kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

htz.ex42-1048908: add missing domains
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
Details

Browse source
This commit is contained in:
Franzi 2020-07-19 11:26:12 +02:00
parent 94c2c644a6
commit de632a7725
Signed by: kunsi
GPG key ID: 12E3D2136B818350
7 changed files with 120 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bundles/nginx/files/nginx.conf
View file

@ -8,7 +8,6 @@ events {
worker_connections ${worker_connections}; worker_connections ${worker_connections};
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -31,5 +30,10 @@ http {
client_max_body_size 8m; client_max_body_size 8m;
large_client_header_buffers 2 1k; large_client_header_buffers 2 1k;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/sites/*; include /etc/nginx/sites/*;
} }

3
bundles/nginx/files/site_template
View file

@ -17,9 +17,12 @@ server {
ssl_stapling_verify on; ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31104000; preload"; add_header Strict-Transport-Security "max-age=31104000; preload";
% if not do_not_set_content_security_headers:
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
add_header X-Frame-Options "DENY"; add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
% endif
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
alias /var/lib/dehydrated/acme-challenges/; alias /var/lib/dehydrated/acme-challenges/;

8
data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu Normal file
View file

@ -0,0 +1,8 @@
location / {
proxy_pass http://localhost:5232/;
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
auth_basic "bleps :o";
auth_basic_user_file /etc/radicale/htpasswd;
}

8
data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business Normal file
View file

@ -0,0 +1,8 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business matrix.nyantec.com";
client_max_body_size 50M;
location /.well-known/matrix/ {
alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *;
}

19
data/nginx/files/extras/htz.ex42-1048908/matrix.franzi.business Normal file
View file

@ -0,0 +1,19 @@
client_max_body_size 500M;
location /.well-known/matrix/ {
alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *;
}
location /_matrix {
proxy_pass http://[::1]:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix/media {
proxy_read_timeout 60s;
proxy_set_header Host $host; # Make sure this matches your homeserver in media-repo.yaml
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:8010; # Point this towards media-repo
}

28
data/nginx/files/extras/htz.ex42-1048908/pad.franzi.business Normal file
View file

@ -0,0 +1,28 @@
keepalive_timeout 70;
sendfile on;
client_max_body_size 40m;
client_body_timeout 3600;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3700;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;

49
nodes/htz/ex42-1048908.py
View file

@ -53,6 +53,9 @@ nodes['htz.ex42-1048908'] = {
}, },
'domains': { 'domains': {
'part.of.the.trans-agenda.eu': set(), 'part.of.the.trans-agenda.eu': set(),
'matrix.franzi.business': {
'franzi.business',
},
}, },
'reload_after': { 'reload_after': {
# TODO move to bundles # TODO move to bundles
@ -86,10 +89,26 @@ nodes['htz.ex42-1048908'] = {
}, },
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {
# TODO maybe some of this can be moved to a bundle?
'dav.kunsmann.eu': {
'extras': True,
},
'dimension.franzi.business': {
'extras': True,
'do_not_set_content_security_headers': True,
'proxy': {
'/': 'http://127.0.0.1:8184',
},
},
'franzi.business': { 'franzi.business': {
'webroot': '/var/www/franzi.business/_site/', 'webroot': '/var/www/franzi.business/_site/',
'extras': True, 'extras': True,
}, },
'git.kunsmann.eu': {
'proxy': {
'/': 'http://localhost:3000/',
},
},
'jenkins.kunsmann.eu': { 'jenkins.kunsmann.eu': {
'proxy': { 'proxy': {
'/': 'http://localhost:9000/', '/': 'http://localhost:9000/',
@ -99,10 +118,40 @@ nodes['htz.ex42-1048908'] = {
'kunsmann.eu': { 'kunsmann.eu': {
'extras': True, 'extras': True,
}, },
'matrix.franzi.business': {
'extras': True,
},
'pad.franzi.business': {
'extras': True,
},
'paste.kunsmann.eu': { 'paste.kunsmann.eu': {
'extras': True, 'extras': True,
}, },
'postfixadmin.mx0.kunbox.net': {
'webroot': '/srv/postfixadmin/public/',
'index': 'index.php',
'php': True, # FIXME this assumes php 7.3 is installed and configured already
},
'rspamd.mx0.kunbox.net': {
'proxy': {
'/': 'http://localhost:11334/',
},
},
'rss.kunsmann.eu': {
'proxy': {
'/': 'http://localhost:8080/',
},
},
'stats.franzi.business': {
'proxy': {
'/': 'http://[::1]:3100/',
},
},
'vliedel.random.franzi.business': {}, 'vliedel.random.franzi.business': {},
'webmail.mx0.kunbox.net': {
'index': 'index.php',
'php': True,
},
}, },
}, },
'riot-web': { 'riot-web': {