@ -1,2 +1,3 @@ |
|||||
custom.env |
custom.env |
||||
docker-compose.yml |
docker-compose.yml |
||||
|
docker-compose.*.gen |
||||
|
|||||
@ -0,0 +1,54 @@ |
|||||
|
{ |
||||
|
auto_https off |
||||
|
} |
||||
|
|
||||
|
http://lanhost.top, http://nas.lanhost.top, http://www.lanhost.top { |
||||
|
root * /srv/http/www |
||||
|
file_server { |
||||
|
index lanhost.html |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
http://nas.sigkill.top { |
||||
|
root * /srv/http/www |
||||
|
file_server { |
||||
|
index sigkill.html |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
http://ad.lanhost.top { |
||||
|
reverse_proxy http://adguard |
||||
|
reverse_proxy /admin http://adguard:3000 |
||||
|
} |
||||
|
|
||||
|
http://admin.lanhost.top { |
||||
|
reverse_proxy http://portainer:9000 |
||||
|
} |
||||
|
|
||||
|
http://aria2.lanhost.top, http://aria2.sigkill.top { |
||||
|
root * /srv/http/aria2 |
||||
|
file_server { |
||||
|
index index.html |
||||
|
} |
||||
|
reverse_proxy /public http://aria2-public:6800 { |
||||
|
rewrite /jsonrpc |
||||
|
} |
||||
|
reverse_proxy /tmp http://aria2-tmp:6800 { |
||||
|
rewrite /jsonrpc |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
http://motd.lanhost.top, http://motd.sigkill.top { |
||||
|
root * /srv/http/motd |
||||
|
file_server / { |
||||
|
index index |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
http://files.lanhost.top { |
||||
|
reverse_proxy http://files |
||||
|
} |
||||
|
|
||||
|
http://media.lanhost.top { |
||||
|
reverse_proxy http://172.16.10.1:8096 |
||||
|
} |
||||
@ -0,0 +1,12 @@ |
|||||
|
ARG CADDY_VERSION=2 |
||||
|
FROM caddy:${CADDY_VERSION}-alpine |
||||
|
|
||||
|
COPY Caddyfile /etc/caddy/ |
||||
|
COPY http/ /srv/http/ |
||||
|
|
||||
|
#COPY php-fpm/www.conf /etc/php81/php-fpm.d/ |
||||
|
#COPY php-fpm/php.ini /etc/php81/ |
||||
|
|
||||
|
VOLUME ["/srv/http"] |
||||
|
|
||||
|
#ENTRYPOINT ["caddy.run"] |
||||
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
|
Before Width: | Height: | Size: 8.6 KiB After Width: | Height: | Size: 8.6 KiB |
|
Before Width: | Height: | Size: 14 KiB After Width: | Height: | Size: 14 KiB |
|
Before Width: | Height: | Size: 247 KiB After Width: | Height: | Size: 247 KiB |
|
Before Width: | Height: | Size: 60 KiB After Width: | Height: | Size: 60 KiB |
|
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 108 KiB |
|
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 108 KiB |
@ -1,23 +0,0 @@ |
|||||
ARG NGINX_VERSION=stable |
|
||||
FROM nginx:${NGINX_VERSION}-alpine |
|
||||
|
|
||||
ARG APK_MIRROR=dl-cdn.alpinelinux.org |
|
||||
|
|
||||
COPY nginx.run /usr/bin/ |
|
||||
COPY nginx/nginx.conf /etc/nginx/ |
|
||||
COPY nginx/conf.d/ /etc/nginx/conf.d/ |
|
||||
COPY nginx/srv/ /srv/ |
|
||||
ADD nginx/h5ai-0.30.0.tar.gz /srv/http/files/ |
|
||||
|
|
||||
RUN sed -i "s/dl-cdn.alpinelinux.org/${APK_MIRROR}/g" /etc/apk/repositories && \ |
|
||||
apk add --no-cache php81-fpm php81-session php81-ctype php81-pdo php81-openssl && \ |
|
||||
find /srv/http/files/_h5ai -type d -exec chmod a+x {} + && \ |
|
||||
chmod -R a+rw /srv/http/files/_h5ai && \ |
|
||||
chown -R nginx:nginx /srv/http |
|
||||
|
|
||||
COPY php-fpm/www.conf /etc/php81/php-fpm.d/ |
|
||||
COPY php-fpm/php.ini /etc/php81/ |
|
||||
|
|
||||
VOLUME ["/etc/nginx", "/srv/http"] |
|
||||
|
|
||||
ENTRYPOINT ["nginx.run"] |
|
||||
@ -1,6 +0,0 @@ |
|||||
#!/bin/sh |
|
||||
|
|
||||
set -e |
|
||||
|
|
||||
php-fpm81 |
|
||||
exec nginx -g 'daemon off;' |
|
||||
@ -1,36 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name aria2.lanhost.top aria2.sigkill.top; |
