lists/* + elif [ "${OS}" == "centos" ]; then + yum upgrade -y + yum clean all + rm -rf /var/cache/yum/* + fi + fi + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +DockLog(){ + if [ "${OS}" == "centos" ] || [ "${OS}" == "alpine" ]; then + echo "${1}" + else + logger "${1}" + fi +} + +DectectOS +AutoUpgrade + +if [ "${1}" == 'certbot' ]; then + if [ -z "${DOCKMAIL}" ]; then + DockLog "ERROR: administrator email is mandatory" + elif [ -z "${DOCKDOMAINS}" ]; then + DockLog "ERROR: at least one domain must be specified" + else + exec certbot certonly --verbose --noninteractive --quiet --standalone --agree-tos --email="${DOCKMAIL}" -d "${DOCKDOMAINS}" + fi +elif [ "${1}" == 'certbot-renew' ]; then + exec certbot renew +else + "$@" +fi + +nginx \ No newline at end of file diff --git a/nginx/sites-enabled/plex.kuzmich.xyz b/nginx/sites-enabled/plex.kuzmich.xyz index c714c2e..c6874d8 100644 --- a/nginx/sites-enabled/plex.kuzmich.xyz +++ b/nginx/sites-enabled/plex.kuzmich.xyz @@ -1,31 +1,13 @@ server { + listen 80; server_name plex.kuzmich.xyz; - access_log /var/log/nginx/plex.kuzmich.xyz-access.log; +# access_log /var/log/nginx/plex.kuzmich.xyz-access.log; error_log /var/log/nginx/plex.kuzmich.xyz-error.log; -location / { - proxy_pass http://192.168.1.140:32400; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; + location / { + proxy_pass http://192.168.1.140:32400; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/plex.kuzmich.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/plex.kuzmich.xyz/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - } -server { - if ($host = plex.kuzmich.xyz) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name plex.kuzmich.xyz; - return 404; # managed by Certbot - - -} \ No newline at end of file diff --git a/nginx/sites-enabled/router.kuzmich.xyz b/nginx/sites-enabled/router.kuzmich.xyz index b3fe80c..3aa9624 100644 --- a/nginx/sites-enabled/router.kuzmich.xyz +++ b/nginx/sites-enabled/router.kuzmich.xyz @@ -2,21 +2,14 @@ server { listen 80; server_name router.kuzmich.xyz; # access_log /var/log/nginx/router.kuzmich.xyz-access.log; -# error_log /var/log/nginx/router.kuzmich.xyz-error.log; - -location / { - proxy_pass http://192.168.1.1:81; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; -# auth_basic "Administrator’s Area"; -# auth_basic_user_file /etc/nginx/.htpasswd; -} - -# listen 443 ssl; # managed by Certbot -# ssl_certificate /etc/letsencrypt/live/plex.kuzmich.xyz/fullchain.pem; # managed by Certbot -# ssl_certificate_key /etc/letsencrypt/live/plex.kuzmich.xyz/privkey.pem; # managed by Certbot -# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot -# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + error_log /var/log/nginx/router.kuzmich.xyz-error.log; + location / { + proxy_pass http://192.168.1.1:81; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + auth_basic "Administrator’s Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + } } From 1cd734258a15638d7dafe136cc9c5508f23546cd Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Mon, 18 Jul 2022 01:28:47 +0300 Subject: [PATCH 5/7] Tunned some websites configs and removed openssh installation --- Dockerfile | 4 ++- nginx/sites-enabled/homebridge.kuzmich.xyz | 36 ++++++---------------- nginx/sites-enabled/plex.kuzmich.xyz | 1 + nginx/sites-enabled/router.kuzmich.xyz | 1 + 4 files changed, 14 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 72fe8ce..e3a21fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apk --no-cache update && \ apk add --no-cache \ nginx \ bash \ - openssh +# openssh # certbot ### Remove cache and tmp data @@ -42,4 +42,6 @@ EXPOSE 443 #ENTRYPOINT ["/docker-entrypoint.sh"] #CMD ["certbot"] +#ENTRYPOINT ["sh", "-c", "nginx"] + CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/sites-enabled/homebridge.kuzmich.xyz b/nginx/sites-enabled/homebridge.kuzmich.xyz index 95b6936..6bd943d 100644 --- a/nginx/sites-enabled/homebridge.kuzmich.xyz +++ b/nginx/sites-enabled/homebridge.kuzmich.xyz @@ -1,33 +1,15 @@ server { + listen 80; + server_name homebridge.kuzmich.xyz; + server_name homebridge.kuzmich.xyz; - access_log /var/log/nginx/homebridge.kuzmich.xyz-access.log; +# access_log /var/log/nginx/homebridge.kuzmich.xyz-access.log; error_log /var/log/nginx/homebridge.kuzmich.xyz-error.log; -location / { - proxy_pass http://192.168.1.139; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; + location / { + proxy_pass http://192.168.1.139; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; } - - listen 443 ssl; - server_name homebridge.kuzmich.xyz; - - ssl_certificate /etc/letsencrypt/live/homebridge.kuzmich.