mestsa02ec.ec.local

# 80, Access-Control-Allow-Origin and pfx to crt and key Add to DevOps flop dex Gogs proxy_set_header X-Forwarded-Proto https; ssl
2023-09-18 16:01:44 -07:00
parent 59d2ef6e44
commit 13f1964ad9
32 changed files with 1030 additions and 55 deletions
--- a/conf/includes/APC-Viewer-Server.conf
+++ b/conf/includes/APC-Viewer-Server.conf
@ -0,0 +1 @@
+location / { proxy_pass http://localhost:5002; }
--- a/conf/includes/APC-Viewer.conf
+++ b/conf/includes/APC-Viewer.conf
@ -0,0 +1 @@
+location / { proxy_pass http://localhost:5005; }
--- a/conf/includes/BaGet.conf
+++ b/conf/includes/BaGet.conf
@ -1,11 +1,11 @@
-location /
-{
-    proxy_pass         http://localhost:5555;
+location / {
    proxy_http_version 1.1;
-    proxy_set_header   Upgrade $http_upgrade;
-    proxy_set_header   Connection keep-alive;
-    proxy_set_header   Host $http_host;
    proxy_cache_bypass $http_upgrade;
+    proxy_pass http://localhost:5555;
+    proxy_set_header Host $http_host;
+    proxy_set_header Connection keep-alive;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header X-Forwarded-Proto https;
 }

 # sc create "Baget-5555" start= delayed-auto DisplayName="Baget-5555" binPath= "C:\Users\phares\AppData\Local\IFXApps\BaGet\src\BaGet\bin\Release\net6.0\win-x64\publish\BaGet.exe" obj= "infineon\phares" password= ""
--- a/conf/includes/Gogs.conf
+++ b/conf/includes/Gogs.conf
@ -0,0 +1,8 @@
+location / {
+    proxy_hide_header Authorization;
+    if ($http_Authorization != "Basic asdf") {
+        return 401;
+    }
+    proxy_set_header Authorization "Basic asdf";
+    proxy_pass http://localhost:3000;
+}
--- a/conf/includes/code-server.conf
+++ b/conf/includes/code-server.conf
@ -0,0 +1,25 @@
+server {
+    server_name phares3757.ddns.net;
+    location / {
+        proxy_pass http://localhost:8007/;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+    }
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = phares3757.ddns.net) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+    listen 80;
+    listen [::]:80;
+    server_name phares3757.ddns.net;
+    return 404; # managed by Certbot
+}
--- a/conf/includes/default.conf
+++ b/conf/includes/default.conf
@ -0,0 +1,8 @@
+server {
+    listen 8008 default_server;
+    listen [::]:8008 default_server;
+    ## Trun on /cgi-bin/ support to run CGI apps ##
+    include /etc/nginx/fcgiwrap.conf;
+    root /var/www/html;
+    server_name _;
+}
--- a/conf/includes/dex.conf
+++ b/conf/includes/dex.conf
@ -0,0 +1,21 @@
+location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
+    expires 1d;
+    index index.html index.htm;
+    # root /var/www/html/637998119172547651;
+    root "D://Tmp//phares//www";
+}
+location / {
+    index index.html index.htm;
+    # root /var/www/html/637998119172547651;
+    root "D://Tmp//phares//www";
