tradewind/nginx-conf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#update template

Browse Source
This commit is contained in:
tradewind 2024-06-25 11:44:07 +08:00
parent 2dfb95af7e
commit 1b6f0402aa
22 changed files with 503 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
run.sh
View File

@ -1,5 +1,13 @@
#!/bin/bash
if [ -f /etc/nginx/nginx.conf ] && [ -d /var/log/nginx ];then
echo 'nginx 已安装'
else
sudo apt-get install -y nginx
fi
# install docker?
rm -rf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/*
cd /home/ubuntu/code/nginx-conf || return 1

47
sites-available/9song-api
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 9song-api.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 9song-api.tradewind.vip;
location / {
@ -8,23 +24,20 @@ server {
proxy_pass http://127.0.0.1:8000/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = 9song-api.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name 9song-api.tradewind.vip;
return 404; # managed by Certbot
}

80
sites-available/api
View File

@ -1,36 +1,54 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 443;
server_name api.tradewind.vip;
listen 80 default_server;
listen [::]:80 default_server;
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /var/www/http/tradewind-api/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
server {
if ($host = api.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name api.tradewind.vip;
return 404; # managed by Certbot
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.tradewind.vip;
root /var/www/http/tradewind-api/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}

48
sites-available/bitwarden
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name bitwarden.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bitwarden.tradewind.vip;
# Allow large attachments
@ -14,23 +30,21 @@ server {
proxy_pass http://$router:10060;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = bitwarden.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name bitwarden.tradewind.vip;
return 404; # managed by Certbot
}

59
sites-available/chat
View File

@ -1,26 +1,43 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 443;
server_name chat.tradewind.vip;
listen 80 default_server;
listen [::]:80 default_server;
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /var/www/html/chatchan;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
if ($host = chat.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name chat.tradewind.vip;
return 404; # managed by Certbot
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.tradewind.vip;
root /var/www/html/chatchan;
index index.html;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}

48
sites-available/emby
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name emby.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name emby.tradewind.vip;
location / {
@ -10,23 +26,19 @@ server {
proxy_pass http://$router:8096;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = emby.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name emby.tradewind.vip;
return 404; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}

49
sites-available/gitea
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name gitea.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gitea.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -10,23 +25,19 @@ server {
proxy_pass http://$router:10010;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gitea.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name gitea.tradewind.vip;
return 404; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}

47
sites-available/img
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name img.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name img.tradewind.vip;
location / {
@ -9,23 +25,20 @@ server {
proxy_pass https://txapi.tradewind.vip/release/imgbed/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = img.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name img.tradewind.vip;
return 404; # managed by Certbot
}

47
sites-available/jenkins
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name jenkins.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jenkins.tradewind.vip;
location / {
@ -9,23 +25,20 @@ server {
proxy_pass http://tradewind.myqnapcloud.com:10030/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = jenkins.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name jenkins.tradewind.vip;
return 404; # managed by Certbot
}

64
sites-available/joplin
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name joplin.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name joplin.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip:22300";
proxy_set_header Host $host;
proxy_redirect off;
@ -11,43 +26,20 @@ server {
proxy_pass http://$router;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
}
server {
server_name joplin.tradewind.vip;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$router:8888;
}
listen 5000 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = joplin.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name joplin.tradewind.vip;
return 404; # managed by Certbot
}

49
sites-available/leanote
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name leanote.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name leanote.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -12,23 +27,21 @@ server {
location /demo {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = leanote.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name leanote.tradewind.vip;
return 404; # managed by Certbot
}

38
sites-available/mozilla_template Normal file
View File

@ -0,0 +1,38 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediatemozilla_templates;
# replace with the IP address of your resolver
resolver 127.0.0.1;
}

42
sites-available/music
View File

@ -1,42 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name music.tradewind.vip;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:8080/;
}
# listen 80;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/music.tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/music.tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = music.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name music.tradewind.vip;
return 404; # managed by Certbot
}
#server {
# listen 8080;
# server_name tradewind.vip;
# return 301 https://music.tradewind.vip;
#}

53
sites-available/nas
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name nas.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nas.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
proxy_redirect off;
@ -11,28 +26,20 @@ server {
proxy_pass http://$router:5000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
#server {
# listen 80;
# server_name nas.tradewind.vip;
# return 301 https://$host$request_uri;
#}
server {
if ($host = nas.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name nas.tradewind.vip;
return 404; # managed by Certbot
}

31
sites-available/rss
View File

@ -1,31 +0,0 @@
server {
server_name rss.tradewind.vip;
location / {
proxy_set_header Host $host;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1200/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = rss.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name rss.tradewind.vip;
return 404; # managed by Certbot
}

31
sites-available/send
View File

@ -1,31 +0,0 @@
server {
server_name send.tradewind.vip;
location / {
proxy_set_header Host $host;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://airportal.cn/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = send.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name send.tradewind.vip;
return 404; # managed by Certbot
}

29
sites-available/sync
View File

@ -1,29 +0,0 @@
server {
server_name sync.tradewind.vip;
location / {
proxy_set_header Host $host;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://router.tradewind.vip:5007/Sync;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sync.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sync.tradewind.vip;
return 404; # managed by Certbot
}

49
sites-available/teamcity
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name teamcity.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name teamcity.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -10,23 +25,19 @@ server {
proxy_pass http://$router:8111;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = teamcity.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name teamcity.tradewind.vip;
return 404; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}

48
sites-available/tr
View File

@ -1,8 +1,23 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name tr.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tr.tradewind.vip;
location / {
resolver 223.5.5.5;
set $router "router.tradewind.vip";
proxy_set_header Host $host;
proxy_redirect off;
@ -11,23 +26,20 @@ server {
proxy_pass http://$router:49091;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = tr.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name tr.tradewind.vip;
return 404; # managed by Certbot
}

47
sites-available/wiznote
View File

@ -1,4 +1,20 @@
# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name wiznote.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wiznote.tradewind.vip;
location / {
@ -9,23 +25,20 @@ server {
proxy_pass http://tradewind.myqnapcloud.com:10020/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
server {
if ($host = wiznote.tradewind.vip) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name wiznote.tradewind.vip;
return 404; # managed by Certbot
}

12
sites-available/www
View File

@ -29,8 +29,16 @@ server {
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332

5
sites-enabled
View File

@ -1,17 +1,12 @@
00
9song-api
api
bitwarden
chat
emby
gitea
img
jenkins
joplin
leanote
nas
rss
sync
teamcity
tr
wiznote