From e1d153f71cbc6e3821f53bee381f7ff8003d76e2 Mon Sep 17 00:00:00 2001
From: Roland Schneider <rocho@vm3924>
Date: Sat, 26 Nov 2022 09:19:11 +0000
Subject: [PATCH] initial commit

---
 .gitignore                              |  1 +
 default.conf.bak                        | 59 +++++++++++++++++++++++++
 docker-compose.yaml                     | 18 ++++++++
 nextcloud.rschneider.hu.conf            | 15 +++++++
 nginx/conf/default.conf                 | 58 ++++++++++++++++++++++++
 nginx/conf/docker.rschneider.hu.conf    | 28 ++++++++++++
 nginx/conf/nextcloud.rschneider.hu.conf | 15 +++++++
 nginx/conf/nexus.rschneider.hu.conf     | 28 ++++++++++++
 nginx/conf/registry.rschneider.hu.conf  | 28 ++++++++++++
 wikijs.rschneider.hu.conf               | 15 +++++++
 10 files changed, 265 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 default.conf.bak
 create mode 100644 docker-compose.yaml
 create mode 100644 nextcloud.rschneider.hu.conf
 create mode 100644 nginx/conf/default.conf
 create mode 100644 nginx/conf/docker.rschneider.hu.conf
 create mode 100644 nginx/conf/nextcloud.rschneider.hu.conf
 create mode 100644 nginx/conf/nexus.rschneider.hu.conf
 create mode 100644 nginx/conf/registry.rschneider.hu.conf
 create mode 100644 wikijs.rschneider.hu.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f4d4dab
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+certbot
diff --git a/default.conf.bak b/default.conf.bak
new file mode 100644
index 0000000..ea203da
--- /dev/null
+++ b/default.conf.bak
@@ -0,0 +1,59 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name rschneider.hu www.rschneider.hu;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://rschneider.hu$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cutlergyor.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/cutlergyor.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/cutlergyor.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wiki.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/wiki.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wiki.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3030;
+    }
+}
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..1772344
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,18 @@
+version: '3'
+
+services:
+  webserver:
+    image: nginx:latest
+    ports:
+      - 80:80
+      - 443:443
+#    restart: always
+    volumes:
+      - ./nginx/conf/:/etc/nginx/conf.d/:ro
+      - ./certbot/www:/var/www/certbot/:ro
+      - ./certbot/conf/:/etc/nginx/ssl/:ro
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw
diff --git a/nextcloud.rschneider.hu.conf b/nextcloud.rschneider.hu.conf
new file mode 100644
index 0000000..1b7bbdf
--- /dev/null
+++ b/nextcloud.rschneider.hu.conf
@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nextcloud.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/nextcloud.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3680;
+    }
+}
+
diff --git a/nginx/conf/default.conf b/nginx/conf/default.conf
new file mode 100644
index 0000000..4707fbc
--- /dev/null
+++ b/nginx/conf/default.conf
@@ -0,0 +1,58 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name rschneider.hu www.rschneider.hu;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://rschneider.hu$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cutlergyor.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/cutlergyor.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/cutlergyor.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rschneider.hu:40001;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name ios.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/ios.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/ios.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3085;
+    }
+}
diff --git a/nginx/conf/docker.rschneider.hu.conf b/nginx/conf/docker.rschneider.hu.conf
new file mode 100644
index 0000000..5d199df
--- /dev/null
+++ b/nginx/conf/docker.rschneider.hu.conf
@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name docker.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/docker.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/docker.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+
diff --git a/nginx/conf/nextcloud.rschneider.hu.conf b/nginx/conf/nextcloud.rschneider.hu.conf
new file mode 100644
index 0000000..1b7bbdf
--- /dev/null
+++ b/nginx/conf/nextcloud.rschneider.hu.conf
@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nextcloud.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/nextcloud.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3680;
+    }
+}
+
diff --git a/nginx/conf/nexus.rschneider.hu.conf b/nginx/conf/nexus.rschneider.hu.conf
new file mode 100644
index 0000000..f854f80
--- /dev/null
+++ b/nginx/conf/nexus.rschneider.hu.conf
@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nexus.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/nexus.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nexus.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+
diff --git a/nginx/conf/registry.rschneider.hu.conf b/nginx/conf/registry.rschneider.hu.conf
new file mode 100644
index 0000000..8b3a8f1
--- /dev/null
+++ b/nginx/conf/registry.rschneider.hu.conf
@@ -0,0 +1,28 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name registry.rschneider.hu;
+
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+    proxy_buffering    off;
+    proxy_request_buffering off;
+    keepalive_timeout  5 5;
+    tcp_nodelay        on;
+
+    # allow large uploads of files - refer to nginx documentation
+    client_max_body_size 2G;
+
+    ssl_certificate /etc/nginx/ssl/live/registry.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/registry.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3082;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+
diff --git a/wikijs.rschneider.hu.conf b/wikijs.rschneider.hu.conf
new file mode 100644
index 0000000..154c20d
--- /dev/null
+++ b/wikijs.rschneider.hu.conf
@@ -0,0 +1,15 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name wikijs.rschneider.hu;
+
+    ssl_certificate /etc/nginx/ssl/live/wikijs.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/wikijs.rschneider.hu/privkey.pem;
+    
+    location / {
+        proxy_pass http://rocho02.ddns.net:3010;
+    }
+}
+