diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-12 21:24:22 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-13 01:57:39 +0100 |
| commit | 3561b6d86c329272b1825adaf3ca49c9aff76119 (patch) | |
| tree | fb8bd4148a7ddca115878b96326a6d6c96c6776f /services/nginx/fs | |
| parent | 6c22a6e48e8ff49a69434eca7a7b78158576cb7b (diff) | |
| download | net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.tar.gz net_services-3561b6d86c329272b1825adaf3ca49c9aff76119.zip | |
Refactor
- Remove cgit files; pull cgit image from Docker Hub instead of building
locally
- Tidy up file hierarchy
- Minor fixes and edits
Diffstat (limited to 'services/nginx/fs')
4 files changed, 0 insertions, 92 deletions
diff --git a/services/nginx/fs/etc/nginx/templates/default.conf.template b/services/nginx/fs/etc/nginx/templates/default.conf.template deleted file mode 100644 index 306a074..0000000 --- a/services/nginx/fs/etc/nginx/templates/default.conf.template +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name ${NGINX__HOST} - www.${NGINX__HOST} - dav.${NGINX__HOST} - git.${NGINX__HOST}; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name ${NGINX__HOST} www.${NGINX__HOST}; - - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; - - location / { - root /srv; - } -} - -server { - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - - server_name _; - - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; - - return 444; -} - -# Docker embedded DNS server -resolver 127.0.0.11 valid=2s; - -include /etc/nginx/conf.d/services/*.conf; diff --git a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template deleted file mode 100644 index c0fa070..0000000 --- a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name git.${NGINX__HOST}; - - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; - - location / { - proxy_pass http://cgit:80; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} diff --git a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template deleted file mode 100644 index d6e4617..0000000 --- a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template +++ /dev/null @@ -1,19 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name dav.${NGINX__HOST}; - - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; - - location / { - proxy_pass http://radicale:5232; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_pass_header Authorization; - } -} diff --git a/services/nginx/fs/sbin/cmd.bash b/services/nginx/fs/sbin/cmd.bash deleted file mode 100755 index e024b4f..0000000 --- a/services/nginx/fs/sbin/cmd.bash +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/bash -set -eu - -# Install sensitive data in tmpfs -install --mode 400 /run/host_secrets/server.crt /run/secrets/server.crt -install --mode 400 /run/host_secrets/server.key /run/secrets/server.key - -# We have to run the entrypoint again -# Because if the first positional parameter is not "nginx" or "nginx-debug" the scripts in /docker-entrypoint.d are not ran. -# https://github.com/nginx/docker-nginx/blob/master/stable/debian/docker-entrypoint.sh -exec /docker-entrypoint.sh nginx -g "daemon off;" |