#/etc/nginx/conf.d/gateway.conf # ############################ # Port 81 = Gateway # # Port 82 = Wordpress # # Port 83 = Nextcloud # # Port 84 = Stikked # # Port 85 = Roundcube # # Port 86 = Rainloop # # Port 87 = osTicket # # Port 88 = Stikked # # Port 89 = Office # # Port 90 = FF-Sync # # Port 91 = Framadate # # Port 92 = Conbee # # Port 8001 = VDR # # Port 32400 = Plex # ############################ # ############################################################### # Subdomain für Wordpress # ############################################################### # #### Let's Enrypt #### server { listen 80; server_name escher.cc 192.168.200.10; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; proxy_set_header Host $host; } location / { return 301 https://$host$request_uri; } } #### Wordpress (82) #### server { listen 443 ssl http2; server_name escher.cc 192.168.200.10; charset utf-8; include /etc/nginx/ssl.conf; include /etc/nginx/proxy.conf; include /etc/nginx/header.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_read_timeout 300; proxy_send_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:82; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################### # Subdomain für Nextcloud # ############################################################### # server { listen 80; server_name cloud.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name cloud.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; include /etc/nginx/proxy.conf; include /etc/nginx/header.conf; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location ^~ / { # location = /.well-known/webfinger { return 301 /index.php$uri; } # location ^~ /.well-known { location = /.well-known/nodeinfo { return 301 /index.php$uri; } } # client_max_body_size 10240M; proxy_max_temp_file_size 10240M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 3600; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:83; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################## # Subdomain für Roundcube # ############################################################## # #server { #listen 80; #server_name mail.escher.cc; #charset utf-8; #root /var/www; #location ^~ /.well-known/acme-challenge { #proxy_pass http://127.0.0.1:81; #} #location / { #return 301 https://$host$request_uri; #} #} #server { #listen 443 ssl http2; #server_name mail.escher.cc; #charset utf-8; #include /etc/nginx/ssl.conf; #location ^~ / { #client_max_body_size 1024M; #proxy_max_temp_file_size 1024M; #proxy_connect_timeout 300; #proxy_send_timeout 300; #proxy_read_timeout 300; #send_timeout 300; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_cookie_path / "/; secure; HttpOnly"; #proxy_pass http://127.0.0.1:85; #proxy_http_version 1.1; #proxy_set_header Connection ""; #proxy_buffering off; #proxy_request_buffering off; # } #} ############################################################## # Subdomain für Rainloop # ############################################################## # #server { #listen 80; #server_name mail.escher.cc; #charset utf-8; #root /var/www; #location ^~ /.well-known/acme-challenge { #proxy_pass http://127.0.0.1:81; #} #location / { #return 301 https://$host$request_uri; #} # # #} #server { #listen 443 ssl http2; #server_name mail.escher.cc; #charset utf-8; #include /etc/nginx/ssl.conf; #location ^~ / { #client_max_body_size 1024M; #proxy_max_temp_file_size 1024M; #proxy_connect_timeout 300; #proxy_send_timeout 300; #proxy_read_timeout 300; #send_timeout 300; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_cookie_path / "/; secure; HttpOnly"; #proxy_pass http://127.0.0.1:86; #proxy_http_version 1.1; #proxy_set_header Connection ""; #proxy_buffering off; #proxy_request_buffering off; # } # #} ############################################################## # Subdomain für Plex # ############################################################## # server { listen 80; server_name plex.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name plex.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_read_timeout 300; proxy_send_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://127.0.0.1:32400; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################## # Collabora # ############################################################## server { listen 80; server_name office.escher.cc; charset utf-8; root /var/www; # static files location ^~ /loleaflet { proxy_pass https://localhost:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass https://localhost:9980; proxy_set_header Host $http_host; } # main websocket location ~ ^/lool { proxy_pass https://localhost:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # for mobile editing location ^~ /hosting/capabilities { proxy_pass https://localhost:9980; proxy_set_header Host $http_host; } } ######################################################## # Subdomain für FF-Sync # ######################################################## server { listen 80; server_name sync.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name sync.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://192.168.200.10:5000; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################## # Subdomain für osTicket # ############################################################## server { listen 80; server_name ticket.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name ticket.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://127.0.0.1:87; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################## # Stikked # ############################################################## # server { listen 80; server_name paste.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name paste.escher.cc; charset utf-8; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://127.0.0.1:84; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } # ############################################################## # Subdomain für VDR # ############################################################## # server { listen 80; server_name vdr.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name vdr.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://192.168.200.10:8001; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } # #### Mailcow #### # server { listen 443 ssl http2; server_name mail.escher.cc; charset utf-8; include /etc/nginx/ssl.conf; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass https://192.168.200.10:444; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } } ############################################################## # Framadate # ############################################################## # upstream php-handler { server unix:/run/php/php8.0-fpm.sock; } server { listen 80; server_name date.escher.cc; return 301 https://$host$request_uri; } server { listen 443 http2 ssl; server_name date.escher.cc; # include gzip_params; # include ssl_params; root /var/www/framadate/; index index.html index.htm index.php; access_log /var/log/nginx/framadate.access.log; error_log /var/log/nginx/framadate.error.log; client_max_body_size 20M; location / { index index.php index.html; rewrite ^/([a-zA-Z0-9-]+)$ /studs.php?poll=$1; rewrite ^/([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$ /studs.php?poll=$1&$2=$3; rewrite "^/([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" /studs.php?poll=$1&vote=$2; rewrite "^/([a-zA-Z0-9-]{24})/admin$" /adminstuds.php?poll=$1; rewrite "^/([a-zA-Z0-9-]{24})/admin/vote/([a-zA-Z0-9]{16})$" /adminstuds.php?poll=$1&vote=$2; rewrite "^/([a-zA-Z0-9-]{24})/admin/action/([a-zA-Z_-]+)(/(.+))?$" /adminstuds.php?poll=$1&$2=$4; } location = /admin { return 301 https://$host$request_uri/; } location /admin/ { auth_basic "Administration de Framapad"; auth_basic_user_file /var/www/framadate/.htpasswd; } location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { expires 30d; access_log off; } location ~ /\. { deny all; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/run/php/php8.0-fpm.sock; # fastcgi_pass php-handler; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_VALUE "upload_max_filesize = 20M \n post_max_size=21M"; client_max_body_size 21M; fastcgi_buffers 64 4K; } } ############################################################## # Subdomain für Phoscon Conbee # ############################################################## # server { listen 80; server_name conbee.escher.cc; charset utf-8; root /var/www; location ^~ /.well-known/acme-challenge { proxy_pass http://127.0.0.1:81; } location / { return 301 https://$host$request_uri; } } # } server { listen 443 ssl http2; server_name conbee.escher.cc; charset utf-8; location ^~ / { client_max_body_size 1024M; proxy_max_temp_file_size 1024M; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_cookie_path / "/; secure; HttpOnly"; proxy_pass http://192.168.200.5; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; } }