letsbe/LetsBeBiz-Redesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Include full contents of all nested repositories

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-02-27 16:25:02 +01:00
parent 14ff8fd54c
commit 2401ed446f
7271 changed files with 1310112 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
letsbe-ansible-runner/nginx/activepieces.conf Normal file
View File

@@ -0,0 +1,60 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_activepieces }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_activepieces }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3056;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

39
letsbe-ansible-runner/nginx/botlab.conf Normal file
View File

@@ -0,0 +1,39 @@
server {
client_max_body_size 64M;
server_name {{ domain_botlab }};
location / {
proxy_pass http://172.20.1.8:3000; # Backend for typebot-builder
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_botlab }};
return 404; # managed by Certbot
}

36
letsbe-ansible-runner/nginx/bots.conf Normal file
View File

@@ -0,0 +1,36 @@
server {
client_max_body_size 64M;
server_name {{ domain_typebot }};
location / {
proxy_pass http://172.20.1.9:3000; # Backend for bot-viewer
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_typebot }};
return 404; # managed by Certbot
}

53
letsbe-ansible-runner/nginx/calcom.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_calcom }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_calcom }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3018;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

107
letsbe-ansible-runner/nginx/chatwoot.conf Normal file
View File

@@ -0,0 +1,107 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_chatwoot }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_chatwoot }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://0.0.0.0:3011;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_chatwoot_helpdesk }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_chatwoot_helpdesk }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3011;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

40
letsbe-ansible-runner/nginx/documenso.conf Normal file
View File

@@ -0,0 +1,40 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_documenso }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_documenso }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:3020;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/flame.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3054;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

40
letsbe-ansible-runner/nginx/ghost.conf Normal file
View File

@@ -0,0 +1,40 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_ghost }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_ghost }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:2368;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/gitea-drine.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_gitea_drone }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_gitea_drone }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3009;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/gitea.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_gitea }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_gitea }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3007;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/glitchtip.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_glitchtip }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_glitchtip }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3017;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/html.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_html }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_html }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

46
letsbe-ansible-runner/nginx/keycloak.conf Normal file
View File

@@ -0,0 +1,46 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_keycloak }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_keycloak }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

44
letsbe-ansible-runner/nginx/librechat.conf Normal file
View File

@@ -0,0 +1,44 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_librechat }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_librechat }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://0.0.0.0:3080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

49
letsbe-ansible-runner/nginx/listmonk.conf Normal file
View File

@@ -0,0 +1,49 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_listmonk }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_listmonk }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3006;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

110
letsbe-ansible-runner/nginx/minio.conf Normal file
View File

@@ -0,0 +1,110 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_minio }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
listen 443 ssl http2;
server_name {{ domain_minio }};
location / {
proxy_pass http://172.20.26.2:9001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
# Remove existing CORS headers from MinIO to prevent duplicates
proxy_hide_header Access-Control-Allow-Origin;
# CORS Settings
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' 'ETag' always;
# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-PO";
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
}
server {
client_max_body_size 0;
server_name {{ domain_s3 }};
location / {
proxy_pass http://172.20.26.2:9000; # S3-compatible service
proxy_set_header Host $http_host; # Essential for S3 bucket ops
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Remove existing cors headers from MinIO to prevent duplicates
proxy_hide_header Access-Control-Allow-Origin;
# CORS Settings
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' 'Origin, Content-Type, Content-MD5, Content-Disposition, ETag' always;
# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}
}
# ACME Challenge Location (for Let's Encrypt)
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type 'text/plain';
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_s3 }};
return 404; # managed by Certbot
}

53
letsbe-ansible-runner/nginx/n8n.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_n8n }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_n8n }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3025;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

233
letsbe-ansible-runner/nginx/nextcloud.conf Normal file
View File

@@ -0,0 +1,233 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_nextcloud }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 500M;
listen 443 ssl http2;
server_name {{ domain_nextcloud }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3023;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#location /whiteboard/ {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_pass http://0.0.0.0:3002
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
# Optional settings:
# OCSP stapling
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/letsencrypt/live/<your-nc-domain>/chain.pem;
# replace with the IP address of your resolver
# resolver 127.0.0.1; # needed for oscp stapling: e.g. use 94.140.15.15 for adguard / 1.1.1.1 for cloudflared or 8.8.8.8 for google - you can use the same nameserver as listed in your /etc/resolv.conf file
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_collabora }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_collabora }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass https://0.0.0.0:3044;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frontend-Host $host;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_signaling }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_signaling }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:3061;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (required for signaling)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_whiteboard }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file ;
location / {
proxy_pass http://0.0.0.0:3060;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frontend-Host $host;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

67
letsbe-ansible-runner/nginx/nocodb.conf Normal file
View File

@@ -0,0 +1,67 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_nocodb }};
location / {
return 301 https://$host$request_uri;
}
location ~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_nocodb }};
# SSL Certificates (to be updated by Certbot)
# Uncomment this if you want to enforce HSTS
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Allow embedding in iframe
add_header X-Frame-Options "ALLOWALL";
add_header Content-Security-Policy "frame-ancestors *;";
# CORS Headers
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
location / {
proxy_pass http://0.0.0.0:3057;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Support WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
location ~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
}

53
letsbe-ansible-runner/nginx/odoo.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_odoo }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_odoo }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3019;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/penpot.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_penpot }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_penpot }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3021;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

46
letsbe-ansible-runner/nginx/portainer.conf Normal file
View File

@@ -0,0 +1,46 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_portainer }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_portainer }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
# WebSocket support (used by Portainer console/exec)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

61
letsbe-ansible-runner/nginx/poste.conf Normal file
View File

@@ -0,0 +1,61 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_poste }};
location ^~ /.well-known/acme-challenge/ {
proxy_pass http://0.0.0.0:3003;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_poste }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass https://0.0.0.0:3004;
proxy_buffering off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
proxy_pass http://0.0.0.0:3003;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
default_type "text/plain";
allow all;
}
}

51
letsbe-ansible-runner/nginx/redash.conf Normal file
View File

@@ -0,0 +1,51 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_redash }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_redash }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://0.0.0.0:3064;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 30s;
proxy_read_timeout 86400s;
proxy_send_timeout 30s;
proxy_http_version 1.1;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

52
letsbe-ansible-runner/nginx/s3.conf Normal file
View File

@@ -0,0 +1,52 @@
server {
client_max_body_size 0;
server_name {{ domain_s3 }};
location / {
proxy_pass http://127.0.0.1:9000; # Proxy to MinIO or your S3-compatible service
proxy_set_header Host $http_host; # Essential for S3 bucket operations
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Remove existing cors headers from MinIO to prevent duplicates
proxy_hide_header Access-Control-Allow-Origin;
# CORS Settings
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' 'Origin, Content-Type, Content-MD5, Content-Disposition, ETag' always;
# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}
}
# ACME Challenge Location (for Let's Encrypt)
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type 'text/plain';
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_s3 }};
return 404; # managed by Certbot
}

53
letsbe-ansible-runner/nginx/squidex.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_squidex }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_squidex }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

46
letsbe-ansible-runner/nginx/stirlingpdf.conf Normal file
View File

@@ -0,0 +1,46 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_pdf }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
listen 443 ssl http2;
server_name {{ domain_pdf }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# For websocket support if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

69
letsbe-ansible-runner/nginx/typebot.conf Normal file
View File

@@ -0,0 +1,69 @@
server {
client_max_body_size 64M;
server_name {{ domain_botlab }};
location / {
proxy_pass http://172.20.25.3:3000; # Backend for typebot-builder
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_botlab }};
return 404; # managed by Certbot
}
server {
client_max_body_size 64M;
server_name {{ domain_bot_viewer }};
location / {
proxy_pass http://172.20.25.4:3000; # Backend for bot-viewer
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/placeholder.crt; # managed by Certbot
ssl_certificate_key /etc/nginx/placeholder.key; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name {{ domain_bot_viewer }};
return 404; # managed by Certbot
}

53
letsbe-ansible-runner/nginx/umami.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_umami }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_umami }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3008;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/uptime-kuma.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_uptime_kuma }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_uptime_kuma }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3005;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

68
letsbe-ansible-runner/nginx/vaultwarden.conf Normal file
View File

@@ -0,0 +1,68 @@
server {
client_max_body_size 525M;
listen 80;
server_name vault.{{ domain }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 525M;
listen 443 ssl http2;
server_name vault.{{ domain }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
# Main application
location / {
proxy_pass http://127.0.0.1:3071;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
# WebSocket support for live sync
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# WebSocket notifications endpoint
location /notifications/hub {
proxy_pass http://127.0.0.1:3072;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:3071;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/whiteboard.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
if ($host = {{ domain_whiteboard }}) {
return 301 https://$host$request_uri;
} # managed by Certbot
client_max_body_size 64M;
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_whiteboard }};
ssl_certificate /etc/letsencrypt/live/whiteboard.letsbe.solutions/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/whiteboard.letsbe.solutions/privkey.pem;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:4014;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frontend-Host $host;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/windmill.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_windmill }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_windmill }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3014;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}

53
letsbe-ansible-runner/nginx/wordpress.conf Normal file
View File

@@ -0,0 +1,53 @@
server {
client_max_body_size 64M;
listen 80;
server_name {{ domain_wordpress }};
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}
server {
client_max_body_size 64M;
#large_client_header_buffers 4 16k;
listen 443 ssl http2;
server_name {{ domain_wordpress }};
ssl_certificate /etc/nginx/placeholder.crt;
ssl_certificate_key /etc/nginx/placeholder.key;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#auth_basic "Restricted Content";
#auth_basic_user_file letsbe-htpasswd;
location / {
proxy_pass http://0.0.0.0:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_buffers 16 4k;
#proxy_buffer_size 2k;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
default_type "text/plain";
allow all;
}
}