vault backup: 2024-09-18 23:40:53

.obsidian/workspace.json

@@ -4,16 +4,16 @@
     "type": "split",
     "children": [
       {
-        "id": "e902ab89d4ebc1cb",
+        "id": "64a96c0c67857e4f",
         "type": "tabs",
         "children": [
           {
-            "id": "0c9271f99c796d8f",
+            "id": "9b32a86dad773267",
             "type": "leaf",
             "state": {
               "type": "diff-view",
               "state": {
-                "file": "linux/Self-signed SSL.md",
+                "file": "Home Server/Gitea.md",
                 "staged": false
               }
             }
@@ -138,7 +138,8 @@
       }
     ],
     "direction": "horizontal",
-    "width": 300
+    "width": 300,
+    "collapsed": true
   },
   "left-ribbon": {
     "hiddenItems": {
@@ -150,10 +151,11 @@
       "command-palette:명령어 팔레트 열기": false
     }
   },
-  "active": "0c9271f99c796d8f",
+  "active": "9b32a86dad773267",
   "lastOpenFiles": [
+    "Home Server/Network/nginx.md",
+    "_흥미로운 것/개인 도메인.md",
     "Home Server/Network/DNS/CoreDNS.md",
-    "Home Server/Network/nginx for reverse proxy.md",
     "windows/SSH 접속 설정.md",
     "Home Server/docker compose - temp.md",
     "_흥미로운 것/nginx default error page.md",
@@ -177,7 +179,6 @@
     "SBC(Single-Board Computer)/ODROID.md",
     "Home Server/Samba.md",
     "Home Server/Network/DNS/Domain.md",
-    "_흥미로운 것/fail2ban.md",
     "Home Server/Network/DNS",
     "Home Server/Network",
     "POE/3.25/resources/07.접두접미완성1-1.png",

Home Server/Gitea.md

@@ -1,5 +1,5 @@
 # 1. 전제조건
-[[Network/nginx for reverse proxy|리버스 프록시]]가 필요함
+[[Network/nginx|리버스 프록시]]가 필요함
 
 # 2. Install using docker
 ## 2.1. Directory structure

Home Server/Network/nginx for reverse proxy.md

@@ -1,92 +0,0 @@
-[[DNS/CoreDNS|CoreDNS]]를 설정한 뒤 진행했음
-
-# 1. Install using docker
-## 1.1. Directory structure
-```dirtree
-- /mnt/md0/infra
-    - /coredns
-        - 파일 생략
-    - /nginx
-        - /conf.d
-            - default.conf
-            - locations
-                - ns1.conf
-        - nginx.conf
-    - .env
-    - compose.yml
-```
-
-## 1.2. dotenv file
- /.env
-```
-BASE_PATH=/mnt/md0/infra
-```
-
-## 1.3. Docker compose
-/compose.yml
-```yml
-name: infrastructure
-service:
-  nginx:
-    image: nginx:1.26-alpine3.20
-    container_name: nginx-reverse-proxy
-    restart: always
-    ports:
-      - 80:80
-    volumes:
-      - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
-    networks:
-      - infra
-    depends_on:
-      - dns
-
-networks:
-  infra:
-    driver: bridge
-```
-
-# 2. nginx configuration
-## 2.1. /nginx/nginx.conf
-기본 설정 파일을 그대로 사용함
-
-## 2.2. /nginx/conf.d/default.conf
-
-```nginx
-server {
-    listen 80;
-    server_name localhost;
-    error_page 404 500 502 053 504 /50x.html;
-    location = /50x.html {
-        root /usr/share/nginx/html;
-    }
-
-    # 추후 다른 세팅을 쉽게 추가하기 위해 변경
-    include /etc/nginx/conf.d/locations/*.conf;
-}
-```
-
-## 2.3. subdomain
-
-```nginx
-server {
-    listen 80;
-    server_name gitea.home.server;
-
-    location / {
-        proxy_set_header    Connection         $http_connection;
-        proxy_set_header    Upgrade            $http_upgrade;
-        proxy_set_header    Host               $host;
-        proxy_set_header    X-Real-IP          $remote_addr;
-        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Proto  $scheme;
-        proxy_pass http://gitea:3000;
-    }
-}
-```
-
-## 2.4. reload
-
-```shell
-docker exec -it nginx-reverse-proxy nginx -s reload
-```

