forked from exozyme/nginx
Config cleanup
- Enable proxy auth for calibre-web - Remove Cockpit, Forgejo, Synapse configs and make them directly listen on Unix sockets in /srv/http - Enable access log for Guacamole - Disable big uploads for JupyterHub - Increase upload size for all exopages sites
This commit is contained in:
parent
216b1b54e6
commit
b5cb9148d0
8 changed files with 5 additions and 65 deletions
|
@ -9,6 +9,9 @@ server {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Remote-User $remote_user;
|
||||||
|
auth_pam "calibre-web";
|
||||||
|
auth_pam_service_name "sssd";
|
||||||
client_max_body_size 200M;
|
client_max_body_size 200M;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
22
cockpit.conf
22
cockpit.conf
|
@ -1,22 +0,0 @@
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name portal.exozy.me;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
# Required to proxy the connection to Cockpit
|
|
||||||
proxy_pass https://localhost:9090;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Required for web sockets to function
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
|
|
||||||
# Pass ETag header from Cockpit to clients.
|
|
||||||
# See: https://github.com/cockpit-project/cockpit/issues/5239
|
|
||||||
gzip off;
|
|
||||||
}
|
|
||||||
}
|
|
18
forgejo.conf
18
forgejo.conf
|
@ -1,18 +0,0 @@
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name git.exozy.me;
|
|
||||||
|
|
||||||
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
|
||||||
return 444;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://unix:/run/forgejo/forgejo.sock;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
client_max_body_size 1G;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -10,6 +10,5 @@ server {
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $http_connection;
|
proxy_set_header Connection $http_connection;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,6 @@ server {
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $http_connection;
|
proxy_set_header Connection $http_connection;
|
||||||
proxy_cookie_path /guacamole/ /hub/desk/;
|
proxy_cookie_path /guacamole/ /hub/desk/;
|
||||||
access_log off;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Managing literal requests to the JupyterHub front end
|
# Managing literal requests to the JupyterHub front end
|
||||||
|
@ -32,8 +31,5 @@ server {
|
||||||
proxy_set_header X-Scheme $scheme;
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
|
|
||||||
# Allow big uploads
|
|
||||||
client_max_body_size 1G;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,5 @@ server {
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri.html $uri/ =404;
|
try_files $uri $uri.html $uri/ =404;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,5 +26,7 @@ server {
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
|
client_max_body_size 20M;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
19
synapse.conf
19
synapse.conf
|
@ -1,19 +0,0 @@
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name chat.exozy.me;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:8008;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
# Nginx by default only allows file uploads up to 1M in size
|
|
||||||
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
||||||
client_max_body_size 1G;
|
|
||||||
|
|
||||||
# Stop access_log spam
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue