Skip to content
Commits on Source (23)
Hide whitespace changes
Inline Side-by-side
Dockerfile
View file @ 3993f204
FROM nginx:1.23.1-alpine FROM nginx:1.23.2-alpine
# hadolint ignore=DL3018 # hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf./* && \ RUN rm -rf /etc/nginx/conf./* && \
chmod 777 /run && \ chmod 777 /run && \
......
README.md
View file @ 3993f204
...@@ -4,11 +4,6 @@ ...@@ -4,11 +4,6 @@
> Web proxy Dockerized setup. > Web proxy Dockerized setup.
## Branches
The `master` branch doesn't have any configuration in it. The `ns4` and `host01`
branches have configuration for those hoss.
## License ## License
This software is licensed under the MIT license (see `LICENSE.txt`). This software is licensed under the MIT license (see `LICENSE.txt`).
......
conf.d/autoconfig.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name autoconfig.shore.co.il autoconfig.nehe.sr;
root /var/www/autoconfig.shore.co.il/;
include snippets/www-acme-challenge.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/robots-allow-all.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name autoconfig.shore.co.il autoconfig.nehe.sr;
root /var/www/autoconfig.shore.co.il/;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
}
conf.d/elasticsearch.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
map $host $es { default elasticsearch; }
server {
listen 80;
listen [::]:80;
server_name elasticsearch.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name elasticsearch.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-modern.conf;
location / {
proxy_pass http://$es:9200$request_uri;
proxy_http_version 1.1;
include snippets/allow-shore-ips.conf;
}
}
conf.d/kibana.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
map $host $kibana { default kibana; }
server {
listen 80;
listen [::]:80;
server_name kibana.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kibana.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-modern.conf;
include snippets/vouch.conf;
location / {
proxy_pass http://$kibana:5601$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
}
}
conf.d/myip.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name myip.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
error_page 404 /;
location = / { return 200 "$remote_addr"; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name myip.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
error_page 404 /;
location = / {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "$remote_addr";
}
}
conf.d/nehe.sr.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
include snippets/nextcloud-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
}
conf.d/nehes.co.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
include snippets/nextcloud-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
}
conf.d/registry.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
map $host $registry { default registry; }
map $host $registry_fe { default reg; }
server {
listen 80;
listen [::]:80;
server_name registry.shore.co.il;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name registry.shore.co.il;
include snippets/ssl-modern.conf;
location /v2/ {
proxy_pass http://$registry:5000$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
limit_except GET HEAD OPTIONS {
include snippets/allow-ns4.conf;
include snippets/allow-private-ips.conf;
}
}
location / {
proxy_pass http://$registry_fe:8080$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
}
}
conf.d/shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
map $host $z_push { default z-push; }
server {
listen 80;
listen [::]:80;
server_name shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-www.conf;
location = / { return 301 https://www.shore.co.il/blog/; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
include snippets/nextcloud-well-known.conf;
include snippets/activesync.conf;
include snippets/redirect-www.conf;
include snippets/matrix-well-known.conf;
location = / { return 301 https://www.shore.co.il/blog/; }
}
conf.d/www.nehe.sr.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name www.nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.nehe.sr;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
root /var/www/www.nehe.sr/;
error_page 404 /404.html;
}
