cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02c87dd0eeb5152527c46a0ddc58a47e93dba9b7
server/etc/nginx/sites-available/reverse-proxy.conf
cutemeli 02c87dd0ee cleaned config
2025-12-28 12:18:12 +01:00

157 lines
4.0 KiB
Plaintext
Raw Blame History

# -----------------------------
# Proxmox (nur via VPN)
# -----------------------------
server {
listen 443 ssl http2;
server_name proxmox.cutemeli.com;
ssl_certificate /etc/ssl/certs/proxmox.pem;
ssl_certificate_key /etc/ssl/private/proxmox.key;
allow 127.0.0.1;
allow 10.10.0.0/24;
allow 172.17.0.0/16;
allow 172.18.0.0/16;
allow 172.19.0.0/16;
deny all;
location / {
proxy_pass https://127.0.0.1:8006;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# -----------------------------
# Git
# -----------------------------
server {
listen 443 ssl http2;
server_name git.cutemeli.com;
ssl_certificate /etc/ssl/certs/git.pem;
ssl_certificate_key /etc/ssl/private/git.key;
#allow 10.10.0.0/24;
#allow 127.0.0.1;
#deny all;
client_max_body_size 5g;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 3600;
proxy_redirect off;
}
}
# -----------------------------
# Nextcloud
# -----------------------------
server {
listen 443 ssl http2;
server_name share.cutemeli.com;
ssl_certificate /etc/ssl/certs/share.pem;
ssl_certificate_key /etc/ssl/private/share.key;
client_max_body_size 2G;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 3600;
proxy_redirect off;
}
# Pflicht für DAV / Kalender / Kontakte
location = /.well-known/carddav {
return 301 /remote.php/dav;
}
location = /.well-known/caldav {
return 301 /remote.php/dav;
}
# Optional für Federation, Talk, etc.
location ^~ /.well-known {
proxy_pass http://127.0.0.1:8080;
}
}
# -----------------------------
# Monitoring (nur via VPN)
# -----------------------------
server {
listen 443 ssl http2;
server_name monitor.cutemeli.com;
ssl_certificate /etc/ssl/certs/monitor.pem;
ssl_certificate_key /etc/ssl/private/monitor.key;
allow 10.10.0.0/24;
allow 127.0.0.1;
deny all;
location / {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# -----------------------------
# Vaultwarden
# -----------------------------
server {
listen 443 ssl http2;
server_name vault.cutemeli.com;
ssl_certificate /etc/ssl/certs/vault.pem;
ssl_certificate_key /etc/ssl/private/vault.key;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# Für WebSocket Sync mit Browser Extensions
location /notifications/hub {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8081;
}
}
# -----------------------------
# Redirect HTTP -> HTTPS
# -----------------------------
server {
listen 80;
listen [::]:80;
server_name git.cutemeli.com proxmox.cutemeli.com share.cutemeli.com monitor.cutemeli.com prometheus.cutemeli.com vault.cutemeli.com vpn.cutemeli.com;
return 301 https://$host$request_uri;
}
Reference in New Issue View Git Blame Copy Permalink