diff --git a/README.md b/README.md index 77d5ecb..2ea5d26 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,45 @@ # ketreweb containers -The cron job to update certificates isn't quite working yet. +| Container | Purpose | +|:----------------------|:-----------------------------------------------| +| ketrenet-web | Main webserver entry for https://ketrenos.com | +| ketrenet-mail | Email MTA and mailbox management | +| ketrenet-roundcube | Email web interface. https://mail.ketrenos.com | +| ketrenet-cron | Update letsencrypt keys, etc. | +| ketrenet-dns | DNS server | +| ketrenet-mailman-core | Mailman3 Core backend | +| ketrenet-mailman-web | Mailman3 Web frontend | +| ketrenet-database | Mailman3 Postgres DB | -To update certificates: +## Disk structure + +| Directory | Purpose | +|:----------------------|:-----------------------------------------------| +| $PWD/data/$SERVICE | Logs, error reporting, databases | +| $SERVICE/etc | Configuration files for $SERVICE | +| $PWD/www | Web content hosted by ketrenet-web directly | + +## Update certificates + +The cron job to update certificates isn't quite working yet. To update +certificates: ```bash docker exec -it ketrenet-cron /bin/bash -/usr/bin/certbot renew --no-self-upgrade --webroot -w /var/www/ketrenos.com -/usr/bin/scp -q -i /keys/opnsense-letsencrypt /etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem letsencrypt@opnsense.ketrenos.com:. -/usr/bin/ssh -i /keys/opnsense-letsencrypt letsencrypt@opnsense.ketrenos.com sudo ./update-cert.sh fullchain.pem privkey.pem +/usr/bin/certbot renew --no-self-upgrade --webroot \ + -w /var/www/ketrenos.com +/usr/bin/scp -q \ + -i /keys/opnsense-letsencrypt \ + /etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem \ + letsencrypt@opnsense.ketrenos.com:. +/usr/bin/ssh \ + -i /keys/opnsense-letsencrypt \ + letsencrypt@opnsense.ketrenos.com \ + sudo ./update-cert.sh fullchain.pem privkey.pem ``` -After that completes (without errors) outside the container use `./sync-certs` to push -the updated certificates to all the service containers and servers. +After that completes (without errors) outside the container use `./sync-certs` +to push the updated certificates to all the service containers and servers. ## ketreweb @@ -23,7 +50,7 @@ apache2 is only being used for mailman, which is currently offline ## ketreweb-roundcube -default container for roundcube +default container for roundcube. Provides https://mail.ketrenos.com ## ketreweb-cron diff --git a/docker-compose.yml b/docker-compose.yml index 1fbb827..680f977 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,9 +19,13 @@ services: - /home/jketreno/docker/webserver/web/entrypoint.sh:/entrypoint.sh:ro - /home/jketreno/docker/webserver/data/log:/var/log:rw - /home/jketreno/docker/webserver/www:/var/www:ro + - /home/jketreno/docker/webserver/data/mailman/web/data/static:/opt/mailman/static:ro ports: - 80:80 - 443:443 + networks: + ketrenet-mailman: + ketrenet-mail: image: ketrenet-mail @@ -91,6 +95,9 @@ services: - /home/jketreno/docker/webserver/roundcube/var/roundcube:/var/roundcube/config:ro - /home/jketreno/docker/webserver/data/roundcube/db:/var/roundcube/db:rw - /home/jketreno/docker/webserver/data/roundcube/html:/var/www/html:rw + networks: + ketrenet-mailman: + ketrenet-cron: image: ketrenet-cron @@ -140,11 +147,11 @@ services: - /home/jketreno/docker/webserver/data/mailman/core:/opt/mailman/ stop_grace_period: 30s links: - - database:database + - ketrenet-database:ketrenet-database depends_on: - - database + - ketrenet-database environment: - - DATABASE_URL=postgresql://mailman:1mailm3np2ss@database/mailmandb + - DATABASE_URL=postgresql://mailman:mailmanpass@ketrenet-database/mailmandb - DATABASE_TYPE=postgres - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase - HYPERKITTY_API_KEY=s0meap1k3y @@ -161,16 +168,20 @@ services: hostname: mailman-web restart: unless-stopped depends_on: - - database + - ketrenet-database links: - - mailman-core:mailman-core - - database:database + - ketrenet-mailman-core:ketrenet-mailman-core + - ketrenet-database:ketrenet-database volumes: - - /home/jketreno/docker/webserver/data/mailman/web:/opt/mailman-web-data + - /home/jketreno/docker/webserver/data/mailman/web/data:/opt/mailman-web-data + - /home/jketreno/docker/webserver/data/mailman/web/config:/opt/mailman-web environment: - DATABASE_TYPE=postgres - - DATABASE_URL=postgresql://mailman:1mailm3np2ss@database/mailmandb + - DATABASE_URL=postgresql://mailman:mailmanpass@ketrenet-database/mailmandb - HYPERKITTY_API_KEY=s0meap1k3y + - SECRET_KEY=s7p4rs3kr1t + - SERVE_FROM_DOMAIN=ketrenos.com + - UWSGI_STATIC_MAP=/mailman/static=/opt/mailman-web-data/static ports: - "127.0.0.1:8000:8000" # HTTP - "127.0.0.1:8080:8080" # uwsgi @@ -179,10 +190,11 @@ services: ketrenet-database: + container_name: ketrenet-database environment: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - - POSTGRES_PASSWORD=1mailm@np@ss + - POSTGRES_PASSWORD=mailmanpass image: postgres:12-alpine volumes: - /home/jketreno/docker/webserver/data/mailman/database:/var/lib/postgresql/data diff --git a/mailman/web/mailman-web/settings.py b/mailman/web/mailman-web/settings.py index c19a827..3f109f4 100644 --- a/mailman/web/mailman-web/settings.py +++ b/mailman/web/mailman-web/settings.py @@ -40,7 +40,7 @@ SECRET_KEY = os.environ.get('SECRET_KEY') DEBUG = False ADMINS = ( - ('Mailman Suite Admin', 'root@localhost'), + ('Mailman Suite Admin', 'james_mailman@ketrenos.com'), ) SITE_ID = 1 @@ -48,24 +48,26 @@ SITE_ID = 1 # Hosts/domain names that are valid for this site; required if DEBUG is False # See https://docs.djangoproject.com/en/3.1/ref/settings/#allowed-hosts ALLOWED_HOSTS = [ + "127.0.0.1", "localhost", # Archiving API from Mailman, keep it. "mailman-web", + "ketrenet-mailman-web", os.environ.get('SERVE_FROM_DOMAIN'), ] try: - ALLOWED_HOSTS.append(gethostbyname("mailman-web")) # only add if this resolves + ALLOWED_HOSTS.append(gethostbyname("ketrenet-mailman-web")) # only add if this resolves except gaierror: pass ALLOWED_HOSTS.extend(os.getenv("DJANGO_ALLOWED_HOSTS", "").split(",")) # Mailman API credentials -MAILMAN_REST_API_URL = os.environ.get('MAILMAN_REST_URL', 'http://mailman-core:8001') +MAILMAN_REST_API_URL = os.environ.get('MAILMAN_REST_URL', 'http://ketrenet-mailman-core:8001') MAILMAN_REST_API_USER = os.environ.get('MAILMAN_REST_USER', 'restadmin') MAILMAN_REST_API_PASS = os.environ.get('MAILMAN_REST_PASSWORD', 'restpass') MAILMAN_ARCHIVER_KEY = os.environ.get('HYPERKITTY_API_KEY') -MAILMAN_ARCHIVER_FROM = (os.environ.get('MAILMAN_HOST_IP', gethostbyname(os.environ.get('MAILMAN_HOSTNAME', 'mailman-core'))),) +MAILMAN_ARCHIVER_FROM = (os.environ.get('MAILMAN_HOST_IP', gethostbyname(os.environ.get('MAILMAN_HOSTNAME', 'ketrenet-mailman-core'))),) # Application definition @@ -198,7 +200,7 @@ USE_TZ = True STATIC_ROOT = '/opt/mailman-web-data/static' -STATIC_URL = '/static/' +STATIC_URL = '/mailman/static/' # Additional locations of static files @@ -399,7 +401,7 @@ Q_CLUSTER = { 'orm': 'default', } -POSTORIUS_TEMPLATE_BASE_URL = os.environ.get('POSTORIUS_TEMPLATE_BASE_URL', 'http://mailman-web:8000') +POSTORIUS_TEMPLATE_BASE_URL = os.environ.get('POSTORIUS_TEMPLATE_BASE_URL', 'http://ketrenet-mailman-web:8000') DISKCACHE_PATH = os.environ.get('DISKCACHE_PATH', '/opt/mailman-web-data/diskcache') DISKCACHE_SIZE = os.environ.get('DISKCACHE_SIZE', 2 ** 30) # 1 gigabyte diff --git a/web/etc/nginx/sites-available/default b/web/etc/nginx/sites-available/default index 3e57817..8707259 100644 --- a/web/etc/nginx/sites-available/default +++ b/web/etc/nginx/sites-available/default @@ -1,726 +1,724 @@ # Default server configuration # server { - listen 80 default_server; - listen [::]:80 default_server; - return 301 https://$host$request_uri; + listen 80 default_server; + listen [::]:80 default_server; + return 301 https://$host$request_uri; } server { - listen 443 ssl; - root /var/www/html; + listen 443 ssl; + root /var/www/html; - client_max_body_size 5g; - server_name ketrenos.com; + client_max_body_size 5g; + server_name ketrenos.com; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location /keys { - auth_basic "Restricted"; - auth_basic_user_file /var/www/ketrenos.com/keys/.htpasswd; - } + location /mailman/static { + alias /opt/mailman/static; + } - location /fsm { - alias /var/www/ketrenos.com/fsm; - autoindex on; - } + location /mailman { + # First attempt to serve request as file, then + uwsgi_pass ketrenet-mailman-web:8080; + include uwsgi_params; + uwsgi_read_timeout 300; + uwsgi_param SCRIPT_NAME /mailman; + uwsgi_modifier1 30; + } - location /files { - alias /var/www/ketrenos.com/files; - autoindex on; - } + location /keys { + auth_basic "Restricted"; + auth_basic_user_file /var/www/ketrenos.com/keys/.htpasswd; + } - location /3d-sbs { - alias /var/www/ketrenos.com/3d-sbs; - autoindex on; - } + location /fsm { + alias /var/www/ketrenos.com/fsm; + autoindex on; + } - location /funeral { - alias /var/www/ketrenos.com/funeral; - autoindex on; - } + location /files { + alias /var/www/ketrenos.com/files; + autoindex on; + } - location /tfm/ { - proxy_pass http://192.168.1.78:4205/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /3d-sbs { + alias /var/www/ketrenos.com/3d-sbs; + autoindex on; + } - location /shell/ { - proxy_pass https://192.168.1.78:4200/shell/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /funeral { + alias /var/www/ketrenos.com/funeral; + autoindex on; + } - location /opnsense/ { - proxy_pass https://192.168.1.10/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /tfm/ { + proxy_pass http://192.168.1.78:4205/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /shell/ { + proxy_pass https://192.168.1.78:4200/shell/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /opnsense/ { + proxy_pass https://192.168.1.10/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - location /valheim { - alias /var/www/ketrenos.com/valheim; - index index.html; - } + location /valheim { + alias /var/www/ketrenos.com/valheim; + index index.html; + } - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } - - rewrite ^/ketr.ketran/games/(.*)$ /ketr.ketran/$1 permanent; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location /ketr.ketran { - root /var/www/ketrenos.com; - index unresolvable-file-html.html; - try_files $uri @index; - } - - # This seperate location is so the no cache policy only applies to the index and nothing else. - location @index { - root /var/www/ketrenos.com/ketr.ketran; - add_header Cache-Control no-cache; - expires 0; - try_files /index.html =404; - } + rewrite ^/ketr.ketran/games/(.*)$ /ketr.ketran/$1 permanent; - rewrite ^/ketr.test/games/(.*)$ /ketr.test/$1 permanent; + location /ketr.ketran { + root /var/www/ketrenos.com; + index unresolvable-file-html.html; + try_files $uri @index; + } - location /ketr.test { - root /var/www/ketrenos.com; - index unresolvable-file-html.html; - try_files $uri @indextest; - } - + # This seperate location is so the no cache policy only applies to the index and nothing else. + location @index { + root /var/www/ketrenos.com/ketr.ketran; + add_header Cache-Control no-cache; + expires 0; + try_files /index.html =404; + } - # This seperate location is so the no cache policy only applies to the index and nothing else. - location @indextest { - root /var/www/ketrenos.com/ketr.test; - add_header Cache-Control no-cache; - expires 0; - try_files /index.html =404; - } + rewrite ^/ketr.test/games/(.*)$ /ketr.test/$1 permanent; - location /splodice { - index index.html; - root /var/www/ketrenos.com; - add_header Last-Modified $date_gmt; - add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - if_modified_since off; - expires off; - etag off; - } + location /ketr.test { + root /var/www/ketrenos.com; + index unresolvable-file-html.html; + try_files $uri @indextest; + } - location /airsonic { - proxy_pass http://192.168.1.78:4040; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - location /fallriver { - proxy_pass http://192.168.1.78:8766; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + # This seperate location is so the no cache policy only applies to the index and nothing else. + location @indextest { + root /var/www/ketrenos.com/ketr.test; + add_header Cache-Control no-cache; + expires 0; + try_files /index.html =404; + } - location /chalk { - proxy_pass http://192.168.1.78:8765; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /splodice { + index index.html; + root /var/www/ketrenos.com; + add_header Last-Modified $date_gmt; + add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } - location /ketr.test/api { - proxy_pass http://192.168.1.78:8931; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /airsonic { + proxy_pass http://192.168.1.78:4040; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - location /ketr.ketran/api { - proxy_pass http://192.168.1.78:8930; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location /fallriver { + proxy_pass http://192.168.1.78:8766; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - location /roundcube { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:8124/; - } + location /chalk { + proxy_pass http://192.168.1.78:8765; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - location ~* ^(/webmail(/.*)?|/mail(/.*)?)$ { - root /var/www/ketrenos.com; - try_files /horde-deprecated.html =404; - } + location /ketr.test/api { + proxy_pass http://192.168.1.78:8931; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - location ~* ^(/mailman) { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass https://localhost:4430; - proxy_redirect https://localhost:4430 https://ketrenos.com; - } + location /ketr.ketran/api { + proxy_pass http://192.168.1.78:8930; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } - # TODO: Move these to nginx directly as apache2 is no longer - # functional - location ~* ^(/site|/recipes|/~jketreno/.*|/~christopher) { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass https://localhost:4430; - proxy_redirect https://localhost:4430 https://ketrenos.com; - } + location /roundcube { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:8124/; + } - location /dad { - proxy_pass http://192.168.1.78:8134; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + location ~* ^(/webmail(/.*)?|/mail(/.*)?)$ { + root /var/www/ketrenos.com; + try_files /horde-deprecated.html =404; + } - location / { - proxy_ssl_verify off; - proxy_pass https://192.168.1.78:8123; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + # TODO: Move these to nginx directly as apache2 is no longer + # functional + location ~* ^(/site|/recipes|/~jketreno/.*|/~christopher) { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass https://localhost:4430; + proxy_redirect https://localhost:4430 https://ketrenos.com; + } + + location /dad { + proxy_pass http://192.168.1.78:8134; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location / { + proxy_ssl_verify off; + proxy_pass https://192.168.1.78:8123; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } } server { - server_name goodtime.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } - return 301 https://goodtimes.ketrenos.com$request_uri; + server_name goodtime.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } + return 301 https://goodtimes.ketrenos.com$request_uri; } server { - server_name vnc.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } - location / { - proxy_pass http://192.168.1.152:6081/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + server_name vnc.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } + location / { + proxy_pass http://192.168.1.152:6081/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } } server { - server_name goodtimes.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name goodtimes.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - root /var/www/goodtimes.ketrenos.com; - index unresolvable-file-html.html; - try_files $uri @index; - } + location / { + root /var/www/goodtimes.ketrenos.com; + index unresolvable-file-html.html; + try_files $uri @index; + } - # This seperate location is so the no cache policy only applies to the index - # and nothing else. + # This seperate location is so the no cache policy only applies to the index + # and nothing else. - location @index { - root /var/www/goodtimes.ketrenos.com/; - add_header Cache-Control no-cache; - expires 0; - try_files /index.html =404; - } + location @index { + root /var/www/goodtimes.ketrenos.com/; + add_header Cache-Control no-cache; + expires 0; + try_files /index.html =404; + } - location /api { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.69:11141; - } + location /api { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.69:11141; + } } server { - server_name git.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name git.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:8300; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:8300; + } } server { - server_name media.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name media.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location /deluge/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.69:8112/; - } + location /deluge/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.69:8112/; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.69:8096; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.69:8096; + } } server { - server_name fallriver.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name fallriver.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - # make sure there is a trailing slash at the browser - # or the URLs will be wrong - location = /netdata { - return 301 /netdata/; - } + # make sure there is a trailing slash at the browser + # or the URLs will be wrong + location = /netdata { + return 301 /netdata/; + } - location ~ /netdata/(?.