Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /data/firefly
1 files changed, 75 insertions, 0 deletions
diff --git a/data/firefly/firefly.conf.j2 b/data/firefly/firefly.conf.j2
new file mode 100644
index 0000000..d3bc9a1
--- /dev/null
+++ b/data/firefly/firefly.conf.j2
@@ -0,0 +1,75 @@
+server {
+        listen 443 ssl;
+        server_name {{ firefly_server_name }};
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+        add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
+        # authelia
+        include /etc/nginx/snippets/authelia-location.conf;
+    location / {
+                #authelia
+                include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-authrequest.conf;
+        proxy_pass http://127.0.0.1:{{ firefly_external_port }}/;
+    }
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name {{ firefly_server_name }};
+        return 301 https://$host$request_uri;
+}
+server {
+        listen 443 ssl;
+        server_name {{ firefly_importer_server_name }};
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+        add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
+        # authelia
+        include /etc/nginx/snippets/authelia-location.conf;
+    location / {
+                #authelia
+                include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-authrequest.conf;
+                proxy_buffer_size       128k;
+                proxy_busy_buffers_size 256k;
+        proxy_pass http://127.0.0.1:{{ firefly_importer_external_port }}/;
+    }
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name {{ firefly_importer_server_name }};
+        return 301 https://$host$request_uri;
+}
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /data/firefly

diff --git a/data/firefly/firefly.conf.j2 b/data/firefly/firefly.conf.j2 new file mode 100644 index 0000000..d3bc9a1 --- /dev/null +++ b/data/firefly/firefly.conf.j2
@@ -0,0 +1,75 @@
	1	server {
	2	listen 443 ssl;
	3	server_name {{ firefly_server_name }};
	4
	5	ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
	6	ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
	7	add_header Strict-Transport-Security "max-age=31536000" always;
	8	ssl_stapling on;
	9	ssl_stapling_verify on;
	10
	11	# Security / XSS Mitigation Headers
	12	add_header X-Frame-Options "SAMEORIGIN";
	13	add_header X-XSS-Protection "1; mode=block";
	14	add_header X-Content-Type-Options "nosniff";
	15	add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
	16
	17	# authelia
	18	include /etc/nginx/snippets/authelia-location.conf;
	19
	20
	21	location / {
	22	#authelia
	23	include /etc/nginx/snippets/proxy.conf;
	24	include /etc/nginx/snippets/authelia-authrequest.conf;
	25
	26	proxy_pass http://127.0.0.1:{{ firefly_external_port }}/;
	27	}
	28
	29	}
	30
	31	server {
	32	listen 80;
	33	listen [::]:80;
	34	server_name {{ firefly_server_name }};
	35	return 301 https://$host$request_uri;
	36	}
	37
	38	server {
	39	listen 443 ssl;
	40	server_name {{ firefly_importer_server_name }};
	41
	42	ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
	43	ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
	44	add_header Strict-Transport-Security "max-age=31536000" always;
	45	ssl_stapling on;
	46	ssl_stapling_verify on;
	47
	48	# Security / XSS Mitigation Headers
	49	add_header X-Frame-Options "SAMEORIGIN";
	50	add_header X-XSS-Protection "1; mode=block";
	51	add_header X-Content-Type-Options "nosniff";
	52	add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
	53
	54	# authelia
	55	include /etc/nginx/snippets/authelia-location.conf;
	56
	57	location / {
	58	#authelia
	59	include /etc/nginx/snippets/proxy.conf;
	60	include /etc/nginx/snippets/authelia-authrequest.conf;
	61
	62	proxy_buffer_size 128k;
	63	proxy_busy_buffers_size 256k;
	64
	65	proxy_pass http://127.0.0.1:{{ firefly_importer_external_port }}/;
	66	}
	67
	68	}
	69
	70	server {
	71	listen 80;
	72	listen [::]:80;
	73	server_name {{ firefly_importer_server_name }};
	74	return 301 https://$host$request_uri;
	75	}