From 46b2d54e55a51a9bf261f3e376bb11468d507015 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Jan 2023 18:00:42 +0800 Subject: [PATCH] up --- nginx/gitlab.stpl | 46 ++++++++++++++++++++++++++++ nginx/gitlab.tpl | 43 ++++++++++++++++++++++++++ nginx/mail.stpl | 2 +- nginx/mail.tpl | 16 ++++------ nginx/mirrors.stpl | 49 +++++++++++++++++++++++++++++ nginx/mirrors.tpl | 41 +++++++++++++++++++++++++ nginx/portainer.stpl | 73 ++++++++++++++++++++++++++++++++++++++++++++ nginx/portainer.tpl | 39 +++++++++++++++++++++++ nginx/tz.stpl | 6 ++-- nginx/ws.stpl | 58 +++++++++++++++++++++++++++++++++++ nginx/ws.tpl | 39 +++++++++++++++++++++++ 11 files changed, 398 insertions(+), 14 deletions(-) create mode 100644 nginx/gitlab.stpl create mode 100644 nginx/gitlab.tpl create mode 100644 nginx/mirrors.stpl create mode 100644 nginx/mirrors.tpl create mode 100644 nginx/portainer.stpl create mode 100644 nginx/portainer.tpl create mode 100644 nginx/ws.stpl create mode 100644 nginx/ws.tpl diff --git a/nginx/gitlab.stpl b/nginx/gitlab.stpl new file mode 100644 index 0000000..6e4bbaa --- /dev/null +++ b/nginx/gitlab.stpl @@ -0,0 +1,46 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + listen [::]:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass https://127.0.1.1:19443; + location ~* ^.+\.(%proxy_extentions%)$ { +# root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://127.0.1.1:19443; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/gitlab.tpl b/nginx/gitlab.tpl new file mode 100644 index 0000000..31d1673 --- /dev/null +++ b/nginx/gitlab.tpl @@ -0,0 +1,43 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + + +server { + listen %ip%:%proxy_port% ; + listen [::]:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://127.0.0.1:8010; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.0.1:8010; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/mail.stpl b/nginx/mail.stpl index 69d1ae8..5c63e96 100644 --- a/nginx/mail.stpl +++ b/nginx/mail.stpl @@ -17,7 +17,7 @@ server { include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; location / { - proxy_pass https://127.0.0.1:8020; + proxy_pass https://127.0.1.1:8020; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; diff --git a/nginx/mail.tpl b/nginx/mail.tpl index 31d1673..3a7fba1 100644 --- a/nginx/mail.tpl +++ b/nginx/mail.tpl @@ -3,20 +3,16 @@ # DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # #=======================================================================# - server { - listen %ip%:%proxy_port% ; - listen [::]:%proxy_port%; + listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - - error_log /var/log/%web_system%/domains/%domain%.error.log error; - + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; location / { proxy_pass http://127.0.0.1:8010; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; @@ -29,7 +25,7 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:8010; + proxy_pass http://%ip%:%web_port%; } location ~ /\.ht {return 404;} @@ -38,6 +34,6 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; + include %home%/%user%/conf/web/%domain%/nginx.conf_*; } diff --git a/nginx/mirrors.stpl b/nginx/mirrors.stpl new file mode 100644 index 0000000..8a1d8d0 --- /dev/null +++ b/nginx/mirrors.stpl @@ -0,0 +1,49 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root /home/tunasync/mirrors; + location ~ ^/(ferenos) { + index index.html index.htm; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + } + + + error_page 500 502 503 504 /50x.html; + + + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ + { + expires 30d; + } + + location ~ .*\.(js|css)?$ + { + expires 12h; + } + + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/mirrors.tpl b/nginx/mirrors.tpl new file mode 100644 index 0000000..ea909b4 --- /dev/null +++ b/nginx/mirrors.tpl @@ -0,0 +1,41 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + root /home/tunasync/mirrors; + location ~ ^/(ferenos) { + index index.html index.htm; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + } + + + error_page 500 502 503 504 /50x.html; + + + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ + { + expires 30d; + } + + location ~ .*\.(js|css)?$ + { + expires 12h; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/portainer.stpl b/nginx/portainer.stpl new file mode 100644 index 0000000..f95a8b5 --- /dev/null +++ b/nginx/portainer.stpl @@ -0,0 +1,73 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# +upstream portainer { + server 127.0.1.1:9090; +} +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass http://127.0.1.1:8989; + location ~* ^.+\.(%proxy_extensions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /portainer/ { + proxy_http_version 1.1; + proxy_set_header Host $http_host; # required for docker client's sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 900; + + proxy_set_header Connection ""; + proxy_buffers 32 4k; + proxy_pass https://portainer/; + } + + location /portainer/api/websocket/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass https://portainer/api/websocket/; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://127.0.1.1:8989; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/portainer.tpl b/nginx/portainer.tpl new file mode 100644 index 0000000..d657828 --- /dev/null +++ b/nginx/portainer.tpl @@ -0,0 +1,39 @@ +#=========================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work # +#=========================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.(?!well-known\/|file) { + deny all; + return 404; + } + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} + diff --git a/nginx/tz.stpl b/nginx/tz.stpl index dc7a090..a587c0e 100644 --- a/nginx/tz.stpl +++ b/nginx/tz.stpl @@ -17,7 +17,7 @@ server { include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; location / { - proxy_pass http://127.0.0.1:9010; + proxy_pass http://127.0.1.1:9010; location ~* ^.+\.(%proxy_extentions%)$ { # root %sdocroot%; access_log /var/log/%web_system%/domains/%domain%.log combined; @@ -27,7 +27,7 @@ server { } } location ~ ^/(ws|terminal/.+)$ { - proxy_pass http://127.0.0.1:9010; + proxy_pass http://127.0.1.1:9010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; @@ -38,7 +38,7 @@ server { } location @fallback { - proxy_pass http://127.0.0.1:9010; + proxy_pass http://127.0.1.1:9010; } location ~ /\.ht {return 404;} diff --git a/nginx/ws.stpl b/nginx/ws.stpl new file mode 100644 index 0000000..a8b0ce1 --- /dev/null +++ b/nginx/ws.stpl @@ -0,0 +1,58 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + ssl_stapling on; + ssl_stapling_verify on; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /sky { + proxy_redirect off; + proxy_pass http://127.0.0.1:23876; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + +# proxy_hide_header Upgrade; + + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; +} + diff --git a/nginx/ws.tpl b/nginx/ws.tpl new file mode 100644 index 0000000..9139d27 --- /dev/null +++ b/nginx/ws.tpl @@ -0,0 +1,39 @@ +#=======================================================================# +# Default Web Domain Template # +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # +#=======================================================================# + +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + + include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extensions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/%domain%/nginx.conf_*; +} +