diff --git a/nginx/arm.stpl b/nginx/arm.stpl new file mode 100644 index 0000000..63e2ba7 --- /dev/null +++ b/nginx/arm.stpl @@ -0,0 +1,74 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +upstream portainer { + server 127.0.1.1:9090; +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + +location /portainer/ { + proxy_http_version 1.1; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + + proxy_set_header Connection ""; + proxy_buffers 32 4k; + proxy_pass https://portainer/; + } + + location /portainer/api/websocket/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass https://portainer/api/websocket/; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/arm.tpl b/nginx/arm.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/arm.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/cloudreve.stpl b/nginx/cloudreve.stpl new file mode 100644 index 0000000..548bfe6 --- /dev/null +++ b/nginx/cloudreve.stpl @@ -0,0 +1,46 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass http://127.0.1.1:5212; + location ~* ^.+\.(%proxy_extentions%)$ { +# root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.1.1:5212; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/cloudreve.tpl b/nginx/cloudreve.tpl new file mode 100644 index 0000000..31d1673 --- /dev/null +++ b/nginx/cloudreve.tpl @@ -0,0 +1,43 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.0.1:8010; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/matrix.stpl b/nginx/matrix.stpl index 2dfdfee..9d83576 100644 --- a/nginx/matrix.stpl +++ b/nginx/matrix.stpl @@ -30,13 +30,13 @@ server { add_header Access-Control-Allow-Origin *; } location ~* ^(\/_matrix|\/_synapse) { - proxy_pass http://localhost:8008; + proxy_pass http://127.0.1.1:8008; proxy_set_header X-Forwarded-For $remote_addr; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml } location /admin/ { - proxy_pass http://localhost:8100/; + proxy_pass http://127.0.1.1:8100/; proxy_set_header X-Forwarded-For $remote_addr; } diff --git a/nginx/pleroma.stpl b/nginx/pleroma.stpl deleted file mode 100644 index 0156e1b..0000000 --- a/nginx/pleroma.stpl +++ /dev/null @@ -1,64 +0,0 @@ -#=======================================================================# -# Default Web Domain Template # -# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # -#=======================================================================# - - -# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only -# and `localhost.` resolves to [::0] on some systems: see issue #930 -upstream phoenix { - server 127.0.0.1:4004 max_fails=5 fail_timeout=60s; -} - - -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - ssl_stapling on; - ssl_stapling_verify on; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - - keepalive_timeout 70; - sendfile on; - client_max_body_size 80m; - - - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; - - - ignore_invalid_headers off; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - location / { - proxy_pass http://phoenix; - } - - location ~ ^/(media|proxy) { - - slice 1m; - proxy_cache_key $host$uri$is_args$args$slice_range; - proxy_set_header Range $slice_range; - proxy_cache_valid 200 206 301 304 1h; - proxy_cache_lock on; - proxy_ignore_client_abort on; - proxy_buffering on; - chunked_transfer_encoding on; - proxy_pass http://phoenix; - } - - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; -} - diff --git a/nginx/pleroma.tpl b/nginx/pleroma.tpl deleted file mode 100644 index 851ac0d..0000000 --- a/nginx/pleroma.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/nginx/tz.stpl b/nginx/tz.stpl new file mode 100644 index 0000000..dc7a090 --- /dev/null +++ b/nginx/tz.stpl @@ -0,0 +1,52 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass http://127.0.0.1:9010; + location ~* ^.+\.(%proxy_extentions%)$ { +# root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + location ~ ^/(ws|terminal/.+)$ { + proxy_pass http://127.0.0.1:9010; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + } + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.0.1:9010; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/tz.tpl b/nginx/tz.tpl new file mode 100644 index 0000000..31d1673 --- /dev/null +++ b/nginx/tz.tpl @@ -0,0 +1,43 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.0.1:8010; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/xray.stpl b/nginx/xray.stpl new file mode 100644 index 0000000..8cdc1ff --- /dev/null +++ b/nginx/xray.stpl @@ -0,0 +1,73 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + add_header Strict-Transport-Security "max-age=63072000" always; + + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /sky { + proxy_redirect off; + proxy_pass http://127.0.0.1:23876; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + + location /a552d878db04/ + { + proxy_redirect off; + proxy_pass http://127.0.0.1:30875; + proxy_http_version 1.1; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } + + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + +# proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/xray.tpl b/nginx/xray.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/xray.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} +