scripts/nginx_config_maker/prod/proxmox.conf

511 lines
15 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ----------- use proxmox.coussinet.org to see the Proxmox Dashboard
# ---------------- ludovic souliman conteur -------------------------
server {
server_name ludovicsouliman.com www.ludovicsouliman.com;
listen 80 http2;
return 301 https://www.ludovicsouliman.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.ludovicsouliman.com;
ssl_certificate /etc/letsencrypt/live/ludovicsouliman.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ludovicsouliman.com-0002/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- funky framadate -------------------------
server {
server_name framadate-api.cipherbliss.com;
listen 80 http2;
return 301 https://framadate-api.cipherbliss.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name framadate-api.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/framadate-api.cipherbliss.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/framadate-api.cipherbliss.com-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- qzine fr -------------------------
server {
server_name qzine.fr www.qzine.fr;
listen 80 http2;
return 301 https://qzine.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name qzine.fr;
ssl_certificate /etc/letsencrypt/live/qzine.fr-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qzine.fr-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- club informatique libre gometz org -------------------------
server {
server_name cil-gometz.org www.cil-gometz.org;
listen 80 http2;
return 301 https://www.cil-gometz.org$request_uri;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name cil-gometz.org;
return 301 https://www.cil-gometz.org$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cil-gometz.org;
ssl_certificate /etc/letsencrypt/live/www.cil-gometz.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cil-gometz.org/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- la puce à l'oreille fr -------------------------
server {
server_name pucealoreille.fr www.pucealoreille.fr;
listen 80 http2;
return 301 https://www.pucealoreille.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.pucealoreille.fr;
ssl_certificate /etc/letsencrypt/live/pucealoreille.fr-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pucealoreille.fr-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- un bec et des ailes fr -------------------------
server {
server_name unbecetdesailes.fr www.unbecetdesailes.fr;
listen 80 http2;
return 301 https://www.unbecetdesailes.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.unbecetdesailes.fr;
ssl_certificate /etc/letsencrypt/live/unbecetdesailes.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/unbecetdesailes.fr/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ---------------- catherine fonder fr -------------------------
server {
server_name catherinefonder.fr www.catherinefonder.fr;
listen 80 http2;
return 301 https://catherinefonder.fr$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name catherinefonder.fr;
# /etc/letsencrypt/live/catherinefonder.fr-0001/
ssl_certificate /etc/letsencrypt/live/catherinefonder.fr-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/catherinefonder.fr-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ... lafromagerie
server {
server_name lafromagerie-bsf.com www.lafromagerie-bsf.com;
listen 80;
return 301 https://lafromagerie-bsf.com$request_uri;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name www.lafromagerie-bsf.com;
return 301 https://lafromagerie-bsf.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lafromagerie-bsf.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# /etc/letsencrypt/live/lafromagerie-bsf.com-0002
ssl_certificate /etc/letsencrypt/live/lafromagerie-bsf.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lafromagerie-bsf.com-0002/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ... lafromagerie
server {
server_name lafromagerie-bsf.com www.lafromagerie-bsf.com;
listen 80;
return 301 https://lafromagerie-bsf.com$request_uri;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name www.lafromagerie-bsf.com;
return 301 https://lafromagerie-bsf.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lafromagerie-bsf.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# /etc/letsencrypt/live/lafromagerie-bsf.com-0002
ssl_certificate /etc/letsencrypt/live/lafromagerie-bsf.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lafromagerie-bsf.com-0002/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ------------- peertube ----------------------------
server {
server_name peertube.cipherbliss.com;
listen 80 http2;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name peertube.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/peertube.cipherbliss.com/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://10.10.10.101;# Container peertube
}
add_header Permissions-Policy interest-cohort=();
}
# ---------------- tykayn blog -------------------------
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tykayn.fr;
ssl_certificate /etc/letsencrypt/live/www.tykayn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.tykayn.fr/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# ------------- peertube ----------------------------
server {
server_name peertube.cipherbliss.com;
listen 80 http2;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name peertube.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/peertube.cipherbliss.com/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://10.10.10.101;# Container peertube
}
add_header Permissions-Policy interest-cohort=();
}
# ---------------- tykayn blog -------------------------
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tykayn.fr;
ssl_certificate /etc/letsencrypt/live/www.tykayn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.tykayn.fr/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# --------------- cipherbliss.com blog ------------------
server {
server_name cipherbliss.com www.cipherbliss.com;
return 301 https://www.cipherbliss.com$request_uri;
listen [::]:80;
listen 80;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name cipherbliss.com;
return 301 https://www.cipherbliss.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/www.cipherbliss.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.cipherbliss.com-0001/privkey.pem; # managed by Certbot
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# --------------- portfolio cipherbliss ------------------
server {
server_name portfolio.cipherbliss.com;
listen 80;
return 301 https://portfolio.cipherbliss.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name portfolio.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/portfolio.cipherbliss.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portfolio.cipherbliss.com-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.103;
}
add_header Permissions-Policy "interest-cohort=()";
}
# --------------- mastodon cipherbliss ------------------
server {
server_name mastodon.cipherbliss.com;
listen 80;
return 301 https://mastodon.cipherbliss.com$request_uri;
}
server {
listen 443 http2;
listen [::]:443 http2;
server_name mastodon.cipherbliss.com;
ssl_certificate /etc/letsencrypt/live/mastodon.cipherbliss.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mastodon.cipherbliss.com-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
client_max_body_size 50M;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
# Container tksites
proxy_pass https://10.10.10.102;
}
add_header Permissions-Policy "interest-cohort=()";
}
server {
if ($host = tykayn.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.tykayn.fr) {
return 301 https://tykayn.fr$request_uri;
} # managed by Certbot
server_name tykayn.fr www.tykayn.fr;
listen 80;
return 404; # managed by Certbot
}