First commit

sites-available/drive.eax.app.conf

@@ -0,0 +1,64 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             drive.eax.app;
+    server_tokens off;
+
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|PUT|HEAD|CONNECT|OPTIONS|TRACE|DELETE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/drive.eax.app.access.log;
+    error_log  /var/log/nginx/drive.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+        proxy_pass http://127.0.0.1:8888;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_read_timeout 1200s;
+        proxy_set_header   X-Forwarded-Proto https;
+    }
+
+    location /seafhttp/ {
+        proxy_pass http://127.0.0.1:8888/seafhttp/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_read_timeout 1200s;
+        proxy_set_header   X-Forwarded-Proto https;    
+    }
+
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name drive.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://drive.eax.app$request_uri;
+    }
+}

sites-available/eax.app.conf

@@ -0,0 +1,48 @@
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             eax.app;
+    root                    /srv/http/eax.app;
+
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/eax.app.access.log;
+    error_log  /var/log/nginx/eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    # index.php fallback
+    location ~ ^/api/ {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    # additional config
+    include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://eax.app$request_uri;
+    }
+}

sites-available/esphome.local.eax.app.conf

@@ -0,0 +1,64 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+upstream esphome_backend {
+	server unix:/srv/homeassistant/run/esphome_dashboard.sock;
+	keepalive 32;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             esphome.local.eax.app;
+    
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/esphome.local.eax.app.access.log;
+    error_log  /var/log/nginx/esphome.local.eax.app.error.log warn;
+    location / {
+        proxy_pass http://esphome_backend/;
+        proxy_set_header Host $host;
+        proxy_redirect http:// https://;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    location /ace {
+        proxy_pass http://esphome_backend/ace;
+        proxy_set_header Host $host;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name esphome.local.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://esphome.local.eax.app$request_uri;
+    }
+}

sites-available/git.eax.app.conf

@@ -0,0 +1,42 @@
+upstream gitea {
+  server 127.0.0.1:3001 fail_timeout=0;
+}
+
+server {
+  #listen 80;                  # IPv4 HTTP
+  listen 443 ssl http2;      # uncomment to enable IPv4 HTTPS + HTTP/2
+  #listen [::]:80;            # uncomment to enable IPv6 HTTP
+  #listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
+  server_name git.eax.app;
+
+  access_log  /var/log/gitea/nginx_access.log;
+  error_log   /var/log/gitea/nginx_error.log;
+
+  #ssl_certificate ssl/example.com.crt;
+  #ssl_certificate_key ssl/example.com.key;
+
+  ssl_certificate         /etc/letsencrypt/live/git.eax.app/fullchain.pem;
+  ssl_certificate_key     /etc/letsencrypt/live/git.eax.app/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/git.eax.app/chain.pem;
+
+  location / {
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_pass http://gitea;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_buffering off;
+      chunked_transfer_encoding off;
+  }
+}
+
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name git.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://git.eax.app$request_uri;
+    }
+}

sites-available/grafana.local.eax.app.conf

@@ -0,0 +1,61 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+upstream grafana_backend {
+	server unix:/run/grafana/grafana.sock;
+	keepalive 32;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             grafana.local.eax.app;
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+    
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;
+
+    # security
+    # include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|PUT|HEAD|CONNECT|OPTIONS|TRACE|DELETE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/grafana.local.eax.app.access.log;
+    error_log  /var/log/nginx/grafana.local.eax.app.error.log warn;
+    location / {
+        proxy_pass http://grafana_backend/;
+        proxy_set_header Host $http_host;
+    }
+
+    location /api/live {
+	rewrite  ^/(.*)  /$1 break;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $http_host;
+        proxy_pass http://grafana_backend/;
+    }
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name grafana.local.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://grafana.local.eax.app$request_uri;
+    }
+}

sites-available/ha1.eax.app.conf

@@ -0,0 +1,63 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             ha1.eax.app;
+    root 		    /srv/homeassistant/lib/python3.10/site-packages/hass_frontend/;
+
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|HEAD|CONNECT|OPTIONS|TRACE|DELETE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/ha1.eax.app.access.log;
+    error_log  /var/log/nginx/ha1.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+        proxy_pass http://127.0.0.1:8123/;
+        proxy_set_header Host $host;
+        proxy_redirect http:// https://;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    location /api/websocket {
+        proxy_pass http://127.0.0.1:8123/api/websocket;
+        proxy_set_header Host $host;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # additional config
+    include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name ha1.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://ha1.eax.app$request_uri;
+    }
+}

sites-available/radarr.conf

@@ -0,0 +1,68 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+upstream radarr_backend {
+	server 127.0.0.1:7878;
+	keepalive 32;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             radarr.local.eax.app;
+    
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|PUT|DELETE|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/radarr.local.eax.app.access.log;
+    error_log  /var/log/nginx/radarr.local.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+	#auth_basic off;
+        proxy_pass http://radarr_backend;
+	    proxy_set_header   Host               127.0.0.1:7878;
+    	proxy_set_header   X-Forwarded-Host   $http_host;
+    	proxy_set_header   X-Forwarded-For    $remote_addr;
+	    proxy_cookie_path  /                  "/; Secure";
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	    #proxy_set_header X-Forwarded-Host $server_name:$server_port;
+        #proxy_hide_header Referer;
+        #proxy_hide_header Origin;
+        #proxy_set_header Referer '';
+        #proxy_set_header Origin '';
+    }
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name radarr.local.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://radarr.local.eax.app$request_uri;
+    }
+}

