69 lines
1.5 KiB
Plaintext
Executable File
69 lines
1.5 KiB
Plaintext
Executable File
# Create a map of known attack locations
|
|
map $request_uri $block_uri {
|
|
default 0;
|
|
~*/wp-.* 1;
|
|
~*\.env 1;
|
|
/etc 1;
|
|
}
|
|
|
|
# Webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
server_name apptabulous.co.uk www.apptabulous.co.uk;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:3000;
|
|
}
|
|
}
|
|
|
|
# Container registry
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# disable any limits to avoid HTTP 413 for large image uploads
|
|
client_max_body_size 0;
|
|
|
|
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
chunked_transfer_encoding on;
|
|
|
|
server_name hub.apptabulous.co.uk;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:5000;
|
|
}
|
|
}
|
|
|
|
# Watchtower
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
server_name watchtower.apptabulous.co.uk;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:8080;
|
|
}
|
|
}
|