113 lines
2.5 KiB
Plaintext
Executable File
113 lines
2.5 KiB
Plaintext
Executable File
# Create a map of known attack locations
|
|
map $request_uri $block_uri {
|
|
default 0;
|
|
~*/wp-.* 1;
|
|
~*\.env 1;
|
|
/etc 1;
|
|
}
|
|
|
|
# m5p3nc3r webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:3000;
|
|
}
|
|
}
|
|
|
|
|
|
# apptabulous webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name apptabulous.co.uk www.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:3001;
|
|
}
|
|
}
|
|
|
|
# Container registry
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name hub.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# disable any limits to avoid HTTP 413 for large image uploads
|
|
client_max_body_size 0;
|
|
|
|
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
chunked_transfer_encoding on;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:5000;
|
|
}
|
|
}
|
|
|
|
# my-aiva.apptabulous.co.uk
|
|
# server {
|
|
# listen 80;
|
|
# listen [::]:80;
|
|
# listen 443 ssl;
|
|
# listen [::]:443 ssl;
|
|
# server_name my-aiva.apptabulous.co.uk;
|
|
|
|
# ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
# ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# if ($block_uri = 1) {
|
|
# return 403;
|
|
# }
|
|
|
|
# # This must come before the / endpoint so as not to be masked
|
|
# location /webhook {
|
|
# proxy_pass http://my-aiva:5000;
|
|
# }
|
|
|
|
# location / {
|
|
# proxy_pass http://my-aiva:3000;
|
|
# }
|
|
|
|
# }
|
|
|
|
# Watchtower
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name watchtower.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:8080;
|
|
}
|
|
}
|