@ -1,2 +1,3 @@ |
|||
custom.env |
|||
docker-compose.yml |
|||
docker-compose.*.gen |
|||
|
|||
@ -0,0 +1,54 @@ |
|||
{ |
|||
auto_https off |
|||
} |
|||
|
|||
http://lanhost.top, http://nas.lanhost.top, http://www.lanhost.top { |
|||
root * /srv/http/www |
|||
file_server { |
|||
index lanhost.html |
|||
} |
|||
} |
|||
|
|||
http://nas.sigkill.top { |
|||
root * /srv/http/www |
|||
file_server { |
|||
index sigkill.html |
|||
} |
|||
} |
|||
|
|||
http://ad.lanhost.top { |
|||
reverse_proxy http://adguard |
|||
reverse_proxy /admin http://adguard:3000 |
|||
} |
|||
|
|||
http://admin.lanhost.top { |
|||
reverse_proxy http://portainer:9000 |
|||
} |
|||
|
|||
http://aria2.lanhost.top, http://aria2.sigkill.top { |
|||
root * /srv/http/aria2 |
|||
file_server { |
|||
index index.html |
|||
} |
|||
reverse_proxy /public http://aria2-public:6800 { |
|||
rewrite /jsonrpc |
|||
} |
|||
reverse_proxy /tmp http://aria2-tmp:6800 { |
|||
rewrite /jsonrpc |
|||
} |
|||
} |
|||
|
|||
http://motd.lanhost.top, http://motd.sigkill.top { |
|||
root * /srv/http/motd |
|||
file_server / { |
|||
index index |
|||
} |
|||
} |
|||
|
|||
http://files.lanhost.top { |
|||
reverse_proxy http://files |
|||
} |
|||
|
|||
http://media.lanhost.top { |
|||
reverse_proxy http://172.16.10.1:8096 |
|||
} |
|||
@ -0,0 +1,12 @@ |
|||
ARG CADDY_VERSION=2 |
|||
FROM caddy:${CADDY_VERSION}-alpine |
|||
|
|||
COPY Caddyfile /etc/caddy/ |
|||
COPY http/ /srv/http/ |
|||
|
|||
#COPY php-fpm/www.conf /etc/php81/php-fpm.d/ |
|||
#COPY php-fpm/php.ini /etc/php81/ |
|||
|
|||
VOLUME ["/srv/http"] |
|||
|
|||
#ENTRYPOINT ["caddy.run"] |
|||
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 10 KiB |
|
Before Width: | Height: | Size: 8.6 KiB After Width: | Height: | Size: 8.6 KiB |
|
Before Width: | Height: | Size: 14 KiB After Width: | Height: | Size: 14 KiB |
|
Before Width: | Height: | Size: 247 KiB After Width: | Height: | Size: 247 KiB |
|
Before Width: | Height: | Size: 60 KiB After Width: | Height: | Size: 60 KiB |
|
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 108 KiB |
|
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 108 KiB |
@ -1,23 +0,0 @@ |
|||
ARG NGINX_VERSION=stable |
|||
FROM nginx:${NGINX_VERSION}-alpine |
|||
|
|||
ARG APK_MIRROR=dl-cdn.alpinelinux.org |
|||
|
|||
COPY nginx.run /usr/bin/ |
|||
COPY nginx/nginx.conf /etc/nginx/ |
|||
COPY nginx/conf.d/ /etc/nginx/conf.d/ |
|||
COPY nginx/srv/ /srv/ |
|||
ADD nginx/h5ai-0.30.0.tar.gz /srv/http/files/ |
|||
|
|||
RUN sed -i "s/dl-cdn.alpinelinux.org/${APK_MIRROR}/g" /etc/apk/repositories && \ |
|||
apk add --no-cache php81-fpm php81-session php81-ctype php81-pdo php81-openssl && \ |
|||
find /srv/http/files/_h5ai -type d -exec chmod a+x {} + && \ |
|||
chmod -R a+rw /srv/http/files/_h5ai && \ |
|||
chown -R nginx:nginx /srv/http |
|||
|
|||
COPY php-fpm/www.conf /etc/php81/php-fpm.d/ |
|||
COPY php-fpm/php.ini /etc/php81/ |
|||
|
|||
VOLUME ["/etc/nginx", "/srv/http"] |
|||
|
|||
ENTRYPOINT ["nginx.run"] |
|||
@ -1,6 +0,0 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
php-fpm81 |
|||
exec nginx -g 'daemon off;' |
|||
@ -1,36 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name aria2.lanhost.top aria2.sigkill.top; |
|||
|
|||
location / { |
|||
root /srv/http/aria2; |
|||
index index.html; |
|||
} |
|||
|
|||
location /public { |
|||
proxy_pass http://aria2-public:6800/jsonrpc; |
|||
proxy_redirect off; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header Host $host; |
|||
|
|||
# WebSocket |
|||
proxy_http_version 1.1; |
|||
proxy_set_header Upgrade $http_upgrade; |
|||
proxy_set_header Connection "upgrade"; |
|||
} |
|||
|
|||
location /tmp { |
|||
proxy_pass http://aria2-tmp:6800/jsonrpc; |
|||
proxy_redirect off; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header Host $host; |
|||
|
|||
# WebSocket |
|||
proxy_http_version 1.1; |
|||
proxy_set_header Upgrade $http_upgrade; |
|||
proxy_set_header Connection "upgrade"; |
|||
} |
|||
} |
|||
@ -1,18 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name files.lanhost.top files.sigkill.top; |
|||
|
|||
root /srv/http/files; |
|||
|
|||
location / { |
|||
index /_h5ai/public/index.php; |
|||
} |
|||
|
|||
location ~ \.php$ { |
|||
fastcgi_pass unix:/var/run/php-fpm81.sock; |
|||
fastcgi_index index.php; |
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|||
include fastcgi_params; |
|||
} |
|||
} |
|||
@ -1,88 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
# server_name media.sigkill.top; |
|||
|
|||
# Uncomment to redirect HTTP to HTTPS |
|||
# return 301 https://$host$request_uri; |
|||
#} |
|||
|
|||
#server { |
|||
# listen 443 ssl http2; |
|||
# listen [::]:443 ssl http2; |
|||
server_name media.lanhost.top media.sigkill.top; |
|||
|
|||
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc. |
|||
client_max_body_size 20M; |
|||
|
|||
# use a variable to store the upstream proxy |
|||
# in this example we are using a hostname which is resolved via DNS |
|||
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`) |
|||
set $jellyfin 172.16.10.1; |
|||
#resolver 127.0.0.1 valid=30; |
|||
|
|||
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem; |
|||
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem; |
|||
#include /etc/letsencrypt/options-ssl-nginx.conf; |
|||
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; |
|||
#add_header Strict-Transport-Security "max-age=31536000" always; |
|||
#ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem; |
|||
#ssl_stapling on; |
|||
#ssl_stapling_verify on; |
|||
|
|||
# Security / XSS Mitigation Headers |
|||
add_header X-Frame-Options "SAMEORIGIN"; |
|||
add_header X-XSS-Protection "1; mode=block"; |
|||
add_header X-Content-Type-Options "nosniff"; |
|||
|
|||
# Content Security Policy |
|||
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP |
|||
# Enforces https content and restricts JS/CSS to origin |
|||
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. |
|||
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; |
|||
|
|||
location = / { |
|||
return 302 http://$host/web/; |
|||
#return 302 https://$host/web/; |
|||
} |
|||
|
|||
location / { |
|||
# Proxy main Jellyfin traffic |
|||
proxy_pass http://$jellyfin:8096; |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header X-Forwarded-Proto $scheme; |
|||
proxy_set_header X-Forwarded-Protocol $scheme; |
|||
proxy_set_header X-Forwarded-Host $http_host; |
|||
|
|||
# Disable buffering when the nginx proxy gets very resource heavy upon streaming |
|||
proxy_buffering off; |
|||
} |
|||
|
|||
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/ |
|||
location = /web/ { |
|||
# Proxy main Jellyfin traffic |
|||
proxy_pass http://$jellyfin:8096/web/index.html; |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header X-Forwarded-Proto $scheme; |
|||
proxy_set_header X-Forwarded-Protocol $scheme; |
|||
proxy_set_header X-Forwarded-Host $http_host; |
|||
} |
|||
|
|||
location /socket { |
|||
# Proxy Jellyfin Websockets traffic |
|||
proxy_pass http://$jellyfin:8096; |
|||
proxy_http_version 1.1; |
|||
proxy_set_header Upgrade $http_upgrade; |
|||
proxy_set_header Connection "upgrade"; |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header X-Forwarded-Proto $scheme; |
|||
proxy_set_header X-Forwarded-Protocol $scheme; |
|||
proxy_set_header X-Forwarded-Host $http_host; |
|||
} |
|||
} |
|||
@ -1,11 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name motd.lanhost.top motd.sigkill.top; |
|||
|
|||
root /srv/http/motd; |
|||
|
|||
location / { |
|||
index index; |
|||
} |
|||
} |
|||
@ -1,18 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name speed.lanhost.top; |
|||
|
|||
root /srv/http/speed; |
|||
|
|||
location / { |
|||
index index.html; |
|||
} |
|||
|
|||
location ~ \.php$ { |
|||
fastcgi_pass unix:/var/run/php-fpm81.sock; |
|||
fastcgi_index index.php; |
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|||
include fastcgi_params; |
|||
} |
|||
} |
|||
@ -1,23 +0,0 @@ |
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name lanhost.top nas.lanhost.top; |
|||
|
|||
root /srv/http/www; |
|||
|
|||
location / { |
|||
index lanhost.html; |
|||
} |
|||
} |
|||
|
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name nas.sigkill.top; |
|||
|
|||
root /srv/http/www; |
|||
|
|||
location / { |
|||
index sigkill.html; |
|||
} |
|||
} |
|||
@ -1,41 +0,0 @@ |
|||
|
|||
user nginx; |
|||
worker_processes auto; |
|||
|
|||
error_log /var/log/nginx/error.log error; |
|||
pid /var/run/nginx.pid; |
|||
|
|||
events { |
|||
worker_connections 64; |
|||
} |
|||
|
|||
|
|||
http { |
|||
include /etc/nginx/mime.types; |
|||
default_type application/octet-stream; |
|||
|
|||
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
|||
# '$status $body_bytes_sent "$http_referer" ' |
|||
# '"$http_user_agent" "$http_x_forwarded_for"'; |
|||
|
|||
#access_log /var/log/nginx/access.log main; |
|||
access_log off; |
|||
|
|||
sendfile on; |
|||
#tcp_nopush on; |
|||
client_max_body_size 25m; |
|||
|
|||
keepalive_timeout 65; |
|||
|
|||
#gzip on; |
|||
|
|||
server { |
|||
listen 80; |
|||
listen [::]:80; |
|||
server_name _; |
|||
|
|||
return 301 http://nas.sigkill.top; |
|||
} |
|||
|
|||
include /etc/nginx/conf.d/*.conf; |
|||
} |
|||