nimrod · nimrod · nimrod · nimrod · nimrod · nimrod
--- a/Dockerfile
+++ b/Dockerfile
-FROM nginx:1.21.3-alpine
+FROM nginx:1.21.6-alpine
 # hadolint ignore=DL3018
 RUN rm -rf /etc/nginx/conf./* && \
    chmod 777 /run && \

--- a/README.md
+++ b/README.md
@@ -18,4 +18,4 @@ This software is licensed under the MIT license (see `LICENSE.txt`).
 Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my
 [website](https://www.shore.co.il/). Patches are welcome via
 [`git send-email`](http://git-scm.com/book/en/v2/Git-Commands-Email). The repository
-is located at: <https://git.shore.co.il/expore/>.
+is located at: <https://git.shore.co.il/explore/>.
--- a/conf.d/kodi.shore.co.il.conf
+++ b/conf.d/kodi.shore.co.il.conf
+# vim: ft=nginx
+map $host $kodi { default 172.18.0.1; }
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name kodi.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name kodi.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl-legacy.conf;
+    include     snippets/ldap-auth.conf;
+    location / {
+        proxy_pass              http://$kodi:8080;
+        proxy_http_version      1.1;
+        include                 snippets/proxy-headers.conf;
+        include                 snippets/websockets.conf;
+    }
+}
--- a/conf.d/library.shore.co.il.conf
+++ b/conf.d/library.shore.co.il.conf
+# vim: ft=nginx
+map $host $library { default transmission-webdav; }
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name library.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name library.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl-legacy.conf;
+    include     snippets/ldap-auth.conf;
+    location / {
+        proxy_pass              http://$library:80;
+        proxy_http_version      1.1;
+        include                 snippets/proxy-headers.conf;
+    }
+}
--- a/conf.d/transmission.shore.co.il.conf
+++ b/conf.d/transmission.shore.co.il.conf
+# vim: ft=nginx
+map $host $transmission { default transmission-daemon; }
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name transmission.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name transmission.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl-legacy.conf;
+    include     snippets/ldap-auth.conf;
+    location / {
+        proxy_pass              http://$transmission:9091;
+        proxy_http_version      1.1;
+        include                 snippets/proxy-headers.conf;
+    }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,11 +5,14 @@ services:
    build:
      context: ./
    # command: ["nginx", "-g", "daemon off;"]
-    hostname: &hostname shore.co.il
+    hostname: &hostname kodi.shore.co.il
    networks:
      default:
        aliases:
          - *hostname
+          - jellyfin.shore.co.il
+          - library.shore.co.il
+          - transmission.shore.co.il
    ports:
      - '80:80'
      - '443:443'

--- a/snippets/ssl-modern.conf
+++ b/snippets/ssl-modern.conf
 # vim: ft=nginx
 include                     snippets/ssl-common.conf;
 ssl_protocols               TLSv1.2 TLSv1.3;
-ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1;
+ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA:!SHA1:!kRSA;