services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

restrict domains based on port

Browse Source
This commit is contained in:
Reese Wells
2024-02-01 01:17:06 -05:00
parent 044f3439ed
commit 7251627477
5 changed files with 144 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
nginx/https.conf
View File

@@ -4,15 +4,12 @@ map $http_upgrade $connection_upgrade {
}
server {
listen 127.0.0.1:80;
listen 127.0.0.1:443 ssl http2;
server_name {{ item.external_domain }};
access_log /var/log/nginx/{{ item.external_domain }}-access.log compression;
server_name {{ item.external.domain }};
if ($scheme = "http") {
return 301 https://$host:443$request_uri;
}
access_log /var/log/nginx/{{ item.external.domain }}-access.log compression;
# listen 443 ssl http2; # for nginx versions below v1.25.1
# listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
@@ -26,7 +23,7 @@ server {
location / {
resolver 1.1.1.1;
proxy_pass {{ item.internal_protocol }}://{{ item.internal_domain }}:{{ item.internal_port }}$request_uri;
proxy_pass {{ item.internal.protocol }}://{{ item.internal.domain }}:{{ item.internal.port }}$request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
@@ -46,8 +43,8 @@ server {
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/{{ item.external_domain }}/fullchain.pem; # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/{{ item.external_domain }}/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ item.external.domain }}/fullchain.pem; # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/{{ item.external.domain }}/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions