# configuration file /etc/nginx/nginx.conf: user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; } daemon off; # configuration file /etc/nginx/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/png png; image/svg+xml svg svgz; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/webp webp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; font/woff woff; font/woff2 woff2; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msword doc; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.oasis.opendocument.graphics odg; application/vnd.oasis.opendocument.presentation odp; application/vnd.oasis.opendocument.spreadsheet ods; application/vnd.oasis.opendocument.text odt; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.wap.wmlc wmlc; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; audio/x-m4a m4a; audio/x-realaudio ra; video/3gpp 3gpp 3gp; video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-m4v m4v; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; } # configuration file /etc/nginx/conf.d/default.conf: # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the # scheme used to connect to this server map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme; } # If we receive X-Forwarded-Port, pass it through; otherwise, pass along the # server port the client connected to map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; '' $server_port; } # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any # Connection header that may have been passed to this server map $http_upgrade $proxy_connection { default upgrade; '' close; } # Apply fix for very long server names server_names_hash_bucket_size 128; # Default dhparam ssl_dhparam /etc/nginx/dhparam/dhparam.pem; # Set appropriate X-Forwarded-Ssl header map $scheme $proxy_x_forwarded_ssl { default off; https on; } gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; log_format vhost '$host $remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers off; resolver 127.0.0.11; # HTTP 1.1 support proxy_http_version 1.1; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; # Mitigate httpoxy attack (see README for details) proxy_set_header Proxy ""; server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 80; access_log /var/log/nginx/access.log vhost; return 503; } server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 443 ssl http2; access_log /var/log/nginx/access.log vhost; return 503; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; } # balaio.coolab.org upstream balaio.coolab.org { ## Can be connected with "nginx-proxy" network # balaio.coolab.org server 172.18.0.20:3000; } server { server_name balaio.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name balaio.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/balaio.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/balaio.coolab.org.key; ssl_dhparam /etc/nginx/certs/balaio.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/balaio.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://balaio.coolab.org; } } # code.coolab.org upstream code.coolab.org { ## Can be connected with "nginx-proxy" network # code.coolab.org server 172.18.0.18:8443; } server { server_name code.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name code.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/code.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/code.coolab.org.key; ssl_dhparam /etc/nginx/certs/code.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/code.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://code.coolab.org; } } # coolab.org upstream coolab.org { ## Can be connected with "nginx-proxy" network # wp_coolab-2 server 172.18.0.19:80; } server { server_name coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/coolab.org.crt; ssl_certificate_key /etc/nginx/certs/coolab.org.key; ssl_dhparam /etc/nginx/certs/coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://coolab.org; } } # funbosque.coolab.org upstream funbosque.coolab.org { ## Can be connected with "nginx-proxy" network # funbosque.coolab.org server 172.18.0.4:80; } server { server_name funbosque.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; include /etc/nginx/vhost.d/default; location / { proxy_pass http://funbosque.coolab.org; } } server { server_name funbosque.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; return 500; ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; } # icons.coolab.org upstream icons.coolab.org { ## Can be connected with "nginx-proxy" network # icons.coolab.org server 172.18.0.14:3000; } server { server_name icons.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name icons.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/icons.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/icons.coolab.org.key; ssl_dhparam /etc/nginx/certs/icons.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/icons.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://icons.coolab.org; } } # jurubeba.coolab.org upstream jurubeba.coolab.org { ## Can be connected with "nginx-proxy" network # jurubeba.coolab.org server 172.18.0.25:80; } server { server_name jurubeba.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name jurubeba.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/jurubeba.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/jurubeba.coolab.org.key; ssl_dhparam /etc/nginx/certs/jurubeba.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/jurubeba.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://jurubeba.coolab.org; } } # kolibri.coolab.org upstream kolibri.coolab.org { ## Can be connected with "nginx-proxy" network # kolibricoolaborg_kolibri_1 server 172.18.0.23:8080; } server { server_name kolibri.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name kolibri.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/kolibri.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/kolibri.coolab.org.key; ssl_dhparam /etc/nginx/certs/kolibri.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/kolibri.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://kolibri.coolab.org; } } # librerouter.coolab.org upstream librerouter.coolab.org { ## Can be connected with "nginx-proxy" network # librerouter.coolab.org server 172.18.0.7:80; } server { server_name librerouter.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name librerouter.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/librerouter.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/librerouter.coolab.org.key; ssl_dhparam /etc/nginx/certs/librerouter.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/librerouter.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://librerouter.coolab.org; } } # lora.coolab.org upstream lora.coolab.org { ## Can be connected with "nginx-proxy" network # lora.coolab.org server 172.18.0.33:80; } server { server_name lora.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name lora.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/lora.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/lora.coolab.org.key; ssl_dhparam /etc/nginx/certs/lora.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/lora.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://lora.coolab.org; } } # md.coolab.org upstream md.coolab.org { ## Can be connected with "nginx-proxy" network # mdcoolaborg_app_1 server 172.18.0.16:3000; } server { server_name md.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name md.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/md.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/md.coolab.org.key; ssl_dhparam /etc/nginx/certs/md.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/md.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://md.coolab.org; } } # mdinterno.coolab.org upstream mdinterno.coolab.org { ## Can be connected with "nginx-proxy" network # mdinternocoolaborg_app_1 server 172.18.0.15:3000; } server { server_name mdinterno.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name mdinterno.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/mdinterno.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/mdinterno.coolab.org.key; ssl_dhparam /etc/nginx/certs/mdinterno.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/mdinterno.