From bf593fd9fe8b5eb6f55799abaccea67f6319fbee Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Sun, 22 Jan 2023 09:16:27 +0100
Subject: Add nginx entries for mumble web proxy

---
 .../share/sites.d/http/com.voidfire.mumble         | 13 +++++++++
 .../share/sites.d/https/com.voidfire.mumble        | 33 ++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble
 create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble

diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble
new file mode 100644
index 0000000..a2922fc
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble
@@ -0,0 +1,13 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name mumble.voidfire.com;
+
+	include /etc/nginx/snippets.d/certbot.conf;
+	include /etc/nginx/snippets.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble
new file mode 100644
index 0000000..5e57f3d
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble
@@ -0,0 +1,33 @@
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name mumble.voidfire.com;
+
+	ssl_certificate /etc/letsencrypt/live/mumble.voidfire.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/mumble.voidfire.com/privkey.pem;
+
+	include /etc/nginx/snippets.d/certbot.conf;
+	include /etc/nginx/snippets.d/headers.conf;
+	include /etc/nginx/snippets.d/ssl.conf;
+
+	root /var/www/com.voidfire.mumble;
+
+	location / {
+		proxy_http_version 1.1;
+		proxy_set_header Connection      $http_connection;
+		proxy_set_header Host            $host;
+		proxy_set_header Upgrade         $http_upgrade;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://127.0.0.1:8080;
+	}
+
+	location /proxy {
+		proxy_http_version 1.1;
+		proxy_set_header Connection      $http_connection;
+		proxy_set_header Upgrade         $http_upgrade;
+
+		proxy_pass http://127.0.0.1:64737;
+	}
+}
-- 
cgit v1.1