htz.ex42-1048908: add missing domains
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
This commit is contained in:
parent
94c2c644a6
commit
de632a7725
GPG key ID:
12E3D2136B818350
7 changed files with 120 additions and 1 deletions
|
|
@ -8,7 +8,6 @@ events {
|
|||
worker_connections ${worker_connections};
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
|
@ -31,5 +30,10 @@ http {
|
|||
client_max_body_size 8m;
|
||||
large_client_header_buffers 2 1k;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
include /etc/nginx/sites/*;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,9 +17,12 @@ server {
|
|||
ssl_stapling_verify on;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31104000; preload";
|
||||
|
||||
% if not do_not_set_content_security_headers:
|
||||
add_header Referrer-Policy same-origin;
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
% endif
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
alias /var/lib/dehydrated/acme-challenges/;
|
||||
|
|
|
|||
8
data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu
Normal file
8
data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
location / {
|
||||
proxy_pass http://localhost:5232/;
|
||||
proxy_set_header X-Script-Name /;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Remote-User $remote_user;
|
||||
auth_basic "bleps :o";
|
||||
auth_basic_user_file /etc/radicale/htpasswd;
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com";
|
||||
|
||||
client_max_body_size 50M;
|
||||
|
||||
location /.well-known/matrix/ {
|
||||
alias /etc/matrix-synapse/wellknown/;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
client_max_body_size 500M;
|
||||
|
||||
location /.well-known/matrix/ {
|
||||
alias /etc/matrix-synapse/wellknown/;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
}
|
||||
|
||||
location /_matrix {
|
||||
proxy_pass http://[::1]:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
location /_matrix/media {
|
||||
proxy_read_timeout 60s;
|
||||
proxy_set_header Host $host; # Make sure this matches your homeserver in media-repo.yaml
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_pass http://localhost:8010; # Point this towards media-repo
|
||||
}
|
||||
28
data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
Normal file
28
data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 40m;
|
||||
client_body_timeout 3600;
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://127.0.0.1:3700;
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
error_page 500 501 502 503 504 /500.html;
|
||||
|
|
@ -53,6 +53,9 @@ nodes['htz.ex42-1048908'] = {
|
|||
},
|
||||
'domains': {
|
||||
'part.of.the.trans-agenda.eu': set(),
|
||||
'matrix.franzi.business': {
|
||||
'franzi.business',
|
||||
},
|
||||
},
|
||||
'reload_after': {
|
||||
# TODO move to bundles
|
||||
|
|
@ -86,10 +89,26 @@ nodes['htz.ex42-1048908'] = {
|
|||
},
|
||||
'nginx': {
|
||||
'vhosts': {
|
||||
# TODO maybe some of this can be moved to a bundle?
|
||||
'dav.kunsmann.eu': {
|
||||
'extras': True,
|
||||
},
|
||||
'dimension.franzi.business': {
|
||||
'extras': True,
|
||||
'do_not_set_content_security_headers': True,
|
||||
'proxy': {
|
||||
'/': 'http://127.0.0.1:8184',
|
||||
},
|
||||
},
|
||||
'franzi.business': {
|
||||
'webroot': '/var/www/franzi.business/_site/',
|
||||
'extras': True,
|
||||
},
|
||||
'git.kunsmann.eu': {
|
||||
'proxy': {
|
||||
'/': 'http://localhost:3000/',
|
||||
},
|
||||
},
|
||||
'jenkins.kunsmann.eu': {
|
||||
'proxy': {
|
||||
'/': 'http://localhost:9000/',
|
||||
|
|
@ -99,10 +118,40 @@ nodes['htz.ex42-1048908'] = {
|
|||
'kunsmann.eu': {
|
||||
'extras': True,
|
||||
},
|
||||
'matrix.franzi.business': {
|
||||
'extras': True,
|
||||
},
|
||||
'pad.franzi.business': {
|
||||
'extras': True,
|
||||
},
|
||||
'paste.kunsmann.eu': {
|
||||
'extras': True,
|
||||
},
|
||||
'postfixadmin.mx0.kunbox.net': {
|
||||
'webroot': '/srv/postfixadmin/public/',
|
||||
'index': 'index.php',
|
||||
'php': True, # FIXME this assumes php 7.3 is installed and configured already
|
||||
},
|
||||
'rspamd.mx0.kunbox.net': {
|
||||
'proxy': {
|
||||
'/': 'http://localhost:11334/',
|
||||
},
|
||||
},
|
||||
'rss.kunsmann.eu': {
|
||||
'proxy': {
|
||||
'/': 'http://localhost:8080/',
|
||||
},
|
||||
},
|
||||
'stats.franzi.business': {
|
||||
'proxy': {
|
||||
'/': 'http://[::1]:3100/',
|
||||
},
|
||||
},
|
||||
'vliedel.random.franzi.business': {},
|
||||
'webmail.mx0.kunbox.net': {
|
||||
'index': 'index.php',
|
||||
'php': True,
|
||||
},
|
||||
},
|
||||
},
|
||||
'riot-web': {
|
||||
|
|
|
|||
Loading…
Reference in a new issue