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://mdinterno.coolab.org; } } # meshtastic.coolab.org upstream meshtastic.coolab.org { ## Can be connected with "nginx-proxy" network # meshtastic.coolab.org server 172.18.0.27:80; } server { server_name meshtastic.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name meshtastic.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/meshtastic.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/meshtastic.coolab.org.key; ssl_dhparam /etc/nginx/certs/meshtastic.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/meshtastic.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://meshtastic.coolab.org; } } # moinho.app upstream moinho.app { ## Can be connected with "nginx-proxy" network # moinho.app server 172.18.0.8:80; } server { server_name moinho.app; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name moinho.app; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/moinho.app.crt; ssl_certificate_key /etc/nginx/certs/moinho.app.key; ssl_dhparam /etc/nginx/certs/moinho.app.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/moinho.app.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://moinho.app; } } # next.coolab.org upstream next.coolab.org { ## Can be connected with "nginx-proxy" network # next.coolab.org server 172.18.0.17:80; } server { server_name next.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name next.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/next.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/next.coolab.org.key; ssl_dhparam /etc/nginx/certs/next.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/next.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://next.coolab.org; } } # nhandeflix.coolab.org upstream nhandeflix.coolab.org { ## Can be connected with "nginx-proxy" network # nhandeflix.coolab.org server 172.18.0.29:8096; } server { server_name nhandeflix.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name nhandeflix.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/nhandeflix.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/nhandeflix.coolab.org.key; ssl_dhparam /etc/nginx/certs/nhandeflix.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/nhandeflix.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://nhandeflix.coolab.org; } } # pirania.coolab.org upstream pirania.coolab.org { ## Can be connected with "nginx-proxy" network # pirania.coolab.org server 172.18.0.10:80; } server { server_name pirania.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name pirania.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/pirania.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/pirania.coolab.org.key; ssl_dhparam /etc/nginx/certs/pirania.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/pirania.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://pirania.coolab.org; } } # portal-comunitario.coolab.org upstream portal-comunitario.coolab.org { ## Can be connected with "nginx-proxy" network # portal-comunitario.coolab.org server 172.18.0.13:80; } server { server_name portal-comunitario.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name portal-comunitario.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/portal-comunitario.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/portal-comunitario.coolab.org.key; ssl_dhparam /etc/nginx/certs/portal-comunitario.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/portal-comunitario.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://portal-comunitario.coolab.org; } } # portal.coolab.org upstream portal.coolab.org { ## Can be connected with "nginx-proxy" network # portal.coolab.org server 172.18.0.3:3000; } server { server_name portal.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name portal.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/portal.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/portal.coolab.org.key; ssl_dhparam /etc/nginx/certs/portal.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/portal.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://portal.coolab.org; } } # quadro.coolab.org upstream quadro.coolab.org { ## Can be connected with "nginx-proxy" network # quadrocoolaborg_whitebophir_1 server 172.18.0.22:8080; } server { server_name quadro.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name quadro.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/quadro.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/quadro.coolab.org.key; ssl_dhparam /etc/nginx/certs/quadro.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/quadro.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://quadro.coolab.org; } } # rede.coolab.org upstream rede.coolab.org { ## Can be connected with "nginx-proxy" network # rede.coolab.org server 172.18.0.24:80; } server { server_name rede.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name rede.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/rede.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/rede.coolab.org.key; ssl_dhparam /etc/nginx/certs/rede.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/rede.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://rede.coolab.org; } } # room.coolab.org upstream room.coolab.org { ## Can be connected with "nginx-proxy" network # go-ssb-room_room_1 server 172.18.0.5:3000; } server { server_name room.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name room.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/room.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/room.coolab.org.key; ssl_dhparam /etc/nginx/certs/room.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/room.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://room.coolab.org; } } # solar.coolab.org upstream solar.coolab.org { ## Can be connected with "nginx-proxy" network # solar.coolab.org server 172.18.0.28:80; } server { server_name solar.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name solar.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/solar.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/solar.coolab.org.key; ssl_dhparam /etc/nginx/certs/solar.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/solar.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://solar.coolab.org; } } # whoami.coolab.org upstream whoami.coolab.org { ## Can be connected with "nginx-proxy" network # coolab-server_whoami_1 server 172.18.0.30:8000; } server { server_name whoami.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; include /etc/nginx/vhost.d/default; location / { proxy_pass http://whoami.coolab.org; } } server { server_name whoami.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; return 500; ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; } # wiki.coolab.org upstream wiki.coolab.org { ## Can be connected with "nginx-proxy" network # wikicoolaborg_mediawiki_1 server 172.18.0.21:80; } server { server_name wiki.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name wiki.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/wiki.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/wiki.coolab.org.key; ssl_dhparam /etc/nginx/certs/wiki.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/wiki.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://wiki.coolab.org; } } # www.coolab.org upstream www.coolab.org { ## Can be connected with "nginx-proxy" network # wp_coolab-2 server 172.18.0.19:80; } server { server_name www.coolab.org; listen 80 ; access_log /var/log/nginx/access.log vhost; # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } location / { return 301 https://$host$request_uri; } } server { server_name www.coolab.org; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/www.coolab.org.crt; ssl_certificate_key /etc/nginx/certs/www.coolab.org.key; ssl_dhparam /etc/nginx/certs/www.coolab.org.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/www.coolab.org.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://www.coolab.org; } } # configuration file /etc/nginx/vhost.d/default: ## Start of configuration add by letsencrypt container location ^~ /.well-known/acme-challenge/ { auth_basic off; auth_request off; allow all; root /usr/share/nginx/html; try_files $uri =404; break; } ## End of configuration add by letsencrypt container # configuration file /etc/nginx/conf.d/max_body.conf: client_max_body_size 2048M;