tuska298/memos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vault backup: 2024-09-18 23:40:53

Browse Source
This commit is contained in:
tuska298 2024-09-18 23:40:53 +09:00
parent 417f3c620f
commit be72af253b
5 changed files with 339 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.obsidian/workspace.json vendored
View File

@ -4,16 +4,16 @@
"type": "split",
"children": [
{
"id": "e902ab89d4ebc1cb",
"id": "64a96c0c67857e4f",
"type": "tabs",
"children": [
{
"id": "0c9271f99c796d8f",
"id": "9b32a86dad773267",
"type": "leaf",
"state": {
"type": "diff-view",
"state": {
"file": "linux/Self-signed SSL.md",
"file": "Home Server/Gitea.md",
"staged": false
}
}
@ -138,7 +138,8 @@
}
],
"direction": "horizontal",
"width": 300
"width": 300,
"collapsed": true
},
"left-ribbon": {
"hiddenItems": {
@ -150,10 +151,11 @@
"command-palette:명령어 팔레트 열기": false
}
},
"active": "0c9271f99c796d8f",
"active": "9b32a86dad773267",
"lastOpenFiles": [
"Home Server/Network/nginx.md",
"_흥미로운 것/개인 도메인.md",
"Home Server/Network/DNS/CoreDNS.md",
"Home Server/Network/nginx for reverse proxy.md",
"windows/SSH 접속 설정.md",
"Home Server/docker compose - temp.md",
"_흥미로운 것/nginx default error page.md",
@ -177,7 +179,6 @@
"SBC(Single-Board Computer)/ODROID.md",
"Home Server/Samba.md",
"Home Server/Network/DNS/Domain.md",
"_흥미로운 것/fail2ban.md",
"Home Server/Network/DNS",
"Home Server/Network",
"POE/3.25/resources/07.접두접미완성1-1.png",

2
Home Server/Gitea.md
View File

@ -1,5 +1,5 @@
# 1. 전제조건
[[Network/nginx for reverse proxy|리버스 프록시]]가 필요함
[[Network/nginx|리버스 프록시]]가 필요함
# 2. Install using docker
## 2.1. Directory structure

92
Home Server/Network/nginx for reverse proxy.md
View File

@ -1,92 +0,0 @@
[[DNS/CoreDNS|CoreDNS]]를 설정한 뒤 진행했음
# 1. Install using docker
## 1.1. Directory structure
```dirtree
- /mnt/md0/infra
- /coredns
- 파일 생략
- /nginx
- /conf.d
- default.conf
- locations
- ns1.conf
- nginx.conf
- .env
- compose.yml
```
## 1.2. dotenv file
/.env
```
BASE_PATH=/mnt/md0/infra
```
## 1.3. Docker compose
/compose.yml
```yml
name: infrastructure
service:
nginx:
image: nginx:1.26-alpine3.20
container_name: nginx-reverse-proxy
restart: always
ports:
- 80:80
volumes:
- ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
networks:
- infra
depends_on:
- dns
networks:
infra:
driver: bridge
```
# 2. nginx configuration
## 2.1. /nginx/nginx.conf
기본 설정 파일을 그대로 사용함
## 2.2. /nginx/conf.d/default.conf
```nginx
server {
listen 80;
server_name localhost;
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# 추후 다른 세팅을 쉽게 추가하기 위해 변경
include /etc/nginx/conf.d/locations/*.conf;
}
```
## 2.3. subdomain
```nginx
server {
listen 80;
server_name gitea.home.server;
location / {
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000;
}
}
```
## 2.4. reload
```shell
docker exec -it nginx-reverse-proxy nginx -s reload
```

