server { server_name gitea.skazochnik.spb.ru; location / { proxy_pass http://localhost:3005/; client_max_body_size 0; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/gitea.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/gitea.skazochnik.spb.ru/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # server { # server_name mattermost.skazochnik.spb.ru; # listen 443 ssl http2; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/mattermost.skazochnik.spb.ru/fullchain.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/mattermost.skazochnik.spb.ru/privkey.pem; # managed by Certbot # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # http2_push_preload on; # Enable HTTP/2 Server Push # # ssl_session_timeout 1d; # # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). # # ssl_protocols TLSv1.2 TLSv1.3; # # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to # # prevent replay attacks. # # # # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data # ssl_early_data on; # # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384'; # # ssl_prefer_server_ciphers on; # ssl_session_cache shared:SSL:50m; # # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months) # add_header Strict-Transport-Security max-age=15768000; # # OCSP Stapling --- # # fetch OCSP records from URL in ssl_certificate and cache them # ssl_stapling on; # ssl_stapling_verify on; # # add_header X-Early-Data $tls1_3_early_data; # location ~ /api/v[0-9]+/(users/)?websocket$ { # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # client_max_body_size 50M; # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Frame-Options SAMEORIGIN; # proxy_buffers 256 16k; # proxy_buffer_size 16k; # client_body_timeout 60; # send_timeout 300; # lingering_timeout 5; # proxy_connect_timeout 90; # proxy_send_timeout 300; # proxy_read_timeout 90s; # proxy_http_version 1.1; # proxy_pass http://localhost:8065; # } # location / { # client_max_body_size 50M; # proxy_set_header Connection ""; # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Frame-Options SAMEORIGIN; # proxy_buffers 256 16k; # proxy_buffer_size 16k; # proxy_read_timeout 600s; # # proxy_cache mattermost_cache; # # proxy_cache_revalidate on; # # proxy_cache_min_uses 2; # # proxy_cache_use_stale timeout; # # proxy_cache_lock on; # proxy_http_version 1.1; # proxy_pass http://localhost:8065; # } # } server { server_name docs.skazochnik.spb.ru; location / { proxy_pass http://192.168.0.101:8880; client_max_body_size 0; } listen 443 ssl; ssl_certificate /etc/letsencrypt/live/docs.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/docs.skazochnik.spb.ru/privkey.pem; # managed by Certbot } # server { # server_name castopod.skazochnik.spb.ru; # location / { # proxy_pass http://192.168.0.101:55001; # client_max_body_size 0; # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # listen 443 ssl; # ssl_certificate /etc/letsencrypt/live/castopod.skazochnik.spb.ru/fullchain.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/castopod.skazochnik.spb.ru/privkey.pem; # managed by Certbot # } # server { # server_name summeet.skazochnik.spb.ru; # location / { # proxy_pass https://192.168.0.108:5090; # client_max_body_size 0; # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # listen 5090 ssl; # ssl_certificate /etc/letsencrypt/live/summeet.skazochnik.spb.ru/fullchain.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/summeet.skazochnik.spb.ru/privkey.pem; # managed by Certbot # } server { server_name conference.skazochnik.spb.ru; listen 443 ssl; location / { root /var/www/empty/; } ssl_certificate /etc/letsencrypt/live/conference.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/conference.skazochnik.spb.ru/privkey.pem; # managed by Certbot } server { server_name photos.skazochnik.spb.ru; listen 443 ssl; location / { proxy_pass http://localhost:7780/; } ssl_certificate /etc/letsencrypt/live/photos.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/photos.skazochnik.spb.ru/privkey.pem; # managed by Certbot } server { server_name skazochnik.spb.ru; location / { proxy_pass http://gipat:5002/; sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/"; client_max_body_size 0; } listen 443 ssl default_server; # managed by Certbot ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name skazochnik.spb.ru; location / { root /var/www/website_frontend; index index.html index.htm; } listen 8989 ssl default_server; # managed by Certbot ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { listen 443 ssl; server_name podcast.skazochnik.spb.ru; location / { root /var/www/podcast; index index.html index.htm; } ssl_certificate /etc/letsencrypt/live/podcast.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/podcast.skazochnik.spb.ru/privkey.pem; # managed by Certbot } server { if ($host = gitea.skazochnik.spb.ru) { return 301 https://$host$request_uri; } # managed by Certbot server_name gitea.skazochnik.spb.ru; listen 80; return 404; # managed by Certbot } # server { # if ($host = mattermost.skazochnik.spb.ru) { # return 301 https://$host$request_uri; # } # managed by Certbot # server_name mattermost.skazochnik.spb.ru; # listen 80; # return 404; # managed by Certbot # } server { server_name wallabag.skazochnik.spb.ru; location / { proxy_pass http://localhost:8780; # proxy_set_header X-Forwarded-Host $server_name; # proxy_set_header X-Forwarded-Proto https; # proxy_set_header X-Forwarded-For $remote_addr; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/wallabag.skazochnik.spb.ru/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/wallabag.skazochnik.spb.ru/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }