root/srvrevproxy02_nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Inital Commit

Browse Source
This commit is contained in:
root
2025-06-24 15:47:45 +02:00
commit cf41358c4c
38 changed files with 2594 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
sites-available/activesync.conf Normal file
View File

@@ -0,0 +1,54 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/activesync/ levels=1:2 keys_zone=my_cache_activesync:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/activesync.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/activesync.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
set $upstream 10.0.0.21;
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_activesync;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

58
sites-available/blog.conf Normal file
View File

@@ -0,0 +1,58 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
#proxy_cache_path /tmp/blog levels=1:2 keys_zone=my_cache_blog:10m max_size=10g
# inactive=60m use_temp_path=off;
server{
listen 80;
server_name blog.egonetix.de;
return 301 https://$server_name/$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/blog.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name blog.egonetix.de;
access_log /var/log/nginx/blog-access_log;
error_log /var/log/nginx/blog-error_log;
set $upstream 10.0.0.48;
location / {
# proxy_cache my_cache_blog;
# proxy_cache_revalidate on;
# proxy_cache_min_uses 3;
# proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# proxy_cache_lock on;
# proxy_pass_header Authorization;
proxy_pass http://$upstream:8083;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
# proxy_read_timeout 36000s;
# proxy_redirect off;
# proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

59
sites-available/chat.conf Normal file
View File

@@ -0,0 +1,59 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server{
listen 10.0.0.48:80;
server_name chat.egonetix.de;
return 301 https://$server_name$request_uri;
# set $upstream 10.0.0.40;
#location /_matrix/ {
#
# proxy_pass http://$upstream:8008/;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
#
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forward-Proto http;
# proxy_set_header X-Nginx-Proxy true;
#
# proxy_redirect off;
#}
}
server {
listen 10.0.0.48:443 ssl;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/chat.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name chat.egonetix.de;
access_log /var/log/nginx/chat-access.log;
error_log /var/log/nginx/chat-error.log;
set $upstream 10.0.0.48;
location /_matrix {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forward-Proto http;
# proxy_set_header X-Nginx-Proxy true;
# proxy_ssl_session_reuse off;
# proxy_redirect off;
}
}

90
sites-available/default Normal file
View File

@@ -0,0 +1,90 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
location /.well-known {
alias /var/www/sub.domain.com/.well-known;
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

91
sites-available/default.dpkg-dist Normal file
View File

@@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

52
sites-available/dudle.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/dudle/ levels=1:2 keys_zone=my_cache_dudle:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name dudle.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/dudle.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dudle.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name dudle.egonetix.de;
access_log /var/log/nginx/dudle-access_log;
error_log /var/log/nginx/dudle-error_log;
set $upstream 10.0.0.13;
location / {
proxy_cache my_cache_dudle;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8088;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

146
sites-available/email.conf Normal file
View File

@@ -0,0 +1,146 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/email/ levels=1:2 keys_zone=my_cache_email:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name email.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/email.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/email.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name email.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/email-access_log;
error_log /var/log/nginx/email-error_log;
set $upstream 10.0.0.23;
rewrite ^/$ /egroupware;
location /egroupware {
proxy_cache my_cache_email;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_email;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
proxy_cache my_cache_email;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /email {
proxy_cache my_cache_email;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /caldav {
proxy_cache my_cache_email;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/essen.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/essen/ levels=1:2 keys_zone=my_cache_essen:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name essen.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/essen.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/essen.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name essen.egonetix.de;
access_log /var/log/nginx/essen-access_log;
error_log /var/log/nginx/essen-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_essen;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/gitea.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/gitea/ levels=1:2 keys_zone=my_cache_gitea:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name gitea.egonetix.de;
return 301 https://$server_name/gitea$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/gitea.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitea.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name gitea.egonetix.de;
access_log /var/log/nginx/gitea-access_log;
error_log /var/log/nginx/gitea-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_gitea;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

58
sites-available/helferlein.conf Normal file
View File

@@ -0,0 +1,58 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
#proxy_cache_path /tmp/helferlein levels=1:2 keys_zone=my_cache_helferlein:10m max_size=10g
# inactive=60m use_temp_path=off;
server{
listen 80;
server_name helferlein.egonetix.de;
return 301 https://$server_name/$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/helferlein.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/helferlein.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name helferlein.egonetix.de;
access_log /var/log/nginx/helferlein-access_log;
error_log /var/log/nginx/helferlein-error_log;
set $upstream 10.0.0.48;
location / {
# proxy_cache my_cache_helferlein;
# proxy_cache_revalidate on;
# proxy_cache_min_uses 3;
# proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# proxy_cache_lock on;
# proxy_pass_header Authorization;
proxy_pass http://$upstream:8082;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
# proxy_read_timeout 36000s;
# proxy_redirect off;
# proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

52
sites-available/hoarder.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/hoarder/ levels=1:2 keys_zone=my_cache_hoarder:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name hoarder.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/hoarder.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hoarder.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name hoarder.egonetix.de;
access_log /var/log/nginx/hoarder-access_log;
error_log /var/log/nginx/hoarder-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_hoarder;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8084;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

52
sites-available/homematic.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/homematic/ levels=1:2 keys_zone=my_cache_homematic:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name homematic.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/homematic.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/homematic.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name homematic.egonetix.de;
access_log /var/log/nginx/homematic-access_log;
error_log /var/log/nginx/homematic-error_log;
set $upstream 172.20.20.51;
location / {
proxy_cache my_cache_homematic;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering on;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

33
sites-available/imap.conf Normal file
View File

@@ -0,0 +1,33 @@
mail {
server_name mail.egonetix.de;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
proxy_pass_error_message on;
ssl on;
ssl_certificate /etc/letsencrypt/live/imap.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/imap.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;
}
server {
listen 110;
protocol pop3;
pop3_auth plain apop cram-md5;
}
server {
listen 143;
protocol imap;
}
}

51
sites-available/jitsi.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/jitsi/ levels=1:2 keys_zone=my_cache_jitsi:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name jitsi.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/jitsi.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name jitsi.egonetix.de;
access_log /var/log/nginx/jitsi-access_log;
error_log /var/log/nginx/jitsi-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_jitsi;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

68
sites-available/kontakt_luftglanz.conf Normal file
View File

@@ -0,0 +1,68 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/luftglanz/ levels=1:2 keys_zone=my_cache_luftglanz:10m max_size=10g
inactive=60m use_temp_path=off;
server {
listen 80;
server_name kontakt.luftglanz.de;
return 301 https://$server_name/luftglanz$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
server_name kontakt.luftglanz.de;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/letsencrypt/live/kontakt.luftglanz.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kontakt.luftglanz.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
access_log /var/log/nginx/luftglanz-access_log;
error_log /var/log/nginx/luftglanz-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_luftglanz;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8100;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Connection $http_connection;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
# Optional HTTP Basic Auth
# auth_basic "Username and Password Required";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
location /ws {
proxy_pass http://$upstream:8100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

54
sites-available/mailgw.conf Normal file
View File

@@ -0,0 +1,54 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/mailgw/ levels=1:2 keys_zone=my_cache_mailgw:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name srvmailgw02.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/srvmailgw02.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/srvmailgw02.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name srvmailgw02.egonetix.de;
access_log /var/log/nginx/mailgw-access_log;
error_log /var/log/nginx/mailgw-error_log;
set $upstream 10.0.0.37;
location / {
proxy_cache my_cache_mailgw;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8006;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
#auth_basic "Username and Password Required";
#auth_basic_user_file /etc/nginx/.htpasswd;
}
}

54
sites-available/mailgw03.conf Normal file
View File

@@ -0,0 +1,54 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/mailgw03/ levels=1:2 keys_zone=my_cache_mailgw03:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name srvmailgw03.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/srvmailgw03.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/srvmailgw03.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name srvmailgw03.egonetix.de;
access_log /var/log/nginx/mailgw03-access_log;
error_log /var/log/nginx/mailgw03-error_log;
set $upstream 10.0.0.37;
location / {
proxy_cache my_cache_mailgw;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8006;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
#auth_basic "Username and Password Required";
#auth_basic_user_file /etc/nginx/.htpasswd;
}
}

52
sites-available/matrix.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server{
listen 10.0.0.29:80;
server_name matrix.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 http2 ssl;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name matrix.egonetix.de;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
set $upstream 10.0.0.48;
location /_matrix {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 10.0.0.29:8448 http2 ssl;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name matrix.egonetix.de;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
set $upstream 10.0.0.48;
location /_matrix {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

74
sites-available/nextcloud.conf Normal file
View File

@@ -0,0 +1,74 @@
add_header X-Robots-Tag "no-referrer, noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/nextcloud/ levels=1:2 keys_zone=my_cache_nextcloud:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name nextcloud.egonetix.de;
return 301 https://$server_name/$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "no-referrer" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/nextcloud.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nextcloud.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name nextcloud.egonetix.de;
access_log /var/log/nginx/nextcloud-access_log;
error_log /var/log/nginx/nextcloud-error_log;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream 10.0.0.48;
#rewrite ^/$ /nextcloud;
location / {
proxy_cache my_cache_nextcloud;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8089;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Referrer-Policy no-referrer;
# proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 20G;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}

