map $scheme $hsts_header { https "max-age=63072000; preload"; } map $host $myserver1 { default 192.168.1.4; } map $host $myserver2 { default 192.168.1.3; } map $http_host $nameport { hostnames; default 443; forgit.* 3100; portainer.* 9000; images.* 5557; terminal.* 2222; images-ui.* 5558; ha.* 8123; pairdrop.* 3333; } map $http_host $loc2 { hostnames; default /; ha.* /api/websocket; } map $http_host $nameport2 { hostnames; default 443; git.* 3003; portainer.* 9000; image.* 5557; images.* 5558; abook.* 13378; calibre.* 8083; gpxstudio.* 8111; ha.* 8123; maptile.* 8810; music.* 4533; nginx.* 81; notes.* 8180; pairdrop.* 3333; photo.* 8888; photoprism.* 2342; plex.* 32400; profiles.* 70000; route.* 17777; server.* 7771; studio.* 8112; } upstream registry { server 192.168.1.4:5557; } server { listen 443 ssl; server_name images.patachina.it; ssl_certificate ssl/live/patachina.it/patachina.it_ssl_certificate.cer; ssl_certificate_key ssl/live/patachina.it/_.patachina.it_private_key.key; location / { proxy_pass http://192.168.1.4:5557; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /v2/ { proxy_pass http://registry; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # These headers are required for Docker to trust the registry # certificate and enable client-side certificate validation proxy_ssl_verify on; proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain.pem; proxy_ssl_session_reuse off; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name ~^(?\w+)\.patachina\.duckdns\.org$; ssl_certificate ssl/live/patachina.duckdns.org/fullchain.pem; ssl_certificate_key ssl/live/patachina.duckdns.org/privkey.pem; include conf.d/include/websocket.conf; location /args { add_header Content-Type text/plain; return 200 "arg_name: $arg_name args: $args nane: $name uri: $uri request_uri: $request_uri content_length: $content_length content_type: $content_type document_root: $document_root document_uri: $document_uri host: $host host_name: $hostname http_name: $http_name https: $https is_args: $is_args nginx_version: $nginx_version pid: $pid query_string: $query_string remote_addr: $remote_addr request: $request request_method: $request_method server_name: $server_name server_port: $server_port server_protocol: $server_protocol status: $status time_local: $time_local ora le mie variabili: Connection: $http_connection Upgrade: $http_upgrade Host: $host X-Real-IP: $remote_addr X-Forwarded-For: $proxy_add_x_forwarded_for X-Forwarded-Proto: $scheme PortForwarding: $nameport loc2: $loc2"; } location / { include conf.d/include/websocket.conf; add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://$myserver2:$nameport2$request_uri; #proxy_set_header Host $host; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; } location $loc2 { proxy_pass http://$myserver2:$nameport2$loc2$request_uri; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name *.patachina.casacam.net; ssl_certificate ssl/live/patachina.casacam.net/fullchain.pem; ssl_certificate_key ssl/live/patachina.casacam.net/privkey.pem; include conf.d/include/websocket.conf; location / { include conf.d/include/websocket.conf; add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://$myserver1:$nameport$request_uri; #proxy_set_header Host $host; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; } location $loc2 { proxy_pass http://$myserver1:$nameport$loc2$request_uri; #proxy_set_header Host $http_host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # These headers are required for Docker to trust the registry # certificate and enable client-side certificate validation #proxy_ssl_verify on; #proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain1.pem; #proxy_ssl_session_reuse off; } } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name *.patachina.it; ssl_certificate ssl/live/patachina.it/patachina.it_ssl_certificate.cer; ssl_certificate_key ssl/live/patachina.it/_.patachina.it_private_key.key; include conf.d/include/websocket.conf; location / { include conf.d/include/websocket.conf; add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://$myserver1:$nameport$request_uri; #proxy_set_header Host $host; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; } location $loc2 { #proxy_pass http://$myserver1:$nameport$loc2$request_uri; #proxy_set_header Host $http_host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header Host $host; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; # These headers are required for Docker to trust the registry # certificate and enable client-side certificate validation #proxy_ssl_verify on; #proxy_ssl_trusted_certificate ssl/live/patachina.casacam.net/fullchain1.pem; #proxy_ssl_session_reuse off; include conf.d/include/websocket.conf; add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://$myserver1:$nameport$request_uri; } }