diff --git a/.env b/.env new file mode 100644 index 0000000..8a88401 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +nuc=46.251.21.47 \ No newline at end of file diff --git a/detect-changes.sh b/detect-changes.sh new file mode 100755 index 0000000..6209fb5 --- /dev/null +++ b/detect-changes.sh @@ -0,0 +1,12 @@ +#!/bin/bash +SERVER_DIR=/home/rocho/docker/endless-ip/app +WORK_DIR=/home/rocho/docker/proxy/proxy +ENV_FILE="${SERVER_DIR}/config/.env" +CHANGE_FILE="${SERVER_DIR}/config/.changed" +if [[ -f "$CHANGE_FILE" ]]; then + echo "changed detected" + cp $ENV_FILE $WORK_DIR + rm $CHANGE_FILE + source ./restart.sh +fi + diff --git a/docker-compose.yaml b/docker-compose.yaml index 1772344..3f91af7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,9 +8,12 @@ services: - 443:443 # restart: always volumes: - - ./nginx/conf/:/etc/nginx/conf.d/:ro + - ./nginx/templates/:/etc/nginx/templates/:rw + - ./nginx/conf/:/etc/nginx/conf.d/:rw - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro + env_file: + - .env certbot: image: certbot/certbot:latest volumes: diff --git a/nexus.rschneider.hu.conf.bak b/nexus.rschneider.hu.conf.bak new file mode 100644 index 0000000..f854f80 --- /dev/null +++ b/nexus.rschneider.hu.conf.bak @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name nexus.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/nexus.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://rocho02.ddns.net:3082; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/conf/default.conf b/nginx/conf/default.conf index 4707fbc..68a300a 100644 --- a/nginx/conf/default.conf +++ b/nginx/conf/default.conf @@ -53,6 +53,6 @@ server { ssl_certificate_key /etc/nginx/ssl/live/ios.rschneider.hu/privkey.pem; location / { - proxy_pass http://rocho02.ddns.net:3085; + proxy_pass http://46.251.21.47:3085; } } diff --git a/nginx/conf/docker.rschneider.hu.conf b/nginx/conf/docker.rschneider.hu.conf index 5d199df..71463d1 100644 --- a/nginx/conf/docker.rschneider.hu.conf +++ b/nginx/conf/docker.rschneider.hu.conf @@ -19,7 +19,7 @@ server { ssl_certificate_key /etc/nginx/ssl/live/docker.rschneider.hu/privkey.pem; location / { - proxy_pass http://rocho02.ddns.net:3082; + proxy_pass http://46.251.21.47:3082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/conf/heimdall.rschneider.hu.conf b/nginx/conf/heimdall.rschneider.hu.conf new file mode 100644 index 0000000..a8f776f --- /dev/null +++ b/nginx/conf/heimdall.rschneider.hu.conf @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name heimdall.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/heimdall.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/heimdall.rschneider.hu/privkey.pem; + + location / { + proxy_pass https://46.251.21.47:3002; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/conf/k8sdashboard.rschneider.hu.conf b/nginx/conf/k8sdashboard.rschneider.hu.conf new file mode 100644 index 0000000..aea155b --- /dev/null +++ b/nginx/conf/k8sdashboard.rschneider.hu.conf @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name k8sdash.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/k8sdash.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/k8sdash.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://46.251.21.47:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/conf/nextcloud.rschneider.hu.conf b/nginx/conf/nextcloud.rschneider.hu.conf index 1b7bbdf..1c7787c 100644 --- a/nginx/conf/nextcloud.rschneider.hu.conf +++ b/nginx/conf/nextcloud.rschneider.hu.conf @@ -9,7 +9,7 @@ server { ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem; location / { - proxy_pass http://rocho02.ddns.net:3680; + proxy_pass http://46.251.21.47:3680; } } diff --git a/nginx/conf/nexus.rschneider.hu.conf b/nginx/conf/nexus.rschneider.hu.conf index f854f80..35f3b74 100644 --- a/nginx/conf/nexus.rschneider.hu.conf +++ b/nginx/conf/nexus.rschneider.hu.conf @@ -19,7 +19,7 @@ server { ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem; location / { - proxy_pass http://rocho02.ddns.net:3082; + proxy_pass http://46.251.21.47:3081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/conf/registry.rschneider.hu.conf b/nginx/conf/registry.rschneider.hu.conf index 8b3a8f1..5720650 100644 --- a/nginx/conf/registry.rschneider.hu.conf +++ b/nginx/conf/registry.rschneider.hu.conf @@ -19,7 +19,7 @@ server { ssl_certificate_key /etc/nginx/ssl/live/registry.rschneider.hu/privkey.pem; location / { - proxy_pass http://rocho02.ddns.net:3082; + proxy_pass http://46.251.21.47:3082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/conf/ssh.nas1.rschneider.hu b/nginx/conf/ssh.nas1.rschneider.hu new file mode 100644 index 0000000..702415e --- /dev/null +++ b/nginx/conf/ssh.nas1.rschneider.hu @@ -0,0 +1,10 @@ +upstream nas1-ssh { + server 46.251.21.47:10022; +} + +server { + listen 80; + server_name ssh.nas1.rschneider.hu + proxy_pass nas1-ssh; +} + diff --git a/nginx/conf/ssh.nuc.rschneider.hu b/nginx/conf/ssh.nuc.rschneider.hu new file mode 100644 index 0000000..aaabc93 --- /dev/null +++ b/nginx/conf/ssh.nuc.rschneider.hu @@ -0,0 +1,10 @@ +upstream nuc-ssh { + server 46.251.21.47:2022; +} + +server { + listen 80; + server_name ssh.nuc.rschneider.hu + proxy_pass nuc-ssh; +} + diff --git a/nginx/conf/wikijs.rschneider.hu.conf b/nginx/conf/wikijs.rschneider.hu.conf new file mode 100644 index 0000000..8bf9cfc --- /dev/null +++ b/nginx/conf/wikijs.rschneider.hu.conf @@ -0,0 +1,15 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name wikijs.rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/wikijs.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/wikijs.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://46.251.21.47:3010; + } +} + diff --git a/nginx/conf/xwiki.rschneider.hu.conf b/nginx/conf/xwiki.rschneider.hu.conf new file mode 100644 index 0000000..81eb3a3 --- /dev/null +++ b/nginx/conf/xwiki.rschneider.hu.conf @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name wiki.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/wiki.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/wiki.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://46.251.21.47:3030; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/default.conf.template b/nginx/templates/default.conf.template new file mode 100644 index 0000000..bc79ce8 --- /dev/null +++ b/nginx/templates/default.conf.template @@ -0,0 +1,58 @@ +server { + listen 80; + listen [::]:80; + + server_name rschneider.hu www.rschneider.hu; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://rschneider.hu$request_uri; + } +} + +server { + listen 443 default_server ssl http2; + listen [::]:443 ssl http2; + + server_name rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/rschneider.hu/privkey.pem; + + location / { + proxy_pass http://rschneider.hu:40001; + } +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name cutlergyor.rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/cutlergyor.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/cutlergyor.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://rschneider.hu:40001; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ios.rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/ios.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/ios.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3085; + } +} diff --git a/nginx/templates/docker.rschneider.hu.conf.template b/nginx/templates/docker.rschneider.hu.conf.template new file mode 100644 index 0000000..6a08502 --- /dev/null +++ b/nginx/templates/docker.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name docker.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/docker.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/docker.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3082; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/heimdall.rschneider.hu.conf.template b/nginx/templates/heimdall.rschneider.hu.conf.template new file mode 100644 index 0000000..0374668 --- /dev/null +++ b/nginx/templates/heimdall.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name heimdall.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/heimdall.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/heimdall.rschneider.hu/privkey.pem; + + location / { + proxy_pass https://${nuc}:3002; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/k8sdashboard.rschneider.hu.conf.template b/nginx/templates/k8sdashboard.rschneider.hu.conf.template new file mode 100644 index 0000000..e1ed4aa --- /dev/null +++ b/nginx/templates/k8sdashboard.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name k8sdash.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/k8sdash.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/k8sdash.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/nextcloud.rschneider.hu.conf.template b/nginx/templates/nextcloud.rschneider.hu.conf.template new file mode 100644 index 0000000..40d51f9 --- /dev/null +++ b/nginx/templates/nextcloud.rschneider.hu.conf.template @@ -0,0 +1,15 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name nextcloud.rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/nextcloud.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3680; + } +} + diff --git a/nginx/templates/nexus.rschneider.hu.conf.template b/nginx/templates/nexus.rschneider.hu.conf.template new file mode 100644 index 0000000..ed0fc38 --- /dev/null +++ b/nginx/templates/nexus.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name nexus.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/nexus.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3081; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/registry.rschneider.hu.conf.template b/nginx/templates/registry.rschneider.hu.conf.template new file mode 100644 index 0000000..b137fb7 --- /dev/null +++ b/nginx/templates/registry.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name registry.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/registry.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/registry.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3082; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/nginx/templates/ssh.nas1.rschneider.hu.template b/nginx/templates/ssh.nas1.rschneider.hu.template new file mode 100644 index 0000000..8916c22 --- /dev/null +++ b/nginx/templates/ssh.nas1.rschneider.hu.template @@ -0,0 +1,10 @@ +upstream nas1-ssh { + server ${nuc}:10022; +} + +server { + listen 80; + server_name ssh.nas1.rschneider.hu + proxy_pass nas1-ssh; +} + diff --git a/nginx/templates/ssh.nuc.rschneider.hu.template b/nginx/templates/ssh.nuc.rschneider.hu.template new file mode 100644 index 0000000..3931a3f --- /dev/null +++ b/nginx/templates/ssh.nuc.rschneider.hu.template @@ -0,0 +1,11 @@ +stream{ +upstream nuc-ssh { + server ${nuc}:2022; +} + +server { + listen 80; + server_name ssh.nuc.rschneider.hu + proxy_pass nuc-ssh; +} +} diff --git a/nginx/templates/wikijs.rschneider.hu.conf.template b/nginx/templates/wikijs.rschneider.hu.conf.template new file mode 100644 index 0000000..caf7feb --- /dev/null +++ b/nginx/templates/wikijs.rschneider.hu.conf.template @@ -0,0 +1,15 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name wikijs.rschneider.hu; + + ssl_certificate /etc/nginx/ssl/live/wikijs.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/wikijs.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3010; + } +} + diff --git a/nginx/templates/xwiki.rschneider.hu.conf.template b/nginx/templates/xwiki.rschneider.hu.conf.template new file mode 100644 index 0000000..3a73fd0 --- /dev/null +++ b/nginx/templates/xwiki.rschneider.hu.conf.template @@ -0,0 +1,28 @@ +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name wiki.rschneider.hu; + + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + keepalive_timeout 5 5; + tcp_nodelay on; + + # allow large uploads of files - refer to nginx documentation + client_max_body_size 2G; + + ssl_certificate /etc/nginx/ssl/live/wiki.rschneider.hu/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/wiki.rschneider.hu/privkey.pem; + + location / { + proxy_pass http://${nuc}:3030; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..1b3dc6e --- /dev/null +++ b/readme.md @@ -0,0 +1,3 @@ +add domain + +docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d registry.rschneider.hu diff --git a/restart.sh b/restart.sh new file mode 100755 index 0000000..a8341a6 --- /dev/null +++ b/restart.sh @@ -0,0 +1 @@ +docker-compose up -d