kamaji/nginx-reverse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
kamaji
2026-01-26 04:51:05 -06:00
commit 18c933a1fc
18 changed files with 1079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

265
sites-available/reverse-proxy.conf Normal file
View File

@@ -0,0 +1,265 @@
# ========================
# HTTP - Redirect All .sdanywhere.com to HTTPS
# ========================
server {
server_name *.sdanywhere.com;
# ACME challenge location for Certbot
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirect all other traffic to HTTPS
location / {
return 301 https://$host$request_uri;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# ========================
# Service 1,2,3 Redirect (example)
# ========================
server {
listen 80;
server_name service1.example.com service2.example.com service3.example.com;
return 301 https://$host$request_uri;
}
# ========================
# Jellyfin - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.sdanywhere.com;
ssl_certificate /etc/letsencrypt/live/jellyfin.sdanywhere.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jellyfin.sdanywhere.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# ========================
# Ollama - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ollama.sdanywhere.com;
ssl_certificate /etc/letsencrypt/live/ollama.sdanywhere.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ollama.sdanywhere.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://docker1:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# ========================
# VW Service - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vw.sdanywhere.com;
ssl_certificate /etc/letsencrypt/live/vw.sdanywhere.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vw.sdanywhere.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://docker1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# ========================
# NextCloud Service - 443 SSL
# ========================
server {
listen 80;
server_name nextcloud.sdanywhere.com;
# Redirect all HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name nextcloud.sdanywhere.com;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/nextcloud.sdanywhere.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nextcloud.sdanywhere.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Proxy settings
client_max_body_size 10G; # adjust to your upload needs
proxy_buffering off; # recommended for file uploads
proxy_read_timeout 3600s; # large uploads may take time
location / {
proxy_pass http://docker1:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# WebSocket support (for future apps)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Optional: HSTS for security
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
}
server {
listen 443 ssl;
server_name collabora.sdanywhere.com;
# ssl_certificate /etc/ssl/certs/fullchain.pem;
# ssl_certificate_key /etc/ssl/private/privkey.pem;
# increase buffers for document editing
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass https://docker1:9980; # Docker host running CODE
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 36000s; # long for editing large docs
}
ssl_certificate /etc/letsencrypt/live/collabora.sdanywhere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/collabora.sdanywhere.com/privkey.pem; # managed by Certbot
}
# ========================
# Salsa Service - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name salsa.sdanywhere.com;
# ssl_certificate /etc/letsencrypt/live/salsa.sdanywhere.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/salsa.sdanywhere.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://docker1:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/letsencrypt/live/salsa.sdanywhere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/salsa.sdanywhere.com/privkey.pem; # managed by Certbot
}
# ========================
# Start Service - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name start.sdanywhere.com;
location / {
proxy_pass http://nginx-static;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/letsencrypt/live/start.sdanywhere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/start.sdanywhere.com/privkey.pem; # managed by Certbot
}
# ========================
# aptool Service - 443 SSL
# ========================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name aptool.sdanywhere.com;
# ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://docker1:5000/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_max_body_size 50M; # or higher depending on your photos
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem; # managed by Certbot
}