Move z9-host-specific configs and templates into z9 subdirectories
This commit is contained in:
julian
parent
4d12d802b8
commit
3d238d9f63
49 changed files with 40 additions and 40 deletions
|
|
@ -1,12 +0,0 @@
|
|||
general =
|
||||
{
|
||||
name = "Audio Pi";
|
||||
port = 5000;
|
||||
udp_port_base = 6001;
|
||||
udp_port_range = 10;
|
||||
interpolation = "soxr";
|
||||
output_backend = "alsa";
|
||||
mdns_backend = "avahi";
|
||||
volume_range_db = 40;
|
||||
volume_max_db = -20.0;
|
||||
};
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
# Place your local configuration in /etc/mosquitto/conf.d/
|
||||
#
|
||||
# A full description of the configuration file is at
|
||||
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
|
||||
|
||||
per_listener_settings false
|
||||
listener 1883
|
||||
allow_anonymous true
|
||||
pid_file /run/mosquitto/mosquitto.pid
|
||||
|
||||
persistence true
|
||||
persistence_location /var/lib/mosquitto/
|
||||
|
||||
log_dest file /var/log/mosquitto/mosquitto.log
|
||||
|
||||
include_dir /etc/mosquitto/conf.d
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
connection winkekatz
|
||||
address mqtt.winkekatze24.de
|
||||
bridge_protocol_version mqttv311
|
||||
|
||||
topic winkekatze/allcats/eye/set in 2
|
||||
topic winkekatze/allcats in 2
|
||||
topic +/status out 2 winkekatze/ ""
|
||||
topic +/connected out 2 winkekatze/ ""
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.14;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name aes.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5080/;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name esphome.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/esphome.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/esphome.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/esphome.ccchh.net/chain.pem;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect http:// https://;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://localhost:6052;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
# Also see: https://www.keycloak.org/server/reverseproxy
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.11;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name id.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/id.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/id.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/id.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# To not have 502s sometimes when logging through PVE use bigger buffer_sizes.
|
||||
# The error seemed to occur after logging in and out and in. Maybe related
|
||||
# to Keycloak logout settings, but probably not.
|
||||
# See:
|
||||
# https://stackoverflow.com/questions/56126864/why-do-i-get-502-when-trying-to-authenticate
|
||||
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 8 128k;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location /js/ {
|
||||
proxy_pass http://127.0.0.1:8080/js/;
|
||||
}
|
||||
|
||||
location /realms/ {
|
||||
proxy_pass http://127.0.0.1:8080/realms/;
|
||||
}
|
||||
|
||||
location /resources/ {
|
||||
proxy_pass http://127.0.0.1:8080/resources/;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
proxy_pass http://127.0.0.1:8080/robots.txt;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
# Also see: https://www.keycloak.org/server/reverseproxy
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
#listen [::]:443 ssl http2;
|
||||
|
||||
server_name keycloak-admin.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/keycloak-admin.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location /js/ {
|
||||
proxy_pass http://127.0.0.1:8080/js/;
|
||||
}
|
||||
|
||||
location /realms/ {
|
||||
proxy_pass http://127.0.0.1:8080/realms/;
|
||||
}
|
||||
|
||||
location /resources/ {
|
||||
proxy_pass http://127.0.0.1:8080/resources/;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
proxy_pass http://127.0.0.1:8080/robots.txt;
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
proxy_pass http://127.0.0.1:8080/admin/;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
server {
|
||||
listen 80 default_server;
|
||||
#listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
autoindex on;
|
||||
root /webroot-for-acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
#listen [::]:443 ssl http2;
|
||||
|
||||
server_name light.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 10.31.208.1;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
always_broadcast = false
|
||||
enabled = true
|
||||
ip =
|
||||
long_name = OLA - ArtNet node
|
||||
net = 0
|
||||
output_ports = 4
|
||||
short_name = OLA - ArtNet node
|
||||
subnet = 0
|
||||
use_limited_broadcast = false
|
||||
use_loopback = false
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
ack_timer_count = 0
|
||||
advanced_dimmer_count = 1
