2023-04-01

2023-04-01 12:28:58 -05:00
parent 090481ab0d
commit 29c6567506
251 changed files with 88623 additions and 122 deletions
--- a/home/nginx/conf.d/default.conf
+++ b/home/nginx/conf.d/default.conf
@@ -1,97 +1,47 @@
 server {
-    listen       80;
-    listen  [::]:80;
-    server_name  localhost;
+ 	server_name _;
+ 	# you can serve any number of redirects from here...
+ 	listen 80;
+ 	return 301 https://$host$request_uri;
+}

-    #access_log  /var/log/nginx/host.access.log  main;
-	location / {
-        return 301 https://$host$request_uri; 
-    } 
-        
+server {
+    listen 443 ssl http2;
+    server_name rpg.ascorrea.com;
+	include certs/certs.conf;
+	include applications/vouch.conf;
+
+    root /var/www/html/;
 	
-	location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
+	error_page 401 = @error401;

-    #error_page  404              /404.html;
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #    deny  all;
-    #}
-}
-
-server {
-    listen 443 default_server ssl http2;
-    listen [::]:443 ssl http2;
-
-    server_name example.org;
-
-    ssl_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/live/rpg.ascorrea.com/privkey.pem;
-    
-    location / {
-        root   /var/www/html;
-        index  index.html index.htm;
-    } 
-    
-     # pass the PHP scripts to FastCGI server listening on php:9000
-    #
-    location ~ \.php$ {
-         fastcgi_pass   php:9000;
-         fastcgi_index  index.php;
-         include        fastcgi_params;
-         fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
-     }
-     
-	location /podcast/eps {
-         root   /var/www/html;
-   		 autoindex on;
+	location / {
+		# This application is simply proxy-passed without any authentication
+		index  index.html index.htm;
+		
 	}
-     
-     location /foundry/ {
-        
-                # Set proxy headers
-                proxy_set_header Host $host;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-        
-                # These are important to support WebSockets
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "Upgrade";
-        
-                # Make sure to set your Foundry VTT port number
-                proxy_pass http://foundry:30000/foundry/;
-            }
-    location /filebrowser/ {
-        client_max_body_size                    2048m;
-        proxy_read_timeout                      86400s;
-        proxy_send_timeout                      86400s;
-        proxy_set_header                        X-Forwarded-Host $host;
-        proxy_set_header                        X-Forwarded-Server $host;
-        proxy_set_header                        X-Real-IP $remote_addr;
-        proxy_set_header                        Host $host;
-        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_http_version                      1.1;
-        proxy_redirect                          off;
-        proxy_set_header                        Upgrade $http_upgrade;
-        proxy_set_header                        Connection "upgrade";
-        proxy_pass                              http://filebrowser:80/filebrowser/;
-    }
-    location /yacht/ {
-        proxy_http_version 1.1;
-		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "Upgrade";
-        proxy_pass                              http://yacht:8000/;
-    }
+	
+	location /foundry/ {
+		auth_request /vouch/validate;
+		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
+		include applications/foundry.conf;
+	}
+	
+	location /filebrowser/ {
+		auth_request /vouch/validate;
+		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
+		include applications/filebrowser.conf;
+	}
+	
+	location /yacht/ {
+		auth_request /vouch/validate;
+		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
+		include applications/yacht.conf;
+	}
+	
+	include applications/podcast.conf;
+	    
 }
-
--- a/home/nginx/conf.d/swrpg.ascorrea.com.conf
+++ b/home/nginx/conf.d/swrpg.ascorrea.com.conf
@@ -0,0 +1,15 @@
+server {
+server_name swrpg.ascorrea.com;    # you can serve any number of redirects from here...
+listen 80;
+return 301 https://rpg.ascorrea.com$request_uri;
+}
+
+server {
+server_name swrpg.ascorrea.com;    # you can serve any number of redirects from here...
+listen 443;
+
+ssl_certificate /etc/nginx/ssl/live/swrpg.ascorrea.com/fullchain.pem;
+ssl_certificate_key /etc/nginx/ssl/live/swrpg.ascorrea.com/privkey.pem;
+
+return 301 https://rpg.ascorrea.com$request_uri;
+}
--- a/home/nginx/conf.d/upstreams.conf
+++ b/home/nginx/conf.d/upstreams.conf
@@ -0,0 +1,17 @@
+upstream foundry {
+	# set this to location of foundry
+	server foundry:30000;
+}
+
+upstream vouch {
+	# set this to location of the vouch proxy
+	server vouch:9090;
+}
+
+upstream filebrowser{
+	server filebrowser:80;
+}
+
+upstream yacht {
+	server yacht:8000;
+}