sites-available/sonarr.conf

@@ -0,0 +1,65 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+upstream sonarr_backend {
+	server 127.0.0.1:8989;
+	keepalive 32;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             sonarr.local.eax.app;
+    
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|PUT|DELETE|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/sonarr.local.eax.app.access.log;
+    error_log  /var/log/nginx/sonarr.local.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+	#auth_basic off;
+        proxy_pass http://sonarr_backend;
+	proxy_set_header   Host               127.0.0.1:8989;
+    	proxy_set_header   X-Forwarded-Host   $http_host;
+    	proxy_set_header   X-Forwarded-For    $remote_addr;
+	proxy_cookie_path  /                  "/; Secure";
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	#proxy_set_header X-Forwarded-Host $server_name:$server_port;
+        #proxy_hide_header Referer;
+        #proxy_hide_header Origin;
+        #proxy_set_header Referer '';
+        #proxy_set_header Origin '';
+    }
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name sonarr.local.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://sonarr.local.eax.app$request_uri;
+    }
+}

sites-available/swagger.eax.app.conf

@@ -0,0 +1,56 @@
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             swagger.eax.app;
+    root                    /srv/http/swagger.eax.app;
+
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/swagger.eax.app.access.log;
+    error_log  /var/log/nginx/swagger.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    # index.php fallback
+    location /api/ {	
+	proxy_pass http://10.10.12.10:5000/swagger/0.1-alpha1/swagger.json;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_set_header Accept-Encoding "";
+        proxy_redirect off;
+    }
+
+    sub_filter '"openapi": "3.0.1",' '"openapi": "3.0.1", "securityDefinitions":{"JWT":{"type":"apiKey","in":"header","name":"Authorization"}},"responses":{"UnauthorizedError":{"description":"Access token is missing or invalid"}},';
+    sub_filter_types application/json;
+    sub_filter_once off;
+
+    # additional config
+    include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}

sites-available/torrent.local.eax.app.conf

@@ -0,0 +1,65 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''        close;
+}
+
+upstream qtorrent_backend {
+	server 127.0.0.1:8080;
+	keepalive 32;
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             torrent.local.eax.app;
+    
+    # SSL
+    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;
+
+    # security
+    include                 nginxconfig.io/security.conf;
+
+    # restrict methods
+    if ($request_method !~ ^(GET|POST|HEAD|CONNECT|OPTIONS|TRACE)$) {
+        return '405';
+    }
+
+    # logging
+    access_log /var/log/nginx/torrent.local.eax.app.access.log;
+    error_log  /var/log/nginx/torrent.local.eax.app.error.log warn;
+
+    # index.html fallback
+    location / {
+	#auth_basic off;
+        proxy_pass http://qtorrent_backend;
+	proxy_set_header   Host               127.0.0.1:8080;
+    	proxy_set_header   X-Forwarded-Host   $http_host;
+    	proxy_set_header   X-Forwarded-For    $remote_addr;
+	proxy_cookie_path  /                  "/; Secure";
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	#proxy_set_header X-Forwarded-Host $server_name:$server_port;
+        #proxy_hide_header Referer;
+        #proxy_hide_header Origin;
+        #proxy_set_header Referer '';
+        #proxy_set_header Origin '';
+    }
+    # additional config
+    #include nginxconfig.io/general.conf;
+}
+
+# HTTP redirect
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name torrent.local.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://torrent.local.eax.app$request_uri;
+    }
+}

sites-available/woodpecker.git.eax.app.conf

@@ -0,0 +1,42 @@
+upstream woodpecker {
+  server 127.0.0.1:3002 fail_timeout=0;
+}
+
+server {
+  #listen 80;                  # IPv4 HTTP
+  listen 443 ssl http2;      # uncomment to enable IPv4 HTTPS + HTTP/2
+  #listen [::]:80;            # uncomment to enable IPv6 HTTP
+  #listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
+  server_name woodpecker.git.eax.app;
+
+  access_log  /var/log/woodpecker/nginx_access.log;
+  error_log   /var/log/woodpecker/nginx_error.log;
+
+  #ssl_certificate ssl/example.com.crt;
+  #ssl_certificate_key ssl/example.com.key;
+
+  ssl_certificate         /etc/letsencrypt/live/git.eax.app/fullchain.pem;
+  ssl_certificate_key     /etc/letsencrypt/live/git.eax.app/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/git.eax.app/chain.pem;
+
+  location / {
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_pass http://woodpecker;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_buffering off;
+      chunked_transfer_encoding off;
+  }
+}
+
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name woodpecker.git.eax.app;
+    include     nginxconfig.io/letsencrypt.conf;
+
+    location / {
+        return 301 https://woodpecker.git.eax.app$request_uri;
+    }
+}