changes

.env

@@ -0,0 +1 @@
+nuc=46.251.21.47

detect-changes.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+SERVER_DIR=/home/rocho/docker/endless-ip/app
+WORK_DIR=/home/rocho/docker/proxy/proxy
+ENV_FILE="${SERVER_DIR}/config/.env"
+CHANGE_FILE="${SERVER_DIR}/config/.changed"
+if [[ -f "$CHANGE_FILE" ]]; then
+  echo "changed detected"
+  cp $ENV_FILE $WORK_DIR  
+  rm $CHANGE_FILE
+  source ./restart.sh
+fi
+

docker-compose.yaml

@@ -8,9 +8,12 @@ services:
       - 443:443
 #    restart: always
     volumes:
-      - ./nginx/conf/:/etc/nginx/conf.d/:ro
+      - ./nginx/templates/:/etc/nginx/templates/:rw
+      - ./nginx/conf/:/etc/nginx/conf.d/:rw
       - ./certbot/www:/var/www/certbot/:ro
       - ./certbot/conf/:/etc/nginx/ssl/:ro
+    env_file:
+     - .env
   certbot:
     image: certbot/certbot:latest
     volumes:

nexus.rschneider.hu.conf.bak

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nexus.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/nexus.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/conf/default.conf

@@ -53,6 +53,6 @@ server {
     ssl_certificate_key /etc/nginx/ssl/live/ios.rschneider.hu/privkey.pem;
     
     location / {
-        proxy_pass http://rocho02.ddns.net:3085;
+        proxy_pass http://46.251.21.47:3085;
     }
 }

nginx/conf/docker.rschneider.hu.conf

@@ -19,7 +19,7 @@ server {
     ssl_certificate_key /etc/nginx/ssl/live/docker.rschneider.hu/privkey.pem;
     
     location / {
-        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_pass http://46.251.21.47:3082;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginx/conf/heimdall.rschneider.hu.conf

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name heimdall.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/heimdall.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/heimdall.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass https://46.251.21.47:3002;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/conf/k8sdashboard.rschneider.hu.conf

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name k8sdash.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/k8sdash.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/k8sdash.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://46.251.21.47:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/conf/nextcloud.rschneider.hu.conf

@@ -9,7 +9,7 @@ server {
     ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem;
     
     location / {
-        proxy_pass http://rocho02.ddns.net:3680;
+        proxy_pass http://46.251.21.47:3680;
     }
 }
 

nginx/conf/nexus.rschneider.hu.conf

@@ -19,7 +19,7 @@ server {
     ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem;
     
     location / {
-        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_pass http://46.251.21.47:3081;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginx/conf/registry.rschneider.hu.conf

@@ -19,7 +19,7 @@ server {
     ssl_certificate_key /etc/nginx/ssl/live/registry.rschneider.hu/privkey.pem;
     
     location / {
-        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_pass http://46.251.21.47:3082;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginx/conf/ssh.nas1.rschneider.hu

@@ -0,0 +1,10 @@
+upstream nas1-ssh {
+  server 46.251.21.47:10022;
+}
+
+server {
+  listen 80;
+  server_name ssh.nas1.rschneider.hu
+  proxy_pass nas1-ssh;
+}
+

nginx/conf/ssh.nuc.rschneider.hu

@@ -0,0 +1,10 @@
+upstream nuc-ssh {
+  server 46.251.21.47:2022;
+}
+
+server {
+  listen 80;
+  server_name ssh.nuc.rschneider.hu
+  proxy_pass nuc-ssh;
+}
+

nginx/conf/wikijs.rschneider.hu.conf

@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wikijs.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/wikijs.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wikijs.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://46.251.21.47:3010;
+    }
+}
+

nginx/conf/xwiki.rschneider.hu.conf

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wiki.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/wiki.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wiki.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://46.251.21.47:3030;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/default.conf.template

@@ -0,0 +1,58 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name rschneider.hu www.rschneider.hu;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://rschneider.hu$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cutlergyor.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/cutlergyor.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/cutlergyor.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name ios.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/ios.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/ios.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3085;
+    }
+}

nginx/templates/docker.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name docker.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/docker.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/docker.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/heimdall.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name heimdall.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/heimdall.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/heimdall.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass https://${nuc}:3002;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/k8sdashboard.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name k8sdash.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/k8sdash.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/k8sdash.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/nextcloud.rschneider.hu.conf.template

@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nextcloud.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/nextcloud.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3680;
+    }
+}
+

nginx/templates/nexus.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nexus.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/nexus.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3081;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/registry.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name registry.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/registry.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/registry.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

nginx/templates/ssh.nas1.rschneider.hu.template

@@ -0,0 +1,10 @@
+upstream nas1-ssh {
+  server ${nuc}:10022;
+}
+
+server {
+  listen 80;
+  server_name ssh.nas1.rschneider.hu
+  proxy_pass nas1-ssh;
+}
+

nginx/templates/ssh.nuc.rschneider.hu.template

@@ -0,0 +1,11 @@
+stream{
+upstream nuc-ssh {
+  server ${nuc}:2022;
+}
+
+server {
+  listen 80;
+  server_name ssh.nuc.rschneider.hu
+  proxy_pass nuc-ssh;
+}
+}

nginx/templates/wikijs.rschneider.hu.conf.template

@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wikijs.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/wikijs.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wikijs.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3010;
+    }
+}
+

nginx/templates/xwiki.rschneider.hu.conf.template

@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wiki.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/wiki.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wiki.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://${nuc}:3030;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+

readme.md

@@ -0,0 +1,3 @@
+add domain
+
+docker-compose run --rm  certbot certonly --webroot --webroot-path /var/www/certbot/ -d registry.rschneider.hu

restart.sh

@@ -0,0 +1 @@
+docker-compose up -d