ssl

.gitignore

@@ -0,0 +1,2 @@
+conf/includes/localhost.crt
+conf/includes/localhost.key

conf/includes/BaGet.conf

@@ -1,11 +1,11 @@
-location /
+location / {
-{
-    proxy_pass         http://localhost:5555;
     proxy_http_version 1.1;
-    proxy_set_header   Upgrade $http_upgrade;
-    proxy_set_header   Connection keep-alive;
-    proxy_set_header   Host $http_host;
     proxy_cache_bypass $http_upgrade;
+    proxy_pass http://localhost:5555;
+    proxy_set_header Host $http_host;
+    proxy_set_header Connection keep-alive;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header X-Forwarded-Proto https;
 }
 
 # sc create "Baget-5555" start= delayed-auto DisplayName="Baget-5555" binPath= "C:\Users\phares\AppData\Local\IFXApps\BaGet\src\BaGet\bin\Release\net6.0\win-x64\publish\BaGet.exe" obj= "infineon\phares" password= ""

conf/includes/Gogs.conf

@@ -0,0 +1,8 @@
+location / {
+    proxy_hide_header Authorization;
+    if ($http_Authorization != "Basic asdf") {
+        return 401;
+    }
+    proxy_set_header Authorization "Basic asdf";
+    proxy_pass http://localhost:3000;
+}

conf/includes/code-server.conf

@@ -0,0 +1,25 @@
+server {
+    server_name phares3757.ddns.net;
+    location / {
+        proxy_pass http://localhost:8007/;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+    }
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = phares3757.ddns.net) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+    listen 80;
+    listen [::]:80;
+    server_name phares3757.ddns.net;
+    return 404; # managed by Certbot
+}

conf/includes/default.conf

@@ -0,0 +1,8 @@
+server {
+    listen 8008 default_server;
+    listen [::]:8008 default_server;
+    ## Trun on /cgi-bin/ support to run CGI apps ##
+    include /etc/nginx/fcgiwrap.conf;
+    root /var/www/html;
+    server_name _;
+}

conf/includes/dex.conf

@@ -0,0 +1,29 @@
+location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
+    expires 1d;
+    index index.html index.htm;
+    # ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/
+    # ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651
+    # ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io
+    # ln -s /srv/git /var/www/html/637998119172547651/git
+    # root /var/www/html/637998119172547651;
+    # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
+    # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
+    root "D://Tmp//phares//www";
+}
+location / {
+    index index.html index.htm;
+    # root /var/www/html/637998119172547651;
+    # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
+    # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
+    root "D://Tmp//phares//www";
+    # First attempt to serve request as file, then
+    autoindex on;
+    # Send the data in JSON
+    autoindex_format json;
+    addition_types application/json;
+    # Calling from SERVERNAME/autoindex/*
+    add_before_body /NGINdeX.io/header.html;
+    add_after_body /NGINdeX.io/footer.html;
+    # Need to tell that we are sending HTML
+    add_header Content-Type text/html;
+}

conf/includes/json.conf

@@ -1,24 +1,29 @@
-# location ~ /admin(.*)/$ {
 location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
     expires 1d;
     index index.html index.htm;
+    # ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/
+    # ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651
+    # ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io
+    # ln -s /srv/git /var/www/html/637998119172547651/git
+    # root /var/www/html/637998119172547651;
     # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
     # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
     root "D://Tmp//phares//www";
 }
 location / {
     index index.html index.htm;
+    # root /var/www/html/637998119172547651;
     # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
     # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
-    root "D://Tmp//phares//www";
+    root "C://4p_W7a";
     # First attempt to serve request as file, then
     autoindex on;
     # Send the data in JSON
     autoindex_format json;
-    addition_types application/json;
+    # addition_types application/json;
     # Calling from SERVERNAME/autoindex/*
-    add_before_body /NGINdeX.io/header.html;
+    # add_before_body /NGINdeX.io/header.html;
-    add_after_body /NGINdeX.io/footer.html;
+    # add_after_body /NGINdeX.io/footer.html;
     # Need to tell that we are sending HTML
-    add_header Content-Type text/html;
+    # add_header Content-Type text/html;
 }

conf/includes/localhost.conf

@@ -1,6 +1,6 @@
 [req]
 default_bits       = 2048
-default_keyfile    = laundry.phares3757.redirectme.net.key
+default_keyfile    = localhost.key
 distinguished_name = req_distinguished_name
 req_extensions     = req_ext
 x509_extensions    = v3_ca
@@ -11,13 +11,13 @@ countryName_default         = US
 stateOrProvinceName         = State or Province Name (full name)
 stateOrProvinceName_default = Arizona
 localityName                = Locality Name (eg, city)
-localityName_default        = Anthem
+localityName_default        = Mesa
 organizationName            = Organization Name (eg, company)
-organizationName_default    = Phares
+organizationName_default    = Infineon Technologies Americas Corp.
 organizationalUnitName      = organizationalunit
 organizationalUnitName_default = Development
 commonName                  = Common Name (e.g. server FQDN or YOUR name)
-commonName_default          = laundry.phares3757.redirectme.net
+commonName_default          = example.com
 commonName_max              = 64
 
 [req_ext]
@@ -27,14 +27,11 @@ subjectAltName = @alt_names
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1   = laundry.phares3757.redirectme.net
+DNS.1   = example.com
-DNS.2   = dashkiosk.laundry.phares3757.redirectme.net
+DNS.2   = localhost
-DNS.3   = gogs.laundry.phares3757.redirectme.net
+DNS.3   = 127.0.0.1
-DNS.4   = nextcloud.laundry.phares3757.redirectme.net
+
-DNS.5   = photoprism.laundry.phares3757.redirectme.net
+# https://webscoot.io/blog/create-self-signed-certificate-ubuntu-windows-nginx/
-DNS.6   = pi-hole.laundry.phares3757.redirectme.net
+# cd "C:\Program Files\Git\usr\bin"
-DNS.7   = syncthing.laundry.phares3757.redirectme.net
+# openssl
-DNS.8   = beelink.server
+# req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
-DNS.9   = beelink
-DNS.10   = localhost
-DNS.11   = 127.0.0.1

conf/nginx.conf

@@ -1,129 +1,58 @@
-server {
+worker_processes 1;
-    listen 80 default_server;
+events {
-    listen [::]:80 default_server;
+    worker_connections 1024;
-    root /var/www/html;
+}
-    index index.html index.htm index.nginx-debian.html;
+http {
-    server_name _;
+    include "includes/mime.types";
-    location / {
+    default_type application/octet-stream;
-        try_files $uri $uri/ =404;
+    sendfile on;
-    }
+    keepalive_timeout 65;
-}
+    server {
-server {
+        listen 5051;
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
+        server_name localhost;
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
+        include "includes/www.conf";
-    listen 443 ssl http2;
+    }
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+    server {
-    listen [::]:443 ssl http2;
+        listen 5052;
-    server_name laundry.phares3757.redirectme.net;
+        server_name localhost;
-    location / {
+        include "includes/dex.conf";
-        proxy_set_header        Host $host;
+    }
-        proxy_set_header        X-Real-IP $remote_addr;
+    server {
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        listen 5053;
-        proxy_set_header        X-Forwarded-Proto $scheme;
+        server_name localhost;
-        proxy_pass              http://localhost:80/;
+        include "includes/ProgramData.conf";
-        proxy_read_timeout      600s;
+    }
-        proxy_send_timeout      600s;
+    server {
-    }
+        listen 80;
-}
+        server_name localhost;
-server {
+        include "includes/json.conf";
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
+    }
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
+    server {
-    listen 443 ssl http2;
+        listen 8011;
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+        server_name localhost;
-    listen [::]:443 ssl http2;
+        include "includes/Gogs.conf";
-    server_name dashkiosk.laundry.phares3757.redirectme.net;
+    }
-    location / {
+    server {
-        proxy_set_header        Host $host;
+        listen 8080;
-        proxy_set_header        X-Real-IP $remote_addr;
+        server_name ~(oi-metrology-viewer-archive).mes.infineon.com;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        location / {
-        proxy_set_header        X-Forwarded-Proto $scheme;
+            include "includes/Archive.conf";
-        proxy_pass              http://localhost:9400/;
+        }
-        proxy_read_timeout      600s;
+    }
-        proxy_send_timeout      600s;
+    server {
-    }
+        listen 8080;
-}
+        server_name ~(oi-metrology-viewer-prod).mes.infineon.com;
-server {
+        location / {
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
+            include "includes/Viewer.conf";
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
+        }
-    listen 443 ssl http2;
+    }
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+    server {
-    listen [::]:443 ssl http2;
+        listen 8088;
-    server_name gogs.laundry.phares3757.redirectme.net;
+        server_name *.mes.infineon.com;
-    location / {
+        include "includes/EAF-Viewer.Server.conf";
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://localhost:3000/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}
-server {
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
-    listen 443 ssl http2;
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-    listen [::]:443 ssl http2;
-    server_name nextcloud.laundry.phares3757.redirectme.net;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://localhost:8081/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}
-server {
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
-    listen 443 ssl http2;
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-    listen [::]:443 ssl http2;
-    server_name photoprism.laundry.phares3757.redirectme.net;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://localhost:2342/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}
-server {
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
-    listen 443 ssl http2;
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-    listen [::]:443 ssl http2;
-    server_name ~(pi-hole).laundry.phares3757.redirectme.net;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://localhost:8005/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}
-server {
-    ssl_certificate 'laundry.phares3757.redirectme.net.crt';
-    ssl_certificate_key 'laundry.phares3757.redirectme.net.key';
-    listen 443 ssl http2;
-    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-    listen [::]:443 ssl http2;
-    server_name syncthing.laundry.phares3757.redirectme.net;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://localhost:8384/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
     }
 }
+# mklink /J "C:\Users\mikep\AppData\Local\PharesApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf"
+# cd "C:\Users\ECMESEAF\AppData\Local\IFXApps\nginx-1.20.1"
+# .\nginx -t
+# .\nginx -s reload