Mop/gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'traefik' (#1) from traefik into main

Browse Source 
Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
Julien Aldon
2026-01-18 18:16:18 +01:00
parent d2be739590 bed2f5a163
commit 124bdb1b67
11 changed files with 35 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nginx/sites-available/benoit.mathieu.wiki
View File

@@ -1,26 +0,0 @@
server {
listen 80;
server_name benoit.mathieu.wiki www.benoit.mathieu.wiki;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name benoit.mathieu.wiki;
ssl_certificate /etc/letsencrypt/live/benoit.mathieu.wiki/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/benoit.mathieu.wiki/privkey.pem;
location / {
proxy_pass http://192.168.1.38:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

28
nginx/sites-available/bookshelf.aldon.fr
View File

@@ -1,28 +0,0 @@
server {
listen 80;
server_name bookshelf.aldon.fr;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server_name bookshelf.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
location / {
proxy_pass http://192.168.1.27;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

59
nginx/sites-available/default
View File

@@ -1,59 +0,0 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
##
# Errors pages
##
error_page 404 500 502 503 504 /errors/50x.html;
location ^~ /errors/ {
internal;
root /usr/share/nginx/html/;
allow all;
}
}

26
nginx/sites-available/discussion.fefan.fr
View File

@@ -1,26 +0,0 @@
server {
listen 80;
server_name discussion.fefan.fr;
return 301 http://$host$request_uri;
}
server {
listen 443 ssl;
server_name discussion.fefan.fr;
ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem;
location / {
proxy_pass http://192.168.1.15:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

64
nginx/sites-available/fefan.fr
View File

@@ -1,64 +0,0 @@
server {
server_name www.content.fefan.fr;
return 301 $scheme://content.fefan.fr$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name content.fefan.fr;
ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
location / {
resolver 127.0.0.11 valid=30s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
set $upstream_strapi 192.168.1.11;
proxy_pass http://$upstream_strapi:1337;
}
location = /50x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.fefan.fr fefan.fr;
ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
location / {
resolver 127.0.0.11 valid=30s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
set $upstream_next 192.168.1.11;
proxy_pass http://$upstream_next:3000;
}
location = /50x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
}

28
nginx/sites-available/gitea.aldon.fr
View File

@@ -1,28 +0,0 @@
server {
listen 80;
server_name gitea.aldon.fr;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server_name gitea.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
location / {
proxy_pass http://192.168.1.50:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

26
nginx/sites-available/grist.aldon.fr
View File

@@ -1,26 +0,0 @@
server {
listen 80;
server_name grist.aldon.fr;
return 301 http://$host$request_uri;
}
server {
listen 443 ssl;
server_name grist.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
location / {
proxy_pass http://192.168.1.35:8484;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

26
nginx/sites-available/keycloak.aldon.fr
View File

@@ -1,26 +0,0 @@
server {
listen 80;
server_name keycloak.aldon.fr;
return 301 http://$host$request_uri;
}
server {
listen 443 ssl;
server_name keycloak.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
location / {
proxy_pass http://192.168.1.34:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

64
nginx/sites-available/nextcloud.aldon.fr
View File

@@ -1,64 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl http2;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
server_name nextcloud.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
ssl_dhparam "/etc/dhparam";
ssl_early_data on;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve x25519:x448:secp521r1:secp256r1;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-ECDHE-ECSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:RCDHE-RSA-AES128-GCM-SHA256;
location / {
proxy_pass http://192.168.1.30:11000$request_uri;
proxy_set_header Host $host;
proxy_set_header X-REAL-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Early-Data $ssl_early_data;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Error pages
error_page 502 /502.html;
location /502.html {
root /var/www/html;
}
}
}

59
nginx/sites-available/vaultwarden.aldon.fr
View File

@@ -1,59 +0,0 @@
upstream vaultwarden-default {
zone vaultwarden-default 64k;
server 192.168.1.36:8080;
keepalive 2;
}
# See: https://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name vaultwarden.aldon.fr;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl http2;
server_name vaultwarden.aldon.fr;
ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000;";
#ssl_trusted_certificate /etc/letsencrypt/live/vaultwarden.aldon.fr/fullchain.pem;
client_max_body_size 525M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://vaultwarden-default;
}
# Optionally add extra authentication besides the ADMIN_TOKEN
# Remove the comments below `#` and create the htpasswd_file to have it active
#
#location /admin {
# # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
# auth_basic "Private";
# auth_basic_user_file /path/to/htpasswd_file;
#
# proxy_pass http://vaultwarden-default;
#}
}

35
services.yml Normal file
View File

@@ -0,0 +1,35 @@
http:
routers:
bookshelf:
rule: "Host(`bookshelf`)"
entryPoints:
- websecure
middlewares:
- redirect-to-https
service: bookshelf
tls: {}
gitea:
rule: "Host(`gitea`)"
entryPoints:
- websecure
middlewares:
- redirect-to-https
service: gitea
tls: {}
services:
bookshelf:
loadBalancer:
passHostHeader: true
servers:
- url: "http://192.168.1.91:80"
gitea:
loadBalancer:
passHostHeader: true
servers:
- url: "http://192.168.1.90:3000"
middlewares:
redirect-to-https:
redirectScheme:
scheme: https