conf.d/www.nehes.co.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name www.nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.nehes.co;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
root /var/www/www.nehe.sr/;
error_page 404 /404.html;
}
conf.d/www.shore.co.il.conf 0 → 100644
View file @ 3993f204
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name www.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
location = / { return 301 https://$host/blog/; }
location /repo/ {
root /var/www/www.shore.co.il/;
autoindex on;
}
include snippets/redirect-https.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl-legacy.conf;
root /var/www/www.shore.co.il/;
error_page 404 /;
location /repo/ { autoindex on; }
location = /resume { try_files $uri /resume/resume.html; }
location = /resume/ { index resume.html; }
location = / { return 301 https://$host/blog/; }
location /about { return 301 https://$host/blog/pages/about-me.html; }
location /spam { return 301 https://$host/blog/pages/spam.html; }
location = /blog {
try_files $uri /blog/index.html;
charset UTF-8;
}
location /cgit { return 301 https://git.shore.co.il/explore; }
location /cgit/ { return 301 https://git.shore.co.il/explore; }
location /git { return 301 https://git.shore.co.il/explore; }
location /git/ { return 301 https://git.shore.co.il/explore; }
}
docker-compose.yml
View file @ 3993f204
...@@ -5,11 +5,16 @@ services: ...@@ -5,11 +5,16 @@ services:
build: build:
context: ./ context: ./
# command: ["nginx", "-g", "daemon off;"] # command: ["nginx", "-g", "daemon off;"]
hostname: &hostname shore.co.il hostname: &hostname www.shore.co.il
networks: networks:
default: default:
aliases: aliases:
- *hostname - *hostname
- autoconfig.shore.co.il
- myip.shore.co.il
- nehe.sr
- registry.shore.co.il
- www.nehe.sr
ports: ports:
- '80:80' - '80:80'
- '443:443' - '443:443'
...@@ -19,6 +24,9 @@ services: ...@@ -19,6 +24,9 @@ services:
- '/var/ssl/site.key:/var/ssl/site.key:ro' - '/var/ssl/site.key:/var/ssl/site.key:ro'
- '/var/ssl/site.crt:/var/ssl/site.crt:ro' - '/var/ssl/site.crt:/var/ssl/site.crt:ro'
- '/var/ssl/dhparams:/var/ssl/dhparams:ro' - '/var/ssl/dhparams:/var/ssl/dhparams:ro'
- '/var/www/www.nehe.sr:/var/www/www.nehe.sr:ro'
- '/var/www/www.shore.co.il/blog:/var/www/www.shore.co.il/blog:ro'
- '/var/www/www.shore.co.il/resume:/var/www/www.shore.co.il/resume:ro'
vouch: vouch:
environment: environment:
......
snippets/activesync.conf 0 → 100644
View file @ 3993f204
location /AutoDiscover/ {
proxy_pass https://zpush.shore.co.il$request_uri;
include snippets/proxy-headers.conf;
include snippets/proxy-ssl.conf;
}
location /Autodiscover/ {
proxy_pass https://zpush.shore.co.il$request_uri;
include snippets/proxy-headers.conf;
include snippets/proxy-ssl.conf;
}
location /autodiscover/ {
proxy_pass https://zpush.shore.co.il$request_uri;
include snippets/proxy-headers.conf;
include snippets/proxy-ssl.conf;
}
location /Microsoft-Server-ActiveSync {
proxy_pass https://zpush.shore.co.il$request_uri;
include snippets/proxy-headers.conf;
include snippets/proxy-ssl.conf;
}
snippets/nextcloud-well-known.conf 0 → 100644
View file @ 3993f204
location /.well-known/caldav {
return 301 https://nextcloud.shore.co.il/remote.php/dav;
}
location /.well-known/carddav {
return 301 https://nextcloud.shore.co.il/remote.php/dav;
}
location /.well-known/webfinger {
return 301 https://nextcloud.shore.co.il/public.php?service=webfinger;
}
www/autoconfig.shore.co.il/mail/config-v1.1.xml 0 → 100644
View file @ 3993f204
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="shore.co.il">
<domain>shore.co.il</domain>
<displayName>Shore technologies</displayName>
<displayShortName>Shore</displayShortName>
<incomingServer type="imap">
<hostname>imap.shore.co.il</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.shore.co.il</hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</outgoingServer>
</emailProvider>
<emailProvider id="nehe.sr">
<domain>nehe.sr</domain>
<displayName>Nehes Realestate</displayName>
<displayShortName>Nehes</displayShortName>
<incomingServer type="imap">
<hostname>imap.shore.co.il</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.shore.co.il</hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</outgoingServer>
</emailProvider>
</clientConfig>
www/www.shore.co.il/google88c23a5c89fa3cb3.html 0 → 100644
View file @ 3993f204
google-site-verification: google88c23a5c89fa3cb3.html