110 lines
2.7 KiB
Plaintext
Executable File
110 lines
2.7 KiB
Plaintext
Executable File
# Create a map of known attack locations
|
|
map $request_uri $block_uri {
|
|
default 0;
|
|
~*/wp-.* 1;
|
|
~*\.env 1;
|
|
/etc 1;
|
|
}
|
|
|
|
# Redirect all HTTP to HTTPS
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk
|
|
gitea.m5p3nc3r.co.uk
|
|
apptabulous.co.uk www.apptabulous.co.uk
|
|
hub.apptabulous.co.uk;
|
|
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# m5p3nc3r webserver
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://website:3000;
|
|
}
|
|
}
|
|
|
|
# gitea.m5p3nc3r webserver
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name gitea.m5p3nc3r.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
|
|
|
location / {
|
|
proxy_pass http://gitea:3000;
|
|
}
|
|
}
|
|
|
|
# apptabulous webserver
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name apptabulous.co.uk www.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://apptabulous_website:3000;
|
|
}
|
|
}
|
|
|
|
# Container registry
|
|
# server {
|
|
# listen 443 ssl;
|
|
# listen [::]:443 ssl;
|
|
# server_name hub.apptabulous.co.uk;
|
|
|
|
# ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
# ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# # disable any limits to avoid HTTP 413 for large image uploads
|
|
# client_max_body_size 0;
|
|
|
|
# # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
# chunked_transfer_encoding on;
|
|
|
|
# location / {
|
|
# proxy_pass http://rpi4-2:5000;
|
|
# }
|
|
# }
|
|
|
|
# Watchtower
|
|
# server {
|
|
# listen 443 ssl;
|
|
# listen [::]:443 ssl;
|
|
# server_name watchtower.apptabulous.co.uk;
|
|
|
|
# ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
# ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# location / {
|
|
# proxy_pass http://rpi4-2:8080;
|
|
# }
|
|
# }
|