# Redirect HTTP to HTTPS server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 308 https://$host$request_uri; } # Default HTTPS server server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; server_name_in_redirect off; return 404; } # Base domain redirect server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name viyurz.fr; location = /.well-known/matrix/server { default_type application/json; return 200 '{ "m.server": "matrix.viyurz.fr:443" }'; } location = /.well-known/matrix/client { default_type application/json; add_header Access-Control-Allow-Origin '*'; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; return 200 '{ "m.homeserver": { "base_url": "https://matrix.viyurz.fr" } }'; } location / { return 308 https://www.viyurz.fr$request_uri; } } # Downloads server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name dl.viyurz.fr; root /var/www/html; } # Homepage server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.viyurz.fr; location / { proxy_pass http://localhost:8082; } } # Element server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name element.viyurz.fr; location / { proxy_pass http://localhost:8084; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'none'"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; } } # Etebase server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name etebase.viyurz.fr; location ~ ^/(?!admin) { proxy_pass http://localhost:3735; } } # Kavita server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name kavita.viyurz.fr; location / { proxy_pass http://localhost:5000; } } # Nextcloud server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name nc.viyurz.fr; location / { proxy_pass http://localhost:11000; add_header Set-Cookie "Path=/; HttpOnly; Secure"; # Websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Accept-Encoding ""; client_body_buffer_size 512k; proxy_read_timeout 86400s; client_max_body_size 0; } } # SearxNG server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name searx.viyurz.fr; location / { proxy_pass http://localhost:8083; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"; } } # Synapse server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name matrix.viyurz.fr; location / { proxy_pass http://localhost:8008; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; } } # Syncthing Discovery upstream stdisco.viyurz.fr { # Local IP address:port for discovery server server localhost:8443; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name stdisco.viyurz.fr; ssl_verify_client optional_no_ca; location / { proxy_pass http://stdisco.viyurz.fr; proxy_set_header X-Client-Port $remote_port; proxy_set_header X-SSL-Cert $ssl_client_cert; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } # Vaultwarden upstream vaultwarden-default { zone vaultwarden-default 64k; server localhost:8081; keepalive 2; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name vw.viyurz.fr; location / { proxy_pass http://vaultwarden-default; # Websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; client_max_body_size 525M; } }