From 7cefebce409d8014f799f8bfe4ed73c3e7880d15 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 3 Apr 2020 09:02:59 +0100 Subject: [PATCH] . --- letsencrypt-nginx/conf/copy | 172 ---------------------------------- letsencrypt-nginx/conf/copy-1 | 120 ------------------------ 2 files changed, 292 deletions(-) delete mode 100644 letsencrypt-nginx/conf/copy delete mode 100644 letsencrypt-nginx/conf/copy-1 diff --git a/letsencrypt-nginx/conf/copy b/letsencrypt-nginx/conf/copy deleted file mode 100644 index 534f00b..0000000 --- a/letsencrypt-nginx/conf/copy +++ /dev/null @@ -1,172 +0,0 @@ - ## Set a variable to help us decide if we need to add the - ## 'Docker-Distribution-Api-Version' header. - ## The registry always sets this header. - ## In the case of nginx performing auth, the header is unset - ## since nginx is auth-ing before proxying. - map ${DOLLAR}upstream_http_docker_distribution_api_version ${DOLLAR}docker_distribution_api_version { - '' 'registry/2.0'; - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - listen 80; - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - - # save logs here - - server_name ${SERVER_NAME}; - - - location / { - return 301 https://${DOLLAR}host${DOLLAR}request_uri; - } - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 5000 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - server_name ${SERVER_NAME}; - - location / { - proxy_pass ${DRONE_PROXY_PASS}; - } - } - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 5001 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 0; - ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - - # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - server_name ${SERVER_NAME}; - - - location /v2/ { - # Do not allow connections from docker 1.5 and earlier - # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents - if (${DOLLAR}http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { - return 404; - } - add_header 'Docker-Distribution-Api-Version' ${DOLLAR}docker_distribution_api_version always; - - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; - proxy_buffering off; - proxy_pass ${REGISTRY_PROXY_PASS}; - - } - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 443 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 0; - ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - - # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - server_name ${SERVER_NAME}; - - location ${LOCATION} { - proxy_pass ${PROXY_PASS}; - } - location ${BLOG_LOCATION} { - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; - proxy_buffering off; - proxy_pass ${BLOG_PROXY_PASS}; - } - - location ${CHAT_LOCATION}sockjs { - proxy_pass ${CHAT_PROXY_PASS}/chat/sockjs; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - } - location ${CHAT_LOCATION}sockjs/ { - proxy_pass ${CHAT_PROXY_PASS}/chat/sockjs/; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - - } - location ${CHAT_LOCATION} { - proxy_pass ${CHAT_PROXY_PASS}; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - } - } - diff --git a/letsencrypt-nginx/conf/copy-1 b/letsencrypt-nginx/conf/copy-1 deleted file mode 100644 index f2d9612..0000000 --- a/letsencrypt-nginx/conf/copy-1 +++ /dev/null @@ -1,120 +0,0 @@ - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - listen 80; - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - - # save logs here - - server_name ${SERVER_NAME}; - - - location / { - return 301 https://${DOLLAR}host${DOLLAR}request_uri; - } - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 5000 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - server_name ${SERVER_NAME}; - - location / { - proxy_pass ${DRONE_PROXY_PASS}; - } - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 443 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 0; - ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - - # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486) - chunked_transfer_encoding on; - - server_name ${SERVER_NAME}; - - location ${LOCATION} { - proxy_pass ${PROXY_PASS}; - } - location ${BLOG_LOCATION} { - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; - proxy_buffering off; - proxy_pass ${BLOG_PROXY_PASS}; - } - - location ${CHAT_LOCATION}sockjs { - proxy_pass ${CHAT_PROXY_PASS}/chat/sockjs; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - } - location ${CHAT_LOCATION}sockjs/ { - proxy_pass ${CHAT_PROXY_PASS}/chat/sockjs/; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - - } - location ${CHAT_LOCATION} { - proxy_pass ${CHAT_PROXY_PASS}; - proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - - } - } -