diff --git a/nginx/sites-available/benoit.mathieu.wiki b/nginx/sites-available/benoit.mathieu.wiki deleted file mode 100644 index dc3aeda..0000000 --- a/nginx/sites-available/benoit.mathieu.wiki +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name benoit.mathieu.wiki www.benoit.mathieu.wiki; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - server_name benoit.mathieu.wiki; - - ssl_certificate /etc/letsencrypt/live/benoit.mathieu.wiki/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/benoit.mathieu.wiki/privkey.pem; - - location / { - proxy_pass http://192.168.1.38:8080; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/bookshelf.aldon.fr b/nginx/sites-available/bookshelf.aldon.fr deleted file mode 100644 index 1a1a672..0000000 --- a/nginx/sites-available/bookshelf.aldon.fr +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name bookshelf.aldon.fr; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - server_name bookshelf.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.27; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/default b/nginx/sites-available/default deleted file mode 100644 index e4978fd..0000000 --- a/nginx/sites-available/default +++ /dev/null @@ -1,59 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - ## - # Errors pages - ## - - error_page 404 500 502 503 504 /errors/50x.html; - - location ^~ /errors/ { - internal; - root /usr/share/nginx/html/; - allow all; - } -} \ No newline at end of file diff --git a/nginx/sites-available/discussion.fefan.fr b/nginx/sites-available/discussion.fefan.fr deleted file mode 100644 index 74c05e0..0000000 --- a/nginx/sites-available/discussion.fefan.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name discussion.fefan.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name discussion.fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.15:3000; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/fefan.fr b/nginx/sites-available/fefan.fr deleted file mode 100644 index 7d1ed7d..0000000 --- a/nginx/sites-available/fefan.fr +++ /dev/null @@ -1,64 +0,0 @@ -server { - server_name www.content.fefan.fr; - return 301 $scheme://content.fefan.fr$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name content.fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1440m; - ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - location / { - resolver 127.0.0.11 valid=30s; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $upstream_strapi 192.168.1.11; - proxy_pass http://$upstream_strapi:1337; - } - - location = /50x.html { - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name www.fefan.fr fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1440m; - ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - location / { - resolver 127.0.0.11 valid=30s; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $upstream_next 192.168.1.11; - proxy_pass http://$upstream_next:3000; - } - - location = /50x.html { - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; -} \ No newline at end of file diff --git a/nginx/sites-available/gitea.aldon.fr b/nginx/sites-available/gitea.aldon.fr deleted file mode 100644 index 11189b2..0000000 --- a/nginx/sites-available/gitea.aldon.fr +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name gitea.aldon.fr; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - server_name gitea.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.50:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/grist.aldon.fr b/nginx/sites-available/grist.aldon.fr deleted file mode 100644 index 6556710..0000000 --- a/nginx/sites-available/grist.aldon.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name grist.aldon.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name grist.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.35:8484; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/keycloak.aldon.fr b/nginx/sites-available/keycloak.aldon.fr deleted file mode 100644 index 52e3a0b..0000000 --- a/nginx/sites-available/keycloak.aldon.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name keycloak.aldon.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name keycloak.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.34:8080; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/nextcloud.aldon.fr b/nginx/sites-available/nextcloud.aldon.fr deleted file mode 100644 index 4794d4c..0000000 --- a/nginx/sites-available/nextcloud.aldon.fr +++ /dev/null @@ -1,64 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen 80; - listen [::]:80; - - if ($scheme = "http") { - return 301 https://$host$request_uri; - } - if ($http_x_forwarded_proto = "http") { - return 301 https://$host$request_uri; - } - - listen 443 ssl http2; - proxy_buffering off; - proxy_request_buffering off; - - client_max_body_size 0; - client_body_buffer_size 512k; - proxy_read_timeout 86400s; - - server_name nextcloud.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - ssl_dhparam "/etc/dhparam"; - - ssl_early_data on; - ssl_session_cache shared:SSL:10m; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ecdh_curve x25519:x448:secp521r1:secp256r1; - - ssl_prefer_server_ciphers on; - ssl_conf_command Options PrioritizeChaCha; - ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-ECDHE-ECSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:RCDHE-RSA-AES128-GCM-SHA256; - - location / { - proxy_pass http://192.168.1.30:11000$request_uri; - - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Early-Data $ssl_early_data; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - # Error pages - error_page 502 /502.html; - location /502.html { - root /var/www/html; - } - } - -} \ No newline at end of file diff --git a/nginx/sites-available/vaultwarden.aldon.fr b/nginx/sites-available/vaultwarden.aldon.fr deleted file mode 100644 index da8b444..0000000 --- a/nginx/sites-available/vaultwarden.aldon.fr +++ /dev/null @@ -1,59 +0,0 @@ -upstream vaultwarden-default { - zone vaultwarden-default 64k; - server 192.168.1.36:8080; - keepalive 2; -} - -# See: https://nginx.org/en/docs/http/websocket.html -map $http_upgrade $connection_upgrade { - default upgrade; - '' ""; -} - -# Redirect HTTP to HTTPS -server { - listen 80; - listen [::]:80; - server_name vaultwarden.aldon.fr; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl http2; - server_name vaultwarden.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - add_header Strict-Transport-Security "max-age=31536000;"; - - #ssl_trusted_certificate /etc/letsencrypt/live/vaultwarden.aldon.fr/fullchain.pem; - - client_max_body_size 525M; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - location / { - proxy_pass http://vaultwarden-default; - } - - # Optionally add extra authentication besides the ADMIN_TOKEN - # Remove the comments below `#` and create the htpasswd_file to have it active - # - #location /admin { - # # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ - # auth_basic "Private"; - # auth_basic_user_file /path/to/htpasswd_file; - # - # proxy_pass http://vaultwarden-default; - #} -} \ No newline at end of file