+    # First attempt to serve request as file, then
+    autoindex on;
+    # Send the data in JSON
+    autoindex_format json;
+    addition_types application/json;
+    # Calling from SERVERNAME/autoindex/*
+    add_before_body /NGINdeX.io/header.html;
+    add_after_body /NGINdeX.io/footer.html;
+    # Need to tell that we are sending HTML
+    add_header Content-Type text/html;
+}
--- a/conf/includes/ec-server.crt
+++ b/conf/includes/ec-server.crt
@ -0,0 +1,37 @@
+Bag Attributes
+    localKeyID: 01 00 00 00 
+subject=CN = mestsa02ec.ec.local
+
+issuer=C = DE, O = Infineon Technologies AG, CN = Infineon Technologies AG EC CA
+
+-----BEGIN CERTIFICATE-----
+MIIFZzCCBE+gAwIBAgITEQAKMa/W/0YEmx3dVwAAAAoxrzANBgkqhkiG9w0BAQsF
+ADBZMQswCQYDVQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVz
+IEFHMScwJQYDVQQDDB5JbmZpbmVvbiBUZWNobm9sb2dpZXMgQUcgRUMgQ0EwHhcN
+MjMwMzMxMDE0NjAzWhcNMjUwMzMwMDE0NjAzWjAeMRwwGgYDVQQDDBNtZXN0c2Ew
+MmVjLmVjLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2lK
+HvL1yot5W+sUYZFx+jnvQGUUimuWbhmGMLgfnhOOkNiJk12fq55ZfjOaFD7Pod/g
+xhiViFZ0vVR/JwBlGK6RGPPsarK5LmMgdV3Y2MWDGIA5jb3sgvFtsz/q9xMfbbq7
+EPls51QJ+HHiMMtYPhTJX912EYm/FWw3/16RpM5jjAIq14XTNV2dilnLO2XmrRDh
+zV9ySclHbsyp+6Xa+4E/TP93oUE/YwlvA5tXCdblZaapBzq+pSLgkDBFwCaLwdzx
+S0LgW1DPXjzAvNj5Yi+15tD/QGH6h1QaimBMe8nQcPkpyVicTRK/HONZMP/zx5rL
+4AYz72ahtMG8yrCQXwIDAQABo4ICYTCCAl0wPgYJKwYBBAGCNxUHBDEwLwYnKwYB
+BAGCNxUIhK+7M4S3+nmFmZcqhfiyeYaXu2aBA4XPrD2DhJoTAgFkAgFVMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwQgYDVR0g
+BDswOTA3Bg0qghQARAqBAgEBAQEBMCYwJAYIKwYBBQUHAgEWGGh0dHA6Ly9jcHMu
+aW5maW5lb24uY29tADAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsG
+AQUFBwMCMB0GA1UdDgQWBBS4GCGfn0i+NXOi+lsXMleuqXgrfjA2BgNVHREELzAt
+gittZXNhcmVwb3J0aW5nc2VydmljZXMtcHJvZC5tZXMuaW5maW5lb24uY29tMB8G
+A1UdIwQYMBaAFJmmdkAB8r7pT1pg9efTboOQCXhgMIIBBQYDVR0fBIH9MIH6MIH3
+oIH0oIHxhoHMbGRhcDovLy9DTj1JbmZpbmVvbiUyMFRlY2hub2xvZ2llcyUyMEFH
+JTIwRUMlMjBDQSxDTj1FTFNTQUVDMDIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUy
+MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9RUMsREM9
+bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz
+PWNSTERpc3RyaWJ1dGlvblBvaW50hiBodHRwOi8vY3JsLmVjLmxvY2FsL2NybC9F
+Y0NBLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAnbUvDqIFyK2M9bDUeilmDQCFF2NE
+2uLnA7EZXWEMXqQ3Zo3U5KV6MsGxHjuGMdki+PNrPy116GYkm7JcVdvavII5q+Ze
+KoDPtLxJZrZ4F5jGmBwRMNaqTD9vWqVRN5MDFRhuXMPbU/5e+fsfzTChemE7Wme7
+owEYbjtAxT6FiBkYwQL5AM3w1YzQsi8mPV4FIJcAh8WjxH4zkiO+eedal/fWw4gV
+3vZo/8B1Z/lsyQSyG7O8HD5uOqnpngZbhQ8CICXrwrXtrOjDP03fJNWUPQ/T8QU/
+gIEadozWYBWeghthtp81AjZPGJloV2iyomkQe4N4XcV4vJ9v4KujOUvcLA==
+-----END CERTIFICATE-----
--- a/conf/includes/ec-server.key
+++ b/conf/includes/ec-server.key
@ -0,0 +1,37 @@
+Bag Attributes
+    Microsoft Local Key set: <No Values>
+    localKeyID: 01 00 00 00 
+    Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
+    friendlyName: te-InfineonECServer-e9a15685-d6b6-4470-9728-f627f4423d90
+Key Attributes
+    X509v3 Key Usage: 10 
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuoAZ6HXk3ToCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE6S96awW9vNBIIEyGtPG2WkLSPF
+toWLISPCnTkPyDvgfzZ+xhx+Ogo4drd1ljhjpFGZk2OrKIWpUO1CLRsDoN7xGrrG
+AcUOyUL3NJfiQYIAiM7qYVD4fmGsfxQrLCq5vVuLrg9VfYIPWQ9VV4u5cbp/vLyn
+cxyd5EVuq8fOsMCsafL4k2VKY/pgQpFm8Gof0rwAd71DwVc74SYBL1+n96E2XgEt
+m+7vmU3+YKRSBOnLhc9vV2GnQDOSBFRpr4jr4X5T7TbyaeCrrqL7TNGdvirNERW/
+1+FUPqKfL1+x5Awba6n7JunM4t4xZhfXeEEVRWpqB5okQBraR45xP04ibZJfRsux
+AqKrjp3baiFvvqgdu9GZgnw1b2UjAaie3Qm0v5u8YttKJxT62RmWx+aKxgy9hjlX
+lgxPs+p/6cS0QnFue63oZGq3p7zqvBXHgUSt47WqTHxq18I/qDnwAtX6Mokwj4rv
+ND6/I1PkBMiXWgn2+qX2ZM9qfgf1+IkTMWArR6ImdhJ8MUu+kWYC5tBtQMnpSQoo
+CqCpHusMhUXKFMatWV+YfWLmFzuOwYFC2mUvQU9RmJ1aZb4gBvCSZG+vAo9NacSA
+A8/FTJzvv3vgh+QakLD0TY03poxOBEiS2IWLyPipjGrCE3MDROeqdljsTPcbdSOo
+EXfk+w+DwngsafwQY7xn7Rj6NRaq16ZhN6m9wdqDi4UQ3wZYOaEYV4DqzVnXbf0e
+mNhjGRCEEPyCxXw5MuN/drUpDWDRN/peTsWLamtSoN6u4niJFTZwztEhUHfbJJLE
+pt4fOO0D4F4oWtqFMSsp2NaFwFfSsdsCaoFri4mfeZfWPAvd+38yvEaaCw1fIg/R
+VOydXBDNHpsOX20Nck/ixDcJ1GuicOOKntFF8+rbWuDKF4tXJUEbXBYylex0J5r/
+b/lQmcI12gU91MxYQS0oirsU8y+/qJfjPg1Y+jtSIx98IThuD0pLDlokoWAvJh7Y
+zoC15pIwQKup7dlGYPn0UU+9nW+vm9l3ZtQcOGqX95/qrLzcUrEAMcnjFkC30sG3
+4LZDsKQTq+UBkjWZk6C9Jej8+ZVBSbbPHfxY/JHVZMiyvkvs2juZ59W2qswy6Dpd
+m1HjEDZxzPtf0SCiK7Te/MjEX2jzIVBw4DddlKXlGL/oQ/pG6CsOqVhsvfKz62Yv
+xSv/CRSfxVV8n1CchYg/FgZ5Ib+nLDn46ABvdh5AIPCcYS/f9zdQlyKyMJCPRSfW
+vWwH6n/4bHLvLxAAI7bJpJhWNxXSIHH3j6UjAuTPlL7yXM5DI0drZQ2T5DtdBIxB
+7iJmVU6zLaRuzx3CAcp6M071y/e4Dfar6WL/7M14wjau8vLe/5pnkojMWwwbbyXb
+CFQ54FcrZuw7uD9Tpl73UHzyHlKQ5oj0nno9OQVzNb3f0iIJ/rQBxg/0ZAoJZdrx
+Ea+ynGo1GXTkEEiIQEbFzd5ZXK8cKRIyXDl84navTHsIauyNwbLp7mie55aGPL34
+kzi3K1G18fE2FM7vxRbyEk4nLzWAePjQjWc5rRnKVqHxR6+XEdHyEBH8gylX/zRQ
+czNUWtSAgU5nQfcZj3uwp/XkxAL2Ngg6YFWYUNEo7/T6IkqoKb8j4fI4zl419VBM
+gBNsOfeo3XrmcPHBLCw0LQ==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/conf/includes/ec-server.pass
+++ b/conf/includes/ec-server.pass
@ -0,0 +1 @@
+nocert
--- a/conf/includes/ec-server.pfx
+++ b/conf/includes/ec-server.pfx
--- a/conf/includes/json.conf
+++ b/conf/includes/json.conf
@ -1,24 +1,47 @@
-# location ~ /admin(.*)/$ {
 location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
    expires 1d;
    index index.html index.htm;
-    # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
-    # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
    root "D://Tmp//phares//www";
 }
 location / {
    index index.html index.htm;
-    # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
-    # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
+    # root /var/www/html/637998119172547651;
    root "D://Tmp//phares//www";
    # First attempt to serve request as file, then
