From 9e01be6e6dc8f5dffc9a11cc12dc26997abb0921 Mon Sep 17 00:00:00 2001 From: JulienAldon Date: Sun, 18 Jan 2026 09:56:59 +0100 Subject: [PATCH 1/4] add traefik branch --- nginx/sites-available/benoit.mathieu.wiki | 26 --------- nginx/sites-available/bookshelf.aldon.fr | 28 ---------- nginx/sites-available/default | 59 -------------------- nginx/sites-available/discussion.fefan.fr | 26 --------- nginx/sites-available/fefan.fr | 64 ---------------------- nginx/sites-available/gitea.aldon.fr | 28 ---------- nginx/sites-available/grist.aldon.fr | 26 --------- nginx/sites-available/keycloak.aldon.fr | 26 --------- nginx/sites-available/nextcloud.aldon.fr | 64 ---------------------- nginx/sites-available/vaultwarden.aldon.fr | 59 -------------------- 10 files changed, 406 deletions(-) delete mode 100644 nginx/sites-available/benoit.mathieu.wiki delete mode 100644 nginx/sites-available/bookshelf.aldon.fr delete mode 100644 nginx/sites-available/default delete mode 100644 nginx/sites-available/discussion.fefan.fr delete mode 100644 nginx/sites-available/fefan.fr delete mode 100644 nginx/sites-available/gitea.aldon.fr delete mode 100644 nginx/sites-available/grist.aldon.fr delete mode 100644 nginx/sites-available/keycloak.aldon.fr delete mode 100644 nginx/sites-available/nextcloud.aldon.fr delete mode 100644 nginx/sites-available/vaultwarden.aldon.fr diff --git a/nginx/sites-available/benoit.mathieu.wiki b/nginx/sites-available/benoit.mathieu.wiki deleted file mode 100644 index dc3aeda..0000000 --- a/nginx/sites-available/benoit.mathieu.wiki +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name benoit.mathieu.wiki www.benoit.mathieu.wiki; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - server_name benoit.mathieu.wiki; - - ssl_certificate /etc/letsencrypt/live/benoit.mathieu.wiki/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/benoit.mathieu.wiki/privkey.pem; - - location / { - proxy_pass http://192.168.1.38:8080; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/bookshelf.aldon.fr b/nginx/sites-available/bookshelf.aldon.fr deleted file mode 100644 index 1a1a672..0000000 --- a/nginx/sites-available/bookshelf.aldon.fr +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name bookshelf.aldon.fr; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - server_name bookshelf.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.27; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/default b/nginx/sites-available/default deleted file mode 100644 index e4978fd..0000000 --- a/nginx/sites-available/default +++ /dev/null @@ -1,59 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - ## - # Errors pages - ## - - error_page 404 500 502 503 504 /errors/50x.html; - - location ^~ /errors/ { - internal; - root /usr/share/nginx/html/; - allow all; - } -} \ No newline at end of file diff --git a/nginx/sites-available/discussion.fefan.fr b/nginx/sites-available/discussion.fefan.fr deleted file mode 100644 index 74c05e0..0000000 --- a/nginx/sites-available/discussion.fefan.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name discussion.fefan.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name discussion.fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.15:3000; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/fefan.fr b/nginx/sites-available/fefan.fr deleted file mode 100644 index 7d1ed7d..0000000 --- a/nginx/sites-available/fefan.fr +++ /dev/null @@ -1,64 +0,0 @@ -server { - server_name www.content.fefan.fr; - return 301 $scheme://content.fefan.fr$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name content.fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1440m; - ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - location / { - resolver 127.0.0.11 valid=30s; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $upstream_strapi 192.168.1.11; - proxy_pass http://$upstream_strapi:1337; - } - - location = /50x.html { - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name www.fefan.fr fefan.fr; - - ssl_certificate /etc/letsencrypt/live/fefan.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/fefan.fr/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1440m; - ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - location / { - resolver 127.0.0.11 valid=30s; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $upstream_next 192.168.1.11; - proxy_pass http://$upstream_next:3000; - } - - location = /50x.html { - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; -} \ No newline at end of file diff --git a/nginx/sites-available/gitea.aldon.fr b/nginx/sites-available/gitea.aldon.fr deleted file mode 100644 index 11189b2..0000000 --- a/nginx/sites-available/gitea.aldon.fr +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 80; - server_name gitea.aldon.fr; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - server_name gitea.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.50:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/grist.aldon.fr b/nginx/sites-available/grist.aldon.fr deleted file mode 100644 index 6556710..0000000 --- a/nginx/sites-available/grist.aldon.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name grist.aldon.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name grist.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.35:8484; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/keycloak.aldon.fr b/nginx/sites-available/keycloak.aldon.fr deleted file mode 100644 index 52e3a0b..0000000 --- a/nginx/sites-available/keycloak.aldon.fr +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80; - server_name keycloak.aldon.fr; - return 301 http://$host$request_uri; -} - -server { - listen 443 ssl; - server_name keycloak.