From 54fbb9f6135fda609341cecda6a1b80c48e77baf Mon Sep 17 00:00:00 2001 From: Mike Phares Date: Mon, 18 Sep 2023 16:10:18 -0700 Subject: [PATCH] ssl --- .gitignore | 2 ++ conf/includes/BaGet.conf | 12 +++++------ conf/includes/Gogs.conf | 8 ++++++++ conf/includes/code-server.conf | 25 +++++++++++++++++++++++ conf/includes/default.conf | 8 ++++++++ conf/includes/dex.conf | 29 ++++++++++++++++++++++++++ conf/includes/json.conf | 17 ++++++++++------ conf/includes/localhost.conf | 37 ++++++++++++++++++++++++++++++++++ conf/nginx.conf | 26 +++++++++++------------- 9 files changed, 138 insertions(+), 26 deletions(-) create mode 100644 .gitignore create mode 100644 conf/includes/Gogs.conf create mode 100644 conf/includes/code-server.conf create mode 100644 conf/includes/default.conf create mode 100644 conf/includes/dex.conf create mode 100644 conf/includes/localhost.conf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..78e7043 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +conf/includes/localhost.crt +conf/includes/localhost.key \ No newline at end of file diff --git a/conf/includes/BaGet.conf b/conf/includes/BaGet.conf index dd8900e..a51479d 100644 --- a/conf/includes/BaGet.conf +++ b/conf/includes/BaGet.conf @@ -1,11 +1,11 @@ -location / -{ - proxy_pass http://localhost:5555; +location / { proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection keep-alive; - proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; + proxy_pass http://localhost:5555; + proxy_set_header Host $http_host; + proxy_set_header Connection keep-alive; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-Proto https; } # sc create "Baget-5555" start= delayed-auto DisplayName="Baget-5555" binPath= "C:\Users\phares\AppData\Local\IFXApps\BaGet\src\BaGet\bin\Release\net6.0\win-x64\publish\BaGet.exe" obj= "infineon\phares" password= "" diff --git a/conf/includes/Gogs.conf b/conf/includes/Gogs.conf new file mode 100644 index 0000000..b1680ef --- /dev/null +++ b/conf/includes/Gogs.conf @@ -0,0 +1,8 @@ +location / { + proxy_hide_header Authorization; + if ($http_Authorization != "Basic asdf") { + return 401; + } + proxy_set_header Authorization "Basic asdf"; + proxy_pass http://localhost:3000; +} \ No newline at end of file diff --git a/conf/includes/code-server.conf b/conf/includes/code-server.conf new file mode 100644 index 0000000..42cd670 --- /dev/null +++ b/conf/includes/code-server.conf @@ -0,0 +1,25 @@ +server { + server_name phares3757.ddns.net; + location / { + proxy_pass http://localhost:8007/; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; + proxy_set_header Accept-Encoding gzip; + } + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} +server { + if ($host = phares3757.ddns.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + listen 80; + listen [::]:80; + server_name phares3757.ddns.net; + return 404; # managed by Certbot +} \ No newline at end of file diff --git a/conf/includes/default.conf b/conf/includes/default.conf new file mode 100644 index 0000000..c6b4fe2 --- /dev/null +++ b/conf/includes/default.conf @@ -0,0 +1,8 @@ +server { + listen 8008 default_server; + listen [::]:8008 default_server; + ## Trun on /cgi-bin/ support to run CGI apps ## + include /etc/nginx/fcgiwrap.conf; + root /var/www/html; + server_name _; +} diff --git a/conf/includes/dex.conf b/conf/includes/dex.conf new file mode 100644 index 0000000..8dc037f --- /dev/null +++ b/conf/includes/dex.conf @@ -0,0 +1,29 @@ +location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ { + expires 1d; + index index.html index.htm; + # ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/ + # ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651 + # ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io + # ln -s /srv/git /var/www/html/637998119172547651/git + # root /var/www/html/637998119172547651; + # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures" + # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io" + root "D://Tmp//phares//www"; +} +location / { + index index.html index.htm; + # root /var/www/html/637998119172547651; + # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures" + # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io" + root "D://Tmp//phares//www"; + # First attempt to serve request as file, then + autoindex on; + # Send the data in JSON + autoindex_format json; + addition_types application/json; + # Calling from SERVERNAME/autoindex/* + add_before_body /NGINdeX.io/header.html; + add_after_body /NGINdeX.io/footer.html; + # Need to tell that we are sending HTML + add_header Content-Type text/html; +} \ No newline at end of file diff --git a/conf/includes/json.conf b/conf/includes/json.conf index d801e61..2b4dcb0 100644 --- a/conf/includes/json.conf +++ b/conf/includes/json.conf @@ -1,24 +1,29 @@ -# location ~ /admin(.*)/$ { location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ { expires 1d; index index.html index.htm; + # ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/ + # ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651 + # ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io + # ln -s /srv/git /var/www/html/637998119172547651/git + # root /var/www/html/637998119172547651; # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures" # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io" root "D://Tmp//phares//www"; } location / { index index.html index.htm; + # root /var/www/html/637998119172547651; # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures" # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io" - root "D://Tmp//phares//www"; + root "C://4p_W7a"; # First attempt to serve request as file, then autoindex on; # Send the data in JSON autoindex_format json; - addition_types application/json; + # addition_types application/json; # Calling from SERVERNAME/autoindex/* - add_before_body /NGINdeX.io/header.html; - add_after_body /NGINdeX.io/footer.html; + # add_before_body /NGINdeX.io/header.html; + # add_after_body /NGINdeX.io/footer.html; # Need to tell that we are sending HTML - add_header Content-Type text/html; + # add_header Content-Type text/html; } \ No newline at end of file diff --git a/conf/includes/localhost.conf b/conf/includes/localhost.conf new file mode 100644 index 0000000..de14e84 --- /dev/null +++ b/conf/includes/localhost.conf @@ -0,0 +1,37 @@ +[req] +default_bits = 2048 +default_keyfile = localhost.key +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_ca + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = US +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Arizona +localityName = Locality Name (eg, city) +localityName_default = Mesa +organizationName = Organization Name (eg, company) +organizationName_default = Infineon Technologies Americas Corp. +organizationalUnitName = organizationalunit +organizationalUnitName_default = Development +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = example.com +commonName_max = 64 + +[req_ext] +subjectAltName = @alt_names + +[v3_ca] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = example.com +DNS.2 = localhost +DNS.3 = 127.0.0.1 + +# https://webscoot.io/blog/create-self-signed-certificate-ubuntu-windows-nginx/ +# cd "C:\Program Files\Git\usr\bin" +# openssl +# req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf diff --git a/conf/nginx.conf b/conf/nginx.conf index 257981d..ae6affa 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,18 +7,6 @@ http { default_type application/octet-stream; sendfile on; keepalive_timeout 65; - server { - listen 5050; - server_name localhost; - include "includes/html.conf"; - error_page 500 502 503 504 /50x.html; - include "includes/html-error.conf"; - } - server { - listen 4430; - server_name iscn5cg1325c0x.infineon.com; - include "includes/BaGet.conf"; - } server { listen 5051; server_name localhost; @@ -27,13 +15,23 @@ http { server { listen 5052; server_name localhost; - include "includes/json.conf"; + include "includes/dex.conf"; } server { listen 5053; server_name localhost; include "includes/ProgramData.conf"; } + server { + listen 80; + server_name localhost; + include "includes/json.conf"; + } + server { + listen 8011; + server_name localhost; + include "includes/Gogs.conf"; + } server { listen 8080; server_name ~(oi-metrology-viewer-archive).mes.infineon.com; @@ -54,7 +52,7 @@ http { include "includes/EAF-Viewer.Server.conf"; } } -# mklink /J "C:\Users\phares\AppData\Local\IFXApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf" +# mklink /J "C:\Users\mikep\AppData\Local\PharesApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf" # cd "C:\Users\ECMESEAF\AppData\Local\IFXApps\nginx-1.20.1" # .\nginx -t # .\nginx -s reload