commit 6255ca497df42d655d88da8381a4222fe22eda66 Author: gaems Date: Fri Feb 28 18:57:38 2025 +0100 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..397b4a7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.log diff --git a/Dockerfile b/Dockerfile new file mode 100755 index 0000000..d7c9a09 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +FROM nginx:latest +RUN apt-get update && apt-get install -y cron && apt-get clean + +COPY cron-restart-nginx /etc/cron.d/cron-restart-nginx + +RUN chmod 0644 /etc/cron.d/cron-restart-nginx + +RUN crontab /etc/cron.d/cron-restart-nginx + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/cron-restart-nginx b/cron-restart-nginx new file mode 100644 index 0000000..59b2506 --- /dev/null +++ b/cron-restart-nginx @@ -0,0 +1,2 @@ +0 0 1 * * nginx -s reload + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100755 index 0000000..5c62515 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,27 @@ +services: + nginx: + build: + context: . + dockerfile: Dockerfile + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - ./sites-available:/etc/nginx/sites-available + - ./sites-enabled:/etc/nginx/sites-enabled + - ./log:/var/log/nginx + - /etc/letsencrypt:/etc/letsencrypt:ro + + restart: always + ports: + - 443:443 + networks: + - vaultwarden-network + - forgejo-network + - nextcloud-network + +networks: + vaultwarden-network: + external: true + forgejo-network: + external: true + nextcloud-network: + external: true diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b22ff5f --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash +service cron start + +nginx -g "daemon off;" diff --git a/nginx.conf b/nginx.conf new file mode 100755 index 0000000..df2a149 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,43 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 128; +} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + gzip on; + + ## + # Virtual Host Settings + ## + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/sites-available/default b/sites-available/default new file mode 100755 index 0000000..39170aa --- /dev/null +++ b/sites-available/default @@ -0,0 +1,20 @@ +# default 301,404 + +# default redirect HTTP to HTTPS +server { + listen 80 default_server; + server_name _; + + return 301 https://$host$request_uri; +} + +# default 404 for non-existent page +server { + listen 443 ssl default_server; + server_name _; + + ssl_certificate /etc/letsencrypt/live/gaems.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gaems.at/privkey.pem; + + return 404; +} diff --git a/sites-available/git.gaems.at b/sites-available/git.gaems.at new file mode 100755 index 0000000..1a480dd --- /dev/null +++ b/sites-available/git.gaems.at @@ -0,0 +1,15 @@ +# git.gaems.at +server { + listen 443 ssl; + server_name git.gaems.at; + + ssl_certificate /etc/letsencrypt/live/gaems.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gaems.at/privkey.pem; + + location / { + proxy_pass http://forgejo:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/sites-available/nextcloud.gaems.at b/sites-available/nextcloud.gaems.at new file mode 100755 index 0000000..c7f8192 --- /dev/null +++ b/sites-available/nextcloud.gaems.at @@ -0,0 +1,25 @@ +# nextcloud.gaems.at +server { + listen 443 ssl; + server_name nextcloud.gaems.at; + + ssl_certificate /etc/letsencrypt/live/gaems.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gaems.at/privkey.pem; + + location / { + proxy_pass http://nextcloud:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $https; + + # Performance for Nextcloud + client_max_body_size 512M; + gzip on; + gzip_vary on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_types application/json application/javascript text/css text/xml; + } +} diff --git a/sites-available/vault.gaems.at b/sites-available/vault.gaems.at new file mode 100755 index 0000000..423384a --- /dev/null +++ b/sites-available/vault.gaems.at @@ -0,0 +1,15 @@ +# vault.gaems.at +server { + listen 443 ssl; + server_name vault.gaems.at; + + ssl_certificate /etc/letsencrypt/live/gaems.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gaems.at/privkey.pem; + + location / { + proxy_pass http://vaultwarden; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/sites-enabled/default b/sites-enabled/default new file mode 120000 index 0000000..6d9ba33 --- /dev/null +++ b/sites-enabled/default @@ -0,0 +1 @@ +../sites-available/default \ No newline at end of file diff --git a/sites-enabled/git.gaems.at b/sites-enabled/git.gaems.at new file mode 120000 index 0000000..bb9c830 --- /dev/null +++ b/sites-enabled/git.gaems.at @@ -0,0 +1 @@ +../sites-available/git.gaems.at \ No newline at end of file diff --git a/sites-enabled/vault.gaems.at b/sites-enabled/vault.gaems.at new file mode 120000 index 0000000..0e28e76 --- /dev/null +++ b/sites-enabled/vault.gaems.at @@ -0,0 +1 @@ +../sites-available/vault.gaems.at \ No newline at end of file