nhcarrigan/nginx-configs
2
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: backup configs

Browse Source
This commit is contained in:
Naomi Carrigan 2025-01-28 17:52:58 -08:00
parent 5e5cce5470
commit 600cc2b8e3
Signed by: naomi
SSH Key Fingerprint: SHA256:rca1iUI2OhAM6n4FIUaFcZcicmri0jgocqKiTTAfrt8
7 changed files with 711 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -1,20 +1,10 @@
# New Repository Template
# Nginx Configs
This template contains all of our basic files for a new GitHub repository. There is also a handy workflow that will create an issue on a new repository made from this template, with a checklist for the steps we usually take in setting up a new repository.
If you're starting a Node.JS project with TypeScript, we have a [specific template](https://github.com/naomi-lgbt/nodejs-typescript-template) for that purpose.
## Readme
Delete all of the above text (including this line), and uncomment the below text to use our standard readme template.
<!-- # Project Name
Project Description
This repository holds our NGINX configs and offers a basic script for pulling the latest versions from our servers.
## Live Version
This page is currently deployed. [View the live website.]
These can't really be viewed live...
## Feedback and Bugs
@ -36,4 +26,4 @@ Copyright held by Naomi Carrigan.
## Contact
We may be contacted through our [Chat Server](http://chat.nhcarrigan.com) or via email at `contact@nhcarrigan.com`. -->
We may be contacted through our [Chat Server](http://chat.nhcarrigan.com) or via email at `contact@nhcarrigan.com`.

14
configs/fedi.conf Normal file
View File

@ -0,0 +1,14 @@
server {
listen 443 ssl;
server_name fedi.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/fedi.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fedi.nhcarrigan.com/privkey.pem;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}

14
configs/gitea.conf Normal file
View File

@ -0,0 +1,14 @@
server {
listen 443 ssl;
server_name git.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/git.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.nhcarrigan.com/privkey.pem;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}

35
configs/irc.conf Normal file
View File

@ -0,0 +1,35 @@
server {
listen 443 ssl;
server_name irc.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/irc.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/irc.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name irc-admin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/irc-admin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/irc-admin.nhcarrigan.com/privkey.pem;
root /home/naomi/unrealircd-webpanel;
index index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}

46
configs/matrix.conf Normal file
View File

@ -0,0 +1,46 @@
server {
listen 443 ssl;
listen 8448 ssl default_server;
server_name matrix.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/matrix.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix.nhcarrigan.com/privkey.pem;
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.nhcarrigan.com:443"}';
add_header Content-Type application/json;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.nhcarrigan.com"}}';
add_header Content-Type application/json;
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET";
}
location ~ ^(/_synapse/admin) {
proxy_pass http://localhost:8008;
add_header Access-Control-Allow-Origin "https://matrix-admin.nhcarrigan.com" always;
proxy_hide_header Access-Control-Allow-Origin;
}
location ~ ^(/_matrix|/_synapse/client) {
proxy_set_header Host $host:$server_port;
proxy_pass http://127.0.0.1:8008;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 443 ssl;
server_name matrix-admin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:5173;
proxy_redirect off;
}
}

586
configs/prod.conf Normal file
View File

@ -0,0 +1,586 @@
server {
listen 443 ssl;
server_name irc-private.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name naomi.party;
ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
root /home/nhcarrigan/bsky;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name forms.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/forms.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forms.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/forms;
location / {
index index.html;
}
location /appeal {
try_files /appeal.html =404;
}
location /contact {
try_files /contact.html =404;
}
location /commission {
try_files /commission.html =404;
}
location /staff {
try_files /staff.html =404;
}
location /events {
try_files /events.html =404;
}
location /session {
try_files /session.html =404;
}
location /mentorship {
try_files /mentorship.html =404;
}
}
server {
listen 443 ssl;
server_name moderation.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/moderation.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/moderation.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:12443;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name announcements.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3002;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name blog.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/blog.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3003;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name security.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/security;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name nhcarrigan.link;
ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
root /home/nhcarrigan/link-redirector;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name games.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/games;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name hooks.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:9443;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name afp.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/afp.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/afp.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:10443;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name naomi.lgbt;
ssl_certificate /etc/letsencrypt/live/naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/naomi.lgbt/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name www.naomi.lgbt;
ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name starfazers.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/starfazers.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/starfazers.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/starfazers;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name denna.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/denna.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/denna.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/denna/dist/dennagrey;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name www.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/www.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name kaitlyn.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/kaitlyn.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kaitlyn.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/kaitlyn/dist/kaitlyn-nichols;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name docs.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/docs.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/docs.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/docs/dist;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name notes.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/notes.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/notes.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/notes/dist;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name fcc.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/fcc.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fcc.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/status/fcc/dist;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name deepgram.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/deepgram.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/deepgram.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/status/deepgram/dist;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name uptime.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/uptime.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/uptime.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
}
}
server {
listen 443 ssl;
server_name incidents.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/incidents.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/incidents.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
}
}
server {
listen 443 ssl;
server_name beccalia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/beccalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beccalia.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/games/beccalia;
location / {
index index.html;
}
location /origins {
index index.html;
}
location /prologue {
index index.html;
}
}
server {
listen 443 ssl;
server_name goblin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/goblin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/goblin.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/games/goblin;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name loan.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/loan.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loan.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/games/loan;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name linkdetector.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/linkdetector.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/linkdetector.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:2443;
}
}
server {
listen 443 ssl;
server_name oogie.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/oogie.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oogie.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:3443;
}
}
server {
listen 443 ssl;
server_name ruubot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4443;
}
}
server {
listen 443 ssl;
server_name tasks.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5443;
}
}
server {
listen 443 ssl;
server_name trans.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:5000;
}
}
server {
listen 443 ssl;
server_name trans-bot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5001;
}
}
server {
listen 443 ssl;
server_name trans-slack.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/trans-slack.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/trans-slack.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5002;
}
}
server {
listen 443 ssl;
server_name naomiai.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/naomiai.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/naomiai.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6443;
}
}
server {
listen 443 ssl;
server_name analytics.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/analytics.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/analytics.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:11080;
}
location = /live/websocket {
proxy_pass http://127.0.0.1:11080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name bridge.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/bridge.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bridge.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7443;
}
}
server {
listen 443 ssl;
server_name alt.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/alt.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/alt.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8443;
}
}
server {
listen 443 ssl;
server_name anon.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/anon.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anon.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:11443;
}
}
server {
listen 443 ssl;
server_name eval.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/eval.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eval.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:12443;
}
}
server {
listen 443 ssl;
server_name lib.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/lib.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lib.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:13443;
}
}
server {
listen 443 ssl;
server_name tickets.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/tickets.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tickets.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:14443;
}
}
server {
listen 443 ssl;
server_name merlin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/merlin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/merlin.nhcarrigan.com/privkey.pem;
root /home/nhcarrigan/merlin;
location / {
index index.html;
}
}

12
push.sh Executable file
View File

@ -0,0 +1,12 @@
servers=("prod" "irc" "fedi" "matrix" "gitea")
for server in "${servers[@]}"
do
echo "Pushing $server"
server_ip=$(ssh -o IdentityAgent=~/.1password/agent.sock $server "hostname -I | cut -d' ' -f1")
echo "Server IP: $server_ip"
rsync --archive -e "ssh -o IdentityAgent=~/.1password/agent.sock" configs/$server.conf root@$server_ip:/etc/nginx/conf.d/server.conf
ssh -o IdentityAgent=~/.1password/agent.sock root@$server_ip "systemctl restart nginx"
done