tronnet/nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: tronnet:b49761ca08d6aeb9ea7e87ea450ff60309d9f62e
Branches Tags
tronnet:main
...
compare: tronnet:93dedc5321caf6112e7914273bc68a55530017fa
Branches Tags
tronnet:main

32 Commits
b49761ca08 ... 93dedc5321

Author SHA1 Message Date
Arthur Lu
93dedc5321 switch to http2 directive 2024-09-09 12:34:14 -07:00
Arthur Lu
d8aff4737f add proxy error handling to minecraft http 2024-05-08 07:24:46 +00:00
Arthur Lu
bd1f85f936 add minecraft http 2024-05-08 07:22:39 +00:00
Arthur Lu
5bad067b24 remove ldap 2024-04-17 22:09:26 +00:00
Arthur Lu
5417c7f314 fix missing port, fix err log level 2023-12-12 18:54:32 +00:00
Arthur Lu
5eac025ffe fix stream module load, 
add logging format to streams
 2023-12-12 10:52:18 -08:00
Arthur Lu
1c8432b2d4 move sites to http, add stream proxies 2023-12-12 10:14:10 -08:00
Arthur Lu
ec0facac21 delete unused configs and params 2023-12-12 17:35:07 +00:00
Arthur Lu
3f60e858f5 switch more includes to relative paths 2023-12-11 19:05:00 -08:00
Arthur Lu
45329164ec fix styling 2023-12-11 18:58:10 -08:00
Arthur Lu
a13c39acde remove duplicate client_max_body_size 2023-12-11 18:55:02 -08:00
Arthur Lu
fea7dd9166 update configs 2023-12-11 18:53:46 -08:00
Arthur Lu
8afc011d4b switch to relative paths for config file includes 2023-12-12 02:47:38 +00:00
Arthur Lu
9ad55b1b2f change api port 2023-11-16 19:39:44 -08:00
Arthur Lu
b1f5c39cc9 update mail 2023-10-13 23:26:32 +00:00
Arthur Lu
a756cfd6f9 fix for error pages by splitting error_page and location directives, 
delete nextcloud
 2023-10-11 21:50:12 -07:00
Arthur Lu
bbb8f02371 temporary fix for error pages 2023-10-12 04:44:06 +00:00
Arthur Lu
7ca4ae2c55 update paas.conf 2023-10-12 00:44:14 +00:00
Arthur Lu
e4d44484fb update sites 2023-10-05 21:12:18 +00:00
Arthur Lu
0a5bb1d0f1 delete apk-new files 2023-10-05 00:17:56 +00:00
Arthur Lu
0fdf7f6598 delete apk-new files 2023-10-05 00:14:58 +00:00
Arthur Lu
b1d8267f68 disable nextcloud, add gitea 2023-09-10 06:04:55 +00:00
Arthur Lu
b1dd07eca1 Update nextcloud.conf 2023-06-10 23:18:59 -07:00
Arthur Lu
496c247a6a Update mail.conf 2023-06-10 13:57:47 -07:00
Arthur Lu
fd2c298095 Update mail.conf 2023-06-09 23:52:26 -07:00
Arthur Lu
913f8ce5db set X-Frame-Options to SAMEORIGIN 2023-05-22 16:45:59 -07:00
Arthur Lu
5b1932385a move proxy header overrides to proxy-params.conf 2023-05-22 16:39:08 -07:00
Arthur Lu
aea9b04531 fix style 2023-05-13 21:13:18 -07:00
Arthur Lu
f9f7ab4ab0 fix style 2023-05-12 23:48:30 -07:00
Arthur Lu
12ecffc895 fix style 2023-05-13 06:45:55 +00:00
Arthur Lu
91987eebdc add security headers 2023-05-13 06:03:54 +00:00
Arthur Lu
9713a81c56 remove add_headers 2023-05-13 05:15:35 +00:00
32 changed files with 263 additions and 200 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.apk-new

14
conf.d/stream.conf Normal file
View File

@ -0,0 +1,14 @@
# /etc/nginx/conf.d/stream.conf
stream {
# Specifies the main log format.
log_format main '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/stream.log main;
# Includes servers configs.
include stream.d/*.conf;
}

6
http/default.conf Normal file
View File

@ -0,0 +1,6 @@
server {
listen 443 ssl default_server;
server_name *.tronnet.net;
include snippets/ssl-acme.conf;
return 301 https://tronnet.net;
}

9
http/gitea.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 443 ssl;
server_name git.tronnet.net;
include snippets/ssl-acme.conf;
location / {
proxy_pass http://gitea.dmz:3000;
proxy_redirect default;
}
}

11
http/homepage.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 443 ssl;
server_name tronnet.net;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass http://sites.dmz:80;
proxy_redirect default;
}
}

9
http/mail.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 443 ssl;
server_name mail.tronnet.net;
include snippets/ssl-acme.conf;
location / {
proxy_pass http://mail.dmz/;
proxy_redirect default;
}
}

11
http/minecraft.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 443 ssl;
server_name minecraft.tronnet.net;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass http://minecraft.root:80;
proxy_redirect default;
}
}

11
http/opns.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 443 ssl;
server_name opns.tronnet.net;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass https://10.0.0.1:10443;
proxy_redirect default;
}
}

18
http/paas.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 443 ssl;
server_name paas.tronnet.net;
include snippets/ssl-acme.conf;
include snippets/error-pages.conf;
location /dashboard/ {
include snippets/proxy-errors.conf;
proxy_pass http://proxmoxaas.dmz:8080/;
proxy_redirect default;
}
location /api/ {
proxy_pass http://proxmoxaas.dmz:8081/api/;
proxy_redirect default;
}
location = / {
return 301 "/dashboard/";
}
}

4
sites/pve.conf → http/pve.conf
View File

@ -1,7 +1,7 @@
server {
listen 443 ssl http2;
listen 443 ssl;
server_name pve.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include snippets/ssl-acme.conf;
location / {
proxy_pass https://geigatron-0-pve.tn:8006;
proxy_redirect default;

2
sites/redirect.conf → http/redirect.conf
View File

@ -2,4 +2,4 @@ server {
listen 80 default_server;
server_name *.tronnet.net;
return 301 https://$host$request_uri;
}
}

11
http/root.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 443 ssl;
server_name root.tronnet.net;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass http://root.root:80;
proxy_redirect default;
}
}

7
sites/status.conf → http/status.conf
View File

@ -1,8 +1,9 @@
server {
listen 443 ssl http2;
listen 443 ssl;
server_name status.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass http://sites.dmz:8080;
proxy_redirect default;

11
http/wiki.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 443 ssl;
server_name wiki.tronnet.net;
include snippets/ssl-acme.conf;
include snippets/proxy-errors.conf;
include snippets/error-pages.conf;
location / {
proxy_pass http://sites.dmz:8081;
proxy_redirect default;
}
}

171
mime.types
View File

@ -1,89 +1,98 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
font/woff woff;
font/woff2 woff2;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

1
modules/10_stream.conf Normal file
View File

@ -0,0 +1 @@
load_module "modules/ngx_stream_module.so";

32
nginx.conf
View File

@ -1,21 +1,23 @@
user nginx;
worker_processes auto;
pid /run/nginx.pid;
pcre_jit on;
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
events {
worker_connections 768;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# mime types
include /etc/nginx/mime.types;
include mime.types;
default_type application/octet-stream;
# logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
access_log access.log;
error_log error.log;
# gzip
gzip on;
@ -27,11 +29,25 @@ http {
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# ssl parameters
include /etc/nginx/ssl-params.conf;
include ssl-params.conf;
# proxy parameters
include /etc/nginx/proxy-params.conf;
include proxy-params.conf;
# include sites
include /etc/nginx/sites/*;
# enable http2
http2 on;
# include http
include http/*.conf;
}
stream {
# logging
log_format basic '$remote_addr:$remote_port - $time_local '
'$protocol stat:$status bs:$bytes_sent br:$bytes_received '
st:'$session_time';
access_log access.log basic;
error_log error.log;
# include stream
include stream/*.conf;
}