|
||||
|
|
||||
location / { |
|
||||
root /srv/http/aria2; |
|
||||
index index.html; |
|
||||
} |
|
||||
|
|
||||
location /public { |
|
||||
proxy_pass http://aria2-public:6800/jsonrpc; |
|
||||
proxy_redirect off; |
|
||||
proxy_set_header X-Real-IP $remote_addr; |
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
||||
proxy_set_header Host $host; |
|
||||
|
|
||||
# WebSocket |
|
||||
proxy_http_version 1.1; |
|
||||
proxy_set_header Upgrade $http_upgrade; |
|
||||
proxy_set_header Connection "upgrade"; |
|
||||
} |
|
||||
|
|
||||
location /tmp { |
|
||||
proxy_pass http://aria2-tmp:6800/jsonrpc; |
|
||||
proxy_redirect off; |
|
||||
proxy_set_header X-Real-IP $remote_addr; |
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
||||
proxy_set_header Host $host; |
|
||||
|
|
||||
# WebSocket |
|
||||
proxy_http_version 1.1; |
|
||||
proxy_set_header Upgrade $http_upgrade; |
|
||||
proxy_set_header Connection "upgrade"; |
|
||||
} |
|
||||
} |
|
||||
@ -1,18 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name files.lanhost.top files.sigkill.top; |
|
||||
|
|
||||
root /srv/http/files; |
|
||||
|
|
||||
location / { |
|
||||
index /_h5ai/public/index.php; |
|
||||
} |
|
||||
|
|
||||
location ~ \.php$ { |
|
||||
fastcgi_pass unix:/var/run/php-fpm81.sock; |
|
||||
fastcgi_index index.php; |
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|
||||
include fastcgi_params; |
|
||||
} |
|
||||
} |
|
||||
@ -1,88 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
# server_name media.sigkill.top; |
|
||||
|
|
||||
# Uncomment to redirect HTTP to HTTPS |
|
||||
# return 301 https://$host$request_uri; |
|
||||
#} |
|
||||
|
|
||||
#server { |
|
||||
# listen 443 ssl http2; |
|
||||
# listen [::]:443 ssl http2; |
|
||||
server_name media.lanhost.top media.sigkill.top; |
|
||||
|
|
||||
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc. |
|
||||
client_max_body_size 20M; |
|
||||
|
|
||||
# use a variable to store the upstream proxy |
|
||||
# in this example we are using a hostname which is resolved via DNS |
|
||||
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`) |
|
||||
set $jellyfin 172.16.10.1; |
|
||||
#resolver 127.0.0.1 valid=30; |
|
||||
|
|
||||
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem; |
|
||||
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem; |
|
||||
#include /etc/letsencrypt/options-ssl-nginx.conf; |
|
||||
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; |
|
||||
#add_header Strict-Transport-Security "max-age=31536000" always; |
|
||||
#ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem; |
|
||||
#ssl_stapling on; |
|
||||
#ssl_stapling_verify on; |
|
||||
|
|
||||
# Security / XSS Mitigation Headers |
|
||||
add_header X-Frame-Options "SAMEORIGIN"; |
|
||||
add_header X-XSS-Protection "1; mode=block"; |
|
||||
add_header X-Content-Type-Options "nosniff"; |
|
||||
|
|
||||
# Content Security Policy |
|
||||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP |
|
||||
# Enforces https content and restricts JS/CSS to origin |
|
||||
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. |
|
||||
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; |
|
||||
|
|
||||
location = / { |
|
||||
return 302 http://$host/web/; |
|
||||
#return 302 https://$host/web/; |
|
||||
} |
|
||||
|
|
||||
location / { |
|
||||
# Proxy main Jellyfin traffic |
|
||||
proxy_pass http://$jellyfin:8096; |
|
||||
proxy_set_header Host $host; |
|
||||
proxy_set_header X-Real-IP $remote_addr; |
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
||||
proxy_set_header X-Forwarded-Proto $scheme; |
|
||||
proxy_set_header X-Forwarded-Protocol $scheme; |
|
||||
proxy_set_header X-Forwarded-Host $http_host; |
|
||||
|
|
||||
# Disable buffering when the nginx proxy gets very resource heavy upon streaming |
|
||||
proxy_buffering off; |
|
||||
} |
|
||||
|
|
||||
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/ |
|
||||
location = /web/ { |
|
||||
# Proxy main Jellyfin traffic |
|
||||
proxy_pass http://$jellyfin:8096/web/index.html; |
|
||||
proxy_set_header Host $host; |
|
||||
proxy_set_header X-Real-IP $remote_addr; |
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
||||
proxy_set_header X-Forwarded-Proto $scheme; |
|
||||
proxy_set_header X-Forwarded-Protocol $scheme; |
|
||||
proxy_set_header X-Forwarded-Host $http_host; |
|
||||
} |
|
||||
|
|
||||
location /socket { |
|
||||
# Proxy Jellyfin Websockets traffic |
|
||||
proxy_pass http://$jellyfin:8096; |
|
||||
proxy_http_version 1.1; |
|
||||
proxy_set_header Upgrade $http_upgrade; |
|
||||
proxy_set_header Connection "upgrade"; |
|
||||
proxy_set_header Host $host; |
|
||||
proxy_set_header X-Real-IP $remote_addr; |
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
||||
proxy_set_header X-Forwarded-Proto $scheme; |
|
||||
proxy_set_header X-Forwarded-Protocol $scheme; |
|
||||
proxy_set_header X-Forwarded-Host $http_host; |
|
||||
} |
|
||||
} |
|
||||
@ -1,11 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name motd.lanhost.top motd.sigkill.top; |
|
||||
|
|
||||
root /srv/http/motd; |
|
||||
|
|
||||
location / { |
|
||||
index index; |
|
||||
} |
|
||||
} |
|
||||
@ -1,18 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name speed.lanhost.top; |
|
||||
|
|
||||
root /srv/http/speed; |
|
||||
|
|
||||
location / { |
|
||||
index index.html; |
|
||||
} |
|
||||
|
|
||||
location ~ \.php$ { |
|
||||
fastcgi_pass unix:/var/run/php-fpm81.sock; |
|
||||
fastcgi_index index.php; |
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|
||||
include fastcgi_params; |
|
||||
} |
|
||||
} |
|
||||
@ -1,23 +0,0 @@ |
|||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name lanhost.top nas.lanhost.top; |
|
||||
|
|
||||
root /srv/http/www; |
|
||||
|
|
||||
location / { |
|
||||
index lanhost.html; |
|
||||
} |
|
||||
} |
|
||||
|
|
||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name nas.sigkill.top; |
|
||||
|
|
||||
root /srv/http/www; |
|
||||
|
|
||||
location / { |
|
||||
index sigkill.html; |
|
||||
} |
|
||||
} |
|
||||
@ -1,41 +0,0 @@ |
|||||
|
|
||||
user nginx; |
|
||||
worker_processes auto; |
|
||||
|
|
||||
error_log /var/log/nginx/error.log error; |
|
||||
pid /var/run/nginx.pid; |
|
||||
|
|
||||
events { |
|
||||
worker_connections 64; |
|
||||
} |
|
||||
|
|
||||
|
|
||||
http { |
|
||||
include /etc/nginx/mime.types; |
|
||||
default_type application/octet-stream; |
|
||||
|
|
||||
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
|
||||
# '$status $body_bytes_sent "$http_referer" ' |
|
||||
# '"$http_user_agent" "$http_x_forwarded_for"'; |
|
||||
|
|
||||
#access_log /var/log/nginx/access.log main; |
|
||||
access_log off; |
|
||||
|
|
||||
sendfile on; |
|
||||
#tcp_nopush on; |
|
||||
client_max_body_size 25m; |
|
||||
|
|
||||
keepalive_timeout 65; |
|
||||
|
|
||||
#gzip on; |
|
||||
|
|
||||
server { |
|
||||
listen 80; |
|
||||
listen [::]:80; |
|
||||
server_name _; |
|
||||
|
|
||||
return 301 http://nas.sigkill.top; |
|
||||
} |
|
||||
|
|
||||
include /etc/nginx/conf.d/*.conf; |
|
||||
} |
|
||||