diff options
Diffstat (limited to 'playbooks.d/webserver/share/sites.d')
26 files changed, 936 insertions, 0 deletions
diff --git a/playbooks.d/webserver/share/sites.d/_ b/playbooks.d/webserver/share/sites.d/_ new file mode 100644 index 0000000..0fea007 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/_ @@ -0,0 +1,19 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + + location / { + return 404; + } + + location /stub_status { + allow 127.0.0.1; + allow 10.57.0.0/16; + + deny all; + + stub_status; + } +} diff --git a/playbooks.d/webserver/share/sites.d/church.scriptkitties b/playbooks.d/webserver/share/sites.d/church.scriptkitties new file mode 100644 index 0000000..7227844 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/church.scriptkitties @@ -0,0 +1,77 @@ +server { + listen 443 ssl http2; # managed by Certbot + listen [::]:443 ssl http2; # managed by Certbot + + server_name scriptkitties.church; + + ssl_certificate /etc/letsencrypt/live/scriptkitties.church/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/scriptkitties.church/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + #include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + include mime.types; + + root /var/www/church.scriptkitties; + index index.php; + + autoindex off; + fastcgi_param HTTPS on; + client_max_body_size 10m; + client_body_buffer_size 128k; + + location / { + try_files $uri /index.php?pagename=$uri&$args; + } + + location ^~ /.well-known/ { + allow all; + rewrite ^ /index.php?pagename=$uri; + } + + location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + expires 30d; + try_files $uri /index.php?pagename=$uri&$args; + } + + location ~* \.php$ { + try_files $uri =404; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + } + + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + location ~ /\. { + deny all; + } + + location ^~ /bin { + deny all; + } +} + +server { + listen 80; + listen [::]:80; + + server_name scriptkitties.church; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/com.voidfire b/playbooks.d/webserver/share/sites.d/com.voidfire new file mode 100644 index 0000000..c54cc2c --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/com.voidfire @@ -0,0 +1,34 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name voidfire.com; + + ssl_certificate /etc/letsencrypt/live/voidfire.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/voidfire.com/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + root /var/www/com.voidfire; + + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 80; + listen [::]:80; + + server_name voidfire.com; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge { + root /var/www/.acme; + try_files $uri $uri/ =404; + } +} diff --git a/playbooks.d/webserver/share/sites.d/net.tyil b/playbooks.d/webserver/share/sites.d/net.tyil new file mode 100644 index 0000000..571fb97 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/net.tyil @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name tyil.net; + + ssl_certificate /etc/letsencrypt/live/tyil.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tyil.net/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name tyil.net; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.fglt b/playbooks.d/webserver/share/sites.d/nl.fglt new file mode 100644 index 0000000..63e8d62 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.fglt @@ -0,0 +1,39 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name fglt.nl; + + ssl_certificate /etc/letsencrypt/live/fglt.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/fglt.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + access_log /var/log/nginx/nl.fglt-access.log; + error_log /var/log/nginx/nl.fglt-error.log; + + root /var/www/nl.fglt; + + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 80; + listen [::]:80; + + server_name fglt.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + access_log /var/log/nginx/nl.fglt-access.log; + error_log /var/log/nginx/nl.fglt-error.log; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil b/playbooks.d/webserver/share/sites.d/nl.tyil new file mode 100644 index 0000000..891b02a --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil @@ -0,0 +1,36 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name tyil.nl; + + ssl_certificate /etc/letsencrypt/live/tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location ~ ^/.well-known/openpgpkey(.+)$ { + add_header Access-Control-Allow-Origin *; + + root /var/wkd/nl.tyil; + try_files $1 =404; + } + + location / { + return 301 https://www.tyil.nl$request_uri; + } +} + +server { + listen 80; + listen [::]:80; + + server_name tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt b/playbooks.d/webserver/share/sites.d/nl.tyil.alt new file mode 100644 index 0000000..aae4826 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt @@ -0,0 +1,29 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name alt.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/alt.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/alt.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location = / { + return 301 https://www.tyil.nl/services; + } +} + +server { + listen 80; + listen [::]:80; + + server_name alt.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur new file mode 100644 index 0000000..8e3c8a3 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name imgur.alt.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/imgur.alt.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/imgur.alt.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name imgur.alt.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit new file mode 100644 index 0000000..ba62ade --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name reddit.alt.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/reddit.alt.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/reddit.alt.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name reddit.alt.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter new file mode 100644 index 0000000..e40baba --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name twitter.alt.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/twitter.alt.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/twitter.alt.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name twitter.alt.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube new file mode 100644 index 0000000..17bb748 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name youtube.alt.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/youtube.alt.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/youtube.alt.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name youtube.alt.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.cloud b/playbooks.d/webserver/share/sites.d/nl.tyil.cloud new file mode 100644 index 0000000..09fb324 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.cloud @@ -0,0 +1,37 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name cloud.tyil.nl; + + error_log /var/log/nginx/cloud-error.log; + access_log /var/log/nginx/cloud-access.log; + + ssl_certificate /etc/letsencrypt/live/cloud.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + client_max_body_size 200M; + + location / { + proxy_set_header Host "cloud.tyil.nl"; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name cloud.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.dist b/playbooks.d/webserver/share/sites.d/nl.tyil.dist new file mode 100644 index 0000000..66bf077 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.dist @@ -0,0 +1,34 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name dist.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/dist.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dist.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name dist.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki b/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki new file mode 100644 index 0000000..40108c1 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki @@ -0,0 +1,53 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + server_name dnd-wiki.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/dnd-wiki.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dnd-wiki.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + root /var/www/nl.tyil.dnd-wiki; + + client_max_body_size 10M; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass localhost:9000; + } +} + +server { + listen 80; + listen [::]:80; + + server_name dnd-wiki.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.git b/playbooks.d/webserver/share/sites.d/nl.tyil.git new file mode 100644 index 0000000..e7d04f0 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.git @@ -0,0 +1,34 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name git.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/git.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + location / { + proxy_set_header Host "git.tyil.nl"; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name git.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.headphones b/playbooks.d/webserver/share/sites.d/nl.tyil.headphones new file mode 100644 index 0000000..9f27f69 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.headphones @@ -0,0 +1,35 @@ +#server { +# listen 443 ssl; # managed by Certbot +# listen [::]:443 ssl; # managed by Certbot +# +# server_name headphones.tyil.nl; +# +# ssl_certificate /etc/letsencrypt/live/headphones.tyil.nl/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/headphones.tyil.nl/privkey.pem; +# +# include /etc/nginx/conf.d/ssl.conf; +# include /etc/nginx/conf.d/certbot.conf; +# +# location / { +# proxy_pass http://127.0.0.1:8181; +# } +#} + +server { + listen 80; + listen [::]:80; + + server_name headphones.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + access_log /var/log/nginx/nl.tyil.headphones-access.log; + error_log /var/log/nginx/nl.tyil.headphones-error.log; + +# location / { +# return 301 https://$host$request_uri; +# } + location / { + proxy_pass http://localhost:8181; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.home b/playbooks.d/webserver/share/sites.d/nl.tyil.home new file mode 100644 index 0000000..55326a3 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.home @@ -0,0 +1,64 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name home.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/home.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/home.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://www.tyil.nl$request_uri; + } + + location ~ ^/~(.+?)(/.*)?$ { + alias /home/$1/www$2; + autoindex on; + } + + location /git { + rewrite ^/git/(.*)$ https://git.tyil.nl/$1 redirect; + } + + location /media { + alias /var/media; + + satisfy any; + + allow 127.0.0.1; + allow 10.57.0.0/16; + allow 192.168.178.0/24; + deny all; + + auth_basic "pls no hack"; + auth_basic_user_file "/var/media/.htpasswd"; + + autoindex on; + } + + location /media/backups { deny all; } + location /media/nextcloud { deny all; } + location /media/pictures { deny all; } + location /media/recordings { deny all; } + + location /packages { + alias /var/portage/packages; + autoindex on; + } +} + +server { + listen 80; + listen [::]:80; + + server_name home.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew b/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew new file mode 100644 index 0000000..26f8272 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew @@ -0,0 +1,33 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name homebrew.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/homebrew.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/homebrew.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + root /var/www/nl.tyil.homebrew; + + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 80; + listen [::]:80; + + server_name homebrew.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.p b/playbooks.d/webserver/share/sites.d/nl.tyil.p new file mode 100644 index 0000000..e627a0d --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.p @@ -0,0 +1,41 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name p.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/p.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/p.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + root /var/www/nl.tyil.p; + + location = / { + return 301 https://www.tyil.nl/services/fiche/; + } + + location ~ ^/(?<slug>.+)$ { + # Disassociate all filetypes and their Content-Type, and + # default everything to text/plain. + types { } default_type text/plain; + + alias "/var/www/nl.tyil.p/${slug}/index.txt"; + } +} + +server { + listen 80; + listen [::]:80; + + server_name p.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.radio b/playbooks.d/webserver/share/sites.d/nl.tyil.radio new file mode 100644 index 0000000..e71f55d --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.radio @@ -0,0 +1,34 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name radio.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/radio.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/radio.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name radio.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.searx b/playbooks.d/webserver/share/sites.d/nl.tyil.searx new file mode 100644 index 0000000..643ec0b --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.searx @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name searx.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/searx.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/searx.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name searx.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.tv b/playbooks.d/webserver/share/sites.d/nl.tyil.tv new file mode 100644 index 0000000..569ef73 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.tv @@ -0,0 +1,32 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name tv.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/tv.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tv.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name tv.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.www b/playbooks.d/webserver/share/sites.d/nl.tyil.www new file mode 100644 index 0000000..5717b98 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/nl.tyil.www @@ -0,0 +1,39 @@ +server { + listen 443 ssl http2; # managed by Certbot + listen [::]:443 ssl http2; # managed by Certbot + + server_name www.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + include /etc/nginx/conf.d/ssl.conf; + + root /var/www/nl.tyil.www/public; + + error_page 404 /http-404.html; + + location /atom.xml { + return 301 https://www.tyil.nl/posts/index.xml; + } + + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 80; + listen [::]:80; + + server_name www.tyil.nl; + + include /etc/nginx/conf.d/certbot.conf; + include /etc/nginx/conf.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad b/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad new file mode 100644 index 0000000..77c4a75 --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad @@ -0,0 +1,12 @@ +server { + listen 80; + listen [::]:80; + + server_name ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad.onion; + + root /var/www/nl.tyil.www; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/playbooks.d/webserver/share/sites.d/pictures.memebooru b/playbooks.d/webserver/share/sites.d/pictures.memebooru new file mode 100644 index 0000000..eca3b4e --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/pictures.memebooru @@ -0,0 +1,35 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name memebooru.pictures; + + ssl_certificate /etc/letsencrypt/live/memebooru.pictures/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/memebooru.pictures/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + client_max_body_size 100M; + client_body_timeout 30s; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://10.57.100.7; + } +} + +server { + listen 80; + listen [::]:80; + + server_name memebooru.pictures; + + include /etc/nginx/conf.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver/share/sites.d/work.tyil b/playbooks.d/webserver/share/sites.d/work.tyil new file mode 100644 index 0000000..cdb957a --- /dev/null +++ b/playbooks.d/webserver/share/sites.d/work.tyil @@ -0,0 +1,27 @@ +server { + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot + + server_name tyil.work; + + ssl_certificate /etc/letsencrypt/live/tyil.work/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tyil.work/privkey.pem; + + include /etc/nginx/conf.d/ssl.conf; + include /etc/nginx/conf.d/certbot.conf; + + return 301 https://www.tyil.nl$request_uri; +} + +server { + listen 80; + listen [::]:80; + + server_name tyil.work; + + location / { + return 301 https://$host$request_uri; + } + + include /etc/nginx/conf.d/certbot.conf; +} |