azeem/nginx-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: azeem:948c01638b6545db808ab67dd98f8d2c733f4fe9
Branches Tags
azeem:main
...
compare: azeem:main
Branches Tags
azeem:main

20 Commits
948c01638b ... main

Author SHA1 Message Date
Azeem Fidahusein
f42200dc42 exp 2025-07-29 01:05:47 +01:00
Azeem Fidahusein
bfb7c80202 updated music service for https 2025-07-09 14:36:23 +01:00
Azeem Fidahusein
c5517ebe05 added music servoce http 2025-07-09 14:31:28 +01:00
Azeem Fidahusein
f986f39ff1 file conversion service 2025-06-30 22:50:54 +01:00
Azeem Fidahusein
7655afa419 project management service 2025-06-30 22:50:38 +01:00
Azeem Fidahusein
079899425a added homarr http to http as template for inital http set up url 2025-06-30 22:50:30 +01:00
Azeem Fidahusein
cef90d34f8 updaetd homar and moved old http over 2025-06-25 21:37:05 +01:00
Azeem Fidahusein
53eec2deb4 added homarr config 2025-06-25 21:04:26 +01:00
Azeem Fidahusein
c98604352c updated gitea config 2025-06-25 20:43:25 +01:00
Azeem Fidahusein
a801d596e3 removed deployment scripts 2025-06-25 12:41:56 +01:00
Azeem Fidahusein
68053c8ff0 updated deployed scripts 2025-06-25 08:49:14 +01:00
Azeem Fidahusein
83a12f0423 added python deploy 2025-06-25 08:48:00 +01:00
Azeem Fidahusein
ac367a148a updated logic with two stage approach 2025-06-24 21:28:58 +01:00
Azeem Fidahusein
74fec08104 logic 2025-06-24 21:20:30 +01:00
Azeem Fidahusein
238d690024 logic 2025-06-24 21:18:46 +01:00
Azeem Fidahusein
59023322f7 updated logic 2025-06-24 21:04:21 +01:00
Azeem Fidahusein
644ec92cc9 logic update 2025-06-24 21:03:49 +01:00
Azeem Fidahusein
8e450a9f25 updated deploy logc 2025-06-24 21:02:20 +01:00
Azeem Fidahusein
38f373afb8 added affine service 2025-06-24 21:00:42 +01:00
Azeem Fidahusein
c6714d2ff6 updated deployment logic 2025-06-24 20:59:57 +01:00
9 changed files with 197 additions and 123 deletions
Expand all files Collapse all files