Home Server/Network/nginx.md

@@ -0,0 +1,330 @@
+# 1. Install using docker
+## 1.1. Directory structure
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /conf.d
+            - default.conf
+        - nginx.conf
+    - .env
+    - compose.yml
+```
+
+## 1.2. /.env
+```
+BASE_PATH=/mnt/md0/infra
+```
+
+## 1.3. Docker compose
+
+```yml
+name: infrastructure
+service:
+  nginx:
+    image: nginx:1.26-alpine3.20
+    container_name: nginx
+    restart: always
+    ports:
+      - 80:80
+    volumes:
+      - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
+    networks:
+      - infra
+    depends_on:
+      - dns
+
+networks:
+  infra:
+    driver: bridge
+```
+
+# 2. nginx configuration
+## 2.1. /nginx/nginx.conf
+기본 설정 파일을 그대로 사용함
+
+## 2.2. /nginx/conf.d/default.conf
+
+```nginx
+server {
+    listen 80;
+    server_name localhost;
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # 추후 다른 세팅을 쉽게 추가하기 위해 변경
+    include /etc/nginx/conf.d/locations/*.conf;
+}
+```
+
+## 2.3. subdomain
+
+```nginx
+server {
+    listen 80;
+    server_name gitea.home.server;
+
+    location / {
+        proxy_set_header    Connection         $http_connection;
+        proxy_set_header    Upgrade            $http_upgrade;
+        proxy_set_header    Host               $host;
+        proxy_set_header    X-Real-IP          $remote_addr;
+        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Proto  $scheme;
+        proxy_pass http://gitea:3000;
+    }
+}
+```
+
+## 2.4. reload
+
+```shell
+docker exec -it nginx-reverse-proxy nginx -s reload
+```
+
+# 3. SSL
+
+## 3.1. Cert, Key file
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /conf.d
+            - default.conf
+        - nginx.conf
+    - /ssl/cloudflare
+        - cloudflare.cert.pem
+        - cloudflare.key.pem
+    - .env
+    - compose.yml
+```
+
+## 3.2. Docker Compose
+
+```yml
+  nginx:
+    image: nginx:1.26-alpine3.20
+    container_name: nginx
+    restart: always
+    ports:
+      - 80:80
+    volumes:
+      - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
+      # NEW
+      - ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro
+    networks:
+      - infra
+    depends_on:
+      - dns
+```
+
+## 3.3. /nginx/conf.d/default.conf
+### 3.3.1. 같은 서버 블럭 사용
+
+```nginx
+server {
+    listen 80;
+
+    # 여기부터 변경 시작
+    if ($scheme = "http") {
+        return 301 https://$host$request_uri;
+    }
+
+    listen 443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
+
+    server_name tuska298.dev;
+    # 변경 끝
+    
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # ...
+}
+```
+
+### 3.3.2. 다른 서버 블럭 사용
+
+```nginx
+server {
+    listen 80;
+    
+    # 여기부터 변경 시작
+    server_name tuska298.dev;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name tuska298.dev;
+    http2 on;
+    
+    ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
+    # 변경 끝
+    
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # ...
+}
+```
+
+# 4. 공통 설정 빼내기
+
+## 4.1. 설정 파일 폴더
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /etc.d
+            - ssl.conf
+        - nginx.conf
+    - .env
+    - compose.yml
+```
+
+## 4.2. Docker Compose
+
+```yml
+  nginx:
+    image: nginx:1.26-alpine3.20
+    container_name: nginx
+    restart: always
+    ports:
+      - 80:80
+    volumes:
+      - ${BASE_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ${BASE_PATH}/nginx/conf.d:/etc/nginx/conf.d:ro
+      - ${BASE_PATH}/ssl/cloudflare:/etc/nginx/ssl:ro
+      # NEW
+      - ${BASE_PATH}/nginx/etc.d:/etc/nginx/etc.d:ro
+    networks:
+      - infra
+    depends_on:
+      - dns
+```
+
+## 4.3. conf file
+### 4.3.1. /etc.d/ssl.conf
+
+```nginx
+ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
+ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
+```
+
+### 4.3.2. /conf.d/default.conf
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name tuska298.dev;
+    http2 on;
+
+    # Delete
+    # ssl_certificate /etc/nginx/ssl/cloudflare.cert.pem;
+    # ssl_certificate_key /etc/nginx/ssl/cloudflare.key.pem;
+    
+    # NEW
+    include /etc/nginx/etc.d/ssl.conf;
+    
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # ...
+}
+```
+
+# 5. robots.txt
+## 5.1. 설정 파일 폴더
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /etc.d
+            - robots.conf
+        - nginx.conf
+```
+
+## 5.2. /etc.d/robots.conf
+
+```nginx
+location /robots.txt {
+    return 200 "User-agent: *\n"
+}
+```
+
+## 5.3. /conf.d/default.conf
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name tuska298.dev;
+    http2 on;
+
+    include /etc/nginx/etc.d/ssl.conf;
+    
+    # NEW
+    include /etc/nginx/etc.d/robots.conf;
+    
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # ...
+```
+
+# 6. 접근 제한
+## 6.1. 설정 파일 폴더
+
+```dirtree
+- /mnt/md0/infra
+    - /nginx
+        - /etc.d
+            - deny.lan.conf
+        - nginx.conf
+```
+
+## 6.2. /etc.d/deny.lan.conf
+
+```nginx
+allow 172.18.0.0/24;
+allow 192.168.200.0/24;
+deny all;
+```
+
+## 6.3. /conf.d/default.conf
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name tuska298.dev;
+    http2 on;
+
+    # NEW
+    include /etc/nginx/etc.d/deny.lan.conf;
+    
+    include /etc/nginx/etc.d/ssl.conf;
+    include /etc/nginx/etc.d/robots.conf;
+    
+    error_page 404 500 502 053 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+    # ...
+```