Config cleanup

- Enable proxy auth for calibre-web - Remove Cockpit, Forgejo, Synapse configs and make them directly listen on Unix sockets in /srv/http - Enable access log for Guacamole - Disable big uploads for JupyterHub - Increase upload size for all exopages sites
2024-05-22 01:13:37 +00:00 · 2024-05-22 01:13:37 +00:00 · b5cb9148d0
commit b5cb9148d0
parent 216b1b54e6
8 changed files with 5 additions and 65 deletions
--- a/calibre-web.conf
+++ b/calibre-web.conf
@ -9,6 +9,9 @@ server {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Remote-User $remote_user;
+        auth_pam "calibre-web";
+        auth_pam_service_name "sssd";
        client_max_body_size 200M;
    }
 }
--- a/cockpit.conf
+++ b/cockpit.conf
@ -1,22 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name portal.exozy.me;
-
-    location / {
-        # Required to proxy the connection to Cockpit
-        proxy_pass https://localhost:9090;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # Required for web sockets to function
-        proxy_http_version 1.1;
-        proxy_buffering off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-
-        # Pass ETag header from Cockpit to clients.
-        # See: https://github.com/cockpit-project/cockpit/issues/5239
-        gzip off;
-    }
-}
--- a/forgejo.conf
+++ b/forgejo.conf
@ -1,18 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name git.exozy.me;
-
-    if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
-        return 444;
-    }
-
-    location / {
-        proxy_pass http://unix:/run/forgejo/forgejo.sock;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        client_max_body_size 1G;
-    }
-}
--- a/guacamole.conf
+++ b/guacamole.conf
@ -10,6 +10,5 @@ server {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
-        access_log off;
    }
 }
--- a/jupyterhub.conf
+++ b/jupyterhub.conf
@ -15,7 +15,6 @@ server {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_cookie_path /guacamole/ /hub/desk/;
-        access_log off;
    }

    # Managing literal requests to the JupyterHub front end
@ -32,8 +31,5 @@ server {
        proxy_set_header X-Scheme $scheme;

        proxy_buffering off;
-
-        # Allow big uploads
-        client_max_body_size 1G;
    }
 }
--- a/nvpie.conf
+++ b/nvpie.conf
@ -11,6 +11,5 @@ server {

    location / {
        try_files $uri $uri.html $uri/ =404;
-
    }
 }
--- a/pages.conf
+++ b/pages.conf
@ -26,5 +26,7 @@ server {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
+
+        client_max_body_size 20M;
    }
 }
--- a/synapse.conf
+++ b/synapse.conf
@ -1,19 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name chat.exozy.me;
-
-    location / {
-        proxy_pass http://localhost:8008;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
-
-        # Nginx by default only allows file uploads up to 1M in size
-        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
-        client_max_body_size 1G;
-
-        # Stop access_log spam
-        access_log off;
-    }
-}