root/srvrevproxy02_nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: root:master
Branches Tags
root:master root:main
..
compare: root:53d483cdf56444f3dd76c2e60c5520288b1b86d3
Branches Tags
root:main root:master

10 Commits
master ... 53d483cdf5

Author SHA1 Message Date
root
53d483cdf5 Forward SMTP to port 10025 for authenticated submissions 2026-01-23 13:19:52 +01:00
root
4102dcef0d Fix SMTP stream proxy to listen on all interfaces for NAT reflection 2026-01-23 12:47:58 +01:00
root
56b650f280 Fix SMTP stream proxy: forward to port 25 to avoid TLS requirement 2026-01-23 12:11:03 +01:00
root
a8c0574ed6 Add SMTP stream proxy configuration for ports 587/465 with Let's Encrypt TLS 2026-01-23 11:05:49 +01:00
root
ef16045880 Backup before adding SMTP stream proxy configuration 2026-01-23 11:02:06 +01:00
root
62d24a96af Add ki.egonetix.de config and fix n8n WebSocket support for flow.egonetix.de 2025-12-13 17:27:36 +01:00
root
366e6bf7bd änderung portal seite damit kidsai richtig dargestellt wird 2025-06-29 12:36:39 +02:00
root
05f6571aa8 element grundkonfig hinzugefügt 2025-06-26 14:48:14 +02:00
root
6e3d46b57d neu aufbau (zusammenfuehrung) der datei mit dem offiziellen beispiel von synapse 2025-06-26 13:25:04 +02:00
root
2c6fe7c7fc hier hat sich nichts verändert 2025-06-25 13:09:25 +02:00
101 changed files with 3564 additions and 330 deletions
Expand all files Collapse all files

1
.htpasswd Normal file
View File

@@ -0,0 +1 @@
monitor:$apr1$1x9tjm1m$N43cIk6gjONIUOPnwOSyZ/

45
conf.d/default.conf Normal file
View File

@@ -0,0 +1,45 @@
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

27
fastcgi.conf Normal file
View File

@@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

26
fastcgi_params Normal file
View File

@@ -0,0 +1,26 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

109
koi-utf Normal file
View File

@@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
koi-win Normal file
View File

@@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
mime.types Normal file
View File

@@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

1
modules-enabled/50-mod-http-auth-pam.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-auth-pam.conf

1
modules-enabled/50-mod-http-dav-ext.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-dav-ext.conf

1
modules-enabled/50-mod-http-echo.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-echo.conf

1
modules-enabled/50-mod-http-geoip.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip.conf

1
modules-enabled/50-mod-http-geoip2.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-geoip2.conf

1
modules-enabled/50-mod-http-image-filter.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-image-filter.conf

1
modules-enabled/50-mod-http-subs-filter.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-subs-filter.conf

1
modules-enabled/50-mod-http-upstream-fair.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-upstream-fair.conf

1
modules-enabled/50-mod-http-xslt-filter.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-http-xslt-filter.conf

1
modules-enabled/50-mod-mail.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-mail.conf

1
modules-enabled/50-mod-stream.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream.conf

1
modules-enabled/70-mod-stream-geoip2.conf Symbolic link
View File

@@ -0,0 +1 @@
/usr/share/nginx/modules-available/mod-stream-geoip2.conf

105
nginx.conf
View File

@@ -1,26 +1,32 @@
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
worker_connections 2048;
multi_accept on;
use epoll;
}http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
reset_timedout_connection on;
types_hash_max_size 2048;
# server_tokens off;
# File cache for better performance
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on; # server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
@@ -33,8 +39,9 @@ http {
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
#ssl_stapling on;
#ssl_stapling_verify on;
@@ -54,9 +61,18 @@ http {
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_comp_level 5;
gzip_buffers 16 8k;
gzip_http_version 1.1;
# Proxy buffer settings
proxy_buffers 16 16k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
@@ -88,3 +104,60 @@ http {
# proxy on;
# }
#}
# Stream block for SMTP proxy with Let's Encrypt TLS termination
stream {
# Logging
log_format smtp_proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time';
# Upstream mail server
upstream mail_submission {
server 10.0.0.21:10025;
}
upstream mail_smtps {
server 10.0.0.21:10025;
}
# SMTP Submission port (STARTTLS) - port 587
server {
listen 587 ssl;
proxy_pass mail_submission;
proxy_connect_timeout 10s;
# Let's Encrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SMTP:10m;
ssl_session_timeout 10m;
access_log /var/log/nginx/mail-submission-access.log smtp_proxy;
error_log /var/log/nginx/mail-submission-error.log;
}
# SMTPS port (implicit TLS) - port 465
server {
listen 465 ssl;
proxy_pass mail_smtps;
proxy_connect_timeout 10s;
# Let's Encrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SMTPS:10m;
ssl_session_timeout 10m;
access_log /var/log/nginx/mail-smtps-access.log smtp_proxy;
error_log /var/log/nginx/mail-smtps-error.log;
}
}

90
nginx.conf.backup-20251113-212350 Normal file
View File

@@ -0,0 +1,90 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
#ssl_stapling on;
#ssl_stapling_verify on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

83
nginx.conf.dpkg-dist Normal file
View File

@@ -0,0 +1,83 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

4
proxy_params Normal file
View File

@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

17
scgi_params Normal file
View File

@@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

47
sites-available/default
View File

@@ -13,6 +13,14 @@
# Default server configuration
#
# Upstream for Node.js backend
upstream nodejs_backend {
server 127.0.0.1:3001;
keepalive 8;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
@@ -44,6 +52,45 @@ server {
server_name _;
# Proxy API requests to Node.js backend
# Handle rechner application
location /rechner/ {
proxy_pass http://nodejs_backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Proxy API requests for rechner to Node.js backend
location /rechner/api/ {
proxy_pass http://nodejs_backend/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://nodejs_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.

90
sites-available/default.backup Normal file
View File

@@ -0,0 +1,90 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
location /.well-known {
alias /var/www/sub.domain.com/.well-known;
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

129
sites-available/default.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,129 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
location /.well-known {
alias /var/www/sub.domain.com/.well-known;
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
# Proxy API requests to Node.js backend
# Handle rechner application
location /rechner/ {
proxy_pass http://127.0.0.1:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_Set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Proxy API requests for rechner to Node.js backend
location /rechner/api/ {
proxy_pass http://127.0.0.1:3001/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

115
sites-available/default.clean Normal file
View File

@@ -0,0 +1,115 @@
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}

80
sites-available/element.conf Normal file
View File

@@ -0,0 +1,80 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /var/cache/nginx/element levels=1:2 keys_zone=my_cache_element:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream element_backend {
server 10.0.0.48:8097;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name element.egonetix.de;
return 301 https://$server_name/element$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/element.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name element.egonetix.de;
access_log /var/log/nginx/element-access_log;
error_log /var/log/nginx/element-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# Static files with aggressive caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|json)$ {
proxy_pass http://element_backend;
proxy_cache my_cache_element;
proxy_cache_valid 200 24h;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location / {
proxy_cache my_cache_element;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://element_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/element.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/element/ levels=1:2 keys_zone=my_cache_element:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name element.egonetix.de;
return 301 https://$server_name/element$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/element.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name element.egonetix.de;
access_log /var/log/nginx/element-access_log;
error_log /var/log/nginx/element-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_element;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8097;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

65
sites-available/feuer.conf Normal file
View File

@@ -0,0 +1,65 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/feuer/ levels=1:2 keys_zone=my_cache_feuer:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name feuer.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/feuer.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/feuer.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name feuer.egonetix.de;
access_log /var/log/nginx/feuer-access_log;
error_log /var/log/nginx/feuer-error_log;
# Firefly III on srvdocker02 (10.0.0.48)
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_feuer;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8094;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 100M;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
# Firefly III specific headers for proper functionality
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
proxy_pass http://$upstream:8094;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

52
sites-available/flow.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/flow/ levels=1:2 keys_zone=my_cache_flow:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name flow.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:; base-uri 'self';";
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/flow.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/flow.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name flow.egonetix.de;
access_log /var/log/nginx/flow-access_log;
error_log /var/log/nginx/flow-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_flow;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8098;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

33
sites-available/gitea.conf
View File

@@ -1,7 +1,16 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/gitea/ levels=1:2 keys_zone=my_cache_gitea:10m max_size=10g
proxy_cache_path /var/cache/nginx/gitea levels=1:2 keys_zone=my_cache_gitea:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream gitea_backend {
server 10.0.0.48:4000;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name gitea.egonetix.de;
@@ -25,8 +34,28 @@ server {
access_log /var/log/nginx/gitea-access_log;
error_log /var/log/nginx/gitea-error_log;
# Gzip compression for Gitea
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# Static files with aggressive caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://gitea_backend;
proxy_cache my_cache_gitea;
proxy_cache_valid 200 24h;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location / {
proxy_cache my_cache_gitea;
@@ -35,7 +64,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:4000;
proxy_pass http://gitea_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

51
sites-available/gitea.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/gitea/ levels=1:2 keys_zone=my_cache_gitea:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name gitea.egonetix.de;
return 301 https://$server_name/gitea$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/gitea.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitea.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name gitea.egonetix.de;
access_log /var/log/nginx/gitea-access_log;
error_log /var/log/nginx/gitea-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_gitea;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

32
sites-available/hoarder.conf
View File

@@ -1,7 +1,16 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/hoarder/ levels=1:2 keys_zone=my_cache_hoarder:10m max_size=10g
proxy_cache_path /var/cache/nginx/hoarder levels=1:2 keys_zone=my_cache_hoarder:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream hoarder_backend {
server 10.0.0.48:8084;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name hoarder.egonetix.de;
@@ -24,8 +33,27 @@ server {
access_log /var/log/nginx/hoarder-access_log;
error_log /var/log/nginx/hoarder-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# Static files with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://hoarder_backend;
proxy_cache my_cache_hoarder;
proxy_cache_valid 200 24h;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location / {
@@ -35,7 +63,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8084;
proxy_pass http://hoarder_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