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/homebridge.kuzmich.xyz/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - -} -server { - if ($host = homebridge.kuzmich.xyz) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name homebridge.kuzmich.xyz; - return 404; # managed by Certbot - - } \ No newline at end of file diff --git a/nginx/sites-enabled/plex.kuzmich.xyz b/nginx/sites-enabled/plex.kuzmich.xyz index c6874d8..a1d5e97 100644 --- a/nginx/sites-enabled/plex.kuzmich.xyz +++ b/nginx/sites-enabled/plex.kuzmich.xyz @@ -1,6 +1,7 @@ server { listen 80; server_name plex.kuzmich.xyz; + # access_log /var/log/nginx/plex.kuzmich.xyz-access.log; error_log /var/log/nginx/plex.kuzmich.xyz-error.log; diff --git a/nginx/sites-enabled/router.kuzmich.xyz b/nginx/sites-enabled/router.kuzmich.xyz index 3aa9624..0b8b1fe 100644 --- a/nginx/sites-enabled/router.kuzmich.xyz +++ b/nginx/sites-enabled/router.kuzmich.xyz @@ -1,6 +1,7 @@ server { listen 80; server_name router.kuzmich.xyz; + # access_log /var/log/nginx/router.kuzmich.xyz-access.log; error_log /var/log/nginx/router.kuzmich.xyz-error.log; From e42b27dea4e152407e91e6600d8defa233ec0b48 Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Mon, 18 Jul 2022 16:30:57 +0300 Subject: [PATCH 6/7] changed password for passwd --- Dockerfile | 4 +- nginx/.htpasswd | 2 +- nginx/sites-enabled/homebridge.kuzmich.xyz | 15 --- nginx/sites-enabled/kuzmich.xyz | 50 +++++++++ nginx/sites-enabled/owncloud.kuzmich.xyz | 121 --------------------- nginx/sites-enabled/plex.kuzmich.xyz | 14 --- nginx/sites-enabled/router.kuzmich.xyz | 16 --- nginx/sites-enabled/torrent.kuzmich.xyz | 31 ------ 8 files changed, 53 insertions(+), 200 deletions(-) delete mode 100644 nginx/sites-enabled/homebridge.kuzmich.xyz create mode 100644 nginx/sites-enabled/kuzmich.xyz delete mode 100644 nginx/sites-enabled/owncloud.kuzmich.xyz delete mode 100644 nginx/sites-enabled/plex.kuzmich.xyz delete mode 100644 nginx/sites-enabled/router.kuzmich.xyz delete mode 100644 nginx/sites-enabled/torrent.kuzmich.xyz diff --git a/Dockerfile b/Dockerfile index e3a21fc..b61c471 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV LANG='en_US.UTF-8' \ RUN apk --no-cache update && \ apk add --no-cache \ nginx \ - bash \ + bash # openssh # certbot @@ -30,7 +30,7 @@ COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/default.conf /etc/nginx/conf.d/default.conf COPY nginx/.htpasswd /etc/nginx/.htpasswd COPY website /usr/share/nginx/html -COPY nginx/sites-enabled/router.kuzmich.xyz /etc/nginx/sites-enabled/router.kuzmich.xyz +COPY nginx/sites-enabled /etc/nginx/sites-enabled ### Expose ports EXPOSE 80 diff --git a/nginx/.htpasswd b/nginx/.htpasswd index de21841..f72be4e 100644 --- a/nginx/.htpasswd +++ b/nginx/.htpasswd @@ -1 +1 @@ -KuZmich:$apr1$CklfBZVJ$yug5.i9oaTOdCh5y4A7hn/ \ No newline at end of file +KuZmich:$apr1$Og6jRiiM$yZEVsYjXTMf4WDOqVbPdg1 \ No newline at end of file diff --git a/nginx/sites-enabled/homebridge.kuzmich.xyz b/nginx/sites-enabled/homebridge.kuzmich.xyz deleted file mode 100644 index 6bd943d..0000000 --- a/nginx/sites-enabled/homebridge.kuzmich.xyz +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; - server_name homebridge.kuzmich.xyz; - - server_name homebridge.kuzmich.xyz; -# access_log /var/log/nginx/homebridge.kuzmich.xyz-access.log; - error_log /var/log/nginx/homebridge.kuzmich.xyz-error.log; - - location / { - proxy_pass http://192.168.1.139; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - } -} \ No newline at end of file diff --git a/nginx/sites-enabled/kuzmich.xyz b/nginx/sites-enabled/kuzmich.xyz new file mode 100644 index 0000000..270630b --- /dev/null +++ b/nginx/sites-enabled/kuzmich.xyz @@ -0,0 +1,50 @@ +server { + listen 80; + server_name kuzmich.xyz; + +# access_log /var/log/nginx/router.kuzmich.xyz-access.log; + error_log /var/log/nginx/kuzmich.xyz-error.log; + + location / { + auth_basic "Administrator’s Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + } + + location /router { + proxy_pass http://192.168.1.1:81; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + auth_basic "Administrator’s Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + } + + location /homebridge { + proxy_pass http://192.168.1.139; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } + + location /owncloud { + proxy_pass http://192.168.1.140; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } + + location /plex { + proxy_pass http://192.168.1.140:32400; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } + + location /torrent { + proxy_pass http://192.168.1.140:9091; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } + +} diff --git a/nginx/sites-enabled/owncloud.kuzmich.xyz b/nginx/sites-enabled/owncloud.kuzmich.xyz deleted file mode 100644 index 34fe864..0000000 --- a/nginx/sites-enabled/owncloud.kuzmich.xyz +++ /dev/null @@ -1,121 +0,0 @@ -upstream php-handler { - #server 127.0.0.1:9000; - server unix:/run/php/php7.4-fpm.sock; -} - -server { - listen 80; - server_name owncloud.kuzmich.xyz; - # enforce https - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl; # managed by Certbot - server_name owncloud.kuzmich.xyz; - - ssl_certificate /etc/letsencrypt/live/owncloud.kuzmich.