vps/nginx-rp/reverse-proxy.conf
2023-12-03 09:22:27 +00:00

201 lines
3.9 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Redirect HTTP to HTTPS
server {
listen 80 http2 default_server;
listen [::]:80 http2 default_server;
server_name _;
return 308 https://$host$request_uri;
}
# Default HTTPS server
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
server_name_in_redirect off;
return 404;
}
# Nextcloud
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nc.viyurz.fr;
location / {
proxy_pass http://localhost:11000;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Accept-Encoding "";
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
}
}
# Vaultwarden
upstream vaultwarden-default {
zone vaultwarden-default 64k;
server localhost:8081;
keepalive 2;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vw.viyurz.fr;
location / {
proxy_pass http://vaultwarden-default;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
client_max_body_size 525M;
}
}
# SearxNG
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name searx.viyurz.fr;
location / {
proxy_pass http://localhost:8083;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
}
}
# Matrix/Synapse
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name matrix.viyurz.fr;
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://localhost:8008;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
}
# Syncthing Discovery
upstream stdisco.viyurz.fr {
# Local IP address:port for discovery server
server localhost:8443;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name stdisco.viyurz.fr;
ssl_verify_client optional_no_ca;
location / {
proxy_pass http://stdisco.viyurz.fr;
proxy_set_header X-Client-Port $remote_port;
proxy_set_header X-SSL-Cert $ssl_client_cert;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
# Cryptpad
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cryptpad.viyurz.fr cryptpad-sandbox.viyurz.fr;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
client_max_body_size 150m;
}
}
# Etebase
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name etebase.viyurz.fr;
location ~ ^/(?!admin) {
proxy_pass http://localhost:3735;
}
}
# Homepage
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.viyurz.fr;
location / {
proxy_pass http://localhost:8082;
}
}
# Base domain redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name viyurz.fr;
location /.well-known/matrix/server {
default_type application/json;
return 200 '{ "m.server": "matrix.viyurz.fr:443" }';
}
location / {
return 308 https://www.viyurz.fr$request_uri;
}
}