dotfiles/terranix/containers/ingress-blowhole/upstreams.conf

258 lines
4.6 KiB
Plaintext
Raw Normal View History

upstream jellyfin {
server {{ env "NOMAD_UPSTREAM_ADDR_jellyfin" }};
}
upstream zigbee2mqtt {
server {{ env "NOMAD_UPSTREAM_ADDR_zigbee2mqtt" }};
}
upstream home-assistant {
server {{ env "NOMAD_UPSTREAM_ADDR_home-assistant" }};
}
upstream syncthing {
server {{ env "NOMAD_UPSTREAM_ADDR_syncthing" }};
}
upstream influx {
server {{ env "NOMAD_UPSTREAM_ADDR_influx" }};
}
upstream grafana {
server {{ env "NOMAD_UPSTREAM_ADDR_grafana" }};
}
upstream mainsail {
server {{ env "NOMAD_UPSTREAM_ADDR_mainsail" }};
}
upstream matrix-synapse {
server {{ env "NOMAD_UPSTREAM_ADDR_matrix_synapse" }};
}
upstream matrix-mautrix-facebook {
server {{ env "NOMAD_UPSTREAM_ADDR_matrix-mautrix-facebook" }};
}
server {
listen 80;
server_name jellyfin.in.redalder.org;
include /local/jellyfin.conf;
}
server {
listen 8096;
server_name _;
include /local/jellyfin.conf;
}
server {
listen 80;
server_name syncthing.in.redalder.org;
include /local/security.conf;
location / {
include /local/headers.conf;
proxy_pass http://syncthing/;
}
}
server {
listen 80;
server_name hass.in.redalder.org;
include /local/hass.conf;
}
server {
listen 8086;
server_name _;
include /local/security.conf;
include /local/hass.conf;
}
server {
listen 80;
server_name zigbee2mqtt.in.redalder.org;
include /local/security.conf;
location / {
include /local/headers.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://zigbee2mqtt/;
}
}
server {
listen 80;
server_name grafana.in.redalder.org;
# Grafana really doesn't like that CSP policy
# include /local/security.conf;
location / {
include /local/headers.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://grafana/;
}
}
server {
listen 80;
server_name influx.in.redalder.org;
# Influx doesn't like it either
# include /local/security.conf;
location / {
include /local/headers.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://influx/;
}
}
server {
listen 80;
server_name mainsail.in.redalder.org;
# Influx doesn't like it either
include /local/security.conf;
location / {
include /local/headers.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://mainsail/;
}
}
server {
listen 80;
server_name matrix.in.redalder.org;
location ~ ^/_synapse/admin {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://matrix-synapse;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
# Synapse responses may be chunked, which is an HTTP/1.1 feature.
proxy_http_version 1.1;
}
location /mufb/ {
proxy_pass http://matrix-mautrix-facebook$request_uri;
proxy_set_header Host $http_host;
proxy_buffering off;
}
}
server {
listen 80;
server_name nomad.in.redalder.org;
location / {
proxy_pass http://blowhole.hosts.in.redalder.org:4646;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
}
}
server {
listen 80;
server_name consul.in.redalder.org;
location / {
proxy_pass http://blowhole.hosts.in.redalder.org:8500;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
}
}
server {
listen 80;
server_name vault.in.redalder.org;
location / {
proxy_pass http://blowhole.hosts.in.redalder.org:8200;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
}
}
server {
listen 80;
listen 81;
server_name _;
include /local/security.conf;
location / {
return 404;
}
}
# server {
# listen 443;
# server_name _;
# include /local/security.conf;
# location / {
# return 404;
# }
# }