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/owncloud.kuzmich.xyz/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this topic first. - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - - # Path to the root of your installation - root /var/www/html/owncloud/; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - location /.well-known/acme-challenge { } - - # set max upload size - client_max_body_size 5G; - fastcgi_buffers 64 4K; - - # Disable gzip to avoid the removal of the ETag header - gzip off; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - location / { - rewrite ^ /index.php$uri; - } - - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - return 404; - } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - return 404; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri $uri/ =404; - index index.php; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~* \.(?:css|js)$ { - try_files $uri /index.php$uri$is_args$args; - add_header Cache-Control "public, max-age=7200"; - # Add headers to serve security related headers (It is intended to have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into this topic first. - #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - # Optional: Don't log access to assets - access_log off; - } - - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; - # Optional: Don't log access to other assets - access_log off; - } -} diff --git a/nginx/sites-enabled/plex.kuzmich.xyz b/nginx/sites-enabled/plex.kuzmich.xyz deleted file mode 100644 index a1d5e97..0000000 --- a/nginx/sites-enabled/plex.kuzmich.xyz +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 80; - server_name plex.kuzmich.xyz; - -# access_log /var/log/nginx/plex.kuzmich.xyz-access.log; - error_log /var/log/nginx/plex.kuzmich.xyz-error.log; - - location / { - proxy_pass http://192.168.1.140:32400; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - } -} diff --git a/nginx/sites-enabled/router.kuzmich.xyz b/nginx/sites-enabled/router.kuzmich.xyz deleted file mode 100644 index 0b8b1fe..0000000 --- a/nginx/sites-enabled/router.kuzmich.xyz +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 80; - server_name router.kuzmich.xyz; - -# access_log /var/log/nginx/router.kuzmich.xyz-access.log; - error_log /var/log/nginx/router.kuzmich.xyz-error.log; - - location / { - proxy_pass http://192.168.1.1:81; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - auth_basic "Administrator’s Area"; - auth_basic_user_file /etc/nginx/.htpasswd; - } -} diff --git a/nginx/sites-enabled/torrent.kuzmich.xyz b/nginx/sites-enabled/torrent.kuzmich.xyz deleted file mode 100644 index 2c8d84f..0000000 --- a/nginx/sites-enabled/torrent.kuzmich.xyz +++ /dev/null @@ -1,31 +0,0 @@ -server { - server_name torrent.kuzmich.xyz; - access_log /var/log/nginx/torrent.kuzmich.xyz-access.log; - error_log /var/log/nginx/torrent.kuzmich.xyz-error.log; - -location / { - proxy_pass http://192.168.1.140:9091; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/plex.kuzmich.xyz/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/plex.kuzmich.xyz/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - -} -server { - if ($host = torrent.kuzmich.xyz) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name torrent.kuzmich.xyz; - return 404; # managed by Certbot - - -} \ No newline at end of file From 520d7ce3bdcd1dae4179106f0d723babbf5d3529 Mon Sep 17 00:00:00 2001 From: Dimitri Yermakov Date: Tue, 19 Jul 2022 02:07:23 +0300 Subject: [PATCH 7/7] Some change --- nginx/sites-enabled/kuzmich.xyz | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nginx/sites-enabled/kuzmich.xyz b/nginx/sites-enabled/kuzmich.xyz index 270630b..38c9bf1 100644 --- a/nginx/sites-enabled/kuzmich.xyz +++ b/nginx/sites-enabled/kuzmich.xyz @@ -11,12 +11,12 @@ server { } location /router { - proxy_pass http://192.168.1.1:81; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - auth_basic "Administrator’s Area"; - auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://192.168.1.1:81/; + #proxy_set_header Host $host; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Real-IP $remote_addr; + #auth_basic "Administrator’s Area"; + #auth_basic_user_file /etc/nginx/.htpasswd; } location /homebridge {