Matt Spencer
d7c18b747e
Needed to modify the nginx configuration to allow streaming of ssh. Using docker compose for this service, will probably migrate all others soon.
106 lines
2.3 KiB
Plaintext
Executable File
106 lines
2.3 KiB
Plaintext
Executable File
# Create a map of known attack locations
|
|
map $request_uri $block_uri {
|
|
default 0;
|
|
~*/wp-.* 1;
|
|
~*\.env 1;
|
|
/etc 1;
|
|
}
|
|
|
|
# m5p3nc3r webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:3000;
|
|
}
|
|
}
|
|
|
|
# gitea.m5p3nc3r webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name gitea.m5p3nc3r.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# if ($block_uri = 1) {
|
|
# return 403;
|
|
# }
|
|
|
|
location / {
|
|
proxy_pass http://rpi5-2:3000;
|
|
}
|
|
}
|
|
|
|
# apptabulous webserver
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name apptabulous.co.uk www.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
if ($block_uri = 1) {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:3001;
|
|
}
|
|
}
|
|
|
|
# Container registry
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name hub.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
# disable any limits to avoid HTTP 413 for large image uploads
|
|
client_max_body_size 0;
|
|
|
|
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
chunked_transfer_encoding on;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:5000;
|
|
}
|
|
}
|
|
|
|
# Watchtower
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name watchtower.apptabulous.co.uk;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass http://rpi4-2:8080;
|
|
}
|
|
}
|