62
sites-available/office.conf Normal file
View File

@@ -0,0 +1,62 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/office/ levels=1:2 keys_zone=my_cache_office:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name office.egonetix.de;
return 301 https://$server_name/$request_uri;
access_log /var/log/nginx/office-access_log;
error_log /var/log/nginx/office-error_log;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/office.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name office.egonetix.de;
access_log /var/log/nginx/office-access_log;
error_log /var/log/nginx/office-error_log;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream 10.0.0.48;
# location /
location ~ (/|/welcome|/healthcheck|/coauthoring|/ConvertService.ashx|/cache) {
proxy_cache my_cache_office;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:9980;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

88
sites-available/onlyoffice.conf_bakk Normal file
View File

@@ -0,0 +1,88 @@
upstream docservice {
server 10.0.0.34:4433;
}
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
## Normal HTTP host
server {
listen 0.0.0.0:80;
server_name onlyoffice.egonetix.de;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 0.0.0.0:443 ssl;
server_name onlyoffice.egonetix.de;
server_tokens off;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /etc/letsencrypt/live/egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/egonetix.de/privkey.pem;
ssl_verify_client off;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass https://docservice;
proxy_http_version 1.1;
}
}

167
sites-available/owa.conf Normal file
View File

@@ -0,0 +1,167 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/owa/ levels=1:2 keys_zone=my_cache_owa:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
set $upstream 10.0.0.21;
rewrite ^/$ /webapp;
location /webapp {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /webmeetings {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /owa {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /caldav {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

167
sites-available/owa_egroupware.conf Normal file
View File

@@ -0,0 +1,167 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/owa/ levels=1:2 keys_zone=my_cache_owa:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
set $upstream 10.0.0.23;
rewrite ^/$ /egroupware;
location /egroupware {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /webmeetings {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /owa {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /caldav {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

52
sites-available/plex.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/plex/ levels=1:2 keys_zone=my_cache_plex:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name plex.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/plex.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/plex.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name plex.egonetix.de;
access_log /var/log/nginx/plex-access_log;
error_log /var/log/nginx/plex-error_log;
set $upstream 10.0.0.48;
#set $upstream 172.20.20.6;
location / {
proxy_cache my_cache_plex;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:32400;
proxy_ssl_server_name on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

70
sites-available/portal.conf Normal file
View File

@@ -0,0 +1,70 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
# Reverse proxy for API calls.
# If your backend expects the API without the "/api" prefix, use the proxy_pass below.
location /api/ {
proxy_pass http://127.0.0.1:3000;
# If your backend requires the /api prefix, change to:
# proxy_pass http://127.0.0.1:3000/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

56
sites-available/portal_backup.conf Normal file
View File

@@ -0,0 +1,56 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect any HTTP request to HTTPS
return 301 https://$server_name$request_uri;
}
server {
# The IP that you forwarded in your router (nginx proxy)
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
# return 301 https://$server_name$request_uri;
# The internal IP of the VM that hosts your Apache config
# set $upstream 10.0.0.10;
root /var/www/html;
index index.html;
# location /.well-known {
# alias /var/www/sub.domain.com/.well-known;
# }
# location / {
# proxy_pass_header Authorization;
# proxy_pass http://$upstream;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
# proxy_read_timeout 36000s;
# proxy_redirect off;
#}
}

119
sites-available/pwm.conf Normal file
View File

@@ -0,0 +1,119 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/pwm/ levels=1:2 keys_zone=my_cache_pwm:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name pwm.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self' https: data:; base-uri 'self';";
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/pwm.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pwm.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name pwm.egonetix.de;
access_log /var/log/nginx/pwm-access_log;
error_log /var/log/nginx/pwm-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_pwm;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /notifications/hub {
proxy_cache my_cache_pwm;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:3012;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /notifications/hub/negotiate {
proxy_cache my_cache_pwm;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /admin {
proxy_cache my_cache_pwm;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

54
sites-available/remote.conf Normal file
View File

@@ -0,0 +1,54 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/remote/ levels=1:2 keys_zone=my_cache_remote:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name remote.egonetix.de;
return 301 https://$server_name/guacamole$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/remote.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/remote.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name remote.egonetix.de;
access_log /var/log/nginx/remote-access_log;
error_log /var/log/nginx/remote-error_log;
set $upstream 10.0.0.41;
location /guacamole {
proxy_cache my_cache_remote;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

63
sites-available/rezepte.conf Normal file
View File

@@ -0,0 +1,63 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/rezepte/ levels=1:2 keys_zone=my_cache_rezepte:10m max_size=10g
inactive=60m use_temp_path=off;
upstream swarm_nodes {
server srvdocker01:8090; #swarm node 1
server srvdocker03:8090; #swarm node 2
server srvdocker04:8090; #swarm node 3
}
resolver 10.0.0.21;
server{
listen 80;
server_name rezepte.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/rezepte.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rezepte.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name rezepte.egonetix.de;
access_log /var/log/nginx/rezepte-access_log;
error_log /var/log/nginx/rezepte-error_log;
set $upstream 10.0.0.48;
#set $upstream swarm_nodes;
#set $upstream 10.0.0.46;
location / {
proxy_cache my_cache_rezepte;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8090;
# proxy_pass http://swarm_nodes;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

58
sites-available/srvhost03.conf Normal file
View File

@@ -0,0 +1,58 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/srvhost03/ levels=1:2 keys_zone=my_cache_srvhost03:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name srvhost03.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name srvhost03.egonetix.de;
access_log /var/log/nginx/srvhost03-access_log;
error_log /var/log/nginx/srvhost03-error_log;
set $upstream 95.216.21.105;
location / {
proxy_cache my_cache_srvhost03;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8006;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_send_timeout 3600s;
send_timeout 3600s;
proxy_redirect off;
proxy_ssl_session_reuse off;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

74
sites-available/stream.conf Normal file
View File

@@ -0,0 +1,74 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/stream/ levels=1:2 keys_zone=my_cache_stream:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name stream.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/stream.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stream.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name stream.egonetix.de;
access_log /var/log/nginx/stream-access.log;
error_log /var/log/nginx/stream-error.log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /socket {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

50
sites-available/subsonic.conf Normal file
View File

@@ -0,0 +1,50 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/subsonic/ levels=1:2 keys_zone=my_cache_subsonic:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name subsonic.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/subsonic.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subsonic.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name subsonic.egonetix.de;
access_log /var/log/nginx/subsonic-access_log;
error_log /var/log/nginx/subsonic-error_log;
set $upstream 10.0.0.10;
location / {
proxy_cache my_cache_subsonic;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:446;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

50
sites-available/sync.conf Normal file
View File

@@ -0,0 +1,50 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/sync/ levels=1:2 keys_zone=my_cache_sync:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name sync.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/sync.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sync.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name sync.egonetix.de;
access_log /var/log/nginx/sync-access_log;
error_log /var/log/nginx/sync-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_sync;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:18089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

52
sites-available/unifi.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/unifi/ levels=1:2 keys_zone=my_cache_unifi:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name unifi.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/unifi.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/unifi.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name unifi.egonetix.de;
access_log /var/log/nginx/unifi-access_log;
error_log /var/log/nginx/unifi-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_unifi;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

56
sites-available/unterhaltung.conf Normal file
View File

@@ -0,0 +1,56 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/unterhaltung/ levels=1:2 keys_zone=my_unterhaltung_remote:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name unterhaltung.egonetix.de;
return 301 https://$server_name/$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/unterhaltung.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/unterhaltung.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name unterhaltung.egonetix.de;
access_log /var/log/nginx/unterhaltung-access_log;
error_log /var/log/nginx/unterhaltung-error_log;
set $upstream 10.0.0.22;
#set $upstream 10.0.0.13;
location / {
proxy_cache my_cache_remote;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
# proxy_pass http://$upstream:8085;
proxy_pass http://$upstream:5800;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

52
sites-available/wallabag.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wallabag/ levels=1:2 keys_zone=my_cache_wallabag:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name wallabag.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/wallabag.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wallabag.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name wallabag.egonetix.de;
access_log /var/log/nginx/wallabag-access_log;
error_log /var/log/nginx/wallabag-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_wallabag;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/wiki.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wiki/ levels=1:2 keys_zone=my_cache_wiki:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name wiki.egonetix.de;
return 301 https://$server_name/wiki$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/wiki.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name wiki.egonetix.de;
access_log /var/log/nginx/wiki-access_log;
error_log /var/log/nginx/wiki-error_log;
set $upstream 10.0.0.10;
location /wiki {
proxy_cache my_cache_wiki;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

53
sites-available/zabbix.conf Normal file
View File

@@ -0,0 +1,53 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/zabbix/ levels=1:2 keys_zone=my_cache_zabbix:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name zabbix.egonetix.de;
return 301 https://$server_name/zabbix$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/zabbix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zabbix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name zabbix.egonetix.de;
access_log /var/log/nginx/zabbix-access_log;
error_log /var/log/nginx/zabbix-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_zabbix;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8092;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
# auth_basic "Username and Password Required";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
}