Moving to Hetzner

2023-08-21 01:50:56 +02:00 · 2023-08-21 01:50:56 +02:00 · 202c24341b
commit 202c24341b
parent 5b40624c19
12 changed files with 128 additions and 14 deletions
--- a/sites-available/asxp.io
+++ b/sites-available/asxp.io
@ -1,7 +1,7 @@
 #asxp.io test gpg sign
 server {
    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    #listen [::]:443 ssl http2;
    server_name asxp.io www.asxp.io; 

 	root /srv/http/asxpio;
@ -22,6 +22,6 @@ server {

    ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    #include /etc/letsencrypt/options-ssl-nginx.conf;
+    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
--- a/sites-available/builds
+++ b/sites-available/builds
@ -0,0 +1,22 @@
+server {
+  server_name     builds.asxp.io;
+
+  #listen [::]:443 ssl ipv6only=on; 
+  listen 443 ssl; 
+  
+  ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem;
+
+
+  root            /srv/ftp/;
+
+  access_log      /var/log/nginx/ftp.access.log;
+  error_log       /var/log/nginx/ftp.error.log;
+
+  location / {
+    autoindex on;
+    autoindex_exact_size off;
+    autoindex_format html;
+    autoindex_localtime on;
+  }
+}
--- a/sites-available/gitea
+++ b/sites-available/gitea
@ -1,6 +1,6 @@
 server {
    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    #listen [::]:443 ssl http2;
    server_name git.asxp.io www.git.asxp.io;

    location / {
@ -13,6 +13,6 @@ server {

    ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    #include /etc/letsencrypt/options-ssl-nginx.conf;
+    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
--- a/sites-available/https
+++ b/sites-available/https
@ -1,6 +1,6 @@
 server {
    listen 80;
-	listen [::]:80;
+        #listen [::]:80;
 	server_name _;
    return 301 https://$host$request_uri;
 }    	
--- a/sites-available/jenkins
+++ b/sites-available/jenkins
@ -0,0 +1,86 @@
+upstream jenkins {
+  keepalive 32; # keepalive connections
+  server 127.0.0.1:8420; # jenkins ip and port
+}
+
+# Required for Jenkins websocket agents
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+server {
+	listen 80;
+        server_name www.jenkins.asxp.io jenkins.asxp.io;
+        #listen [::]:80;
+        server_name www.jenkins.asxp.io jenkins.asxp.io;
+        root	/var/run/jenkins/war/;
+        
+        #index index.html;
+
+        server_name _;
+        return 444;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
+    
+server {
+  server_name     jenkins.asxp.io; 
+  #listen [::]:443 ssl ipv6only=on;
+  listen 443 ssl;
+  
+
+  ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem;
+  #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
+
+  root            /var/run/jenkins/war/;
+
+  access_log      /var/log/nginx/jenkins.access.log;
+  error_log       /var/log/nginx/jenkins.error.log;
+
+  ignore_invalid_headers off;
+
+  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
+   rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
+  }
+
+  location /userContent {
+   root /var/lib/jenkins/;
+    if (!-f $request_filename){
+      rewrite (.*) /$1 last;
+      break;
+    }
+    sendfile on;
+  }
+
+  location / {
+      sendfile off;
+      proxy_pass         http://jenkins;
+      proxy_redirect     default;
+      proxy_http_version 1.1;
+
+      # Required for Jenkins websocket agents
+      proxy_set_header   Connection        $connection_upgrade;
+      proxy_set_header   Upgrade           $http_upgrade;
+
+      proxy_set_header   Host              $host;
+      proxy_set_header   X-Real-IP         $remote_addr;
+      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+      proxy_set_header   X-Forwarded-Proto $scheme;
+      proxy_max_temp_file_size 0;
+
+      #this is the maximum upload size
+      client_max_body_size       10m;
+      client_body_buffer_size    128k;
+
+      proxy_connect_timeout      90;
+      proxy_send_timeout         90;
+      proxy_read_timeout         90;
+      proxy_buffering            off;
+      proxy_request_buffering    off; # Required for HTTP CLI commands
+      proxy_set_header Connection ""; # Clear for keepalive
+  }
+}
--- a/sites-available/uptime
+++ b/sites-available/uptime
@ -1,11 +1,11 @@
 server {
    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    #listen [::]:443 ssl http2;
    server_name uptime.asxp.io www.uptime.asxp.io;


 location / {
-    proxy_pass         http://localhost:3001/;
+    proxy_pass         http://localhost:3001;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host $host;
@ -16,6 +16,6 @@ location / {
    
    ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    #include /etc/letsencrypt/options-ssl-nginx.conf;
+    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
--- a/sites-enabled/asxp.io
+++ b/sites-enabled/asxp.io
@ -0,0 +1 @@
+/etc/nginx/sites-available/asxp.io
--- a/sites-enabled/builds
+++ b/sites-enabled/builds
@ -0,0 +1 @@
+/etc/nginx/sites-available/builds
--- a/sites-enabled/gitea
+++ b/sites-enabled/gitea
@ -0,0 +1 @@
+/etc/nginx/sites-available/gitea
--- a/sites-enabled/https
+++ b/sites-enabled/https
@ -0,0 +1 @@
+/etc/nginx/sites-available/https
--- a/sites-enabled/jenkins
+++ b/sites-enabled/jenkins
@ -0,0 +1 @@
+/etc/nginx/sites-available/jenkins
--- a/sites-enabled/uptime
+++ b/sites-enabled/uptime
@ -0,0 +1 @@
+/etc/nginx/sites-available/uptime