From 7faf1d8ed487a7f37ec04cb1e4ea78a97f9bf360 Mon Sep 17 00:00:00 2001
From: Azeem Fidahusein <azeem.fidahusein@gmail.com>
Date: Tue, 24 Jun 2025 20:32:58 +0100
Subject: [PATCH] added existing tools

---
 nginx.conf           | 97 ++++++++++++++++++++++++++++++++++++++++++++
 site-available/gitea | 25 ++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 nginx.conf
 create mode 100644 site-available/gitea

diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..794e0e3
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,97 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log /var/log/nginx/access.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
+
+stream {
+    # Set a timeout for the connection. Important for long git pushes/pulls.
+    proxy_timeout 20m;
+
+    server {
+        listen 2222; 
+
+        #Listen on the public standard SSH port
+
+        # Forward the TCP stream to your Gitea container's SSH port via Tailscale
+        # Replace 2222 with your Gitea's mapped SSH port if it's different.
+        proxy_pass 100.93.165.98:2222;
+    }
+}
+
+#mail {
+#       # See sample authentication script at:
+#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#       # auth_http localhost/auth.php;
+#       # pop3_capabilities "TOP" "USER";
+#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#       server {
+#               listen     localhost:110;
+#               protocol   pop3;
+#               proxy      on;
+#       }
+#
+#       server {
+#               listen     localhost:143;
+#               protocol   imap;
+#               proxy      on;
+#       }
+#}
\ No newline at end of file
diff --git a/site-available/gitea b/site-available/gitea
new file mode 100644
index 0000000..3bd2591
--- /dev/null
+++ b/site-available/gitea
@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    server_name git.aaf.systems;
+    # Redirect all HTTP traffic to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name git.aaf.systems;
+
+    # SSL Certificates (managed by Certbot)
+    ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem;
+
+    location / {
+        proxy_pass http://100.93.165.98:3000;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
\ No newline at end of file