diff --git a/services/ingress/auth.conf b/services/ingress/auth.conf index 151a7a7..fd00343 100644 --- a/services/ingress/auth.conf +++ b/services/ingress/auth.conf @@ -2,11 +2,12 @@ server { server_name auth.maksim-pankov.ru; location / { proxy_pass http://127.0.0.1:8000/; - proxy_set_header Host $proxy_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 0; } + large_client_header_buffers 4 32k; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/auth.maksim-pankov.ru/fullchain.pem; # managed by Certbot diff --git a/services/ingress/blog.conf b/services/ingress/blog.conf index 2b11225..eb3056f 100644 --- a/services/ingress/blog.conf +++ b/services/ingress/blog.conf @@ -1,8 +1,19 @@ server { - server_name blog.maksim-pankov.ru; - location / { - root /opt/blog_content/; - } + server_name blog.maksim-pankov.ru; + + location / { + proxy_pass http://localhost:9988; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_buffer_size 8k; + } + + # location /styles/ { + # try_files $uri $uri/ $uri.html =404; + # root /opt/blog_content/; + # } + large_client_header_buffers 4 32k; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/blog.maksim-pankov.ru/fullchain.pem; # managed by Certbot @@ -11,15 +22,22 @@ server { ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } + +server { + listen localhost:7788; + location / { + root /opt/blog_content/; + try_files $uri $uri/ $uri.html =404; + } +} + server { if ($host = blog.maksim-pankov.ru) { return 301 https://$host$request_uri; } # managed by Certbot - server_name blog.maksim-pankov.ru; - listen 80; + server_name blog.maksim-pankov.ru; + listen 80; return 404; # managed by Certbot - - } \ No newline at end of file diff --git a/services/ingress/nextcloud.conf b/services/ingress/nextcloud.conf index f272d55..9c70019 100644 --- a/services/ingress/nextcloud.conf +++ b/services/ingress/nextcloud.conf @@ -3,7 +3,7 @@ server { server_name maksim-pankov.ru skazochnik.spb.ru gipat; location / { proxy_pass http://gipat:5002/; - sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/"; + sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/"; client_max_body_size 0; } ssl_certificate /etc/letsencrypt/live/maksim-pankov.ru/fullchain.pem; # managed by Certbot diff --git a/services/oauth-proxy/docker-compose.yml b/services/oauth-proxy/docker-compose.yml new file mode 100644 index 0000000..f12ed36 --- /dev/null +++ b/services/oauth-proxy/docker-compose.yml @@ -0,0 +1,20 @@ +services: + keeper: + image: quay.io/oauth2-proxy/oauth2-proxy + environment: + - OAUTH2_PROXY_PROVIDER=oidc + - OAUTH2_PROXY_HTTP_ADDRESS=http://0.0.0.0:9988 + - OAUTH2_PROXY_REDIRECT_URL=https://blog.maksim-pankov.ru/oauth2/callback + - OAUTH2_PROXY_REVERSE_PROXY=true + - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true + - OAUTH2_PROXY_UPSTREAMS=http://localhost:7788/ + # - OAUTH2_PROXY_UPSTREAMS=file:///opt/blog_content/#/ + - OAUTH2_PROXY_UPSTREAMS=static://200 + - OAUTH2_PROXY_CLIENT_ID=jigran_blog + - OAUTH2_PROXY_CLIENT_SECRET=c72ba7c0d489e020e0b5875729186ac4fb6872d7 + - OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.maksim-pankov.ru + - OAUTH2_PROXY_COOKIE_SECRET=N9PrzHtfF4ZEbdvy24CvRAL7MbMA57Q3 + - OAUTH2_PROXY_EMAIL_DOMAINS=* + - OAUTH2_PROXY_WHITELIST_DOMAINS=*.maksim-pankov.ru + ports: + - 9988:9988 \ No newline at end of file