Compare commits
12 Commits
main
...
first-leve
Author | SHA1 | Date |
---|---|---|
|
ebc804cbd0 | |
|
9ffe5b06c6 | |
|
24481ecfe6 | |
|
8820b17277 | |
|
8b64a22068 | |
|
c99a2b323b | |
|
680920b196 | |
|
406a140843 | |
|
8cef1d5c17 | |
|
adf2150626 | |
|
7ac4137a67 | |
|
896678c27c |
dockerized
first-level-nginx
nextcloud-aio
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEoDCCA4igAwIBAgIUaKFdbeWJZJZL8wTBpD2DwN+JVkUwDQYJKoZIhvcNAQEL
|
||||
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
|
||||
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
|
||||
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
|
||||
MB4XDTI1MDMxMDEzMjIwMFoXDTQwMDMwNjEzMjIwMFowYjEZMBcGA1UEChMQQ2xv
|
||||
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
|
||||
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmRQ0ujY0sOsuOosqTURUSXeesuU2ZmPTecJ
|
||||
BmtYRD6z2+0u/eryHke1J8+P8pK7EGV3/TVKCcxJr0NHZiMmysEJKszx5WLDWJgc
|
||||
ct7uPWlb/Fsk+uep+WXJQwln1rpn2owu9fC8Umk7jvc7S9X3AbrpAjQg0e1oMwQY
|
||||
OgrbqyWzxjN0KAx3+wNLwBOJt49FZrfL8IqoNu8Fd67kKVJgcw8e+kmRxIOVqJ6M
|
||||
/GDW4PLsZInfhvcUnd1hbryaXjuIUL7+brV/h4O7AKVp2q8Y8HSsqSbBqlnCBJzw
|
||||
HhhDJM0huacEmMWOAp95oXkNXcUhOq5XdlxbdYiCz5GLg/4OUwIDAQABo4IBIjCC
|
||||
AR4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
|
||||
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQnBKifvPJehekEum2O83LhMDsirDAf
|
||||
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
|
||||
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
|
||||
YTAjBgNVHREEHDAaggwqLnJldGVydXAuaXSCCnJldGVydXAuaXQwOAYDVR0fBDEw
|
||||
LzAtoCugKYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3Js
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQByz/7GAw13STwG/WdMCG7Pek2F3HPbsIDzvrQT
|
||||
0eplFnec/xJCXF8Kb3wI2bQdSSOrFjPzI3a+pDJzxRFIfNWWTVLwcK2ET2jRV6/S
|
||||
CZWrd9WOZ7Xd4V+irXyvKBOXiHbC35wk6vmTOUbT8BhBMiNRzWnF/bekeLRUPVPD
|
||||
7en6zC/0/YXLyLogq/Cexr6MZj+oLHKA4hnKzcGQR5quLQPGfyF+YcVecbj3D8iM
|
||||
VzmKMvIVtH38xfYjCvOHU9+ipl6MpqEjFw94ZRYzzZ5fpe/ObogvDMm4Igd/JiiJ
|
||||
N/Kv2dPxeeMbJu4WEfjw2WeEJYaIBNy+tPB7gEUB2tLv7Ce1
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV
|
||||
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91
|
||||
ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH
|
||||
Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx
|
||||
MDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD
|
||||
bG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg
|
||||
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
|
||||
EQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm
|
||||
V6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb
|
||||
OomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB
|
||||
yrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ
|
||||
SmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I
|
||||
lwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
|
||||
VR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw
|
||||
HwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD
|
||||
ggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ
|
||||
wAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8
|
||||
VD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz
|
||||
hhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk
|
||||
MOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6
|
||||
0iykLhH1trywrKRMVw67F44IE8Y=
|
||||
-----END CERTIFICATE-----
|
|
@ -18,6 +18,9 @@ http {
|
|||
server swarm1w4.sselab.ddns.net;
|
||||
}
|
||||
|
||||
upstream rup_cluster {
|
||||
server rup1.sselab.ddns.net;
|
||||
}
|
||||
|
||||
#TODO manage certs
|
||||
# server {
|
||||
|
@ -38,17 +41,60 @@ http {
|
|||
|
||||
|
||||
# Optional server block for HTTP to HTTPS redirection
|
||||
server {
|
||||
listen 80; # Listen on port 80 for HTTP
|
||||
server_name *.sw1.sselab.ddns.net;
|
||||
# server {
|
||||
# listen 80; # Listen on port 80 for HTTP
|
||||
# server_name *.sw1.sselab.ddns.net;
|
||||
|
||||
|
||||
location / {
|
||||
# Redirect all HTTP traffic to HTTPS
|
||||
# TODO requires https
|
||||
# return 301 https://$host$request_uri;
|
||||
# location / {
|
||||
# # Redirect all HTTP traffic to HTTPS
|
||||
# # TODO requires https
|
||||
# # return 301 https://$host$request_uri;
|
||||
|
||||
proxy_pass http://swarm1_cluster;
|
||||
# proxy_pass http://swarm1_cluster;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# }
|
||||
# }
|
||||
|
||||
|
||||
# server {
|
||||
# listen 80;
|
||||
# server_name *.sw1.hassallab.it;
|
||||
|
||||
# location / {
|
||||
# # Redirect all HTTP traffic to HTTPS
|
||||
# # TODO requires https
|
||||
# # return 301 https://$host$request_uri;
|
||||
|
||||
# proxy_pass http://swarm1_cluster;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# }
|
||||
# }
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name cloud.reterup.it *.cloud.reterup.it;
|
||||
|
||||
ssl_certificate /etc/nginx/reterup-bundle.pem;
|
||||
ssl_certificate_key /etc/nginx/reterup-privkey.pem;
|
||||
|
||||
location /{
|
||||
|
||||
#Redirect to simple_app
|
||||
proxy_pass http://rup_cluster;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
|
@ -56,39 +102,28 @@ http {
|
