From 87aef66a85a899482f5ce1bc39d3a795952d35cc Mon Sep 17 00:00:00 2001 From: StepanovPlaton Date: Wed, 14 Jan 2026 11:38:57 -0600 Subject: [PATCH] Update nginx config example --- proxy/nginx/conf.d/default.conf.example | 106 +++++++++++++++++++++--- 1 file changed, 96 insertions(+), 10 deletions(-) diff --git a/proxy/nginx/conf.d/default.conf.example b/proxy/nginx/conf.d/default.conf.example index b523785..f0ae52e 100644 --- a/proxy/nginx/conf.d/default.conf.example +++ b/proxy/nginx/conf.d/default.conf.example @@ -1,6 +1,8 @@ +# 1. Редирект с HTTP на HTTPS (для всех доменов сразу) server { - listen 80; - server_name domain.dynnamn.ru domain2.dynnamn.ru; + listen 80 default_server; + listen [::]:80 default_server; + server_name domain.ru www.domain.ru git.domain.ru disk.domain.ru matrix.domain.ru chat.domain.ru; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -11,18 +13,102 @@ server { } } +# 2. Основной сайт и WWW server { listen 443 ssl; - server_name domain.dynnamn.ru; + server_name domain.ru www.domain.ru; - ssl_certificate /etc/letsencrypt/live/domain.dynnamn.ru/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/domain.dynnamn.ru/privkey.pem; + # Используем один сертификат, если он мультидоменный (Certbot обычно делает один на домен + www) + # Если сертификаты разные, лучше объединить их через Certbot (флаг -d домен1 -d домен2) + ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem; location / { - charset utf-8; - default_type text/plain; - return 200 "Hello domain.dynnamn.ru!"; - # proxy_pass http://your_app_container:port; - # proxy_set_header Host $host; + charset utf-8; + default_type text/plain; + return 200 "Hello world!"; + } +} + +# 3. Gitea +server { + listen 443 ssl; + server_name git.domain.ru; + + ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem; + + location / { + proxy_pass http://gitea:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# 4. Cloud +server { + listen 443 ssl; + server_name disk.domain.ru; + + ssl_certificate /etc/letsencrypt/live/disk.domain.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/disk.domain.ru/privkey.pem; + + client_max_body_size 0; + + location / { + proxy_pass http://filebrowser; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# 4. Matrix +server { + listen 443 ssl; + server_name matrix.domain.ru; + + ssl_certificate /etc/letsencrypt/live/matrix.domain.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrix.domain.ru/privkey.pem; + + location / { + proxy_pass http://matrix-synapse:8008; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_max_body_size 50M; + } + + #location /.well-known/matrix/server { + # return 200 '{"m.server": "matrix.domain.ru:443"}'; + # add_header Content-Type application/json; + #} + + #location /.well-known/matrix/client { + # return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}'; + # add_header Content-Type application/json; + # add_header Access-Control-Allow-Origin *; + #} +} +server { + listen 443 ssl; + server_name chat.domain.ru; + + ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem; + + location / { + proxy_pass http://matrix-element; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_max_body_size 50M; } }