diff --git a/nginx/default b/nginx/default new file mode 100644 index 0000000..d7cff03 --- /dev/null +++ b/nginx/default @@ -0,0 +1,46 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name xalexbor.fvds.ru; + + # Редирект на HTTPS + return 301 https://xalexbor.fvds.ru$request_uri; +} + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name xalexbor.fvds.ru; + + ssl_certificate /etc/letsencrypt/live/xalexbor.fvds.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/xalexbor.fvds.ru/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + root /var/www/html; + index index.html index.htm index.nginx-debian.html; + + location /static { + alias /home/xzv/static/; + } + + location /docxbot { + include proxy_params; + proxy_pass http://localhost:8003; + } + + location /seawarbot { + include proxy_params; + proxy_pass http://localhost:8006; + } + + location /eve { + include proxy_params; + proxy_pass http://localhost:8005; + } + + location / { + include proxy_params; + proxy_pass http://localhost:8001; + } +} diff --git a/nginx/default.backup b/nginx/default.backup new file mode 100644 index 0000000..06c5ab6 --- /dev/null +++ b/nginx/default.backup @@ -0,0 +1,234 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + +server { + listen 80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + server_name xalexbor.fvds.ru; + + location /static { + alias /home/xzv/static/; + } + + location /docxbot { + include proxy_params; + proxy_pass http://localhost:8003; + } + location /seawarbot { + include proxy_params; + proxy_pass http://localhost:8006; + } + + location /eve { + include proxy_params; + proxy_pass http://localhost:8005; + } + location / { + include proxy_params; + proxy_pass http://localhost:8001; + } + + + #location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + #try_files $uri $uri/ =404; + #} + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/xalexbor.fvds.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/xalexbor.fvds.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} +server { + if ($host = xalexbor.fvds.ru) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 ; + listen [::]:80 ; + server_name xalexbor.fvds.ru; + return 404; # managed by Certbot + + +} + + +server { + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + server_name files.zod2.com; # managed by Certbot + + + location /static { + alias /home/xzv/static/; + } + + location /docxbot { + include proxy_params; + proxy_pass http://localhost:8003; + } + location /seawarbot { + include proxy_params; + proxy_pass http://localhost:8006; + } + + location /eve { + include proxy_params; + proxy_pass http://localhost:8005; + } + location / { + include proxy_params; + proxy_pass http://localhost:8001; + } + + + #location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + #try_files $uri $uri/ =404; + #} + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + + listen [::]:443 ssl ; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/files.zod2.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/files.zod2.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + + +} + +server { + if ($host = files.zod2.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 ; + server_name files.zod2.com; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/nginx/files.zod2.com b/nginx/files.zod2.com new file mode 100644 index 0000000..2d3bf36 --- /dev/null +++ b/nginx/files.zod2.com @@ -0,0 +1,26 @@ +server { + listen 80; + server_name files.zod2.com; + return 301 https://files.zod2.com$request_uri; +} + +server { + listen 443 ssl http2; + server_name files.zod2.com; + + ssl_certificate /etc/letsencrypt/live/files.zod2.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/files.zod2.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location / { + proxy_pass http://10.10.10.2:9090; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/nginx/git.zod2.com b/nginx/git.zod2.com new file mode 100644 index 0000000..ad6f3fc --- /dev/null +++ b/nginx/git.zod2.com @@ -0,0 +1,32 @@ +server { + listen 80; + server_name git.zod2.com; + + return 301 https://git.zod2.com$request_uri; +} + + +server { + listen 443 ssl http2; + server_name git.zod2.com; + + ssl_certificate /etc/letsencrypt/live/git.zod2.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.zod2.com/privkey.pem; + + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + + location / { + proxy_pass http://10.10.10.2:3000; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/nginx/jellyfin.zod2.com b/nginx/jellyfin.zod2.com new file mode 100644 index 0000000..b22b201 --- /dev/null +++ b/nginx/jellyfin.zod2.com @@ -0,0 +1,39 @@ +server { + listen 80; + server_name july.zod2.com; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name july.zod2.com; + + ssl_certificate /etc/letsencrypt/live/july.zod2.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/july.zod2.com/privkey.pem; + + # Важно для Jellyfin — большие файлы и долгие соединения + proxy_buffering off; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + client_max_body_size 0; + + location / { + proxy_pass http://10.10.10.2:8096; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket — нужен для Jellyfin + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +}