From be72af253b020844f7eae9517c385378c1198ae8 Mon Sep 17 00:00:00 2001 From: tuska298 Date: Wed, 18 Sep 2024 23:40:53 +0900 Subject: [PATCH] vault backup: 2024-09-18 23:40:53 --- .obsidian/workspace.json | 15 +- Home Server/Gitea.md | 2 +- .../Network/nginx for reverse proxy.md | 92 ----- Home Server/Network/nginx.md | 330 ++++++++++++++++++ _흥미로운 것/개인 도메인.md | 0 5 files changed, 339 insertions(+), 100 deletions(-) delete mode 100644 Home Server/Network/nginx for reverse proxy.md create mode 100644 Home Server/Network/nginx.md delete mode 100644 _흥미로운 것/개인 도메인.md diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 0ecd7e5..6351dec 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,16 +4,16 @@ "type": "split", "children": [ { - "id": "e902ab89d4ebc1cb", + "id": "64a96c0c67857e4f", "type": "tabs", "children": [ { - "id": "0c9271f99c796d8f", + "id": "9b32a86dad773267", "type": "leaf", "state": { "type": "diff-view", "state": { - "file": "linux/Self-signed SSL.md", + "file": "Home Server/Gitea.md", "staged": false } } @@ -138,7 +138,8 @@ } ], "direction": "horizontal", - "width": 300 + "width": 300, + "collapsed": true }, "left-ribbon": { "hiddenItems": { @@ -150,10 +151,11 @@ "command-palette:명령어 팔레트 열기": false } }, - "active": "0c9271f99c796d8f", + "active": "9b32a86dad773267", "lastOpenFiles": [ + "Home Server/Network/nginx.md", + "_흥미로운 것/개인 도메인.md", "Home Server/Network/DNS/CoreDNS.md", - "Home Server/Network/nginx for reverse proxy.md", "windows/SSH 접속 설정.md", "Home Server/docker compose - temp.md", "_흥미로운 것/nginx default error page.md", @@ -177,7 +179,6 @@ "SBC(Single-Board Computer)/ODROID.md", "Home Server/Samba.md", "Home Server/Network/DNS/Domain.md", - "_흥미로운 것/fail2ban.md", "Home Server/Network/DNS", "Home Server/Network", "POE/3.25/resources/07.접두접미완성1-1.png", diff --git a/Home Server/Gitea.md b/Home Server/Gitea.md index 4e2d1ea..20f5337 100644 --- a/Home Server/Gitea.md +++ b/Home Server/Gitea.md @@ -1,5 +1,5 @@ # 1. 전제조건 -[[Network/nginx for reverse proxy|리버스 프록시]]가 필요함 +[[Network/nginx|리버스 프록시]]가 필요함 # 2. Install using docker ## 2.1. Directory structure diff --git a/Home Server/Network/nginx for reverse proxy.md b/Home Server/Network/nginx for reverse proxy.md deleted file mode 100644 index 220c6cf..0000000 --- a/Home Server/Network/nginx for reverse proxy.md +++ /dev/null @@ -1,92 +0,0 @@ -[[DNS/CoreDNS|CoreDNS]]를 설정한 뒤 진행했음 - -# 1. Install using docker -## 1.1. Directory structure -```dirtree -- /mnt/md0/infra - - /coredns - - 파일 생략 - - /nginx - - /conf.d - - default.conf - - locations - - ns1.conf - - nginx.conf - - .env - - compose.yml -``` - -## 1.2. dotenv file - /.env -``` -BASE_PATH=/mnt/md0/infra -``` - -## 1.3. Docker compose -/compose.yml -```yml -name: infrastructure -service: - nginx: - image: nginx:1.26-alpine3.20 - container_name: nginx-reverse-proxy - restart: always - ports: - - 80:80 - volumes: - - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro - networks: - - infra - depends_on: - - dns - -networks: - infra: - driver: bridge -``` - -# 2. nginx configuration -## 2.1. /nginx/nginx.conf -기본 설정 파일을 그대로 사용함 - -## 2.2. /nginx/conf.d/default.conf - -```nginx -server { - listen 80; - server_name localhost; - error_page 404 500 502 053 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # 추후 다른 세팅을 쉽게 추가하기 위해 변경 - include /etc/nginx/conf.d/locations/*.conf; -} -``` - -## 2.3. subdomain - -```nginx -server { - listen 80; - server_name gitea.home.server; - - location / { - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://gitea:3000; - } -} -``` - -## 2.4. reload - -```shell -docker exec -it nginx-reverse-proxy nginx -s reload -``` \ No newline at end of file diff --git a/Home Server/Network/nginx.md b/Home Server/Network/nginx.md new file mode 100644 index 0000000..45a3a22 --- /dev/null +++ b/Home Server/Network/nginx.md @@ -0,0 +1,330 @@ +# 1. Install using docker +## 1.1. Directory structure + +```dirtree +- /mnt/md0/infra + - /nginx + - /conf.d + - default.conf + - nginx.conf + - .env + - compose.yml +``` + +## 1.2. /.env +``` +BASE_PATH=/mnt/md0/infra +``` + +## 1.3. Docker compose + +```yml +name: infrastructure +service: + nginx: + image: nginx:1.26-alpine3.20 + container_name: nginx + restart: always + ports: + - 80:80 + volumes: + - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro + networks: + - infra + depends_on: + - dns + +networks: + infra: + driver: bridge +``` + +# 2. nginx configuration +## 2.1. /nginx/nginx.conf +기본 설정 파일을 그대로 사용함 + +## 2.2. /nginx/conf.d/default.conf + +```nginx +server { + listen 80; + server_name localhost; + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # 추후 다른 세팅을 쉽게 추가하기 위해 변경 + include /etc/nginx/conf.d/locations/*.conf; +} +``` + +## 2.3. subdomain + +```nginx +server { + listen 80; + server_name gitea.home.server; + + location / { + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://gitea:3000; + } +} +``` + +## 2.4. reload + +```shell +docker exec -it nginx-reverse-proxy nginx -s reload +``` + +# 3. SSL + +## 3.1. Cert, Key file + +```dirtree +- /mnt/md0/infra + - /nginx + - /conf.d + - default.conf + - nginx.conf + - /ssl/cloudflare + - cloudflare.cert.pem + - cloudflare.key.pem + - .env + - compose.yml +``` + +## 3.2. Docker Compose + +```yml + nginx: + image: nginx:1.26-alpine3.20 + container_name: nginx + restart: always + ports: + - 80:80 + volumes: + - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro + # NEW + - ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro + networks: + - infra + depends_on: + - dns +``` + +## 3.3. /nginx/conf.d/default.conf +### 3.3.1. 같은 서버 블럭 사용 + +```nginx +server { + listen 80; + + # 여기부터 변경 시작 + if ($scheme = "http") { + return 301 https://$host$request_uri; + } + + listen 443 ssl; + http2 on; + + ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem; + ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem; + + server_name tuska298.dev; + # 변경 끝 + + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # ... +} +``` + +### 3.3.2. 다른 서버 블럭 사용 + +```nginx +server { + listen 80; + + # 여기부터 변경 시작 + server_name tuska298.dev; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name tuska298.dev; + http2 on; + + ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem; + ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem; + # 변경 끝 + + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # ... +} +``` + +# 4. 공통 설정 빼내기 + +## 4.1. 설정 파일 폴더 + +```dirtree +- /mnt/md0/infra + - /nginx + - /etc.d + - ssl.conf + - nginx.conf + - .env + - compose.yml +``` + +## 4.2. Docker Compose + +```yml + nginx: + image: nginx:1.26-alpine3.20 + container_name: nginx + restart: always + ports: + - 80:80 + volumes: + - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro + - ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro + # NEW + - ${BASE_PATH}/nginx/etc.d:/etc/nginx/etc.d:ro + networks: + - infra + depends_on: + - dns +``` + +## 4.3. conf file +### 4.3.1. /etc.d/ssl.conf + +```nginx +ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem; +ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem; +``` + +### 4.3.2. /conf.d/default.conf + +```nginx +server { + listen 443 ssl; + server_name tuska298.dev; + http2 on; + + # Delete + # ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem; + # ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem; + + # NEW + include /etc/nginx/etc.d/ssl.conf; + + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # ... +} +``` + +# 5. robots.txt +## 5.1. 설정 파일 폴더 + +```dirtree +- /mnt/md0/infra + - /nginx + - /etc.d + - robots.conf + - nginx.conf +``` + +## 5.2. /etc.d/robots.conf + +```nginx +location /robots.txt { + return 200 "User-agent: *\n" +} +``` + +## 5.3. /conf.d/default.conf + +```nginx +server { + listen 443 ssl; + server_name tuska298.dev; + http2 on; + + include /etc/nginx/etc.d/ssl.conf; + + # NEW + include /etc/nginx/etc.d/robots.conf; + + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # ... +``` + +# 6. 접근 제한 +## 6.1. 설정 파일 폴더 + +```dirtree +- /mnt/md0/infra + - /nginx + - /etc.d + - deny.lan.conf + - nginx.conf +``` + +## 6.2. /etc.d/deny.lan.conf + +```nginx +allow 172.18.0.0/24; +allow 192.168.200.0/24; +deny all; +``` + +## 6.3. /conf.d/default.conf + +```nginx +server { + listen 443 ssl; + server_name tuska298.dev; + http2 on; + + # NEW + include /etc/nginx/etc.d/deny.lan.conf; + + include /etc/nginx/etc.d/ssl.conf; + include /etc/nginx/etc.d/robots.conf; + + error_page 404 500 502 053 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # ... +``` \ No newline at end of file diff --git a/_흥미로운 것/개인 도메인.md b/_흥미로운 것/개인 도메인.md deleted file mode 100644 index e69de29..0000000