Jan Novak
80d0cc1168
- docker-30/zot: add Zot OCI registry with on-demand sync to docker.io, registry.k8s.io, ghcr.io, quay.io - kubernetes-kvm-terraform: wire Kanidm OIDC via structured AuthenticationConfiguration; add reference apiserver manifest and join-node-02 helper - servers: reorganize shadow/ under servers/, add saint vhost config and utility-101 VM definition, add shadow hrajfrisbee.cz vhost and storage-23 notes - experiments: add notes and configs for e2b dev VM, kata + firecracker on kube, microsandbox, orb-stack k3s (terraform + cloud-init), rke2 - vms/docker: document tailscale + node-exporter setup - blog: stub post on Gateway API - chore: gitignore tmp/, smtp_password, and the two local-only credential caches; add per-project .claude/settings.json Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
378 lines
11 KiB
Plaintext
378 lines
11 KiB
Plaintext
server {
|
|
server_name
|
|
api.psmf.hrajfrisbee.cz
|
|
;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://192.168.122.25:5001;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/api.psmf.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/api.psmf.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
|
# return 301 https://$host$request_uri;
|
|
# } # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
client_max_body_size 15m; proxy_read_timeout 600;
|
|
server_name
|
|
api-sync.psmf.hrajfrisbee.cz
|
|
;
|
|
location / {
|
|
proxy_pass http://192.168.122.25:8003;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name
|
|
api-sync.psmf.hrajfrisbee.cz
|
|
;
|
|
location / {
|
|
proxy_pass http://192.168.122.25:8003;
|
|
}
|
|
|
|
client_max_body_size 15m;
|
|
proxy_read_timeout 600;
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/api-sync.psmf.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/api-sync.psmf.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
server_name api.evidence.cald.cz
|
|
api.evidence.czechultimate.cz
|
|
;
|
|
location / {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://192.168.122.25:8001;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/api.evidence.czechultimate.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/api.evidence.czechultimate.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
server_name evidence.cald.cz
|
|
evidence.czechultimate.cz
|
|
;
|
|
location / {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://192.168.122.25:8002;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/evidence.czechultimate.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/evidence.czechultimate.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
server_name
|
|
hrajfrisbee.cz
|
|
www.hrajfrisbee.cz;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://192.168.122.25:5002;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = beta.hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name beta.hrajfrisbee.cz;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://192.168.122.25:5003;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name
|
|
hrajfrisbee.cz
|
|
www.hrajfrisbee.cz;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://192.168.122.25:5002;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/www.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/www.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name beta.hrajfrisbee.cz;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://192.168.122.25:5003;
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
|
|
server {
|
|
|
|
server_name
|
|
gitlab.hrajfrisbee.cz
|
|
;
|
|
|
|
location / {
|
|
proxy_pass http://192.168.122.25:80;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
proxy_redirect off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_connect_timeout 90;
|
|
proxy_send_timeout 90;
|
|
proxy_read_timeout 90;
|
|
client_max_body_size 10m;
|
|
client_body_buffer_size 128k;
|
|
proxy_buffer_size 4k;
|
|
proxy_buffers 4 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
|
|
}
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/gitlab.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/gitlab.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
server_name
|
|
registry.gitlab.hrajfrisbee.cz
|
|
;
|
|
|
|
location / {
|
|
proxy_pass http://192.168.122.25:5005;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Forwarded-Ssl on;
|
|
|
|
client_max_body_size 3000M;
|
|
client_body_buffer_size 200000k;
|
|
#auth_basic "Restricted Content";
|
|
#auth_basic_user_file /etc/nginx/.htpasswd;
|
|
}
|
|
|
|
|
|
listen 443 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/registry.gitlab.hrajfrisbee.cz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/registry.gitlab.hrajfrisbee.cz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
}
|
|
|
|
|
|
server {
|
|
if ($host = hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
if ($host = www.hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name
|
|
hrajfrisbee.cz
|
|
www.hrajfrisbee.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name
|
|
hrajfrisbee.cz
|
|
www.hrajfrisbee.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
|
|
server {
|
|
if ($host = gitlab.hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
server_name
|
|
gitlab.hrajfrisbee.cz
|
|
;
|
|
|
|
listen 80;
|
|
return 404; # managed by Certbot
|
|
|
|
|
|
}
|
|
|
|
server {
|
|
if ($host = evidence.cald.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
listen 80;
|
|
server_name evidence.cald.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = evidence.czechultimate.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
listen 80;
|
|
server_name evidence.czechultimate.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = api.evidence.cald.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name api.evidence.cald.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = api.evidence.czechultimate.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name api.evidence.czechultimate.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
server {
|
|
if ($host = api.psmf.hrajfrisbee.cz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name api.psmf.hrajfrisbee.cz;
|
|
return 404; # managed by Certbot
|
|
}
|
|
|
|
|
|
#server {
|
|
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
|
# return 301 https://$host$request_uri;
|
|
# } # managed by Certbot
|
|
#
|
|
#
|
|
# listen 80;
|
|
# server_name
|
|
# api-sync.psmf.hrajfrisbee.cz
|
|
# ;
|
|
# return 404; # managed by Certbot
|
|
#}
|
|
|
|
|
|
server {
|
|
# if ($host = api-sync.psmf.hrajfrisbee.cz) {
|
|
# return 301 https://$host$request_uri;
|
|
# } # managed by Certbot
|
|
|
|
|
|
server_name
|
|
api-sync.psmf.hrajfrisbee.cz
|
|
;
|
|
|
|
listen 80;
|
|
return 404; # managed by Certbot
|
|
|
|
|
|
} |