    autoindex on;
    # Send the data in JSON
    autoindex_format json;
-    addition_types application/json;
+    # addition_types application/json;
    # Calling from SERVERNAME/autoindex/*
-    add_before_body /NGINdeX.io/header.html;
-    add_after_body /NGINdeX.io/footer.html;
+    # add_before_body /NGINdeX.io/header.html;
+    # add_after_body /NGINdeX.io/footer.html;
    # Need to tell that we are sending HTML
-    add_header Content-Type text/html;
+    # add_header Content-Type text/html;
+    if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        add_header 'Access-Control-Max-Age' 1728000;
+        add_header 'Content-Type' 'text/plain; charset=utf-8';
+        add_header 'Content-Length' 0;
+        return 204;
+    }
+    if ($request_method = 'POST') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+    }
+    if ($request_method = 'GET') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+    }
 }
--- a/conf/includes/localhost.conf
+++ b/conf/includes/localhost.conf
@ -0,0 +1,44 @@
+[req]
+default_bits       = 2048
+default_keyfile    = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+x509_extensions    = v3_ca
+
+[req_distinguished_name]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = Arizona
+localityName                = Locality Name (eg, city)
+localityName_default        = Mesa
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Infineon Technologies Americas Corp.
+organizationalUnitName      = organizationalunit
+organizationalUnitName_default = Development
+commonName                  = Common Name (e.g. server FQDN or YOUR name)
+commonName_default          = mestsa02ec.ec.local
+commonName_max              = 64
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1   = mestsa02ec.ec.local
+DNS.2   = localhost
+DNS.3   = 127.0.0.1
+
+# https://webscoot.io/blog/create-self-signed-certificate-ubuntu-windows-nginx/
+# cd "C:\Program Files\Git\usr\bin"
+# openssl
+# req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\localhost.key -out L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\localhost.crt -config L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\localhost.conf
+# openssl
+# pkcs12 -in L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\ec-server.pfx -nocerts -out L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\ec-server.key
+# openssl
+# nocert
+# pkcs12 -in L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\ec-server.pfx -clcerts -nokeys -out L:\DevOps\Mesa_FI\NGINX-Conf\conf\includes\ec-server.crt
+# CN = mestsa02ec.ec.local
+# DNS Name=mesareportingservices-prod.mes.infineon.com
--- a/conf/includes/wwwroot.conf
+++ b/conf/includes/wwwroot.conf
@ -0,0 +1,4 @@
+location / {
+    root "D://wwwroot";
+    try_files $uri $uri/ /index.html =404;
+}
				`@ -0,0 +1 @@`
				`location / { proxy_pass http://localhost:5002; }`