276 lines
8.1 KiB
Text
276 lines
8.1 KiB
Text
map $scheme $hsts_header {
|
|
https "max-age=63072000; preload";
|
|
}
|
|
|
|
map $host $myserver1 {
|
|
default 192.168.1.4;
|
|
}
|
|
map $host $myserver2 {
|
|
default 192.168.1.3;
|
|
}
|
|
|
|
|
|
map $http_host $nameport {
|
|
hostnames;
|
|
|
|
default 443;
|
|
|
|
forgit.* 3100;
|
|
portainer.* 9000;
|
|
images.* 5557;
|
|
terminal.* 2222;
|
|
images-ui.* 5558;
|
|
ha.* 8123;
|
|
pairdrop.* 3333;
|
|
}
|
|
|
|
map $http_host $loc2 {
|
|
hostnames;
|
|
|
|
default /;
|
|
|
|
ha.* /api/websocket;
|
|
}
|
|
|
|
map $http_host $nameport2 {
|
|
hostnames;
|
|
|
|
default 443;
|
|
|
|
git.* 3003;
|
|
portainer.* 9000;
|
|
image.* 5557;
|
|
images.* 5558;
|
|
abook.* 13378;
|
|
calibre.* 8083;
|
|
gpxstudio.* 8111;
|
|
ha.* 8123;
|
|
maptile.* 8810;
|
|
music.* 4533;
|
|
nginx.* 81;
|
|
notes.* 8180;
|
|
pairdrop.* 3333;
|
|
photo.* 8888;
|
|
photoprism.* 2342;
|
|
plex.* 32400;
|
|
profiles.* 70000;
|
|
route.* 17777;
|
|
server.* 7771;
|
|
studio.* 8112;
|
|
}
|
|
|
|
|
|
|
|
upstream registry {
|
|
server 192.168.1.4:5557;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name images.patachina.it;
|
|
|
|
ssl_certificate ssl/live/patachina.it/patachina.it_ssl_certificate.cer;
|
|
ssl_certificate_key ssl/live/patachina.it/_.patachina.it_private_key.key;
|
|
|
|
location / {
|
|
proxy_pass http://192.168.1.4:5557;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location /v2/ {
|
|
proxy_pass http://registry;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# These headers are required for Docker to trust the registry
|
|
# certificate and enable client-side certificate validation
|
|
proxy_ssl_verify on;
|
|
proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain.pem;
|
|
proxy_ssl_session_reuse off;
|
|
}
|
|
}
|
|
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
server_name ~^(?<name>\w+)\.patachina\.duckdns\.org$;
|
|
|
|
ssl_certificate ssl/live/patachina.duckdns.org/fullchain.pem;
|
|
ssl_certificate_key ssl/live/patachina.duckdns.org/privkey.pem;
|
|
include conf.d/include/websocket.conf;
|
|
|
|
location /args {
|
|
add_header Content-Type text/plain;
|
|
return 200
|
|
"arg_name: $arg_name
|
|
args: $args
|
|
nane: $name
|
|
uri: $uri
|
|
request_uri: $request_uri
|
|
content_length: $content_length
|
|
content_type: $content_type
|
|
document_root: $document_root
|
|
document_uri: $document_uri
|
|
host: $host
|
|
host_name: $hostname
|
|
http_name: $http_name
|
|
https: $https
|
|
is_args: $is_args
|
|
nginx_version: $nginx_version
|
|
pid: $pid
|
|
query_string: $query_string
|
|
remote_addr: $remote_addr
|
|
request: $request
|
|
request_method: $request_method
|
|
server_name: $server_name
|
|
server_port: $server_port
|
|
server_protocol: $server_protocol
|
|
status: $status
|
|
time_local: $time_local
|
|
|
|
ora le mie variabili:
|
|
Connection: $http_connection
|
|
Upgrade: $http_upgrade
|
|
Host: $host
|
|
X-Real-IP: $remote_addr
|
|
X-Forwarded-For: $proxy_add_x_forwarded_for
|
|
X-Forwarded-Proto: $scheme
|
|
PortForwarding: $nameport
|
|
loc2: $loc2";
|
|
}
|
|
|
|
location / {
|
|
include conf.d/include/websocket.conf;
|
|
add_header X-Served-By $host;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$myserver2:$nameport2$request_uri;
|
|
#proxy_set_header Host $host;
|
|
#proxy_http_version 1.1;
|
|
#proxy_set_header Upgrade $http_upgrade;
|
|
#proxy_set_header Connection "upgrade";
|
|
|
|
}
|
|
location $loc2 {
|
|
proxy_pass http://$myserver2:$nameport2$loc2$request_uri;
|
|
proxy_set_header Host $host;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name *.patachina.casacam.net;
|
|
|
|
ssl_certificate ssl/live/patachina.casacam.net/fullchain.pem;
|
|
ssl_certificate_key ssl/live/patachina.casacam.net/privkey.pem;
|
|
include conf.d/include/websocket.conf;
|
|
|
|
location / {
|
|
include conf.d/include/websocket.conf;
|
|
add_header X-Served-By $host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$myserver1:$nameport$request_uri;
|
|
#proxy_set_header Host $host;
|
|
#proxy_http_version 1.1;
|
|
#proxy_set_header Upgrade $http_upgrade;
|
|
#proxy_set_header Connection "upgrade";
|
|
}
|
|
location $loc2 {
|
|
proxy_pass http://$myserver1:$nameport$loc2$request_uri;
|
|
#proxy_set_header Host $http_host;
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
#proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
# These headers are required for Docker to trust the registry
|
|
# certificate and enable client-side certificate validation
|
|
#proxy_ssl_verify on;
|
|
#proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain1.pem;
|
|
#proxy_ssl_session_reuse off;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name *.patachina.it;
|
|
|
|
ssl_certificate ssl/live/patachina.it/patachina.it_ssl_certificate.cer;
|
|
ssl_certificate_key ssl/live/patachina.it/_.patachina.it_private_key.key;
|
|
include conf.d/include/websocket.conf;
|
|
|
|
location / {
|
|
include conf.d/include/websocket.conf;
|
|
add_header X-Served-By $host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$myserver1:$nameport$request_uri;
|
|
#proxy_set_header Host $host;
|
|
#proxy_http_version 1.1;
|
|
#proxy_set_header Upgrade $http_upgrade;
|
|
#proxy_set_header Connection "upgrade";
|
|
}
|
|
location $loc2 {
|
|
#proxy_pass http://$myserver1:$nameport$loc2$request_uri;
|
|
#proxy_set_header Host $http_host;
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
#proxy_set_header X-Forwarded-Proto $scheme;
|
|
#proxy_set_header Host $host;
|
|
#proxy_http_version 1.1;
|
|
#proxy_set_header Upgrade $http_upgrade;
|
|
#proxy_set_header Connection "upgrade";
|
|
# These headers are required for Docker to trust the registry
|
|
# certificate and enable client-side certificate validation
|
|
#proxy_ssl_verify on;
|
|
#proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain1.pem;
|
|
#proxy_ssl_session_reuse off;
|
|
|
|
include conf.d/include/websocket.conf;
|
|
add_header X-Served-By $host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$myserver1:$nameport$request_uri;
|
|
}
|
|
}
|
|
|