From 032fe88dc34b8b244f83aa15ab398a7c60c0f8e4 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 13 Sep 2022 12:40:25 +0000 Subject: [PATCH 1/4] update --- nginx/arm.stpl | 74 ++++++++++++++++++++++++++++++++++++++++++++ nginx/arm.tpl | 39 +++++++++++++++++++++++ nginx/cloudreve.stpl | 46 +++++++++++++++++++++++++++ nginx/cloudreve.tpl | 43 +++++++++++++++++++++++++ 4 files changed, 202 insertions(+) create mode 100644 nginx/arm.stpl create mode 100644 nginx/arm.tpl create mode 100644 nginx/cloudreve.stpl create mode 100644 nginx/cloudreve.tpl diff --git a/nginx/arm.stpl b/nginx/arm.stpl new file mode 100644 index 0000000..63e2ba7 --- /dev/null +++ b/nginx/arm.stpl @@ -0,0 +1,74 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +upstream portainer { + server 127.0.1.1:9090; +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + +location /portainer/ { + proxy_http_version 1.1; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + + proxy_set_header Connection ""; + proxy_buffers 32 4k; + proxy_pass https://portainer/; + } + + location /portainer/api/websocket/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass https://portainer/api/websocket/; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/arm.tpl b/nginx/arm.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/arm.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/cloudreve.stpl b/nginx/cloudreve.stpl new file mode 100644 index 0000000..548bfe6 --- /dev/null +++ b/nginx/cloudreve.stpl @@ -0,0 +1,46 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass http://127.0.1.1:5212; + location ~* ^.+\.(%proxy_extentions%)$ { +# root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.1.1:5212; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/cloudreve.tpl b/nginx/cloudreve.tpl new file mode 100644 index 0000000..31d1673 --- /dev/null +++ b/nginx/cloudreve.tpl @@ -0,0 +1,43 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.0.1:8010; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + From 51cf09ac52b0a7c7ee1c5c121602676b550dc872 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 13 Sep 2022 12:40:45 +0000 Subject: [PATCH 2/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=20'nginx/pleroma.stpl'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/pleroma.stpl | 64 ---------------------------------------------- 1 file changed, 64 deletions(-) delete mode 100644 nginx/pleroma.stpl diff --git a/nginx/pleroma.stpl b/nginx/pleroma.stpl deleted file mode 100644 index 0156e1b..0000000 --- a/nginx/pleroma.stpl +++ /dev/null @@ -1,64 +0,0 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - - -# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only -# and `localhost.` resolves to [::0] on some systems: see issue #930 -upstream phoenix { - server 127.0.0.1:4004 max_fails=5 fail_timeout=60s; -} - - -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - ssl_stapling on; - ssl_stapling_verify on; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - - keepalive_timeout 70; - sendfile on; - client_max_body_size 80m; - - - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; - - - ignore_invalid_headers off; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location / { - proxy_pass http://phoenix; - } - - location ~ ^/(media|proxy) { - - slice 1m; - proxy_cache_key $host$uri$is_args$args$slice_range; - proxy_set_header Range $slice_range; - proxy_cache_valid 200 206 301 304 1h; - proxy_cache_lock on; - proxy_ignore_client_abort on; - proxy_buffering on; - chunked_transfer_encoding on; - proxy_pass http://phoenix; - } - - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; -} - From 76d012f6332ae66e0fa2305cd5035fd6962a2613 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 13 Sep 2022 12:40:51 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=20'nginx/pleroma.tpl'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/pleroma.tpl | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 nginx/pleroma.tpl diff --git a/nginx/pleroma.tpl b/nginx/pleroma.tpl deleted file mode 100644 index 851ac0d..0000000 --- a/nginx/pleroma.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} From 8c2df1ee056e8406dbe9f857809fddc1e9b7aa8a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 13 Sep 2022 12:41:55 +0000 Subject: [PATCH 4/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20'nginx/matrix.stpl'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/matrix.stpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/matrix.stpl b/nginx/matrix.stpl index 2dfdfee..9d83576 100644 --- a/nginx/matrix.stpl +++ b/nginx/matrix.stpl @@ -30,13 +30,13 @@ server { add_header Access-Control-Allow-Origin *; } location ~* ^(\/_matrix|\/_synapse) { - proxy_pass http://localhost:8008; + proxy_pass http://127.0.1.1:8008; proxy_set_header X-Forwarded-For $remote_addr; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml } location /admin/ { - proxy_pass http://localhost:8100/; + proxy_pass http://127.0.1.1:8100/; proxy_set_header X-Forwarded-For $remote_addr; }