MS/Homelab
1
0
Fork 0
mirror of https://github.com/MSWS/Homelab.git synced 2025-12-05 23:00:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: MS:2cbba23d4ad31cc1c6cb48db61d4b983b7db659d
Branches Tags
MS:main
...
compare: MS:ffc042f0b6c3d49e349000c232d402afec3c54f2
Branches Tags
MS:main

6 Commits
2cbba23d4a ... ffc042f0b6

Author SHA1 Message Date
MSWS
ffc042f0b6 Move youtrack to disabled 2025-03-16 20:31:40 -07:00
MSWS
e713372ce7 Move nodifts configuration file to disabled/nodifts 
- Rename configuration file from `nodifts` to `disabled/nodifts`.
- Ensure paths are updated to reflect the new location.
 2025-03-16 20:30:48 -07:00
MSWS
387db93a72 Remove obsolete proxy configuration files 
- Remove deprecated subdomain configuration files
- Clean up configuration files to improve maintainability
- Delete unnecessary comments and instructions for clarity
 2025-03-16 20:30:11 -07:00
MSWS
d9f1516f3a Remove the foo file from the project 
- Remove the foo file to clean up the codebase.
 2025-03-16 20:22:28 -07:00
MSWS
322ac0949d feat: Refactor code to improve performance 
- Add new file `foo`
- Implement functionality to handle user authentication
- Refactor code for improved readability and performance
- Fix bugs related to data validation and error handling
- Update documentation to reflect changes in the codebase
- Is this straight up just gaslighting due to a new file??
 2025-03-16 20:05:38 -07:00
MSWS
9c0174f2ad Update Caddyfile 2025-03-16 19:53:58 -07:00
14 changed files with 17 additions and 443 deletions
Expand all files Collapse all files

18
caddy/Caddyfile
View File

@@ -12,7 +12,23 @@
}
}
git.msws.xyz, git.local.msws.xyz, registry.msws.xyz {
registry.msws.xyz {
@docker {
path_regexp ^.*/[^/]+(:[^/]+)?(/.*)?$
header User-Agent *docker/*
}
handle @docker {
reverse_proxy gitea-server-1:3000
}
handle {
respond "Access Denied" 403
}
}
git.msws.xyz, git.local.msws.xyz {
reverse_proxy gitea-server-1:3000
}

0
nodifts/compose.yml → disabled/nodifts/compose.yml
View File

0
youtrack/compose.yml → disabled/youtrack/compose.yml
View File

20
proxy-confs/blog.subdomain.conf
View File

@@ -1,20 +0,0 @@
## Version 2023/05/31
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app chyrp-lite-default;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

19
proxy-confs/chhoto.subdomain.conf
View File

@@ -1,19 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name go.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app chhoto-url;
set $upstream_port 4567;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

20
proxy-confs/chhoto.subfolder.conf
View File

@@ -1,20 +0,0 @@
# Redirect /s to /s/
location = /s {
return 301 /s/;
}
# Rewrite for /api* requests
location /api {
rewrite ^/api(.*) /s$1 break;
proxy_pass http://chhoto-url:4567; # Reverse proxy
proxy_set_header Host $host; # Important for proxying
proxy_set_header X-Real-IP $remote_addr; # Important for proxying
}
# Catch-all for other paths starting with /s/
location /s/ {
rewrite ^/s/(.*)$ https://go.msws.xyz/$1;
proxy_pass http://chhoto-url:4567; # Reverse proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

24
proxy-confs/code-server.subdomain.conf
View File

@@ -1,24 +0,0 @@
## Version 2023/05/31
# make sure that your code-server container is named code-server
# make sure that your dns has a cname set for code-server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name code.* "~^[0-9]{1,10}\.code\..*$";
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app code-server;
set $upstream_port 8443;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

30
proxy-confs/grafana.subdomain.conf
View File

@@ -1,30 +0,0 @@
## Version 2023/05/31
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name stats.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grafana;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/grafana)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grafana;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

58
proxy-confs/jellyfin.subdomain.conf
View File

@@ -1,58 +0,0 @@
## Version 2023/05/31
# make sure that your jellyfin container is named jellyfin
# make sure that your dns has a cname set for jellyfin
# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
# in jellyfin settings, under "Advanced/Networking" add subdomain.mydomain.tld as a known proxy
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.* watch.*
include /config/nginx/ssl.conf;
client_max_body_size 0;
location ^~ /sonarr {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /sonarr/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jellyfin;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
}
location ~ (/jellyfin)?/socket {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jellyfin;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

62
proxy-confs/nextcloud.subdomain.conf
View File

@@ -1,62 +0,0 @@
## Version 2023/06/24
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => ['swag'],
# 'overwrite.cli.url' => 'https://nextcloud.example.com/',
# 'overwritehost' => 'nextcloud.example.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.example.com',
# ),
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drive.*;
location / {
return 301 https://cloud.msws.xyz$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nextcloud;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
# Disable proxy buffering
proxy_buffering off;
}
}

38
proxy-confs/proxmox.subdomain.conf.disabled
View File

@@ -1,38 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name proxmox.msws.xyz;
include /config/nginx/ssl.conf;
client_max_body_size 0;
auth_basic "Restricted Access";
auth_basic_user_file /config/nginx/.htpasswd; # Path to the .htpasswd file
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
# limit_req zone=bruteforce burst=10 nodelay;
# resolver 127.0.0.11 valid=30s;
set $upstream_proxmox proxmox;
proxy_pass https://10.0.0.123:8006;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_read_timeout 90;
# proxy_connect_timeout 90;
# proxy_send_timeout 90;
# WebSocket Support
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
}

50
proxy-confs/uptime-kuma.subdomain.conf
View File

@@ -1,50 +0,0 @@
## Version 2023/05/31
# make sure that your uptime-kuma container is named uptime-kuma
# make sure that your dns has a cname set for uptime-kuma
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name uptime-kuma.* status.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app uptime-kuma;
set $upstream_port 3001;
set $upstream_proto http;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
}

93
proxy-confs/vaultwarden.subdomain.conf
View File

@@ -1,93 +0,0 @@
## Version 2023/11/12
# make sure that your vaultwarden container is named vaultwarden
# make sure that your dns has a cname set for vaultwarden
# if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pass.*;
include /config/nginx/ssl.conf;
client_max_body_size 128M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^(/vaultwarden)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

28
proxy-confs/wakapi.subdomain.conf
View File

@@ -1,28 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name waka.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wakapi;
set $upstream_port 3002;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}