|
||||
dimmer_count = 1
|
||||
dimmer_subdevice_count = 4
|
||||
dummy_device_count = 1
|
||||
enabled = false
|
||||
moving_light_count = 1
|
||||
network_device_count = 1
|
||||
sensor_device_count = 1
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
cid = 4ff3f64a-e2de-43e5-847f-d4daad6cb63b
|
||||
draft_discovery = false
|
||||
dscp = 0
|
||||
enabled = false
|
||||
ignore_preview = true
|
||||
input_ports = 5
|
||||
ip =
|
||||
output_ports = 5
|
||||
prepend_hostname = true
|
||||
revision = 0.46
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
enabled = false
|
||||
ip =
|
||||
name = ola-EspNet
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
enabled = true
|
||||
frequency = 30
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
enabled = false
|
||||
gpio_pins =
|
||||
gpio_slot_offset = 1
|
||||
gpio_turn_off = 127
|
||||
gpio_turn_on = 128
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device = /dev/kldmx0
|
||||
enabled = false
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
enabled = false
|
||||
power_supply =
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device =
|
||||
enabled = false
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device = /dev/dmx0
|
||||
enabled = false
|
||||
|
|
@ -1 +0,0 @@
|
|||
enabled = false
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
enabled = false
|
||||
input_ports = 5
|
||||
output_ports = 5
|
||||
port_0_address = /dmx/universe/%d
|
||||
port_0_output_format = blob
|
||||
port_0_targets =
|
||||
port_1_address = /dmx/universe/%d
|
||||
port_1_output_format = blob
|
||||
port_1_targets =
|
||||
port_2_address = /dmx/universe/%d
|
||||
port_2_output_format = blob
|
||||
port_2_targets =
|
||||
port_3_address = /dmx/universe/%d
|
||||
port_3_output_format = blob
|
||||
port_3_targets =
|
||||
port_4_address = /dmx/universe/%d
|
||||
port_4_output_format = blob
|
||||
port_4_targets =
|
||||
udp_listen_port = 7770
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
dscp = 0
|
||||
enabled = false
|
||||
ip =
|
||||
name = ola-Pathport
|
||||
node-id = 672065429
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
11-1-I-0_priority_mode = 0
|
||||
11-1-I-0_priority_value = 100
|
||||
11-1-I-1_priority_mode = 0
|
||||
11-1-I-1_priority_value = 100
|
||||
11-1-I-2_priority_mode = 0
|
||||
11-1-I-2_priority_value = 100
|
||||
11-1-I-3_priority_mode = 0
|
||||
11-1-I-3_priority_value = 100
|
||||
11-1-I-4_priority_mode = 0
|
||||
11-1-I-4_priority_value = 100
|
||||
11-1-O-0_priority_mode = 0
|
||||
11-1-O-0_priority_value = 100
|
||||
11-1-O-1_priority_mode = 0
|
||||
11-1-O-1_priority_value = 100
|
||||
11-1-O-2_priority_mode = 0
|
||||
11-1-O-2_priority_value = 100
|
||||
11-1-O-3_priority_mode = 0
|
||||
11-1-O-3_priority_value = 100
|
||||
11-1-O-4_priority_mode = 0
|
||||
11-1-O-4_priority_value = 100
|
||||
13-A60300JF-O-1 = 1
|
||||
14-1-I-0_priority_value = 100
|
||||
14-1-I-1_priority_value = 100
|
||||
14-1-I-2_priority_value = 100
|
||||
14-1-I-3_priority_value = 100
|
||||
14-1-I-4_priority_value = 100
|
||||
2-1-I-0 = 1
|
||||
2-1-I-0_priority_value = 100
|
||||
2-1-I-1_priority_value = 100
|
||||
2-1-I-2_priority_value = 100
|
||||
2-1-I-3_priority_value = 100
|
||||
3-1-I-0_priority_value = 100
|
||||
3-1-I-1_priority_value = 100
|
||||
3-1-I-2_priority_value = 100
|
||||
3-1-I-3_priority_value = 100
|
||||
3-1-I-4_priority_value = 100
|
||||
3-1-I-5_priority_value = 100
|
||||
3-1-I-6_priority_value = 100
|
||||
3-1-I-7_priority_value = 100
|
||||
4-1-I-0_priority_value = 100
|
||||
4-1-I-1_priority_value = 100
|
||||
4-1-I-2_priority_value = 100
|
||||
4-1-I-3_priority_value = 100
|
||||
4-1-I-4_priority_value = 100
|
||||
7-1-I-0_priority_value = 100
|
||||
7-1-I-1_priority_value = 100
|
||||
7-1-I-2_priority_value = 100
|
||||
7-1-I-3_priority_value = 100
|
||||
7-1-I-4_priority_value = 100
|
||||
7-1-I-5_priority_value = 100
|
||||
7-1-I-6_priority_value = 100
|
||||
7-1-I-7_priority_value = 100
|
||||
9-1-I-0_priority_value = 100
|
||||
9-1-I-1_priority_value = 100
|
||||
9-1-I-2_priority_value = 100
|
||||
9-1-I-3_priority_value = 100
|
||||
9-1-I-4_priority_value = 100
|
||||
9-1-I-5_priority_value = 100
|
||||
9-1-I-6_priority_value = 100
|
||||
9-1-I-7_priority_value = 100
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device =
|
||||
enabled = false
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
enabled = false
|
||||
ip =
|
||||
name = ola-SandNet
|
||||
|
|
@ -1 +0,0 @@
|
|||
instance-name = OLA Server
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
enabled = false
|
||||
ip =
|
||||
name = ola-ShowNet
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
base_uid = 7a70:00000100
|
||||
device_prefix = spidev
|
||||
enabled = false
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device = /dev/ttyUSB0
|
||||
enabled = false
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
device = /dev/ttyACM0
|
||||
enabled = false
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
uni_1_merge = LTP
|
||||
uni_1_name = Universe 1
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
enabled = false
|
||||
libusb_debug_level = 0
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
device_dir = /dev
|
||||
device_prefix = ttyUSB
|
||||
device_prefix = cu.usbserial-
|
||||
device_prefix = ttyU
|
||||
enabled = false
|
||||
pro_fps_limit = 190
|
||||
tri_use_raw_rdm = false
|
||||
ultra_fps_limit = 40
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
map $host $upstream_acme_challenge_host {
|
||||
club-assistant.ccchh.net 10.31.208.10;
|
||||
netbox.ccchh.net 10.31.208.29;
|
||||
light.ccchh.net 10.31.208.23;
|
||||
thinkcccore0.ccchh.net 10.31.242.3;
|
||||
thinkcccore1.ccchh.net 10.31.242.4;
|
||||
thinkcccore2.ccchh.net 10.31.242.5;
|
||||
thinkcccore3.ccchh.net 10.31.242.6;
|
||||
wiki.ccchh.net 10.31.206.13:31820;
|
||||
zigbee2mqtt.ccchh.net 10.31.208.25:31820;
|
||||
id.ccchh.net 10.31.206.12:31820;
|
||||
keycloak-admin.ccchh.net 10.31.206.12:31820;
|
||||
esphome.ccchh.net 10.31.208.24:31820;
|
||||
aes.ccchh.net 10.31.206.14:31820;
|
||||
proxmox-backup-server.ccchh.net 10.31.208.28;
|
||||
default "";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
proxy_pass http://$upstream_acme_challenge_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is http in any case.
|
||||
proxy_set_header X-Forwarded-Proto http;
|
||||
}
|
||||
|
||||
# Better safe than sorry.
|
||||
# Don't do a permanent redirect to avoid acme challenge pain (even tho 443
|
||||
# still should work).
|
||||
location / {
|
||||
return 307 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 127.0.0.1;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
# ssl_certificate /path/to/signed_cert_plus_intermediates;
|
||||
# ssl_certificate_key /path/to/private_key;
|
||||
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
ssl_certificate /etc/ssl/certs/public-reverse-proxy.crt;
|
||||
ssl_certificate_key /etc/ssl/private/public-reverse-proxy.key;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 127.0.0.1;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
proxy_pass http://$upstream_acme_challenge_host;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is http in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
# This config is based on the standard `nginx.conf` shipping with the stable
|
||||
# nginx package from the NGINX mirrors as of 2023-01.
|
||||
|
||||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
|
||||
# upstreams.
|
||||
stream {
|
||||
map $ssl_preread_server_name $address {
|
||||
wiki.ccchh.net 10.31.206.13:8443;
|
||||
id.ccchh.net 10.31.206.12:8443;
|
||||
aes.ccchh.net 10.31.206.14:8443;
|
||||
default 127.0.0.1:8443;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443;
|
||||
proxy_pass $address;
|
||||
ssl_preread on;
|
||||
proxy_protocol on;
|
||||
}
|
||||
}
|
||||
|
||||
# Still have the default http block, so the `acme_challenge.conf` works.
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.11;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name wiki.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/wiki.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/wiki.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# Maximum file upload size is 4MB - change accordingly if needed
|
||||
client_max_body_size 4M;
|
||||
client_body_buffer_size 128k;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
root /var/www/dokuwiki;
|
||||
index doku.php;
|
||||
|
||||
#Remember to comment the below out when you're installing, and uncomment it when done.
|
||||
location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; }
|
||||
|
||||
#Support for X-Accel-Redirect
|
||||
location ~ ^/data/ { internal ; }
|
||||
|
||||
location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ {
|
||||
expires 365d;
|
||||
}
|
||||
|
||||
location / { try_files $uri $uri/ @dokuwiki; }
|
||||
|
||||
location @dokuwiki {
|
||||
# rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
|
||||
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
||||
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
||||
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
||||
rewrite ^/(.*) /doku.php?id=$1&$args last;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri $uri/ /doku.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
||||
fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name zigbee2mqtt.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/chain.pem;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://localhost:8080/api;
|
||||
proxy_set_header Host $host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue