nginx: default to redirect everything on port 80

3 years ago · 5ab56b0dcd
parent bada2f23a9
commit 5ab56b0dcd
9 changed files with 86 additions and 44 deletions
--- a/html/index.html
+++ b/html/index.html
@ -0,0 +1,3 @@
 <h1>hackerspace.zone</h1>
 Home page.
--- a/nginx/docker-compose.yaml
+++ b/nginx/docker-compose.yaml
@ -9,6 +9,7 @@ services:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/templates:/etc/nginx/templates
      - ./nginx/includes:/etc/nginx/includes
      - ../html:/var/www
      - ./data/certbot/www:/var/www/certbot
      - ./data/certbot/conf:/etc/letsencrypt
    env_file:
--- a/nginx/nginx/templates/000-default.conf.template
+++ b/nginx/nginx/templates/000-default.conf.template
@ -1,13 +1,13 @@
 # Redirect *all* port 80 traffic to the same thing on port 443
 server {
-	listen 80;
+	listen 80 default_server;
 	server_name ${DOMAIN_NAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 server {
-	server_name ${DOMAIN_NAME};
+	#server_name ${DOMAIN_NAME} default;
 	client_max_body_size 128m;
 	sendfile on;
@ -27,9 +27,14 @@ server {
 	chunked_transfer_encoding on;
 	location / {
 		root /var/www;
 	}
-	listen 443 ssl;
+	location /.well-known/matrix {
 		proxy_pass https://${MATRIX_HOSTNAME};
 	}
 	listen 443 ssl default_server;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
 	include /etc/nginx/includes/options-ssl-nginx.conf;
--- a/nginx/nginx/templates/chat.conf.template
+++ b/nginx/nginx/templates/chat.conf.template
@ -0,0 +1,73 @@
 map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
 }
 server {
 	server_name ${MATRIX_HOSTNAME};
 	client_max_body_size 128m;
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
 	#include /etc/nginx/mime.types;
 	#default_type application/octet-stream;
 	gzip on;
 	gzip_disable "msie6";
 	proxy_read_timeout 1800s;
 	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 	chunked_transfer_encoding on;
 	location / {
 		proxy_pass http://host.docker.internal:5000;
 		proxy_set_header Host $host;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto $scheme;
 	}
 	location ~ ^(/_matrix|/_synapse/client) {
 		# note: do not add a path (even a single /) after the port in `proxy_pass`,
 		# otherwise nginx will canonicalise the URI and cause signature verification
 		# errors.
 		proxy_pass http://host.docker.internal:5008;
 		proxy_set_header X-Forwarded-For $remote_addr;
 		proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_set_header Host $host;
 		# Nginx by default only allows file uploads up to 1M in size
 		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
 		client_max_body_size 50M;
 	}
 	# serve the static content for the well known files
 	location /.well-known/matrix/server {
 		default_type application/json;
 		return 200 '{"m.server": "${MATRIX_HOSTNAME}:443"}';
 	}
 	location /.well-known/matrix/client {
 		default_type application/json;
 		return 200 '{"m.homeserver":{"base_url": "https://${MATRIX_HOSTNAME}"}}';  
 	}
 	# The federation port is not enabled; go through 443
 	#listen 8448 ssl http2 default_server;
 	#listen [::]:8448 ssl http2 default_server;
 	# For the user connection
 	listen 443 ssl http2;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
 	include /etc/nginx/includes/options-ssl-nginx.conf;
 	include /etc/nginx/includes/challenge.conf;
 	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }
--- a/nginx/nginx/templates/cloud.conf.template
+++ b/nginx/nginx/templates/cloud.conf.template
@ -1,11 +1,3 @@
 server {
 	listen 80;
 	server_name ${NEXTCLOUD_HOSTNAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 server {
 	server_name ${NEXTCLOUD_HOSTNAME};
 	client_max_body_size 128m;
--- a/nginx/nginx/templates/dashboard.conf.template
+++ b/nginx/nginx/templates/dashboard.conf.template
@ -1,11 +1,3 @@
 server {
 	listen 80;
 	server_name ${GRAFANA_HOSTNAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
--- a/nginx/nginx/templates/docs.conf.template
+++ b/nginx/nginx/templates/docs.conf.template
@ -1,11 +1,3 @@
 server {
 	listen 80;
 	server_name ${HEDGEDOC_HOSTNAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
--- a/nginx/nginx/templates/login.conf.template
+++ b/nginx/nginx/templates/login.conf.template
@ -1,11 +1,3 @@
 server {
 	listen 80;
 	server_name login.${DOMAIN_NAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 server {
 	server_name login.${DOMAIN_NAME};
 	client_max_body_size 128m;
--- a/nginx/nginx/templates/social.conf.template
+++ b/nginx/nginx/templates/social.conf.template
@ -1,11 +1,3 @@
 server {
 	listen 80;
 	server_name social.${DOMAIN_NAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;