upstream jellyfin { server {{ env "NOMAD_UPSTREAM_ADDR_jellyfin" }}; } upstream zigbee2mqtt { server {{ env "NOMAD_UPSTREAM_ADDR_zigbee2mqtt" }}; } upstream home-assistant { server {{ env "NOMAD_UPSTREAM_ADDR_home-assistant" }}; } upstream syncthing { server {{ env "NOMAD_UPSTREAM_ADDR_syncthing" }}; } upstream influx { server {{ env "NOMAD_UPSTREAM_ADDR_influx" }}; } upstream grafana { server {{ env "NOMAD_UPSTREAM_ADDR_grafana" }}; } upstream mainsail { server {{ env "NOMAD_UPSTREAM_ADDR_mainsail" }}; } upstream matrix-synapse { server {{ env "NOMAD_UPSTREAM_ADDR_matrix_synapse" }}; } upstream matrix-mautrix-facebook { server {{ env "NOMAD_UPSTREAM_ADDR_matrix-mautrix-facebook" }}; } server { listen 80; server_name jellyfin.in.redalder.org; include /local/jellyfin.conf; } server { listen 8096; server_name _; include /local/jellyfin.conf; } server { listen 80; server_name syncthing.in.redalder.org; include /local/security.conf; location / { include /local/headers.conf; proxy_pass http://syncthing/; } } server { listen 80; server_name hass.in.redalder.org; include /local/hass.conf; } server { listen 8086; server_name _; include /local/security.conf; include /local/hass.conf; } server { listen 80; server_name zigbee2mqtt.in.redalder.org; include /local/security.conf; location / { include /local/headers.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://zigbee2mqtt/; } } server { listen 80; server_name grafana.in.redalder.org; # Grafana really doesn't like that CSP policy # include /local/security.conf; location / { include /local/headers.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://grafana/; } } server { listen 80; server_name influx.in.redalder.org; # Influx doesn't like it either # include /local/security.conf; location / { include /local/headers.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://influx/; } } server { listen 80; server_name mainsail.in.redalder.org; # Influx doesn't like it either include /local/security.conf; client_max_body_size 500M; location / { include /local/headers.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://mainsail/; } } server { listen 80; server_name matrix.in.redalder.org; location ~ ^/_synapse/admin { # note: do not add a path (even a single /) after the port in `proxy_pass`, # otherwise nginx will canonicalise the URI and cause signature verification # errors. proxy_pass http://matrix-synapse; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 50M; # Synapse responses may be chunked, which is an HTTP/1.1 feature. proxy_http_version 1.1; } location /mufb/ { proxy_pass http://matrix-mautrix-facebook$request_uri; proxy_set_header Host $http_host; proxy_buffering off; } } server { listen 80; server_name nomad.in.redalder.org; location / { proxy_pass http://blowhole.hosts.in.redalder.org:4646; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_http_version 1.1; } } server { listen 80; server_name consul.in.redalder.org; location / { proxy_pass http://blowhole.hosts.in.redalder.org:8500; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_http_version 1.1; } } server { listen 80; server_name vault.in.redalder.org; location / { proxy_pass http://blowhole.hosts.in.redalder.org:8200; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_http_version 1.1; } } server { listen 80; listen 81; server_name _; include /local/security.conf; location / { return 404; } } # server { # listen 443; # server_name _; # include /local/security.conf; # location / { # return 404; # } # }