git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

214 lines
8.0 KiB

  1. ## Set a variable to help us decide if we need to add the
  2. ## 'Docker-Distribution-Api-Version' header.
  3. ## The registry always sets this header.
  4. ## In the case of nginx performing auth, the header is unset
  5. ## since nginx is auth-ing before proxying.
  6. map ${DOLLAR}upstream_http_docker_distribution_api_version ${DOLLAR}docker_distribution_api_version {
  7. '' 'registry/2.0';
  8. }
  9. server {
  10. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  11. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  12. listen 80;
  13. client_header_timeout 120s;
  14. client_body_timeout 120s;
  15. client_max_body_size 200m;
  16. # save logs here
  17. server_name ${SERVER_NAME};
  18. location / {
  19. return 301 https://${DOLLAR}host${DOLLAR}request_uri;
  20. }
  21. }
  22. server {
  23. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  24. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  25. # listen 444
  26. listen 5005 ssl;
  27. # this should allow large docs
  28. client_header_timeout 120s;
  29. client_body_timeout 120s;
  30. client_max_body_size 200m;
  31. ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
  32. ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
  33. # save logs here
  34. #access_log /var/log/nginx/access.log compression;
  35. server_name ${SERVER_NAME};
  36. location / {
  37. proxy_pass ${COMMENTO_PROXY_PASS};
  38. }
  39. }
  40. server {
  41. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  42. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  43. # listen 444
  44. listen 5006 ssl;
  45. # this should allow large docs
  46. client_header_timeout 120s;
  47. client_body_timeout 120s;
  48. client_max_body_size 200m;
  49. ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
  50. ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
  51. # save logs here
  52. #access_log /var/log/nginx/access.log compression;
  53. server_name ${SERVER_NAME};
  54. location / {
  55. proxy_pass ${MATOMO_PROXY_PASS};
  56. proxy_set_header Host ${DOLLAR}http_host;
  57. proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  58. proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
  59. proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
  60. proxy_buffering off;
  61. }
  62. }
  63. server {
  64. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  65. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  66. # listen 444
  67. listen 5000 ssl;
  68. # this should allow large docs
  69. client_header_timeout 120s;
  70. client_body_timeout 120s;
  71. client_max_body_size 200m;
  72. ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
  73. ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
  74. # save logs here
  75. #access_log /var/log/nginx/access.log compression;
  76. server_name ${SERVER_NAME};
  77. location / {
  78. proxy_pass ${DRONE_PROXY_PASS};
  79. }
  80. }
  81. server {
  82. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  83. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  84. # listen 444
  85. listen 5001 ssl;
  86. # this should allow large docs
  87. client_header_timeout 120s;
  88. client_body_timeout 120s;
  89. client_max_body_size 0;
  90. ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
  91. ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
  92. # save logs here
  93. #access_log /var/log/nginx/access.log compression;
  94. # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  95. ssl_protocols TLSv1.1 TLSv1.2;
  96. ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  97. ssl_prefer_server_ciphers on;
  98. ssl_session_cache shared:SSL:10m;
  99. # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
  100. chunked_transfer_encoding on;
  101. server_name ${SERVER_NAME};
  102. location /v2/ {
  103. # Do not allow connections from docker 1.5 and earlier
  104. # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
  105. if (${DOLLAR}http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
  106. return 404;
  107. }
  108. add_header 'Docker-Distribution-Api-Version' ${DOLLAR}docker_distribution_api_version always;
  109. proxy_set_header Host ${DOLLAR}http_host;
  110. proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  111. proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
  112. proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
  113. proxy_buffering off;
  114. proxy_pass ${REGISTRY_PROXY_PASS};
  115. }
  116. }
  117. server {
  118. # resolver 127.0.0.11 valid=30s; ## internal docker dns
  119. #listen [::]:3011 default ipv6only=on; ## listen for ipv6
  120. # listen 444
  121. listen 443 ssl;
  122. # this should allow large docs
  123. client_header_timeout 120s;
  124. client_body_timeout 120s;
  125. client_max_body_size 0;
  126. ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
  127. ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
  128. # save logs here
  129. #access_log /var/log/nginx/access.log compression;
  130. # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  131. ssl_protocols TLSv1.1 TLSv1.2;
  132. ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  133. ssl_prefer_server_ciphers on;
  134. ssl_session_cache shared:SSL:10m;
  135. # required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
  136. chunked_transfer_encoding on;
  137. server_name ${SERVER_NAME};
  138. location ~ ${GIT_LOCATION}(.*) {
  139. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  140. set ${DOLLAR}upstream ${GIT_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  141. proxy_pass ${DOLLAR}upstream;
  142. }
  143. location ~ ${MATOMO_LOCATION}(.*) {
  144. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  145. set ${DOLLAR}upstream ${MATOMO_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  146. proxy_pass ${DOLLAR}upstream;
  147. }
  148. location ~ ${CHAT_LOCATION}sockjs(.*) {
  149. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  150. set ${DOLLAR}upstream ${CHAT_PROXY_PASS}chat/sockjs${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  151. proxy_pass ${DOLLAR}upstream;
  152. proxy_http_version 1.1;
  153. proxy_set_header Upgrade ${DOLLAR}http_upgrade;
  154. proxy_set_header Connection "Upgrade";
  155. proxy_set_header Host ${DOLLAR}host;
  156. proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  157. proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
  158. proxy_set_header X-Forward-Proto http;
  159. proxy_set_header X-Nginx-Proxy true;
  160. proxy_redirect off;
  161. }
  162. location ~ ${CHAT_LOCATION}(.*) {
  163. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  164. set ${DOLLAR}upstream ${CHAT_PROXY_PASS}chat/${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  165. proxy_pass ${DOLLAR}upstream;
  166. }
  167. location ~ ${REMOTE_LOCATION}websocket-tunnel(.*) {
  168. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  169. set ${DOLLAR}upstream ${REMOTE_PROXY_PASS}websocket-tunnel${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  170. proxy_pass ${DOLLAR}upstream;
  171. proxy_http_version 1.1;
  172. proxy_set_header Upgrade ${DOLLAR}http_upgrade;
  173. proxy_set_header Connection "Upgrade";
  174. proxy_set_header Host ${DOLLAR}host;
  175. proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  176. proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
  177. proxy_set_header X-Forward-Proto http;
  178. proxy_set_header X-Nginx-Proxy true;
  179. proxy_redirect off;
  180. }
  181. location ~ ${REMOTE_LOCATION}(.*) {
  182. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  183. set ${DOLLAR}upstream ${REMOTE_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  184. proxy_pass ${DOLLAR}upstream;
  185. }
  186. location ~ ${COMMENTO_LOCATION}(.*) {
  187. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  188. set ${DOLLAR}upstream ${COMMENTO_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  189. proxy_pass ${DOLLAR}upstream;
  190. }
  191. location ~ ${BLOG_LOCATION}(.*) {
  192. resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
  193. proxy_set_header Host ${DOLLAR}http_host;
  194. proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  195. proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
  196. proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
  197. proxy_buffering off;
  198. set ${DOLLAR}upstream ${BLOG_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
  199. proxy_pass ${DOLLAR}upstream;
  200. }
  201. }