Refactor

- Remove cgit files; pull cgit image from Docker Hub instead of building locally - Tidy up file hierarchy - Minor fixes and edits
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-12 21:24:22 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-13 01:57:39 +0100
commit: 3561b6d86c329272b1825adaf3ca49c9aff76119 (patch)
tree: fb8bd4148a7ddca115878b96326a6d6c96c6776f /services/nginx/etc
parent: 6c22a6e48e8ff49a69434eca7a7b78158576cb7b (diff)
download: net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.tar.gz
net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.zip
3 files changed, 81 insertions, 0 deletions
diff --git a/services/nginx/etc/nginx/templates/default.conf.template b/services/nginx/etc/nginx/templates/default.conf.template
new file mode 100644
index 0000000..306a074
--- /dev/null
+++ b/services/nginx/etc/nginx/templates/default.conf.template
@@ -0,0 +1,45 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name ${NGINX__HOST}
+                www.${NGINX__HOST}
+                dav.${NGINX__HOST}
+                git.${NGINX__HOST};
+
+    # Prevent nginx HTTP Server Detection
+    server_tokens off;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ${NGINX__HOST} www.${NGINX__HOST};
+
+    ssl_certificate     /run/secrets/server.crt;
+    ssl_certificate_key /run/secrets/server.key;
+
+    location / {
+        root /srv;
+    }
+}
+
+server {
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    server_name _;
+
+    ssl_certificate     /run/secrets/server.crt;
+    ssl_certificate_key /run/secrets/server.key;
+
+    return 444;
+}
+
+# Docker embedded DNS server
+resolver 127.0.0.11 valid=2s;
+
+include /etc/nginx/conf.d/services/*.conf;
diff --git a/services/nginx/etc/nginx/templates/services/cgit.conf.template b/services/nginx/etc/nginx/templates/services/cgit.conf.template
new file mode 100644
index 0000000..c0fa070
--- /dev/null
+++ b/services/nginx/etc/nginx/templates/services/cgit.conf.template
@@ -0,0 +1,17 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name git.${NGINX__HOST};
+
+    ssl_certificate     /run/secrets/server.crt;
+    ssl_certificate_key /run/secrets/server.key;
+
+    location / {
+        proxy_pass http://cgit:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/services/nginx/etc/nginx/templates/services/radicale.conf.template b/services/nginx/etc/nginx/templates/services/radicale.conf.template
new file mode 100644
index 0000000..d6e4617
--- /dev/null
+++ b/services/nginx/etc/nginx/templates/services/radicale.conf.template
@@ -0,0 +1,19 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name dav.${NGINX__HOST};
+
+    ssl_certificate     /run/secrets/server.crt;
+    ssl_certificate_key /run/secrets/server.key;
+
+    location / {
+        proxy_pass        http://radicale:5232;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Host $host;
+        proxy_set_header  X-Forwarded-Port $server_port;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+        proxy_set_header  Host $http_host;
+        proxy_pass_header Authorization;
+    }
+}
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-12 21:24:22 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-13 01:57:39 +0100
commit	3561b6d86c329272b1825adaf3ca49c9aff76119 (patch)
tree	fb8bd4148a7ddca115878b96326a6d6c96c6776f /services/nginx/etc
parent	6c22a6e48e8ff49a69434eca7a7b78158576cb7b (diff)
download	net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.tar.gz net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.zip