52
sites-available/hoarder.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/hoarder/ levels=1:2 keys_zone=my_cache_hoarder:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name hoarder.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/hoarder.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hoarder.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name hoarder.egonetix.de;
access_log /var/log/nginx/hoarder-access_log;
error_log /var/log/nginx/hoarder-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_hoarder;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8084;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

54
sites-available/jitsi.conf
View File

@@ -1,7 +1,19 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/jitsi/ levels=1:2 keys_zone=my_cache_jitsi:10m max_size=10g
inactive=60m use_temp_path=off;
# Upstream with keepalive for Jitsi
upstream jitsi_backend {
server 10.0.0.48:8000;
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
}
# WebSocket upgrade map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 80;
server_name jitsi.egonetix.de;
@@ -24,17 +36,43 @@ server {
access_log /var/log/nginx/jitsi-access_log;
error_log /var/log/nginx/jitsi-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# WebSocket support for Jitsi real-time communication
location /xmpp-websocket {
proxy_pass http://jitsi_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_read_timeout 7200s;
}
# Static files with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://jitsi_backend;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location / {
proxy_cache my_cache_jitsi;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8000;
proxy_pass http://jitsi_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

51
sites-available/jitsi.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/jitsi/ levels=1:2 keys_zone=my_cache_jitsi:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name jitsi.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/jitsi.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name jitsi.egonetix.de;
access_log /var/log/nginx/jitsi-access_log;
error_log /var/log/nginx/jitsi-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_jitsi;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/ki.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/ki/ levels=1:2 keys_zone=my_cache_ki:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name ki.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/ki.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ki.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name ki.egonetix.de;
access_log /var/log/nginx/ki-access_log;
error_log /var/log/nginx/ki-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_ki;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

123
sites-available/matrix.conf
View File

@@ -1,52 +1,97 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server{
listen 10.0.0.29:80;
server_name matrix.egonetix.de;
return 301 https://$server_name$request_uri;
# Upstream with keepalive for Matrix
upstream matrix_backend {
server 10.0.0.48:8008;
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
}
# Redirect HTTP to HTTPS
server {
listen 10.0.0.29:443 http2 ssl;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name matrix.egonetix.de;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
set $upstream 10.0.0.48;
location /_matrix {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
listen 10.0.0.29:80;
server_name matrix.egonetix.de;
return 301 https://$server_name$request_uri;
}
# HTTPS for client traffic (port 443)
server {
listen 10.0.0.29:8448 http2 ssl;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
listen 10.0.0.29:443 ssl http2;
server_name matrix.egonetix.de;
# Make site accessible from http://localhost/
server_name matrix.egonetix.de;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
set $upstream 10.0.0.48;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
location /_matrix {
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
proxy_pass http://$upstream:8008;
set $upstream 10.0.0.48;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://matrix_backend;
proxy_set_header X-Forwarded-For $remote_addr;
}
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Better buffering for Matrix
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 32 8k;
client_max_body_size 50M;
}
}
# HTTPS for federation traffic (port 8448)
server {
listen 10.0.0.29:8448 ssl http2;
server_name matrix.egonetix.de;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://matrix_backend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Better buffering for Matrix
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 32 8k;
client_max_body_size 50M;
}
}

59
sites-available/matrix.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,59 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
# Redirect HTTP to HTTPS
server {
listen 10.0.0.29:80;
server_name matrix.egonetix.de;
return 301 https://$server_name$request_uri;
}
# HTTPS for client traffic (port 443)
server {
listen 10.0.0.29:443 ssl http2;
server_name matrix.egonetix.de;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
set $upstream 10.0.0.48;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
}
}
# HTTPS for federation traffic (port 8448)
server {
listen 10.0.0.29:8448 ssl http2;
server_name matrix.egonetix.de;
ssl_certificate /etc/letsencrypt/live/matrix.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
access_log /var/log/nginx/matrix-access.log;
error_log /var/log/nginx/matrix-error.log;
set $upstream 10.0.0.48;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://$upstream:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
}
}

13
sites-available/nextcloud.conf
View File

@@ -1,8 +1,17 @@
add_header X-Robots-Tag "no-referrer, noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/nextcloud/ levels=1:2 keys_zone=my_cache_nextcloud:10m max_size=10g
# Reduced cache size due to disk space constraints
proxy_cache_path /var/cache/nginx/nextcloud levels=1:2 keys_zone=my_cache_nextcloud:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream nextcloud_backend {
server 10.0.0.48:8089;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name nextcloud.egonetix.de;
@@ -39,7 +48,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8089;
proxy_pass http://nextcloud_backend;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;

74
sites-available/nextcloud.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,74 @@
add_header X-Robots-Tag "no-referrer, noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/nextcloud/ levels=1:2 keys_zone=my_cache_nextcloud:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name nextcloud.egonetix.de;
return 301 https://$server_name/$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "no-referrer" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/nextcloud.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nextcloud.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name nextcloud.egonetix.de;
access_log /var/log/nginx/nextcloud-access_log;
error_log /var/log/nginx/nextcloud-error_log;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream 10.0.0.48;
#rewrite ^/$ /nextcloud;
location / {
proxy_cache my_cache_nextcloud;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8089;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Referrer-Policy no-referrer;
# proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 20G;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}

42
sites-available/office.conf
View File

@@ -1,8 +1,22 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/office/ levels=1:2 keys_zone=my_cache_office:10m max_size=10g
proxy_cache_path /var/cache/nginx/office levels=1:2 keys_zone=my_cache_office:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive for Office
upstream office_backend {
server 10.0.0.48:9980;
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
}
# WebSocket upgrade map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 80;
server_name office.egonetix.de;
@@ -30,12 +44,36 @@ server {
access_log /var/log/nginx/office-access_log;
error_log /var/log/nginx/office-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream 10.0.0.48;
# location /
# WebSocket support for collaborative editing
location /lool/ws {
proxy_pass https://office_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 7200s;
proxy_ssl_session_reuse off;
}
location ~ (/|/welcome|/healthcheck|/coauthoring|/ConvertService.ashx|/cache) {
proxy_cache my_cache_office;
@@ -44,7 +82,7 @@ location ~ (/|/welcome|/healthcheck|/coauthoring|/ConvertService.ashx|/cache) {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:9980;
proxy_pass https://office_backend;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;

62
sites-available/office.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,62 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/office/ levels=1:2 keys_zone=my_cache_office:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name office.egonetix.de;
return 301 https://$server_name/$request_uri;
access_log /var/log/nginx/office-access_log;
error_log /var/log/nginx/office-error_log;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/office.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name office.egonetix.de;
access_log /var/log/nginx/office-access_log;
error_log /var/log/nginx/office-error_log;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream 10.0.0.48;
# location /
location ~ (/|/welcome|/healthcheck|/coauthoring|/ConvertService.ashx|/cache) {
proxy_cache my_cache_office;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:9980;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

310
sites-available/owa.conf
View File

@@ -1,167 +1,161 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/owa/ levels=1:2 keys_zone=my_cache_owa:10m max_size=10g
inactive=60m use_temp_path=off;
# Optimized cache paths
proxy_cache_path /var/cache/nginx/kopano levels=1:2 keys_zone=kopano_static:10m
max_size=2g inactive=24h use_temp_path=off;
# Upstream with connection pooling
upstream kopano_backend {
server 10.0.0.21:443;
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
# WebSocket support map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
set $upstream 10.0.0.21;
rewrite ^/$ /webapp;
location /webapp {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /webmeetings {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name$request_uri;
}
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
server {
listen 10.0.0.29:443 ssl http2;
# SSL config
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss
application/x-javascript image/svg+xml;
gzip_min_length 1000;
# Default proxy settings
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Connection "";
proxy_ssl_session_reuse on;
proxy_ssl_server_name on;
rewrite ^/$ /webapp redirect;
# Static files - aggressive caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass https://kopano_backend;
proxy_cache kopano_static;
proxy_cache_valid 200 24h;
proxy_cache_valid 404 1m;
expires 24h;
add_header Cache-Control "public, immutable";
# Buffering for static files
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 32 8k;
}
# WebApp - DISABLE buffering for AJAX responsiveness
location /webapp {
proxy_pass https://kopano_backend;
# NO caching
proxy_no_cache 1;
proxy_cache_bypass 1;
# DISABLE buffering for instant AJAX responses
proxy_buffering off;
proxy_read_timeout 300s;
client_max_body_size 100M;
proxy_redirect off;
}
# ActiveSync - disable buffering for real-time sync
location /Microsoft-Server-ActiveSync {
proxy_pass https://kopano_backend;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_read_timeout 3660s;
client_max_body_size 100M;
proxy_redirect off;
}
# WebMeetings - WebSocket support
location /webmeetings {
proxy_pass https://kopano_backend;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_read_timeout 7200s;
client_max_body_size 500M;
proxy_redirect off;
}
# Autodiscover
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
proxy_pass https://kopano_backend;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_read_timeout 60s;
client_max_body_size 10M;
proxy_redirect off;
}
# OWA compatibility
location /owa {
proxy_pass https://kopano_backend;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_read_timeout 300s;
client_max_body_size 100M;
proxy_redirect off;
}
# CalDAV
location /caldav {
proxy_pass http://10.0.0.21:8080;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_read_timeout 300s;
client_max_body_size 50M;
proxy_redirect off;
}
}
location /owa {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /caldav {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

167
sites-available/owa_backup.conf Normal file
View File

@@ -0,0 +1,167 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/owa/ levels=1:2 keys_zone=my_cache_owa:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
return 301 https://$server_name/webapp$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name owa.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
access_log /var/log/nginx/owa-access_log;
error_log /var/log/nginx/owa-error_log;
set $upstream 10.0.0.21;
rewrite ^/$ /webapp;
location /webapp {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /Microsoft-Server-ActiveSync {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /webmeetings {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location ~* /Autodiscover/Autodiscover.xml {
access_log /var/log/nginx/z-push-autodiscover-access.log;
error_log /var/log/nginx/z-push-autodiscover-error.log;
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /owa {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /caldav {
proxy_cache my_cache_owa;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

31
sites-available/plex.conf
View File

@@ -1,7 +1,13 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/plex/ levels=1:2 keys_zone=my_cache_plex:10m max_size=10g
inactive=60m use_temp_path=off;
# Upstream with keepalive for Plex
upstream plex_backend {
server 10.0.0.48:32400;
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
}
server{
listen 80;
server_name plex.egonetix.de;
@@ -24,25 +30,34 @@ server {
access_log /var/log/nginx/plex-access_log;
error_log /var/log/nginx/plex-error_log;
# Gzip for text content only (not media)
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
#set $upstream 172.20.20.6;
# Don't cache media streams
location / {
proxy_cache my_cache_plex;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:32400;
proxy_pass https://plex_backend;
proxy_ssl_server_name on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Optimized for media streaming
proxy_buffering off;
proxy_cache off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;

52
sites-available/plex.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/plex/ levels=1:2 keys_zone=my_cache_plex:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name plex.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/plex.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/plex.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name plex.egonetix.de;
access_log /var/log/nginx/plex-access_log;
error_log /var/log/nginx/plex-error_log;
set $upstream 10.0.0.48;
#set $upstream 172.20.20.6;
location / {
proxy_cache my_cache_plex;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:32400;
proxy_ssl_server_name on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

105
sites-available/portal.conf
View File

@@ -1,70 +1,65 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
listen 80;
server_name portal.egonetix.de;
# Redirect any HTTP request to HTTPS
return 301 https://$server_name$request_uri;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
# The IP that you forwarded in your router (nginx proxy)
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
# Make site accessible from http://localhost/
server_name portal.egonetix.de;
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
# Gzip compression for static content
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# return 301 https://$server_name$request_uri;
# The internal IP of the VM that hosts your Apache config
# set $upstream 10.0.0.10;
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
root /var/www/html;
index index.html;
# Reverse proxy for API calls.
# If your backend expects the API without the "/api" prefix, use the proxy_pass below.
location /api/ {
proxy_pass http://127.0.0.1:3000;
# If your backend requires the /api prefix, change to:
# proxy_pass http://127.0.0.1:3000/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# location /.well-known {
# alias /var/www/sub.domain.com/.well-known;
# }
# location / {
# proxy_pass_header Authorization;
# proxy_pass http://$upstream;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
# proxy_read_timeout 36000s;
# proxy_redirect off;
#}
}

87
sites-available/portal.conf.backup Normal file
View File

@@ -0,0 +1,87 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
# Reverse proxy for KidsAI Explorer API calls
location /api/ {
proxy_pass http://127.0.0.1:3002/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Add CORS headers for API requests
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
add_header Access-Control-Allow-Credentials true always;
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
}
}

56
sites-available/portal.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,56 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect any HTTP request to HTTPS
return 301 https://$server_name$request_uri;
}
server {
# The IP that you forwarded in your router (nginx proxy)
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
# return 301 https://$server_name$request_uri;
# The internal IP of the VM that hosts your Apache config
# set $upstream 10.0.0.10;
root /var/www/html;
index index.html;
# location /.well-known {
# alias /var/www/sub.domain.com/.well-known;
# }
# location / {
# proxy_pass_header Authorization;
# proxy_pass http://$upstream;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
# proxy_read_timeout 36000s;
# proxy_redirect off;
#}
}

69
sites-available/stream.conf
View File

@@ -1,7 +1,19 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/stream/ levels=1:2 keys_zone=my_cache_stream:10m max_size=10g
inactive=60m use_temp_path=off;
# Upstream with keepalive for streaming
upstream stream_backend {
server 10.0.0.48:8096;
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
}
# WebSocket upgrade map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 80;
server_name stream.egonetix.de;
@@ -24,46 +36,43 @@ server {
access_log /var/log/nginx/stream-access.log;
error_log /var/log/nginx/stream-error.log;
# Gzip for text content only
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# WebSocket for real-time updates
location /socket {
proxy_pass http://stream_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_read_timeout 7200s;
}
location / {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /socket {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_pass http://stream_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
# No caching for media streams
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;

74
sites-available/stream.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,74 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/stream/ levels=1:2 keys_zone=my_cache_stream:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name stream.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/stream.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stream.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name stream.egonetix.de;
access_log /var/log/nginx/stream-access.log;
error_log /var/log/nginx/stream-error.log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
location /socket {
proxy_cache my_cache_stream;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

22
sites-available/sync.conf
View File

@@ -1,7 +1,16 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/sync/ levels=1:2 keys_zone=my_cache_sync:10m max_size=10g
proxy_cache_path /var/cache/nginx/sync levels=1:2 keys_zone=my_cache_sync:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream sync_backend {
server 10.0.0.48:18089;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name sync.egonetix.de;
@@ -24,6 +33,15 @@ server {
access_log /var/log/nginx/sync-access_log;
error_log /var/log/nginx/sync-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
location / {
@@ -34,7 +52,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:18089;
proxy_pass http://sync_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

50
sites-available/sync.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,50 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/sync/ levels=1:2 keys_zone=my_cache_sync:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name sync.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/sync.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sync.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name sync.egonetix.de;
access_log /var/log/nginx/sync-access_log;
error_log /var/log/nginx/sync-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_sync;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:18089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

42
sites-available/unifi.conf
View File

@@ -1,7 +1,22 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/unifi/ levels=1:2 keys_zone=my_cache_unifi:10m max_size=10g
proxy_cache_path /var/cache/nginx/unifi levels=1:2 keys_zone=my_cache_unifi:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream unifi_backend {
server 10.0.0.48:8443;
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
}
# WebSocket upgrade map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 80;
server_name unifi.egonetix.de;
@@ -25,8 +40,31 @@ server {
access_log /var/log/nginx/unifi-access_log;
error_log /var/log/nginx/unifi-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# WebSocket support for UniFi real-time updates
location /wss/ {
proxy_pass https://unifi_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_read_timeout 7200s;
proxy_ssl_session_reuse off;
}
location / {
proxy_cache my_cache_unifi;
@@ -35,7 +73,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8443;
proxy_pass https://unifi_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

52
sites-available/unifi.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/unifi/ levels=1:2 keys_zone=my_cache_unifi:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name unifi.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/unifi.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/unifi.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name unifi.egonetix.de;
access_log /var/log/nginx/unifi-access_log;
error_log /var/log/nginx/unifi-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_unifi;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

55
sites-available/vscode.conf Normal file
View File

@@ -0,0 +1,55 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
# Upstream with keepalive
upstream vscode_backend {
server 10.0.0.48:8099;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name vscode.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/vscode.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vscode.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name vscode.egonetix.de;
access_log /var/log/nginx/vscode-access_log;
error_log /var/log/nginx/vscode-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
location / {
proxy_pass http://vscode_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
}

32
sites-available/wallabag.conf
View File

@@ -1,7 +1,16 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wallabag/ levels=1:2 keys_zone=my_cache_wallabag:10m max_size=10g
proxy_cache_path /var/cache/nginx/wallabag levels=1:2 keys_zone=my_cache_wallabag:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream wallabag_backend {
server 10.0.0.48:8087;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name wallabag.egonetix.de;
@@ -24,8 +33,27 @@ server {
access_log /var/log/nginx/wallabag-access_log;
error_log /var/log/nginx/wallabag-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
set $upstream 10.0.0.48;
# Static files with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://wallabag_backend;
proxy_cache my_cache_wallabag;
proxy_cache_valid 200 24h;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location / {
@@ -35,7 +63,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8087;
proxy_pass http://wallabag_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

52
sites-available/wallabag.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wallabag/ levels=1:2 keys_zone=my_cache_wallabag:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name wallabag.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/wallabag.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wallabag.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name wallabag.egonetix.de;
access_log /var/log/nginx/wallabag-access_log;
error_log /var/log/nginx/wallabag-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_wallabag;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

34
sites-available/wiki.conf
View File

@@ -1,7 +1,16 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wiki/ levels=1:2 keys_zone=my_cache_wiki:10m max_size=10g
proxy_cache_path /var/cache/nginx/wiki levels=1:2 keys_zone=my_cache_wiki:10m max_size=2g
inactive=60m use_temp_path=off;
# Upstream with keepalive
upstream wiki_backend {
server 10.0.0.10:443;
keepalive 16;
keepalive_requests 1000;
keepalive_timeout 60s;
}
server{
listen 80;
server_name wiki.egonetix.de;
@@ -25,8 +34,29 @@ server {
access_log /var/log/nginx/wiki-access_log;
error_log /var/log/nginx/wiki-error_log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss image/svg+xml;
gzip_min_length 1000;
set $upstream 10.0.0.10;
# Static files with aggressive caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass https://wiki_backend;
proxy_cache my_cache_wiki;
proxy_cache_valid 200 24h;
expires 24h;
add_header Cache-Control "public, immutable";
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_ssl_session_reuse off;
}
location /wiki {
proxy_cache my_cache_wiki;
@@ -35,7 +65,7 @@ server {
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_pass https://wiki_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

51
sites-available/wiki.conf.backup-20251113-212344 Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/wiki/ levels=1:2 keys_zone=my_cache_wiki:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name wiki.egonetix.de;
return 301 https://$server_name/wiki$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/wiki.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name wiki.egonetix.de;
access_log /var/log/nginx/wiki-access_log;
error_log /var/log/nginx/wiki-error_log;
set $upstream 10.0.0.10;
location /wiki {
proxy_cache my_cache_wiki;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

1
sites-enabled/blog.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/blog.conf

1
sites-enabled/dudle.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/dudle.conf

1
sites-enabled/element.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/element.conf

1
sites-enabled/email.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/email.conf

1
sites-enabled/feuer.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/feuer.conf

1
sites-enabled/flow.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/flow.conf

1
sites-enabled/gitea.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/gitea.conf

1
sites-enabled/helferlein.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/helferlein.conf

1
sites-enabled/hoarder.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/hoarder.conf

1
sites-enabled/jitsi.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/jitsi.conf

1
sites-enabled/ki.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/ki.conf

1
sites-enabled/kontakt_luftglanz.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/kontakt_luftglanz.conf

1
sites-enabled/mailgw.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/mailgw.conf

1
sites-enabled/mailgw03.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/mailgw03.conf

1
sites-enabled/matrix.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/matrix.conf

1
sites-enabled/nextcloud.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/nextcloud.conf

1
sites-enabled/office.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/office.conf

1
sites-enabled/owa.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/owa.conf

1
sites-enabled/plex.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/plex.conf

87
sites-enabled/portal.conf Normal file
View File

@@ -0,0 +1,87 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
# Reverse proxy for KidsAI Explorer API calls
location /api/ {
proxy_pass http://127.0.0.1:3001/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Add CORS headers for API requests
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
add_header Access-Control-Allow-Credentials true always;
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
}
}

87
sites-enabled/portal.conf.backup.working.20250929 Normal file
View File

@@ -0,0 +1,87 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
# Reverse proxy for KidsAI Explorer API calls
location /api/ {
proxy_pass http://127.0.0.1:3001/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Add CORS headers for API requests
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
add_header Access-Control-Allow-Credentials true always;
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
}
}

1
sites-enabled/pwm.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/pwm.conf

1
sites-enabled/remote.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/remote.conf

62
sites-enabled/rezepte.conf Normal file
View File

@@ -0,0 +1,62 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/rezepte/ levels=1:2 keys_zone=my_cache_rezepte:10m max_size=10g
inactive=60m use_temp_path=off;
upstream swarm_nodes {
server 10.0.0.48:8090;
}
resolver 10.0.0.21;
server{
listen 80;
server_name rezepte.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/rezepte.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rezepte.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name rezepte.egonetix.de;
access_log /var/log/nginx/rezepte-access_log;
error_log /var/log/nginx/rezepte-error_log;
set $upstream 10.0.0.48;
#set $upstream swarm_nodes;
#set $upstream 10.0.0.46;
location / {
proxy_cache my_cache_rezepte;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8090;
# proxy_pass http://swarm_nodes;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

1
sites-enabled/srvhost03.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/srvhost03.conf

1
sites-enabled/stream.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/stream.conf

1
sites-enabled/subsonic.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/subsonic.conf

1
sites-enabled/sync.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/sync.conf

1
sites-enabled/unifi.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/unifi.conf

1
sites-enabled/wallabag.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/wallabag.conf

1
sites-enabled/wiki.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/wiki.conf

1
sites-enabled/zabbix.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/zabbix.conf

13
snippets/fastcgi-php.conf Normal file
View File

@@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;

5
snippets/snakeoil.conf Normal file
View File

@@ -0,0 +1,5 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

63
ssl/owa/fullchain11.pem Normal file
View File

@@ -0,0 +1,63 @@
-----BEGIN CERTIFICATE-----
MIIGOTCCBSGgAwIBAgISBKClKnI+dZnfqsbuq4ZjRms+MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA1MTIxNzIxNDFaFw0x
ODA4MTAxNzIxNDFaMB8xHTAbBgNVBAMTFG93bmNsb3VkLmVnb25ldGl4LmRlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7SgLzNyVN27WR0ETCBSotbgm
k4ns/Z+GtaHYB1T21A+mRBzBwpEqWmekr1gLHLnwhqYtxKwm9DZo1zDsZcVdm7ZB
9Y+Lna6Y5VWwXQ9AFqhfRxk0t8DfBWyZpRovJFEZeZYBPdVlGoRE2Qh6jkr9fdgx
0FyFzCmQiXrRRPcDN26X9pFdHpBfc0xculbuBUEU8zI71sr9oCrxQo6VPy+YCyIN
u0JB1tOMtYPMfGqUZZqj3LCR3D1NKeDXT8WJQWbpualaNq0V6olC5fwnwDtITQbE
/gvQJVovxICB+YVbkq3Kdz9PrY4FSn2nrxLGChDwgNmcRfcw3RHuwAyEFthVvwID
AQABo4IDQjCCAz4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSg38iz4G+wBaGcAEYE
fUy4GLholDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
cnlwdC5vcmcvMEQGA1UdEQQ9MDuCEmphYmJlci5lZ29uZXRpeC5kZYIPb3dhLmVn
b25ldGl4LmRlghRvd25jbG91ZC5lZ29uZXRpeC5kZTCB/gYDVR0gBIH2MIHzMAgG
BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm
aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz
IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s
aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv
MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhw
JQgXL6OqHQcT0wwAAAFjVZZGdAAABAMASDBGAiEAqHGwFg/DstseSNc+xeJEikp9
F5l6l8p6Js9fZmXAJw0CIQC6J5KFA9/iqGFDaWOIk36wdH27rV24FVKRwnpCsl0o
lQB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABY1WWRmAAAAQD
AEcwRQIgThqD3DwSogvl9eL9s909W+SVCRsshezZVg2y+km8zJICIQDHCGsQCPDx
yE/GQR4+ka474AUBQEL69ISJdE+ni6II2zANBgkqhkiG9w0BAQsFAAOCAQEAcdr2
gJKinngvIXIrJxf/k75FgI5UgM/oxfsFgPiOR+ajJynUehXxNo0nn3ydKPzh2tEm
9YMzyOIqw2jkrmQrYb+PLpV3oam2v11aPlVHP1kxte/ZHxeG3nprjjYT1zBG6GS9
nPnexyOGMsWTRHhWQpRMzfrull80rxAHE5PV6JVbH5QaJN6CsSQGFRLNrKIuAf09
tcpZuPu/ZUEDXXXicPRoAqBc7XM6sABKbG0THr3LjxmfsDvyXOCXqSapbVtG0Rlu
kGWXaoVYS0cxGYKSIPsFMioWbxGr7iWzidTLihtC6qIU5gEGAZO0EsV/4uACiR0v
8Q9eqYOQox4WZ19j0g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

28
ssl/owa/privkey11.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDtKAvM3JU3btZH
QRMIFKi1uCaTiez9n4a1odgHVPbUD6ZEHMHCkSpaZ6SvWAscufCGpi3ErCb0NmjX
MOxlxV2btkH1j4udrpjlVbBdD0AWqF9HGTS3wN8FbJmlGi8kURl5lgE91WUahETZ
CHqOSv192DHQXIXMKZCJetFE9wM3bpf2kV0ekF9zTFy6Vu4FQRTzMjvWyv2gKvFC
jpU/L5gLIg27QkHW04y1g8x8apRlmqPcsJHcPU0p4NdPxYlBZum5qVo2rRXqiULl
/CfAO0hNBsT+C9AlWi/EgIH5hVuSrcp3P0+tjgVKfaevEsYKEPCA2ZxF9zDdEe7A
DIQW2FW/AgMBAAECggEBAI+541zmmjAcJhTM5WHSU2S+E/L6dfxHP/a3/RqEbYqb
aWKCIxNtssNTaMUzkJh6P8D62WYGBx2eE+/GoJ4U/OQvks3ljvGjLNpgEiBz651P
sV5/cimi5AZ/iKY8tjFGTTAYruvwdfOaEbeOoee2nuYzrgze5d+TmRsYqdcn9HUU
kJOsCj/2EYxcc+lNJd/z1BVBDn/PPRQbmBuORGq9+MNsKtG6Y7uU7yQdJhFC318r
h+QMPMLyACt6pL/eo5mZhO4smX7MuTzdf9DpvKnEe1saGI1jvbC9YQnhvDU7pVtK
k45yOiXUWRgzZBqx++AqhRQxmLe98nCGqsllGUW3l0ECgYEA/SlkRoHTPpdijC+7
aCf7zDUUyf7llAxC4+P+TmuPvSdsWWC9QtPzv0wblIcTD1PWSo+NUTs4uRyWztCC
7T7Pd3wCCoKM1nDs2OhMALqNlMCyqlf1dSedG8ou2vfQHenmHJnETbCFS7Agsyiq
7Ecw7V2Le8aREnQFVVyRzdSqqZECgYEA79C3lqT8pRdGnUNaUDFITOY/99NY6/+/
SjT5pZtXILx2xQj6FmU9gGUWN/FdjHSiXJQMs3qmU27rYwoSuSRYeIvkLyhzrW/Z
DF/usFbLH7529pinNAtylUPlJjUoCxHG0ql65puaAx27Hv/6n11Uvnn6pxHfqm2U
ZWmDVOa84k8CgYBcQNsjvmeGZZAp2bMHT5q4XZeHzHVIr/coKIshdJzapyUapOAT
HD20tj1OsLJHYZuzbABpW5VeD4b9MoqjfcIIno332n8MHfaRTIV1toWlcVsqLAds
e9UKrXDJpoiWfge24GnijbLlU/d2khlHJOI1fWM45bEz8keHRcZ0JU1ToQKBgQCY
Fct4E+XNZPd5YG90D+0EJ7lFl5j7AdP0Yag46EzXC+5egpTngwj/1hvDGqTzIDyf
bZyobg3xN5S72HWLSIt612y8o3DI+vexK12aI1DqLsYPGTxgeyoNk2NNWcStUHbA
vo6clO2VMFOtEzWDv5KwwXa+YU1xLdFAhyusui/rbQKBgQDiicQLNhZDniZTVA3/
CfX4kG2A6tO4K3J+f6ZPICkdev+W6GAj8R/Bm5+deg+dUiFdwmu/qWbnehAEiqwq
8AfK5Ij7pyGhN+Np+CZ2BC1ChmkWswyyk/y3EzxUF5iJMOidbu2PYW+9CUXbRWoF
kt64PL2yDzUEPZRwCx5VWVc0Xw==
-----END PRIVATE KEY-----

17
uwsgi_params Normal file
View File

@@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

Some files were not shown because too many files have changed in this diff Show More