*) { - proxy_redirect off; - proxy_set_header Host $host; + location ~ /netdata/(?.*) { + proxy_redirect off; + proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - proxy_pass http://192.168.1.78:19999/$ndpath$is_args$args; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + proxy_pass http://192.168.1.78:19999/$ndpath$is_args$args; - gzip on; - gzip_proxied any; - gzip_types *; - } + gzip on; + gzip_proxied any; + gzip_types *; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:8767; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:8767; + } } server { - server_name budget.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name budget.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:9876; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:9876; + } } server { - server_name files.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name files.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } } server { - server_name email.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name email.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } } server { - server_name smtp.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name smtp.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } } server { - server_name mail.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name mail.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:8124; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:8124; + } } server { - server_name commento.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name commento.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:2080; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:2080; + } } server { - server_name misty-dog.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name misty-dog.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:11011; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:11011; + } } server { - server_name mastodon.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + server_name mastodon.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - client_max_body_size 100M; + client_max_body_size 100M; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:3500; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:3500; + } } server { - server_name portland-werewolf.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + server_name portland-werewolf.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - root /var/www/portland-werewolf.com/client; - index unresolvable-file-html.html; - try_files $uri @index; - } + location / { + root /var/www/portland-werewolf.com/client; + index unresolvable-file-html.html; + try_files $uri @index; + } - # This seperate location is so the no cache policy only applies to the index - # and nothing else. + # This seperate location is so the no cache policy only applies to the index + # and nothing else. - location @index { - root /var/www/portland-werewolf.com/client; - add_header Cache-Control no-cache; - expires 0; - try_files /index.html =404; - } + location @index { + root /var/www/portland-werewolf.com/client; + add_header Cache-Control no-cache; + expires 0; + try_files /index.html =404; + } - location /api { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.69:11142; - } + location /api { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.69:11142; + } } server { - server_name nutshellforestfarm.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + server_name nutshellforestfarm.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://192.168.1.78:8932; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://192.168.1.78:8932; + } } server { - server_name opnsense.ketrenos.com; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; - location ~* ^(/.well-known) { - root /var/www/ketrenos.com; - } + server_name opnsense.ketrenos.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; + location ~* ^(/.well-known) { + root /var/www/ketrenos.com; + } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass_header Set-Cookie; - proxy_pass_header P3P; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass https://192.168.1.10; - } + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass_header Set-Cookie; + proxy_pass_header P3P; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass https://192.168.1.10; + } }