14
proxy-params.conf
View File

@ -10,3 +10,17 @@ send_timeout 3600s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options SAMEORIGIN;
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection 0;
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options nosniff;
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy strict-origin-when-cross-origin;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;";
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin https://tronnet.net;

14
sites/client.conf
View File

@ -1,14 +0,0 @@
server {
listen 443 ssl http2;
server_name client.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
location / {
include /etc/nginx/snippets/error-pages.conf;
proxy_pass http://proxmoxaas.dmz:8080;
proxy_redirect default;
}
location /api/ {
proxy_pass http://proxmoxaas.dmz:80;
proxy_redirect default;
}
}

6
sites/default.conf
View File

@ -1,6 +0,0 @@
server {
listen 443 ssl http2 default_server;
server_name *.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
return 301 https://tronnet.net;
}

10
sites/homepage.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass http://sites.dmz:80;
proxy_redirect default;
}
}

10
sites/ldap.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name ldap.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass http://ldap.dmz:80;
proxy_redirect default;
}
}

10
sites/mail.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name mail.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass https://mail2.dmz;
proxy_redirect default;
}
}

10
sites/nextcloud.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name nextcloud.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass http://nextcloud2.dmz:11000;
proxy_redirect default;
}
}

10
sites/opns.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name opns.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass https://10.0.0.1:10443;
proxy_redirect default;
}
}

10
sites/root.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name root.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass http://root.root:80;
proxy_redirect default;
}
}

10
sites/wiki.conf
View File

@ -1,10 +0,0 @@
server {
listen 443 ssl http2;
server_name wiki.tronnet.net;
include /etc/nginx/snippets/ssl-acme.conf;
include /etc/nginx/snippets/error-pages.conf;
location / {
proxy_pass http://sites.dmz:8081;
proxy_redirect default;
}
}

11
snippets/error-pages.conf
View File

@ -1,14 +1,3 @@
proxy_intercept_errors on;
error_page 400 /ErrorPages/HTTP400.html;
error_page 401 /ErrorPages/HTTP401.html;
error_page 403 /ErrorPages/HTTP403.html;
error_page 404 /ErrorPages/HTTP404.html;
error_page 500 /ErrorPages/HTTP500.html;
error_page 501 /ErrorPages/HTTP501.html;
error_page 502 /ErrorPages/HTTP502.html;
error_page 503 /ErrorPages/HTTP503.html;
location /ErrorPages/ {
alias /var/www/html/ErrorPages/;
internal;

9
snippets/proxy-errors.conf Normal file
View File

@ -0,0 +1,9 @@
proxy_intercept_errors on;
error_page 400 /ErrorPages/HTTP400.html;
error_page 401 /ErrorPages/HTTP401.html;
error_page 403 /ErrorPages/HTTP403.html;
error_page 404 /ErrorPages/HTTP404.html;
error_page 500 /ErrorPages/HTTP500.html;
error_page 501 /ErrorPages/HTTP501.html;
error_page 502 /ErrorPages/HTTP502.html;
error_page 503 /ErrorPages/HTTP503.html;

2
snippets/ssl-acme.conf
View File

@ -2,4 +2,4 @@
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/html;
}
}

3
ssl-params.conf
View File

@ -9,9 +9,6 @@ ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# ssl cert paths

5
stream/minecraft.conf Normal file
View File

@ -0,0 +1,5 @@
server {
listen 25565 reuseport;
proxy_timeout 30s;
proxy_pass minecraft.root:25565;
}