2022-07-24 15:24:53 +02:00
|
|
|
worker_processes 4;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
|
|
|
|
include mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
client_max_body_size 10G;
|
|
|
|
|
|
|
|
resolver 127.0.0.1 ipv6=off;
|
|
|
|
|
|
|
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
|
|
|
# Logs
|
|
|
|
log_format custom_log '$remote_addr - $remote_user [$time_local] '
|
|
|
|
'"$request" $status $body_bytes_sent '
|
|
|
|
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
|
|
|
|
|
|
|
|
|
|
|
|
### TRANSMISSION ###
|
|
|
|
|
|
|
|
upstream transmission {
|
|
|
|
server transmission:9091;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name transmission.spanskiduh.xyz;
|
|
|
|
access_log /logs/transmission.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://transmission.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name transmission.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/transmission.log custom_log;
|
2022-07-24 15:24:53 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/transmission.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/transmission.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://transmission/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
### JELLYFIN ###
|
|
|
|
|
|
|
|
upstream jellyfin {
|
|
|
|
server jellyfin:8096;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name jellyfin.spanskiduh.xyz;
|
|
|
|
access_log /logs/jellyfin.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://jellyfin.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name jellyfin.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/jellyfin.log custom_log;
|
2022-07-24 15:24:53 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://jellyfin/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
### GITEA ###
|
|
|
|
|
|
|
|
upstream gitea {
|
|
|
|
server gitea:3000;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name gitea.spanskiduh.xyz;
|
|
|
|
access_log /logs/gitea.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://gitea.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name gitea.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/gitea.log custom_log;
|
2022-07-24 15:24:53 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/gitea.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/gitea.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://gitea/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
### NEXTCLOUD ###
|
|
|
|
|
|
|
|
upstream nextcloud {
|
|
|
|
server nextcloud:80;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name nextcloud.spanskiduh.xyz;
|
|
|
|
access_log /logs/nextcloud.log custom_log;
|
|
|
|
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
add_header X-Robots-Tag none;
|
|
|
|
add_header X-Download-Options noopen;
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://nextcloud.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name nextcloud.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/nextcloud.log custom_log;
|
2022-07-24 15:24:53 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
add_header X-Robots-Tag none;
|
|
|
|
add_header X-Download-Options noopen;
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
|
|
|
|
|
|
|
# Disable gzip to avoid the removal of the ETag header
|
|
|
|
gzip off;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://nextcloud";
|
|
|
|
}
|
2022-07-24 21:27:44 +02:00
|
|
|
}
|
|
|
|
|
2022-07-25 16:19:03 +02:00
|
|
|
### KIMAI ###
|
|
|
|
|
|
|
|
upstream kimai {
|
|
|
|
server kimai:8001;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name kimai.spanskiduh.xyz;
|
|
|
|
access_log /logs/kimai.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://kimai.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name kimai.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/kimai.log custom_log;
|
2022-07-25 16:19:03 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/kimai.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/kimai.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://kimai/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-25 23:14:17 +02:00
|
|
|
### PHOTOPRISM ###
|
|
|
|
|
|
|
|
upstream photoprism {
|
|
|
|
server photoprism:2342;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name photos.spanskiduh.xyz;
|
|
|
|
access_log /logs/photoprism.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://photos.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name photos.spanskiduh.xyz;
|
|
|
|
access_log /logs/photoprism.log custom_log;
|
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/photos.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/photos.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://photoprism/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-25 12:04:59 +02:00
|
|
|
### GLADYS ASSISTANT ###
|
|
|
|
|
|
|
|
upstream gladys {
|
|
|
|
server gladys:80;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name gladys.spanskiduh.xyz;
|
|
|
|
access_log /logs/gladys.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://gladys.spanskiduh.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name gladys.spanskiduh.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/gladys.log custom_log;
|
2022-07-25 12:04:59 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/gladys.spanskiduh.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/gladys.spanskiduh.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://gladys/";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-24 21:27:44 +02:00
|
|
|
|
|
|
|
### AUTISM-APP ###
|
|
|
|
|
|
|
|
upstream autism-app {
|
|
|
|
server autism_app:3000;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name zavedanje-o-avtizmu.xyz;
|
|
|
|
access_log /logs/autism.log custom_log;
|
|
|
|
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
root /var/www/certbot;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
return 301 https://zavedanje-o-avtizmu.xyz$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
server_name zavedanje-o-avtizmu.xyz;
|
2022-07-25 23:14:17 +02:00
|
|
|
access_log /logs/autism.log custom_log;
|
2022-07-24 21:27:44 +02:00
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/zavedanje-o-avtizmu.xyz/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/zavedanje-o-avtizmu.xyz/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass "http://autism-app/";
|
|
|
|
}
|
|
|
|
}
|
2022-07-24 15:24:53 +02:00
|
|
|
}
|