# ======================== # HTTP - Redirect All .sdanywhere.com to HTTPS # ======================== server { server_name *.sdanywhere.com; # ACME challenge location for Certbot location /.well-known/acme-challenge/ { root /var/www/letsencrypt; } # Redirect all other traffic to HTTPS location / { return 301 https://$host$request_uri; } listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # ======================== # Service 1,2,3 Redirect (example) # ======================== server { listen 80; server_name service1.example.com service2.example.com service3.example.com; return 301 https://$host$request_uri; } # ======================== # Jellyfin - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name jellyfin.sdanywhere.com; ssl_certificate /etc/letsencrypt/live/jellyfin.sdanywhere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jellyfin.sdanywhere.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://jellyfin:8096; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } } # ======================== # Ollama - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ollama.sdanywhere.com; ssl_certificate /etc/letsencrypt/live/ollama.sdanywhere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ollama.sdanywhere.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://docker1:3000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # ======================== # VW Service - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name vw.sdanywhere.com; ssl_certificate /etc/letsencrypt/live/vw.sdanywhere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/vw.sdanywhere.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://docker1:8000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # ======================== # NextCloud Service - 443 SSL # ======================== server { listen 80; server_name nextcloud.sdanywhere.com; # Redirect all HTTP to HTTPS return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name nextcloud.sdanywhere.com; # SSL configuration ssl_certificate /etc/letsencrypt/live/nextcloud.sdanywhere.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nextcloud.sdanywhere.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Proxy settings client_max_body_size 10G; # adjust to your upload needs proxy_buffering off; # recommended for file uploads proxy_read_timeout 3600s; # large uploads may take time location / { proxy_pass http://docker1:8081/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; # WebSocket support (for future apps) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Optional: HSTS for security add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; } server { listen 443 ssl; server_name collabora.sdanywhere.com; # ssl_certificate /etc/ssl/certs/fullchain.pem; # ssl_certificate_key /etc/ssl/private/privkey.pem; # increase buffers for document editing proxy_buffers 16 64k; proxy_buffer_size 128k; location / { proxy_pass https://docker1:9980; # Docker host running CODE proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 36000s; # long for editing large docs } ssl_certificate /etc/letsencrypt/live/collabora.sdanywhere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/collabora.sdanywhere.com/privkey.pem; # managed by Certbot } # ======================== # Salsa Service - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name salsa.sdanywhere.com; # ssl_certificate /etc/letsencrypt/live/salsa.sdanywhere.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/salsa.sdanywhere.com/privkey.pem; # include /etc/letsencrypt/options-ssl-nginx.conf; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://docker1:8080; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_certificate /etc/letsencrypt/live/salsa.sdanywhere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/salsa.sdanywhere.com/privkey.pem; # managed by Certbot } # ======================== # Start Service - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name start.sdanywhere.com; location / { proxy_pass http://nginx-static; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_certificate /etc/letsencrypt/live/start.sdanywhere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/start.sdanywhere.com/privkey.pem; # managed by Certbot } # ======================== # aptool Service - 443 SSL # ======================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name aptool.sdanywhere.com; # ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem; # include /etc/letsencrypt/options-ssl-nginx.conf; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://docker1:5000/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; client_max_body_size 50M; # or higher depending on your photos proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_certificate /etc/letsencrypt/live/aptool.sdanywhere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/aptool.sdanywhere.com/privkey.pem; # managed by Certbot }