|||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_redirect http:// https://;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
#static landing page for sselab.ddns.net / hassallab.it
|
||||
server {
|
||||
listen 80;
|
||||
server_name *.sw1.hassallab.it;
|
||||
|
||||
location / {
|
||||
# Redirect all HTTP traffic to HTTPS
|
||||
# TODO requires https
|
||||
# return 301 https://$host$request_uri;
|
||||
|
||||
proxy_pass http://swarm1_cluster;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Default Catch-all serving
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
server_name sselab.ddns.net *.sselab.ddns.net hassallab.it *.hassallab.it;
|
||||
root /var/www/default;
|
||||
|
||||
location /{
|
||||
try_files $uri /$uri /index.html;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Default Catch-all redirects to https
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -29,9 +29,20 @@ services:
|
|||
target: /etc/nginx/nginx.conf
|
||||
- source: nginx_static
|
||||
target: /var/www/default/index.html
|
||||
secrets:
|
||||
- source: reterup_bundle_cert
|
||||
target: /etc/nginx/reterup-bundle.pem
|
||||
- source: reterup_key
|
||||
target: /etc/nginx/reterup-privkey.pem
|
||||
|
||||
configs:
|
||||
nginx_conf:
|
||||
file: ../configs/node.conf
|
||||
nginx_static:
|
||||
file: ../content/index.html
|
||||
|
||||
secrets:
|
||||
reterup_bundle_cert:
|
||||
file: ../certs/reterup_bundle_cert.pem
|
||||
reterup_key:
|
||||
file: ../certs/reterup-privkey.pem
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
https://cloud.reterup.it:443 {
|
||||
|
||||
tls /root/certs/cert.pem /root/certs/privkey.pem {
|
||||
ca_root /root/certs/origin_ca_rsa_root.pem
|
||||
}
|
||||
|
||||
header Strict-Transport-Security max-age=31536000;
|
||||
reverse_proxy localhost:11000
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEoDCCA4igAwIBAgIUaKFdbeWJZJZL8wTBpD2DwN+JVkUwDQYJKoZIhvcNAQEL
|
||||
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
|
||||
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
|
||||
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
|
||||
MB4XDTI1MDMxMDEzMjIwMFoXDTQwMDMwNjEzMjIwMFowYjEZMBcGA1UEChMQQ2xv
|
||||
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
|
||||
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmRQ0ujY0sOsuOosqTURUSXeesuU2ZmPTecJ
|
||||
BmtYRD6z2+0u/eryHke1J8+P8pK7EGV3/TVKCcxJr0NHZiMmysEJKszx5WLDWJgc
|
||||
ct7uPWlb/Fsk+uep+WXJQwln1rpn2owu9fC8Umk7jvc7S9X3AbrpAjQg0e1oMwQY
|
||||
OgrbqyWzxjN0KAx3+wNLwBOJt49FZrfL8IqoNu8Fd67kKVJgcw8e+kmRxIOVqJ6M
|
||||
/GDW4PLsZInfhvcUnd1hbryaXjuIUL7+brV/h4O7AKVp2q8Y8HSsqSbBqlnCBJzw
|
||||
HhhDJM0huacEmMWOAp95oXkNXcUhOq5XdlxbdYiCz5GLg/4OUwIDAQABo4IBIjCC
|
||||
AR4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
|
||||
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQnBKifvPJehekEum2O83LhMDsirDAf
|
||||
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
|
||||
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
|
||||
YTAjBgNVHREEHDAaggwqLnJldGVydXAuaXSCCnJldGVydXAuaXQwOAYDVR0fBDEw
|
||||
LzAtoCugKYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3Js
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQByz/7GAw13STwG/WdMCG7Pek2F3HPbsIDzvrQT
|
||||
0eplFnec/xJCXF8Kb3wI2bQdSSOrFjPzI3a+pDJzxRFIfNWWTVLwcK2ET2jRV6/S
|
||||
CZWrd9WOZ7Xd4V+irXyvKBOXiHbC35wk6vmTOUbT8BhBMiNRzWnF/bekeLRUPVPD
|
||||
7en6zC/0/YXLyLogq/Cexr6MZj+oLHKA4hnKzcGQR5quLQPGfyF+YcVecbj3D8iM
|
||||
VzmKMvIVtH38xfYjCvOHU9+ipl6MpqEjFw94ZRYzzZ5fpe/ObogvDMm4Igd/JiiJ
|
||||
N/Kv2dPxeeMbJu4WEfjw2WeEJYaIBNy+tPB7gEUB2tLv7Ce1
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV
|
||||
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91
|
||||
ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH
|
||||
Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx
|
||||
MDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD
|
||||
bG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg
|
||||
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
|
||||
EQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||
AQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm
|
||||
V6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb
|
||||
OomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB
|
||||
yrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ
|
||||
SmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I
|
||||
lwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
|
||||
VR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw
|
||||
HwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD
|
||||
ggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ
|
||||
wAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8
|
||||
VD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz
|
||||
hhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk
|
||||
MOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6
|
||||
0iykLhH1trywrKRMVw67F44IE8Y=
|
||||
-----END CERTIFICATE-----
|
|
@ -9,7 +9,7 @@ services:
|
|||
container_name: caddy
|
||||
volumes:
|
||||
- ./Caddyfile:/etc/caddy/Caddyfile
|
||||
- ./certs:/certs
|
||||
- ./certs:/root/certs
|
||||
- ./config:/config
|
||||
- ./data:/data
|
||||
- ./sites:/srv
|
||||
|
|
Loading…
Reference in New Issue