330
Home Server/Network/nginx.md Normal file
View File

@ -0,0 +1,330 @@
# 1. Install using docker
## 1.1. Directory structure
```dirtree
- /mnt/md0/infra
- /nginx
- /conf.d
- default.conf
- nginx.conf
- .env
- compose.yml
```
## 1.2. /.env
```
BASE_PATH=/mnt/md0/infra
```
## 1.3. Docker compose
```yml
name: infrastructure
service:
nginx:
image: nginx:1.26-alpine3.20
container_name: nginx
restart: always
ports:
- 80:80
volumes:
- ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
networks:
- infra
depends_on:
- dns
networks:
infra:
driver: bridge
```
# 2. nginx configuration
## 2.1. /nginx/nginx.conf
기본 설정 파일을 그대로 사용함
## 2.2. /nginx/conf.d/default.conf
```nginx
server {
listen 80;
server_name localhost;
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# 추후 다른 세팅을 쉽게 추가하기 위해 변경
include /etc/nginx/conf.d/locations/*.conf;
}
```
## 2.3. subdomain
```nginx
server {
listen 80;
server_name gitea.home.server;
location / {
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000;
}
}
```
## 2.4. reload
```shell
docker exec -it nginx-reverse-proxy nginx -s reload
```
# 3. SSL
## 3.1. Cert, Key file
```dirtree
- /mnt/md0/infra
- /nginx
- /conf.d
- default.conf
- nginx.conf
- /ssl/cloudflare
- cloudflare.cert.pem
- cloudflare.key.pem
- .env
- compose.yml
```
## 3.2. Docker Compose
```yml
nginx:
image: nginx:1.26-alpine3.20
container_name: nginx
restart: always
ports:
- 80:80
volumes:
- ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
# NEW
- ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro
networks:
- infra
depends_on:
- dns
```
## 3.3. /nginx/conf.d/default.conf
### 3.3.1. 같은 서버 블럭 사용
```nginx
server {
listen 80;
# 여기부터 변경 시작
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl;
http2 on;
ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
server_name tuska298.dev;
# 변경 끝
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ...
}
```
### 3.3.2. 다른 서버 블럭 사용
```nginx
server {
listen 80;
# 여기부터 변경 시작
server_name tuska298.dev;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name tuska298.dev;
http2 on;
ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
# 변경 끝
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ...
}
```
# 4. 공통 설정 빼내기
## 4.1. 설정 파일 폴더
```dirtree
- /mnt/md0/infra
- /nginx
- /etc.d
- ssl.conf
- nginx.conf
- .env
- compose.yml
```
## 4.2. Docker Compose
```yml
nginx:
image: nginx:1.26-alpine3.20
container_name: nginx
restart: always
ports:
- 80:80
volumes:
- ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
- ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro
# NEW
- ${BASE_PATH}/nginx/etc.d:/etc/nginx/etc.d:ro
networks:
- infra
depends_on:
- dns
```
## 4.3. conf file
### 4.3.1. /etc.d/ssl.conf
```nginx
ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
```
### 4.3.2. /conf.d/default.conf
```nginx
server {
listen 443 ssl;
server_name tuska298.dev;
http2 on;
# Delete
# ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
# ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
# NEW
include /etc/nginx/etc.d/ssl.conf;
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ...
}
```
# 5. robots.txt
## 5.1. 설정 파일 폴더
```dirtree
- /mnt/md0/infra
- /nginx
- /etc.d
- robots.conf
- nginx.conf
```
## 5.2. /etc.d/robots.conf
```nginx
location /robots.txt {
return 200 "User-agent: *\n"
}
```
## 5.3. /conf.d/default.conf
```nginx
server {
listen 443 ssl;
server_name tuska298.dev;
http2 on;
include /etc/nginx/etc.d/ssl.conf;
# NEW
include /etc/nginx/etc.d/robots.conf;
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ...
```
# 6. 접근 제한
## 6.1. 설정 파일 폴더
```dirtree
- /mnt/md0/infra
- /nginx
- /etc.d
- deny.lan.conf
- nginx.conf
```
## 6.2. /etc.d/deny.lan.conf
```nginx
allow 172.18.0.0/24;
allow 192.168.200.0/24;
deny all;
```
## 6.3. /conf.d/default.conf
```nginx
server {
listen 443 ssl;
server_name tuska298.dev;
http2 on;
# NEW
include /etc/nginx/etc.d/deny.lan.conf;
include /etc/nginx/etc.d/ssl.conf;
include /etc/nginx/etc.d/robots.conf;
error_page 404 500 502 053 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ...
```

0
_흥미로운 것/개인 도메인.md
View File