# Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; return 301 https://$host$request_uri; } server { listen 443 ssl; root /var/www/html; client_max_body_size 5g; server_name ketrenos.com; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location /mailman/static { alias /opt/mailman/static; autoindex off; } location /mailman { proxy_pass http://ketrenet-mailman-web:8000; include uwsgi_params; uwsgi_param SCRIPT_NAME /mailman; uwsgi_read_timeout 300; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; } location /keys { auth_basic "Restricted"; auth_basic_user_file /var/www/ketrenos.com/keys/.htpasswd; } location /fsm { alias /var/www/ketrenos.com/fsm; autoindex on; } location /files { alias /var/www/ketrenos.com/files; autoindex on; } location /3d-sbs { alias /var/www/ketrenos.com/3d-sbs; autoindex on; } location /funeral { alias /var/www/ketrenos.com/funeral; autoindex on; } location /tfm/ { proxy_pass http://192.168.1.78:4205/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /shell/ { proxy_pass https://192.168.1.78:4200/shell/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /opnsense/ { proxy_pass https://192.168.1.10/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /valheim { alias /var/www/ketrenos.com/valheim; index index.html; } location ~* ^(/.well-known) { root /var/www/ketrenos.com; } rewrite ^/ketr.ketran/games/(.*)$ /ketr.ketran/$1 permanent; location /ketr.ketran { root /var/www/ketrenos.com; index unresolvable-file-html.html; try_files $uri @index; } # This seperate location is so the no cache policy only applies to the index and nothing else. location @index { root /var/www/ketrenos.com/ketr.ketran; add_header Cache-Control no-cache; expires 0; try_files /index.html =404; } rewrite ^/ketr.test/games/(.*)$ /ketr.test/$1 permanent; location /ketr.test { root /var/www/ketrenos.com; index unresolvable-file-html.html; try_files $uri @indextest; } # This seperate location is so the no cache policy only applies to the index and nothing else. location @indextest { root /var/www/ketrenos.com/ketr.test; add_header Cache-Control no-cache; expires 0; try_files /index.html =404; } location /splodice { index index.html; root /var/www/ketrenos.com; add_header Last-Modified $date_gmt; add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; if_modified_since off; expires off; etag off; } location /airsonic { proxy_pass http://192.168.1.78:4040; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /fallriver { proxy_pass http://192.168.1.78:8766; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /chalk { proxy_pass http://192.168.1.78:8765; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /ketr.test/api { proxy_pass http://192.168.1.78:8931; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /ketr.ketran/api { proxy_pass http://192.168.1.78:8930; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /roundcube { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:8124/; } location ~* ^(/webmail(/.*)?|/mail(/.*)?)$ { root /var/www/ketrenos.com; try_files /horde-deprecated.html =404; } # TODO: Move these to nginx directly as apache2 is no longer # functional location ~* ^(/site|/recipes|/~jketreno/.*|/~christopher) { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass https://localhost:4430; proxy_redirect https://localhost:4430 https://ketrenos.com; } location /dad { proxy_pass http://192.168.1.78:8134; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { proxy_ssl_verify off; proxy_pass https://192.168.1.78:8123; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { server_name goodtime.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } return 301 https://goodtimes.ketrenos.com$request_uri; } server { server_name vnc.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_pass http://192.168.1.152:6081/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { server_name goodtimes.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { root /var/www/goodtimes.ketrenos.com; index unresolvable-file-html.html; try_files $uri @index; } # This seperate location is so the no cache policy only applies to the index # and nothing else. location @index { root /var/www/goodtimes.ketrenos.com/; add_header Cache-Control no-cache; expires 0; try_files /index.html =404; } location /api { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.69:11141; } } server { server_name git.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:8300; } } server { server_name media.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location /deluge/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.69:8112/; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.69:8096; } } server { server_name fallriver.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } # make sure there is a trailing slash at the browser # or the URLs will be wrong location = /netdata { return 301 /netdata/; } location ~ /netdata/(?.*) { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; proxy_pass http://192.168.1.78:19999/$ndpath$is_args$args; gzip on; gzip_proxied any; gzip_types *; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:8767; } } server { server_name budget.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:9876; } } server { server_name files.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } } server { server_name email.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } } server { server_name smtp.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } } server { server_name mail.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:8124; } } server { server_name commento.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:2080; } } server { server_name misty-dog.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:11011; } } server { server_name mastodon.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; client_max_body_size 100M; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:3500; } } server { server_name portland-werewolf.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { root /var/www/portland-werewolf.com/client; index unresolvable-file-html.html; try_files $uri @index; } # This seperate location is so the no cache policy only applies to the index # and nothing else. location @index { root /var/www/portland-werewolf.com/client; add_header Cache-Control no-cache; expires 0; try_files /index.html =404; } location /api { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.69:11142; } } server { server_name nutshellforestfarm.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://192.168.1.78:8932; } } server { server_name opnsense.ketrenos.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem; location ~* ^(/.well-known) { root /var/www/ketrenos.com; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass_header Set-Cookie; proxy_pass_header P3P; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass https://192.168.1.10; } }