118
deploy.sh
View File

@@ -1,118 +0,0 @@
#!/bin/bash
# ==============================================================================
# NGINX CONFIG DEPLOYMENT SCRIPT (v3)
#
# This script securely copies NGINX configuration files to a remote server.
# It handles "Permission Denied" errors by first uploading files to a
# temporary directory, and then using `sudo` to move them to the
# protected /etc/nginx/ directory.
#
# INSTRUCTIONS:
# 1. Edit the `REMOTE_USER` and `REMOTE_HOST` variables.
# 2. Make the script executable: chmod +x <script_name>.sh
# 3. Run the script: ./<script_name>.sh
# ==============================================================================
# --- Configuration ---
# PLEASE EDIT THESE TWO VARIABLES with your server details.
REMOTE_USER="ubuntu" # Example: ubuntu, ec2-user, root
REMOTE_HOST="3.9.182.122" # Example: 192.168.1.100 or my-server.com
# --- File & Path Definitions ---
KEY_FILE="~/repos/azeem-macbookair.pem"
SOURCE_NGINX_CONF="nginx.conf"
SOURCE_SITES_DIR="sites-available"
# Destination paths on the remote server
DEST_NGINX_PATH="/etc/nginx/"
DEST_SITES_PATH="/etc/nginx/sites-available/"
# Temporary directory on the remote server (relative to the user's home dir)
# NOTE: Removed the '~' to make it more compatible with scp.
REMOTE_TEMP_DIR="nginx_deploy_temp"
# --- Script Logic ---
echo "🚀 Starting NGINX configuration deployment to $REMOTE_HOST..."
echo "--------------------------------------------------------"
# Expand the tilde (~) in the key file path to an absolute path.
EVAL_KEY_FILE=$(eval echo "$KEY_FILE")
# --- Pre-flight Checks ---
if [ ! -f "$EVAL_KEY_FILE" ]; then
echo "❌ ERROR: SSH key not found at $EVAL_KEY_FILE"
exit 1
fi
if [ ! -f "$SOURCE_NGINX_CONF" ]; then
echo "❌ ERROR: Source file '$SOURCE_NGINX_CONF' not found."
exit 1
fi
if [ ! -d "$SOURCE_SITES_DIR" ]; then
echo "❌ ERROR: Source directory '$SOURCE_SITES_DIR' not found."
exit 1
fi
# --- Remote Operations ---
# Step 1: Create the temporary directory on the remote server.
# This command runs in the user's home directory by default.
echo "-> Creating temporary directory on remote server..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "mkdir -p $REMOTE_TEMP_DIR"
if [ $? -ne 0 ]; then
echo "❌ ERROR: Failed to create temporary directory on the remote server. Aborting."
exit 1
fi
echo " ✅ Remote temporary directory is ready."
echo
# Step 2: Transfer all files to the temporary directory.
# We transfer nginx.conf AND the entire sites-available directory in one command.
echo "- Transferring configuration files to temporary location..."
scp -i "$EVAL_KEY_FILE" -r "$SOURCE_NGINX_CONF" "$SOURCE_SITES_DIR" "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_TEMP_DIR}/"
if [ $? -ne 0 ]; then
echo "❌ ERROR: File transfer failed. Aborting."
exit 1
fi
echo " ✅ All files successfully transferred to temporary location."
echo
# Step 3: Move files from temp to final destination using sudo and clean up.
echo "- Moving files into place with sudo and cleaning up..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" << EOF
# Move the main config file
sudo mv "$REMOTE_TEMP_DIR/nginx.conf" "${DEST_NGINX_PATH}nginx.conf"
# Move the sites-available files
sudo mv "$REMOTE_TEMP_DIR/sites-available/"* "$DEST_SITES_PATH"
# Remove the temporary directory
rm -rf "$REMOTE_TEMP_DIR"
echo " -> Verifying Nginx configuration..."
# Test the Nginx configuration for syntax errors
sudo nginx -t
EOF
if [ $? -ne 0 ]; then
echo "⚠️ WARNING: An error occurred on the remote server during the move or config test."
echo "You may need to log in manually to fix it: ssh -i $EVAL_KEY_FILE ${REMOTE_USER}@${REMOTE_HOST}"
exit 1
fi
echo " ✅ Files moved and temporary directory removed."
echo
# Step 4: Ask to reload Nginx
read -p "Nginx config test was successful. Reload Nginx to apply changes? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "- Reloading Nginx on the server..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "sudo systemctl reload nginx"
echo " ✅ Nginx reloaded."
fi
# --- Completion ---
echo "--------------------------------------------------------"
echo "🎉 Deployment complete!"

15
http_archive/homarr-http Normal file
View File

@@ -0,0 +1,15 @@
# HTTP-only NGINX config for home.aaf.systems (no SSL)
server {
listen 80;
server_name home.aaf.systems;
location / {
proxy_pass http://100.93.165.98:7575;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

33
sites-available/affine Normal file
View File

@@ -0,0 +1,33 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name notes.aaf.systems;
# This redirect is managed by Certbot's --redirect flag,
# but we include it for completeness.
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name notes.aaf.systems;
# --- This is the location block that was missing ---
location / {
proxy_pass http://100.93.165.98:3010;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# --- End of location block ---
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

28
sites-available/exp Normal file
View File

@@ -0,0 +1,28 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name exp.aaf.systems;
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name exp.aaf.systems;
location / {
proxy_pass http://100.93.165.98:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/exp.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exp.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

14
sites-available/gitea
View File

@@ -1,19 +1,17 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name git.aaf.systems;
# Redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name git.aaf.systems;
# SSL Certificates (managed by Certbot)
ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem;
location / {
# IMPORTANT: Replace with the correct Tailscale IP for your Gitea server
proxy_pass http://100.93.165.98:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -22,4 +20,10 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

28
sites-available/homarr Normal file
View File

@@ -0,0 +1,28 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name home.aaf.systems;
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name home.aaf.systems;
location / {
proxy_pass http://100.93.165.98:7575;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/home.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/home.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

28
sites-available/koel Normal file
View File

@@ -0,0 +1,28 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name music.aaf.systems;
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name music.aaf.systems;
location / {
proxy_pass http://100.93.165.98:4075;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/music.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/music.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

28
sites-available/plane Normal file
View File

@@ -0,0 +1,28 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name projects.aaf.systems;
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name projects.aaf.systems;
location / {
proxy_pass http://100.93.165.98:3050;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/projects.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/projects.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

28
sites-available/vert Normal file
View File

@@ -0,0 +1,28 @@
# Block 1: Redirects all HTTP traffic to HTTPS
server {
listen 80;
server_name convert.aaf.systems;
return 301 https://$host$request_uri;
}
# Block 2: Handles the secure HTTPS traffic
server {
listen 443 ssl http2;
server_name convert.aaf.systems;
location / {
proxy_pass http://100.93.165.98:3090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SSL settings managed by Certbot
ssl_certificate /etc/letsencrypt/live/convert.aaf.systems/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/convert.aaf.systems/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}