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - location / { - proxy_pass http://192.168.1.34:8080; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} \ No newline at end of file diff --git a/nginx/sites-available/nextcloud.aldon.fr b/nginx/sites-available/nextcloud.aldon.fr deleted file mode 100644 index 4794d4c..0000000 --- a/nginx/sites-available/nextcloud.aldon.fr +++ /dev/null @@ -1,64 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen 80; - listen [::]:80; - - if ($scheme = "http") { - return 301 https://$host$request_uri; - } - if ($http_x_forwarded_proto = "http") { - return 301 https://$host$request_uri; - } - - listen 443 ssl http2; - proxy_buffering off; - proxy_request_buffering off; - - client_max_body_size 0; - client_body_buffer_size 512k; - proxy_read_timeout 86400s; - - server_name nextcloud.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - ssl_dhparam "/etc/dhparam"; - - ssl_early_data on; - ssl_session_cache shared:SSL:10m; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ecdh_curve x25519:x448:secp521r1:secp256r1; - - ssl_prefer_server_ciphers on; - ssl_conf_command Options PrioritizeChaCha; - ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-ECDHE-ECSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:RCDHE-RSA-AES128-GCM-SHA256; - - location / { - proxy_pass http://192.168.1.30:11000$request_uri; - - proxy_set_header Host $host; - proxy_set_header X-REAL-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Early-Data $ssl_early_data; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - # Error pages - error_page 502 /502.html; - location /502.html { - root /var/www/html; - } - } - -} \ No newline at end of file diff --git a/nginx/sites-available/vaultwarden.aldon.fr b/nginx/sites-available/vaultwarden.aldon.fr deleted file mode 100644 index da8b444..0000000 --- a/nginx/sites-available/vaultwarden.aldon.fr +++ /dev/null @@ -1,59 +0,0 @@ -upstream vaultwarden-default { - zone vaultwarden-default 64k; - server 192.168.1.36:8080; - keepalive 2; -} - -# See: https://nginx.org/en/docs/http/websocket.html -map $http_upgrade $connection_upgrade { - default upgrade; - '' ""; -} - -# Redirect HTTP to HTTPS -server { - listen 80; - listen [::]:80; - server_name vaultwarden.aldon.fr; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl http2; - server_name vaultwarden.aldon.fr; - - ssl_certificate /etc/letsencrypt/live/aldon.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aldon.fr/privkey.pem; - - add_header Strict-Transport-Security "max-age=31536000;"; - - #ssl_trusted_certificate /etc/letsencrypt/live/vaultwarden.aldon.fr/fullchain.pem; - - client_max_body_size 525M; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - location / { - proxy_pass http://vaultwarden-default; - } - - # Optionally add extra authentication besides the ADMIN_TOKEN - # Remove the comments below `#` and create the htpasswd_file to have it active - # - #location /admin { - # # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ - # auth_basic "Private"; - # auth_basic_user_file /path/to/htpasswd_file; - # - # proxy_pass http://vaultwarden-default; - #} -} \ No newline at end of file -- 2.39.5 From b5c5c994c566715a5ce749545a7fcad80e7cf0b1 Mon Sep 17 00:00:00 2001 From: JulienAldon Date: Sun, 18 Jan 2026 11:04:27 +0100 Subject: [PATCH 2/4] Update Traefik services --- services.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 services.yml diff --git a/services.yml b/services.yml new file mode 100644 index 0000000..863b1f0 --- /dev/null +++ b/services.yml @@ -0,0 +1,35 @@ +http: + routers: + bookshelf: + rule: "Host(`bookshelf`)" + entryPoints: + - websecure + middlewares: + - redirect-to-https + service: bookshelf + tls: {} + gitea: + rule: "Host(`gitea`)" + entryPoints: + - websecure + middlewares: + - redirect-to-https + service: gitea + tls: {} + + services: + bookshelf: + loadBalancer: + passHostHeader: true + servers: + - url: "http://192.168.1.91:80" + gitea: + loadBalancer: + passHostHeader: true + servers: + - url: "http://192.168.1.90:3000" + + middlewares: + redirect-to-https: + redirectScheme: + scheme: https \ No newline at end of file -- 2.39.5 From d781f7d71662fc66c0196b7dacf99321cac49749 Mon Sep 17 00:00:00 2001 From: JulienAldon Date: Sun, 18 Jan 2026 11:06:41 +0100 Subject: [PATCH 3/4] remove service --- services.yml | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100644 services.yml diff --git a/services.yml b/services.yml deleted file mode 100644 index 863b1f0..0000000 --- a/services.yml +++ /dev/null @@ -1,35 +0,0 @@ -http: - routers: - bookshelf: - rule: "Host(`bookshelf`)" - entryPoints: - - websecure - middlewares: - - redirect-to-https - service: bookshelf - tls: {} - gitea: - rule: "Host(`gitea`)" - entryPoints: - - websecure - middlewares: - - redirect-to-https - service: gitea - tls: {} - - services: - bookshelf: - loadBalancer: - passHostHeader: true - servers: - - url: "http://192.168.1.91:80" - gitea: - loadBalancer: - passHostHeader: true - servers: - - url: "http://192.168.1.90:3000" - - middlewares: - redirect-to-https: - redirectScheme: - scheme: https \ No newline at end of file -- 2.39.5 From bed2f5a163b8e1eb8054cbc61c2d59644551757a Mon Sep 17 00:00:00 2001 From: JulienAldon Date: Sun, 18 Jan 2026 11:06:59 +0100 Subject: [PATCH 4/4] Update Traefik services --- services.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 services.yml diff --git a/services.yml b/services.yml new file mode 100644 index 0000000..863b1f0 --- /dev/null +++ b/services.yml @@ -0,0 +1,35 @@ +http: + routers: + bookshelf: + rule: "Host(`bookshelf`)" + entryPoints: + - websecure + middlewares: + - redirect-to-https + service: bookshelf + tls: {} + gitea: + rule: "Host(`gitea`)" + entryPoints: + - websecure + middlewares: + - redirect-to-https + service: gitea + tls: {} + + services: + bookshelf: + loadBalancer: + passHostHeader: true + servers: + - url: "http://192.168.1.91:80" + gitea: + loadBalancer: + passHostHeader: true + servers: + - url: "http://192.168.1.90:3000" + + middlewares: + redirect-to-https: + redirectScheme: + scheme: https \ No newline at end of file -- 2.39.5