From 1babc4f57b6dc03e41533bb14cfe79a551e199c9 Mon Sep 17 00:00:00 2001 From: Bensuperpc Date: Sat, 25 Nov 2023 10:03:44 +0100 Subject: [PATCH] Update with Caddy Signed-off-by: Bensuperpc --- Makefile | 2 +- README.md | 11 +- caddy/Caddyfile | 2 - caddy/wordpress/Caddyfile | 24 +-- docker-compose.yml | 29 ++-- env/flask_database.env | 4 - env/flask_website.env | 7 - env/pgadmin.env | 3 - env/phpmyadmin.env | 4 - env/wordpress.env | 4 +- env/wp_database.env | 4 - old_enginx/docker-compose.certbot.yml | 32 ---- old_enginx/docker-compose.divers.yml | 46 ----- old_enginx/docker-compose.network.yml | 6 - old_enginx/docker-compose.nginx.yml | 32 ---- old_enginx/docker-compose.volume.yml | 15 -- old_enginx/docker-compose.wordpress.yml | 62 ------- old_enginx/nginx/conf.d-cert/jellyfin.conf | 29 ---- old_enginx/nginx/conf.d-cert/wordpress.conf | 50 ------ old_enginx/nginx/conf.d/jellyfin.conf | 141 --------------- old_enginx/nginx/conf.d/minecraft.conf | 12 -- old_enginx/nginx/conf.d/phpmyadmin.conf | 28 --- old_enginx/nginx/conf.d/qbittorrent.conf | 26 --- .../nginx/conf.d/sub/cache-fastcgi.conf | 23 --- old_enginx/nginx/conf.d/sub/cache-proxy.conf | 20 --- old_enginx/nginx/conf.d/sub/cache-uwsgi.conf | 20 --- old_enginx/nginx/conf.d/sub/gzip.conf | 13 -- .../nginx/conf.d/sub/options-ssl-nginx.conf | 13 -- old_enginx/nginx/conf.d/wordpress.conf | 161 ------------------ old_enginx/nginx/nginx.conf | 32 ---- php.ini | 2 +- 31 files changed, 34 insertions(+), 823 deletions(-) delete mode 100644 env/flask_database.env delete mode 100644 env/flask_website.env delete mode 100644 env/pgadmin.env delete mode 100644 env/phpmyadmin.env delete mode 100644 env/wp_database.env delete mode 100644 old_enginx/docker-compose.certbot.yml delete mode 100644 old_enginx/docker-compose.divers.yml delete mode 100644 old_enginx/docker-compose.network.yml delete mode 100644 old_enginx/docker-compose.nginx.yml delete mode 100644 old_enginx/docker-compose.volume.yml delete mode 100644 old_enginx/docker-compose.wordpress.yml delete mode 100644 old_enginx/nginx/conf.d-cert/jellyfin.conf delete mode 100644 old_enginx/nginx/conf.d-cert/wordpress.conf delete mode 100644 old_enginx/nginx/conf.d/jellyfin.conf delete mode 100644 old_enginx/nginx/conf.d/minecraft.conf delete mode 100644 old_enginx/nginx/conf.d/phpmyadmin.conf delete mode 100644 old_enginx/nginx/conf.d/qbittorrent.conf delete mode 100644 old_enginx/nginx/conf.d/sub/cache-fastcgi.conf delete mode 100644 old_enginx/nginx/conf.d/sub/cache-proxy.conf delete mode 100644 old_enginx/nginx/conf.d/sub/cache-uwsgi.conf delete mode 100644 old_enginx/nginx/conf.d/sub/gzip.conf delete mode 100644 old_enginx/nginx/conf.d/sub/options-ssl-nginx.conf delete mode 100644 old_enginx/nginx/conf.d/wordpress.conf delete mode 100644 old_enginx/nginx/nginx.conf diff --git a/Makefile b/Makefile index 3ea0371..84ec06e 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ DOCKER := docker -PROFILES := webserver database wordpress +PROFILES := webserver database wordpress adminer PROFILE_CMD := $(addprefix --profile ,$(PROFILES)) diff --git a/README.md b/README.md index c65d294..9785cfc 100644 --- a/README.md +++ b/README.md @@ -63,12 +63,15 @@ And then, caddy will generate the certificate for you and renew it automatically ### Configure the infrastructure -You must create a file named `.env` with the following content: +You must create a folder named `env` with the following content: + +file named `.env` with the following content: ```sh -MARIADB_ROOT_PASSWORD= -MARIADB_USER= -MARIADB_PASSWORD= +MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ +MARIADB_USER=bensuperpc +MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw +MARIADB_DATABASE=wordpress ``` ### Wordpress website diff --git a/caddy/Caddyfile b/caddy/Caddyfile index cc92b72..64ed8a2 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -1,3 +1 @@ -#import /path/to/*.caddy - import wordpress/Caddyfile diff --git a/caddy/wordpress/Caddyfile b/caddy/wordpress/Caddyfile index 889a1b1..f2ce16b 100644 --- a/caddy/wordpress/Caddyfile +++ b/caddy/wordpress/Caddyfile @@ -1,4 +1,4 @@ -bensuperpc.org { +www.bensuperpc.org { # push root * /var/www/html @@ -14,27 +14,21 @@ bensuperpc.org { path *.sql path /wp-content/uploads/*.php } + rewrite @disallowed '/index.php' respond /uploads/*.php 404 - - header { - -Server - Content-Security-Policy default-src 'self' *.bensuperpc.org - X-XSS-Protection 1; mode=block - Strict-Transport-Security max-age=31536000; includeSubDomains; preload - X-Frame-Options DENY - X-Frame-Options: SAMEORIGIN - X-Content-Type-Options nosniff - Referrer-Policy no-referrer-when-downgrade - } - + log { output stdout format console } } -www.bensuperpc.com { - redir https://bensuperpc.org{uri} +bensuperpc.org { + redir https://www.bensuperpc.org{uri} permanent +} + +adminer.bensuperpc.org { + reverse_proxy adminer:7777 } diff --git a/docker-compose.yml b/docker-compose.yml index a309b5a..c19600c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: wordpress: depends_on: - database - image: wordpress:6.2-fpm-alpine + image: wordpress:fpm container_name: wordpress profiles: - wordpress @@ -38,6 +38,7 @@ services: container_name: webserver profiles: - webserver + restart: always ports: - 80:80/tcp - 80:80/udp @@ -50,20 +51,18 @@ services: - ./caddy:/etc/caddy:ro networks: - blog-network -# phpmyadmin: -# image: phpmyadmin:5.2.0 -# container_name: phpmyadmin -# profiles: -# - phpmyadmin -# restart: always -# env_file: -# - env/phpmyadmin.env -# ports: -# - 8080:80 -# depends_on: -# - database -# networks: -# - blog-network + adminer: + image: adminer:latest + container_name: adminer + profiles: + - adminer + restart: always + env_file: + - env/adminer.env + depends_on: + - database + networks: + - blog-network # security_opt: # - no-new-privileges:true # - seccomp:unconfined diff --git a/env/flask_database.env b/env/flask_database.env deleted file mode 100644 index cd3fc23..0000000 --- a/env/flask_database.env +++ /dev/null @@ -1,4 +0,0 @@ -POSTGRES_HOST_AUTH_METHOD=trust -POSTGRES_USER=bensuperpc -POSTGRES_PASSWORD=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex -POSTGRES_DB=website \ No newline at end of file diff --git a/env/flask_website.env b/env/flask_website.env deleted file mode 100644 index e46bb3a..0000000 --- a/env/flask_website.env +++ /dev/null @@ -1,7 +0,0 @@ -FLASK_DEBUG=1 - -# Acces to the database -POSTGRES_URL=flask_db:5432 -POSTGRES_USER=bensuperpc -POSTGRES_PW=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex -POSTGRES_DB=website diff --git a/env/pgadmin.env b/env/pgadmin.env deleted file mode 100644 index 0efd111..0000000 --- a/env/pgadmin.env +++ /dev/null @@ -1,3 +0,0 @@ -PGADMIN_DEFAULT_EMAIL=bensuperpc@bensuperpc.org -PGADMIN_DEFAULT_PASSWORD=LmRVf9DY291ez7B^^%2RntHcsCrJ5fQ! -#PGADMIN_ENABLE_TLS diff --git a/env/phpmyadmin.env b/env/phpmyadmin.env deleted file mode 100644 index 28c1837..0000000 --- a/env/phpmyadmin.env +++ /dev/null @@ -1,4 +0,0 @@ -MYSQL_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd -MYSQL_USER=bensuperpc -MYSQL_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt -PMA_HOST=db diff --git a/env/wordpress.env b/env/wordpress.env index 13d584a..1c22756 100644 --- a/env/wordpress.env +++ b/env/wordpress.env @@ -1,4 +1,4 @@ WORDPRESS_DB_USER=bensuperpc -WORDPRESS_DB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt +WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw WORDPRESS_DB_NAME=wordpress -WORDPRESS_DB_HOST=wp_db:3306 +WORDPRESS_DB_HOST=database:3306 diff --git a/env/wp_database.env b/env/wp_database.env deleted file mode 100644 index 5609865..0000000 --- a/env/wp_database.env +++ /dev/null @@ -1,4 +0,0 @@ -MARIADB_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd -MARIADB_USER=bensuperpc -MARIADB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt -MARIADB_DATABASE=wordpress diff --git a/old_enginx/docker-compose.certbot.yml b/old_enginx/docker-compose.certbot.yml deleted file mode 100644 index 7facd82..0000000 --- a/old_enginx/docker-compose.certbot.