hosting: some config files for host: shadow, some named conf for

utility-101-shadow vm
This commit is contained in:
Jan Novak
2026-02-20 02:16:16 +01:00
parent be362a5ab7
commit 0eab64c954
6 changed files with 559 additions and 1 deletions

View File

@@ -212,6 +212,88 @@ server {
return 404; # managed by Certbot
}
server {
server_name jellyfin.home.hrajfrisbee.cz; # managed by Certbot
# Security headers for media streaming
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Increase body size for high-res movie posters
client_max_body_size 20M;
location / {
# Proxy to your Synology or VM IP and Jellyfin port (default 8096)
proxy_pass https://docker-30:443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering for smoother streaming
proxy_buffering off;
}
listen 8443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jellyfin.home.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jellyfin.home.hrajfrisbee.cz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = jellyfin.home.hrajfrisbee.cz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name jellyfin.home.hrajfrisbee.cz;
return 404; # managed by Certbot
}
server {
root /srv/webs/random-shit;
server_name random-shit.hrajfrisbee.cz; # managed by Certbot
# Enable directory browsing
autoindex on;
# Optional: Show file sizes in MB/GB instead of bytes
autoindex_exact_size off;
# Optional: Show file timestamps in your local server time
autoindex_localtime on;
# Optional: Choose format (html, xml, json, or jsonp)
autoindex_format html;
listen 8443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/random-shit.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/random-shit.hrajfrisbee.cz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = random-shit.hrajfrisbee.cz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name random-shit.hrajfrisbee.cz;
return 404; # managed by Certbot
}
server {
@@ -240,8 +322,8 @@ server {
ssl_certificate_key /etc/letsencrypt/live/vault.hrajfrisbee.cz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = vault.hrajfrisbee.cz) {
return 301 https://$host$request_uri;
@@ -250,6 +332,32 @@ server {
listen 80 ;
server_name vault.hrajfrisbee.cz;
return 404; # managed by Certbot
}
server {
server_name maru-hleda-byt.home.hrajfrisbee.cz; # managed by Certbot
location / {
proxy_pass http://docker-30:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 8443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/maru-hleda-byt.home.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/maru-hleda-byt.home.hrajfrisbee.cz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = maru-hleda-byt.home.hrajfrisbee.cz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name maru-hleda-byt.home.hrajfrisbee.cz;
return 404; # managed by Certbot
}