From 202c24341b7d34de1d041235041ef27d8edcc7e8 Mon Sep 17 00:00:00 2001 From: "me@asxp.io" Date: Mon, 21 Aug 2023 01:50:56 +0200 Subject: [PATCH] Moving to Hetzner --- sites-available/asxp.io | 8 ++-- sites-available/builds | 22 +++++++++++ sites-available/gitea | 8 ++-- sites-available/https | 4 +- sites-available/jenkins | 86 +++++++++++++++++++++++++++++++++++++++++ sites-available/uptime | 8 ++-- sites-enabled/asxp.io | 1 + sites-enabled/builds | 1 + sites-enabled/gitea | 1 + sites-enabled/https | 1 + sites-enabled/jenkins | 1 + sites-enabled/uptime | 1 + 12 files changed, 128 insertions(+), 14 deletions(-) create mode 100644 sites-available/builds create mode 100644 sites-available/jenkins create mode 120000 sites-enabled/asxp.io create mode 120000 sites-enabled/builds create mode 120000 sites-enabled/gitea create mode 120000 sites-enabled/https create mode 120000 sites-enabled/jenkins create mode 120000 sites-enabled/uptime diff --git a/sites-available/asxp.io b/sites-available/asxp.io index c907738..640a4d0 100644 --- a/sites-available/asxp.io +++ b/sites-available/asxp.io @@ -1,7 +1,7 @@ #asxp.io test gpg sign server { listen 443 ssl http2; - listen [::]:443 ssl http2; + #listen [::]:443 ssl http2; server_name asxp.io www.asxp.io; root /srv/http/asxpio; @@ -22,6 +22,6 @@ server { ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; -} \ No newline at end of file + #include /etc/letsencrypt/options-ssl-nginx.conf; + #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} diff --git a/sites-available/builds b/sites-available/builds new file mode 100644 index 0000000..b36541f --- /dev/null +++ b/sites-available/builds @@ -0,0 +1,22 @@ +server { + server_name builds.asxp.io; + + #listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + + + root /srv/ftp/; + + access_log /var/log/nginx/ftp.access.log; + error_log /var/log/nginx/ftp.error.log; + + location / { + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + } +} diff --git a/sites-available/gitea b/sites-available/gitea index c96b4b3..b0eab4c 100644 --- a/sites-available/gitea +++ b/sites-available/gitea @@ -1,6 +1,6 @@ server { listen 443 ssl http2; - listen [::]:443 ssl http2; + #listen [::]:443 ssl http2; server_name git.asxp.io www.git.asxp.io; location / { @@ -13,6 +13,6 @@ server { ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; -} \ No newline at end of file + #include /etc/letsencrypt/options-ssl-nginx.conf; + #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} diff --git a/sites-available/https b/sites-available/https index c3011fd..d66c5c2 100644 --- a/sites-available/https +++ b/sites-available/https @@ -1,6 +1,6 @@ server { listen 80; - listen [::]:80; + #listen [::]:80; server_name _; return 301 https://$host$request_uri; -} \ No newline at end of file +} diff --git a/sites-available/jenkins b/sites-available/jenkins new file mode 100644 index 0000000..77dd8ce --- /dev/null +++ b/sites-available/jenkins @@ -0,0 +1,86 @@ +upstream jenkins { + keepalive 32; # keepalive connections + server 127.0.0.1:8420; # jenkins ip and port +} + +# Required for Jenkins websocket agents +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; + server_name www.jenkins.asxp.io jenkins.asxp.io; + #listen [::]:80; + server_name www.jenkins.asxp.io jenkins.asxp.io; + root /var/run/jenkins/war/; + + #index index.html; + + server_name _; + return 444; + + location / { + try_files $uri $uri/ =404; + } +} + +server { + server_name jenkins.asxp.io; + #listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + + + ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; + #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + root /var/run/jenkins/war/; + + access_log /var/log/nginx/jenkins.access.log; + error_log /var/log/nginx/jenkins.error.log; + + ignore_invalid_headers off; + + location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { + rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; + } + + location /userContent { + root /var/lib/jenkins/; + if (!-f $request_filename){ + rewrite (.*) /$1 last; + break; + } + sendfile on; + } + + location / { + sendfile off; + proxy_pass http://jenkins; + proxy_redirect default; + proxy_http_version 1.1; + + # Required for Jenkins websocket agents + proxy_set_header Connection $connection_upgrade; + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_max_temp_file_size 0; + + #this is the maximum upload size + client_max_body_size 10m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffering off; + proxy_request_buffering off; # Required for HTTP CLI commands + proxy_set_header Connection ""; # Clear for keepalive + } +} diff --git a/sites-available/uptime b/sites-available/uptime index 17b038d..52e5d9f 100644 --- a/sites-available/uptime +++ b/sites-available/uptime @@ -1,11 +1,11 @@ server { listen 443 ssl http2; - listen [::]:443 ssl http2; + #listen [::]:443 ssl http2; server_name uptime.asxp.io www.uptime.asxp.io; location / { - proxy_pass http://localhost:3001/; + proxy_pass http://localhost:3001; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; @@ -16,6 +16,6 @@ location / { ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + #include /etc/letsencrypt/options-ssl-nginx.conf; + #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } diff --git a/sites-enabled/asxp.io b/sites-enabled/asxp.io new file mode 120000 index 0000000..7d3f4b2 --- /dev/null +++ b/sites-enabled/asxp.io @@ -0,0 +1 @@ +/etc/nginx/sites-available/asxp.io \ No newline at end of file diff --git a/sites-enabled/builds b/sites-enabled/builds new file mode 120000 index 0000000..0f88b64 --- /dev/null +++ b/sites-enabled/builds @@ -0,0 +1 @@ +/etc/nginx/sites-available/builds \ No newline at end of file diff --git a/sites-enabled/gitea b/sites-enabled/gitea new file mode 120000 index 0000000..5087df8 --- /dev/null +++ b/sites-enabled/gitea @@ -0,0 +1 @@ +/etc/nginx/sites-available/gitea \ No newline at end of file diff --git a/sites-enabled/https b/sites-enabled/https new file mode 120000 index 0000000..14d0e91 --- /dev/null +++ b/sites-enabled/https @@ -0,0 +1 @@ +/etc/nginx/sites-available/https \ No newline at end of file diff --git a/sites-enabled/jenkins b/sites-enabled/jenkins new file mode 120000 index 0000000..544fcd0 --- /dev/null +++ b/sites-enabled/jenkins @@ -0,0 +1 @@ +/etc/nginx/sites-available/jenkins \ No newline at end of file diff --git a/sites-enabled/uptime b/sites-enabled/uptime new file mode 120000 index 0000000..3c6c2f6 --- /dev/null +++ b/sites-enabled/uptime @@ -0,0 +1 @@ +/etc/nginx/sites-available/uptime \ No newline at end of file