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: "3.9" - -services: - certbot: - depends_on: - - webserver - image: certbot/certbot:v1.32.0 - container_name: certbot - profiles: - - certbot - volumes: - - certbot-cert:/etc/letsencrypt - - wordpress:/var/www/wordpress - - jellyfin:/var/www/jellyfin - #command: > - # certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot - # --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org - # --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org - - #command: > - # certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot - # --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org - # --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org - - command: > - certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot - --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org - --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org - -volumes: - certbot-cert: - name: certbot-cert \ No newline at end of file diff --git a/old_enginx/docker-compose.divers.yml b/old_enginx/docker-compose.divers.yml deleted file mode 100644 index f8a99d0..0000000 --- a/old_enginx/docker-compose.divers.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: "3.9" - -services: - qbittorrent: - image: lscr.io/linuxserver/qbittorrent:latest - container_name: qbittorrent - profiles: - - qbittorrent - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - WEBUI_PORT=8080 - volumes: - - qbittorrent-conf:/config - - qbittorrent-downloads:/downloads - #ports: - # - 8080:8080 - # - 6881:6881 - # - 6881:6881/udp - restart: unless-stopped - networks: - - app-network - jellyfin: - image: lscr.io/linuxserver/jellyfin:latest - container_name: jellyfin - profiles: - - jellyfin - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional - volumes: - - jellyfin-config:/config - - jellyfin-tvseries:/data/tvshows - - jellyfin-movies:/data/movies - - jellyfin:/var/www/html - #ports: - # - 8096:8096 - # - 8920:8920 #optional - # - 7359:7359/udp #optional - # - 1900:1900/udp #optional - restart: unless-stopped - networks: - - app-network diff --git a/old_enginx/docker-compose.network.yml b/old_enginx/docker-compose.network.yml deleted file mode 100644 index 1a63bc0..0000000 --- a/old_enginx/docker-compose.network.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: "3.9" - -networks: - app-network: - driver: bridge - name: app-network \ No newline at end of file diff --git a/old_enginx/docker-compose.nginx.yml b/old_enginx/docker-compose.nginx.yml deleted file mode 100644 index ad03a3d..0000000 --- a/old_enginx/docker-compose.nginx.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: "3.9" - -services: - webserver: - depends_on: - - wordpress - image: nginx:1.23 - container_name: webserver - profiles: - - webserver - restart: unless-stopped - ports: - - "80:80" - - "443:443" - volumes: - - wordpress:/var/www/wordpress - - jellyfin:/var/www/jellyfin - - ./nginx/conf.d:/etc/nginx/conf.d:ro - - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - certbot-cert:/etc/letsencrypt:ro - networks: - - app-network - security_opt: - - "no-new-privileges:true" - cap_drop: - - "ALL" - cap_add: - - "NET_RAW" - - "NET_BIND_SERVICE" - - "CAP_CHOWN" - - "SETGID" - - "SETUID" \ No newline at end of file diff --git a/old_enginx/docker-compose.volume.yml b/old_enginx/docker-compose.volume.yml deleted file mode 100644 index 5ece233..0000000 --- a/old_enginx/docker-compose.volume.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: "3.9" - -volumes: - qbittorrent-downloads: - name: qbittorrent-downloads - qbittorrent-conf: - name: qbittorrent-conf - jellyfin-config: - name: jellyfin-config - jellyfin-tvseries: - name: jellyfin-tvseries - jellyfin-movies: - name: jellyfin-movies - jellyfin: - name: jellyfin diff --git a/old_enginx/docker-compose.wordpress.yml b/old_enginx/docker-compose.wordpress.yml deleted file mode 100644 index 9e48996..0000000 --- a/old_enginx/docker-compose.wordpress.yml +++ /dev/null @@ -1,62 +0,0 @@ -version: "3.9" - -services: - wp_db: - image: mariadb:10.10.2 - container_name: wp_db - profiles: - - wp_db - restart: unless-stopped - env_file: - - env/wp_database.env - volumes: - - dbdata:/var/lib/mysql - networks: - - app-network - - wordpress: - depends_on: - - wp_db - image: wordpress:6.1.1-php8.1-fpm - container_name: wordpress - profiles: - - wordpress - restart: unless-stopped - env_file: - - env/wordpress.env -# environment: -# - WORDPRESS_DB_HOST=wp_db:3306 - volumes: - - wordpress:/var/www/html - networks: - - app-network - security_opt: - - "no-new-privileges:true" - cap_drop: - - "ALL" - cap_add: - - "NET_RAW" - - "CAP_CHOWN" - - "SETGID" - - "SETUID" - - phpmyadmin: - image: phpmyadmin:5.2.0 - container_name: phpmyadmin - profiles: - - phpmyadmin - restart: unless-stopped - env_file: - - env/phpmyadmin.env -# ports: -# - 8080:80 - depends_on: - - wp_db - networks: - - app-network - -volumes: - wordpress: - name: wordpress - dbdata: - name: dbdata \ No newline at end of file diff --git a/old_enginx/nginx/conf.d-cert/jellyfin.conf b/old_enginx/nginx/conf.d-cert/jellyfin.conf deleted file mode 100644 index 847fb44..0000000 --- a/old_enginx/nginx/conf.d-cert/jellyfin.conf +++ /dev/null @@ -1,29 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; - - root /var/www/jellyfin; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/jellyfin; - } - - location / { - # Proxy main Jellyfin traffic - proxy_pass http://jellyfin:8096; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - # Disable buffering when the nginx proxy gets very resource heavy upon streaming - proxy_buffering off; - } - - resolver 8.8.8.8; -} \ No newline at end of file diff --git a/old_enginx/nginx/conf.d-cert/wordpress.conf b/old_enginx/nginx/conf.d-cert/wordpress.conf deleted file mode 100644 index 47b9d3c..0000000 --- a/old_enginx/nginx/conf.d-cert/wordpress.conf +++ /dev/null @@ -1,50 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name bensuperpc.org www.bensuperpc.org; - - index index.php index.html index.htm; - - root /var/www/wordpress; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/wordpress; - } - - location / { - try_files $uri $uri/ /index.php$is_args$args; - } - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass wordpress:9000; - fastcgi_index index.php; - include fastcgi_params; - - # Necessary to avoid 404 error when changing the wordpress path - #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; - - fastcgi_param PATH_INFO $fastcgi_path_info; - } - - location ~ /\.ht { - deny all; - } - - location = /favicon.ico { - log_not_found off; access_log off; - } - location = /robots.txt { - log_not_found off; access_log off; allow all; - } - location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { - expires max; - log_not_found off; - } - - resolver 8.8.8.8; -} \ No newline at end of file diff --git a/old_enginx/nginx/conf.d/jellyfin.conf b/old_enginx/nginx/conf.d/jellyfin.conf deleted file mode 100644 index f839ffb..0000000 --- a/old_enginx/nginx/conf.d/jellyfin.conf +++ /dev/null @@ -1,141 +0,0 @@ -proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=3g inactive=30d use_temp_path=off; -proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=3g; -map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } -map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } - -upstream jellyfin_server { - # ip_hash; - server jellyfin:8096; - # server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s; -} - -# Redirect all http requests to the main server wordpress_server -server { - listen 80; - listen [::]:80; - - server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/jellyfin; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; - - #client_max_body_size 20M; - set $jellyfin jellyfin; - resolver 8.8.8.8 valid=30; - - # All things related to SSL - ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem; - #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - #add_header