From a538698c935eb4ca17a2849c68129d197386159f Mon Sep 17 00:00:00 2001 From: root Date: Sat, 29 Oct 2022 23:23:42 +0800 Subject: [PATCH] init --- 9song-api | 31 ++++++++++++++++ a_default | 18 ++++++++++ api | 36 +++++++++++++++++++ bitwarden | 36 +++++++++++++++++++ default | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++ emby | 34 ++++++++++++++++++ gitea | 33 +++++++++++++++++ gogs | 31 ++++++++++++++++ img | 31 ++++++++++++++++ jenkins | 31 ++++++++++++++++ joplin | 53 +++++++++++++++++++++++++++ leanote | 35 ++++++++++++++++++ music | 42 ++++++++++++++++++++++ nas | 38 ++++++++++++++++++++ rss | 31 ++++++++++++++++ send | 31 ++++++++++++++++ sync | 29 +++++++++++++++ tr | 33 +++++++++++++++++ wiznote | 31 ++++++++++++++++ www | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 20 files changed, 810 insertions(+) create mode 100644 9song-api create mode 100644 a_default create mode 100644 api create mode 100644 bitwarden create mode 100644 default create mode 100644 emby create mode 100644 gitea create mode 100644 gogs create mode 100644 img create mode 100644 jenkins create mode 100644 joplin create mode 100644 leanote create mode 100644 music create mode 100644 nas create mode 100644 rss create mode 100644 send create mode 100644 sync create mode 100644 tr create mode 100644 wiznote create mode 100644 www diff --git a/9song-api b/9song-api new file mode 100644 index 0000000..019d41f --- /dev/null +++ b/9song-api @@ -0,0 +1,31 @@ +server { + server_name 9song-api.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:8000/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = 9song-api.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name 9song-api.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/a_default b/a_default new file mode 100644 index 0000000..6d49065 --- /dev/null +++ b/a_default @@ -0,0 +1,18 @@ +server { + listen 80 default_server; + server_name _; + return 444; +} + +server { + listen 443 ssl default_server; + server_name _; + + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot +# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot +# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + return 444; +} + diff --git a/api b/api new file mode 100644 index 0000000..22c3d73 --- /dev/null +++ b/api @@ -0,0 +1,36 @@ +server { + listen 443; + server_name api.tradewind.vip; + + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + root /var/www/http/tradewind-api/public; + index index.php; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + include fastcgi_params; + } +} + +server { + if ($host = api.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name api.tradewind.vip; + return 404; # managed by Certbot +} + diff --git a/bitwarden b/bitwarden new file mode 100644 index 0000000..406bbe0 --- /dev/null +++ b/bitwarden @@ -0,0 +1,36 @@ +server { + server_name bitwarden.tradewind.vip; + + # Allow large attachments + client_max_body_size 128M; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:10060; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = bitwarden.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name bitwarden.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/default b/default new file mode 100644 index 0000000..9d51630 --- /dev/null +++ b/default @@ -0,0 +1,101 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { +# listen 80 default_server; +# listen [::]:80 default_server; + + # SSL configuration + # + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + + # With php-fpm (or other unix sockets): +# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # With php-cgi (or other tcp sockets): + fastcgi_pass 127.0.0.1:9000; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} +server { + listen 80; + server_name default_server; + return 301 https://$host$request_uri; +} diff --git a/emby b/emby new file mode 100644 index 0000000..9d09552 --- /dev/null +++ b/emby @@ -0,0 +1,34 @@ +server { + server_name emby.tradewind.vip; + + location / { + add_header Cache-Control no-cache; + add_header Pragma no-cache; + add_header Expires 0; + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://router.tradewind.vip:8096/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = emby.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name emby.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/gitea b/gitea new file mode 100644 index 0000000..e3ad201 --- /dev/null +++ b/gitea @@ -0,0 +1,33 @@ +server { + server_name gitea.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:10010; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = gitea.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name gitea.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/gogs b/gogs new file mode 100644 index 0000000..df72ad6 --- /dev/null +++ b/gogs @@ -0,0 +1,31 @@ +server { + server_name gogs.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://tradewind.myqnapcloud.com:10020/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = gogs.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name gogs.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/img b/img new file mode 100644 index 0000000..429cc2d --- /dev/null +++ b/img @@ -0,0 +1,31 @@ +server { + server_name img.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass https://txapi.tradewind.vip/release/imgbed/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = img.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name img.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/jenkins b/jenkins new file mode 100644 index 0000000..694bd26 --- /dev/null +++ b/jenkins @@ -0,0 +1,31 @@ +server { + server_name jenkins.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://tradewind.myqnapcloud.com:10030/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = jenkins.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name jenkins.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/joplin b/joplin new file mode 100644 index 0000000..564dd04 --- /dev/null +++ b/joplin @@ -0,0 +1,53 @@ +server { + server_name joplin.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip:22300"; + proxy_set_header Host $host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + server_name joplin.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:8888; + } + + listen 5000 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = joplin.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name joplin.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/leanote b/leanote new file mode 100644 index 0000000..d9f24db --- /dev/null +++ b/leanote @@ -0,0 +1,35 @@ +server { + server_name leanote.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:10000; + } + location /demo { + deny all; + } + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = leanote.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name leanote.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/music b/music new file mode 100644 index 0000000..10f7e27 --- /dev/null +++ b/music @@ -0,0 +1,42 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + server_name music.tradewind.vip; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://127.0.0.1:8080/; + } + +# listen 80; + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/music.tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/music.tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = music.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name music.tradewind.vip; + return 404; # managed by Certbot +} + +#server { +# listen 8080; +# server_name tradewind.vip; +# return 301 https://music.tradewind.vip; +#} + diff --git a/nas b/nas new file mode 100644 index 0000000..bea9643 --- /dev/null +++ b/nas @@ -0,0 +1,38 @@ +server { + server_name nas.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:5000; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +#server { +# listen 80; +# server_name nas.tradewind.vip; +# return 301 https://$host$request_uri; +#} +server { + if ($host = nas.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name nas.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/rss b/rss new file mode 100644 index 0000000..e64a391 --- /dev/null +++ b/rss @@ -0,0 +1,31 @@ +server { + server_name rss.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:1200/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = rss.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name rss.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/send b/send new file mode 100644 index 0000000..10966ea --- /dev/null +++ b/send @@ -0,0 +1,31 @@ +server { + server_name send.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass https://airportal.cn/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = send.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name send.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/sync b/sync new file mode 100644 index 0000000..d2a7ad1 --- /dev/null +++ b/sync @@ -0,0 +1,29 @@ +server { + server_name sync.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://router.tradewind.vip:5007/Sync; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = sync.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name sync.tradewind.vip; + return 404; # managed by Certbot +} diff --git a/tr b/tr new file mode 100644 index 0000000..7f92fed --- /dev/null +++ b/tr @@ -0,0 +1,33 @@ +server { + server_name tr.tradewind.vip; + + location / { +resolver 223.5.5.5; +set $router "router.tradewind.vip"; + proxy_set_header Host $host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://$router:49091; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = tr.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name tr.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/wiznote b/wiznote new file mode 100644 index 0000000..f2cfdb4 --- /dev/null +++ b/wiznote @@ -0,0 +1,31 @@ +server { + server_name wiznote.tradewind.vip; + + location / { + proxy_set_header Host $host; +# proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://tradewind.myqnapcloud.com:10050/; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = wiznote.tradewind.vip) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name wiznote.tradewind.vip; + return 404; # managed by Certbot + + +} diff --git a/www b/www new file mode 100644 index 0000000..c1ed007 --- /dev/null +++ b/www @@ -0,0 +1,105 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { +# listen 80 default_server; +# listen [::]:80 default_server; + + # SSL configuration + # + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/http; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name tradewind.vip www.tradewind.vip; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri =404; + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + + # With php-fpm (or other unix sockets): +# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # With php-cgi (or other tcp sockets): + fastcgi_pass 127.0.0.1:9000; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} +server { + listen 80; + server_name tradewind.vip www.tradewind.vip; + return 301 https://$host$request_uri; +}