misc: zot registry, k8s OIDC, server configs, sandbox experiments, and notes
- docker-30/zot: add Zot OCI registry with on-demand sync to docker.io, registry.k8s.io, ghcr.io, quay.io - kubernetes-kvm-terraform: wire Kanidm OIDC via structured AuthenticationConfiguration; add reference apiserver manifest and join-node-02 helper - servers: reorganize shadow/ under servers/, add saint vhost config and utility-101 VM definition, add shadow hrajfrisbee.cz vhost and storage-23 notes - experiments: add notes and configs for e2b dev VM, kata + firecracker on kube, microsandbox, orb-stack k3s (terraform + cloud-init), rke2 - vms/docker: document tailscale + node-exporter setup - blog: stub post on Gateway API - chore: gitignore tmp/, smtp_password, and the two local-only credential caches; add per-project .claude/settings.json Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
378
servers/saint/files/nginx/104_docker_zlutazimnice.cz.conf
Normal file
378
servers/saint/files/nginx/104_docker_zlutazimnice.cz.conf
Normal file
@@ -0,0 +1,378 @@
|
||||
server {
|
||||
server_name
|
||||
api.psmf.hrajfrisbee.cz
|
||||
;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://192.168.122.25:5001;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/api.psmf.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/api.psmf.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
||||
# return 301 https://$host$request_uri;
|
||||
# } # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
client_max_body_size 15m; proxy_read_timeout 600;
|
||||
server_name
|
||||
api-sync.psmf.hrajfrisbee.cz
|
||||
;
|
||||
location / {
|
||||
proxy_pass http://192.168.122.25:8003;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name
|
||||
api-sync.psmf.hrajfrisbee.cz
|
||||
;
|
||||
location / {
|
||||
proxy_pass http://192.168.122.25:8003;
|
||||
}
|
||||
|
||||
client_max_body_size 15m;
|
||||
proxy_read_timeout 600;
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/api-sync.psmf.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/api-sync.psmf.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
server_name api.evidence.cald.cz
|
||||
api.evidence.czechultimate.cz
|
||||
;
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://192.168.122.25:8001;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/api.evidence.czechultimate.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/api.evidence.czechultimate.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
server_name evidence.cald.cz
|
||||
evidence.czechultimate.cz
|
||||
;
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://192.168.122.25:8002;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/evidence.czechultimate.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/evidence.czechultimate.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
server_name
|
||||
hrajfrisbee.cz
|
||||
www.hrajfrisbee.cz;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://192.168.122.25:5002;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = beta.hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name beta.hrajfrisbee.cz;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://192.168.122.25:5003;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name
|
||||
hrajfrisbee.cz
|
||||
www.hrajfrisbee.cz;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://192.168.122.25:5002;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/www.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name beta.hrajfrisbee.cz;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://192.168.122.25:5003;
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
|
||||
server_name
|
||||
gitlab.hrajfrisbee.cz
|
||||
;
|
||||
|
||||
location / {
|
||||
proxy_pass http://192.168.122.25:80;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect off;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_send_timeout 90;
|
||||
proxy_read_timeout 90;
|
||||
client_max_body_size 10m;
|
||||
client_body_buffer_size 128k;
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 4 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
|
||||
}
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/gitlab.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/gitlab.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
server_name
|
||||
registry.gitlab.hrajfrisbee.cz
|
||||
;
|
||||
|
||||
location / {
|
||||
proxy_pass http://192.168.122.25:5005;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
|
||||
client_max_body_size 3000M;
|
||||
client_body_buffer_size 200000k;
|
||||
#auth_basic "Restricted Content";
|
||||
#auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
}
|
||||
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/registry.gitlab.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/registry.gitlab.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
if ($host = hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
if ($host = www.hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name
|
||||
hrajfrisbee.cz
|
||||
www.hrajfrisbee.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name
|
||||
hrajfrisbee.cz
|
||||
www.hrajfrisbee.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
if ($host = gitlab.hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
server_name
|
||||
gitlab.hrajfrisbee.cz
|
||||
;
|
||||
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = evidence.cald.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80;
|
||||
server_name evidence.cald.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = evidence.czechultimate.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
listen 80;
|
||||
server_name evidence.czechultimate.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = api.evidence.cald.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name api.evidence.cald.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = api.evidence.czechultimate.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name api.evidence.czechultimate.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = api.psmf.hrajfrisbee.cz) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80;
|
||||
server_name api.psmf.hrajfrisbee.cz;
|
||||
return 404; # managed by Certbot
|
||||
}
|
||||
|
||||
|
||||
#server {
|
||||
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
||||
# return 301 https://$host$request_uri;
|
||||
# } # managed by Certbot
|
||||
#
|
||||
#
|
||||
# listen 80;
|
||||
# server_name
|
||||
# api-sync.psmf.hrajfrisbee.cz
|
||||
# ;
|
||||
# return 404; # managed by Certbot
|
||||
#}
|
||||
|
||||
|
||||
server {
|
||||
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
||||
# return 301 https://$host$request_uri;
|
||||
# } # managed by Certbot
|
||||
|
||||
|
||||
server_name
|
||||
api-sync.psmf.hrajfrisbee.cz
|
||||
;
|
||||
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user