Strict-Transport-Security "max-age=31536000" always; - - include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; - - # Security / XSS Mitigation Headers - # NOTE: X-Frame-Options may cause issues with the webOS app - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; - - location = / { - return 302 http://$host/web/; - #return 302 https://$host/web/; - } - - location / { - # Proxy main Jellyfin traffic - proxy_pass http://jellyfin_server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - # Disable buffering when the nginx proxy gets very resource heavy upon streaming - proxy_buffering off; - } - - location = /web/ { - # Proxy main Jellyfin traffic - proxy_pass http://jellyfin_server/web/index.html; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - } - - location /socket { - # Proxy Jellyfin Websockets traffic - proxy_pass http://jellyfin_server; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - } - - # Cache images - location ~ /Items/(.*)/Images { - #proxy_pass http://127.0.0.1:8096; - proxy_pass http://jellyfin_server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_cache jellyfin; - proxy_cache_revalidate on; - proxy_cache_lock on; - add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working - } - - # Cache videos - location ~* ^/Videos/(.*)/(?!live) - { - slice 2m; - - proxy_cache jellyfin-videos; - proxy_cache_valid 200 206 301 302 30d; - proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; - proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; - proxy_connect_timeout 15s; - proxy_http_version 1.1; - proxy_set_header Connection ""; - # Transmit slice range to the backend - proxy_set_header Range $slice_range; - - proxy_cache_lock on; - proxy_cache_lock_age 60s; - - #proxy_pass http://$jellyfin:8096; - proxy_pass http://jellyfin_server; - proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=$slice_range"; - - add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache - } -} - -# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/ diff --git a/old_enginx/nginx/conf.d/minecraft.conf b/old_enginx/nginx/conf.d/minecraft.conf deleted file mode 100644 index 4293540..0000000 --- a/old_enginx/nginx/conf.d/minecraft.conf +++ /dev/null @@ -1,12 +0,0 @@ -#upstream minecraft { -# server minecraft:25565; -#} -# -#server { -# listen 25566; -# server_name minecraft.bensuperpc.org www.minecraft.bensuperpc.org; -# location / { -# proxy_pass minecraft; -# } -#} - diff --git a/old_enginx/nginx/conf.d/phpmyadmin.conf b/old_enginx/nginx/conf.d/phpmyadmin.conf deleted file mode 100644 index 3023a48..0000000 --- a/old_enginx/nginx/conf.d/phpmyadmin.conf +++ /dev/null @@ -1,28 +0,0 @@ -#include /etc/nginx/conf.d/sub/cache-proxy.conf; - -upstream phpmyadmin_server { - # ip_hash; - server phpmyadmin:80; - # server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s; -} - -# PHPmyadmin -server { - listen 80; - listen [::]:80; - #listen 443; - #listen [::]:443; - - server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org; - - include /etc/nginx/conf.d/sub/gzip.conf; - - location / { - proxy_pass http://phpmyadmin_server; - proxy_redirect off; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-For $remote_addr; - } - - # resolver 8.8.8.8; -} diff --git a/old_enginx/nginx/conf.d/qbittorrent.conf b/old_enginx/nginx/conf.d/qbittorrent.conf deleted file mode 100644 index 3419cd9..0000000 --- a/old_enginx/nginx/conf.d/qbittorrent.conf +++ /dev/null @@ -1,26 +0,0 @@ -upstream qbittorrent_server { - # ip_hash; - server qbittorrent:8080; - # server qbittorrent:8080 weight=1 max_fails=3 fail_timeout=30s; -} - -# PHPmyadmin -server { - listen 80; - listen [::]:80; - #listen 443; - #listen [::]:443; - - server_name qbittorrent.bensuperpc.org www.qbittorrent.bensuperpc.org; - - include /etc/nginx/conf.d/sub/gzip.conf; - - location / { - proxy_pass http://qbittorrent_server; - proxy_redirect off; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-For $remote_addr; - } - - # resolver 8.8.8.8; -} diff --git a/old_enginx/nginx/conf.d/sub/cache-fastcgi.conf b/old_enginx/nginx/conf.d/sub/cache-fastcgi.conf deleted file mode 100644 index 70445af..0000000 --- a/old_enginx/nginx/conf.d/sub/cache-fastcgi.conf +++ /dev/null @@ -1,23 +0,0 @@ -# The path to store the cache files, limit the folder to 100MB -fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off; - -# A unique request is defined by this cache key -fastcgi_cache_key "$scheme$request_method$host$request_uri"; - -# Show the cached version if upstream gives a timeout or a HTTP 500 error -fastcgi_cache_use_stale error timeout invalid_header http_500; - -# Revalidate items in the cache if they are update -fastcgi_cache_revalidate on; - -# Minimum time to store an item in the cache -fastcgi_cache_min_uses 3; - -# Cache everything for 1 day -fastcgi_cache_valid 1d; - -# Don't use the following headers to define the cache variables -fastcgi_ignore_headers Cache-Control Expires Set-Cookie; - -# Some parts of this file are from -# https://gist.github.com/TrafeX/6d582b6d040702088722 diff --git a/old_enginx/nginx/conf.d/sub/cache-proxy.conf b/old_enginx/nginx/conf.d/sub/cache-proxy.conf deleted file mode 100644 index 955db5b..0000000 --- a/old_enginx/nginx/conf.d/sub/cache-proxy.conf +++ /dev/null @@ -1,20 +0,0 @@ -# The path to store the cache files, limit the folder to 100MB -proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off; - -# A unique request is defined by this cache key -proxy_cache_key "$scheme$request_method$host$request_uri"; - -# Show the cached version if upstream gives a timeout or a HTTP 500 error -proxy_cache_use_stale error timeout invalid_header http_500; - -# Revalidate items in the cache if they are update -proxy_cache_revalidate on; - -# Minimum time to store an item in the cache -proxy_cache_min_uses 3; - -# Cache everything for 1 day -proxy_cache_valid 1d; - -# Don't use the following headers to define the cache variables -proxy_ignore_headers Cache-Control Expires Set-Cookie; diff --git a/old_enginx/nginx/conf.d/sub/cache-uwsgi.conf b/old_enginx/nginx/conf.d/sub/cache-uwsgi.conf deleted file mode 100644 index 8a48e67..0000000 --- a/old_enginx/nginx/conf.d/sub/cache-uwsgi.conf +++ /dev/null @@ -1,20 +0,0 @@ -# The path to store the cache files, limit the folder to 100MB -uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off; - -# A unique request is defined by this cache key -uwsgi_cache_key "$scheme$request_method$host$request_uri"; - -# Show the cached version if upstream gives a timeout or a HTTP 500 error -uwsgi_cache_use_stale error timeout invalid_header http_500; - -# Revalidate items in the cache if they are update -uwsgi_cache_revalidate on; - -# Minimum time to store an item in the cache -uwsgi_cache_min_uses 3; - -# Cache everything for 1 day -uwsgi_cache_valid 1d; - -# Don't use the following headers to define the cache variables -uwsgi_ignore_headers Cache-Control Expires Set-Cookie; diff --git a/old_enginx/nginx/conf.d/sub/gzip.conf b/old_enginx/nginx/conf.d/sub/gzip.conf deleted file mode 100644 index 6310f04..0000000 --- a/old_enginx/nginx/conf.d/sub/gzip.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Compression config -gzip on; -gunzip on; - -gzip_static on; -gzip_min_length 1000; -gzip_buffers 4 32k; -# gzip_http_version 1.1; -gzip_proxied any; -gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; -gzip_vary on; -gzip_comp_level 6; -gzip_disable "MSIE [1-6]\.(?!.*SV1)"; \ No newline at end of file diff --git a/old_enginx/nginx/conf.d/sub/options-ssl-nginx.conf b/old_enginx/nginx/conf.d/sub/options-ssl-nginx.conf deleted file mode 100644 index 4e16516..0000000 --- a/old_enginx/nginx/conf.d/sub/options-ssl-nginx.conf +++ /dev/null @@ -1,13 +0,0 @@ -# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6 - -ssl_session_cache shared:le_nginx_SSL:10m; -ssl_session_timeout 1440m; -ssl_session_tickets off; - -ssl_protocols TLSv1.3; -ssl_prefer_server_ciphers off; - -# OCSP stapling -ssl_stapling on; -ssl_stapling_verify on; diff --git a/old_enginx/nginx/conf.d/wordpress.conf b/old_enginx/nginx/conf.d/wordpress.conf deleted file mode 100644 index 36e196a..0000000 --- a/old_enginx/nginx/conf.d/wordpress.conf +++ /dev/null @@ -1,161 +0,0 @@ -include /etc/nginx/conf.d/sub/cache-fastcgi.conf; - -# All upstream serveur -upstream wordpress_server { - # ip_hash; - server wordpress:9000; - # server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s; -} - -# Redirect all http requests to the main server wordpress_server -server { - listen 80; - listen [::]:80; - - server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/wordpress; - } - - location / { - return 301 https://$host$request_uri; - } -} - -# Main server wordpress_server -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org; - - root /var/www/wordpress; - index index.php index.html index.htm; - - # Keepalive for 70 seconds - keepalive_timeout 70; - - # Number of requests per connection - keepalive_requests 100; - - reset_timedout_connection on; - - # Increase proxy buffers for large requests - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - - fastcgi_buffer_size 128k; - fastcgi_buffers 256 16k; - fastcgi_busy_buffers_size 256k; - fastcgi_temp_file_write_size 256k; - - # Upload limit - client_max_body_size 50m; - client_body_buffer_size 128k; - - # Initialize the variable that specified to skip the cache - set $skip_cache 0; - - # POST requests and url's with a query string should always skip cache - if ($request_method = POST) { - set $skip_cache 1; - } - if ($query_string != "") { - set $skip_cache 1; - } - - # Don't cache url's containing the following segments - if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { - set $skip_cache 1; - } - - # Don't use the cache for logged in users or recent commenters - if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { - set $skip_cache 1; - } - - server_tokens off; - - include /etc/nginx/conf.d/sub/gzip.conf; - - # All things related to SSL - ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem; - - include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; - - # Logging - access_log /var/log/nginx/wordpress.access.log; - error_log /var/log/nginx/wordpress.error.log; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - - location / { - try_files $uri $uri/ /index.php$is_args$args; - # try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass wordpress_server; - fastcgi_index index.php; - include fastcgi_params; - - # Necessary to avoid 404 error when changing the wordpress path - #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; - - fastcgi_param PATH_INFO $fastcgi_path_info; - - fastcgi_intercept_errors on; - - # Don't cache when $skip_cache is true - fastcgi_cache_bypass $skip_cache; - fastcgi_no_cache $skip_cache; - - # Use the WORDPRESS zone - fastcgi_cache WORDPRESS; - } - - # Don't write to accesslog for these files - location = /favicon.ico { - log_not_found off; - access_log off; - } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Media files with one of these extensions should be cached by the browser - location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { - expires max; - log_not_found off; - } - - # Deny access to .* files - location ~ /\. { - deny all; - access_log off; - log_not_found off; - } - - # Add cache status header for easy debugging - add_header X-cache $upstream_cache_status; - - # From cat /etc/resolv.conf - resolver 8.8.8.8; - - # Some parts of this file are from - # https://gist.github.com/TrafeX/6d582b6d040702088722 -} diff --git a/old_enginx/nginx/nginx.conf b/old_enginx/nginx/nginx.conf deleted file mode 100644 index 2703483..0000000 --- a/old_enginx/nginx/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/php.ini b/php.ini index 2d4f176..02fa3b8 100644 --- a/php.ini +++ b/php.ini @@ -1,3 +1,3 @@ -memory_limit = 512M +memory_limit = 1024M upload_max_filesize = 128M post_max_size = 128M