Otho/Stashbox
1
0
Fork 0
mirror of https://asciireactor.com/otho/stashbox synced 2024-11-22 17:05:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Otho:35d8849e1eea23ff604ae5ef82e531d8d7f8d784
Branches Tags
Otho:master
..
compare: Otho:295149d8832b9e5bc2771b316097c132b8fda67d
Branches Tags
Otho:master

2 Commits
35d8849e1e ... 295149d883

Author SHA1 Message Date
Otho
295149d883
Add nginx server on feed interface. 2023-01-20 22:58:12 -05:00
Otho
fb224b361e
Separate interfaces and DNS updates. 2023-01-20 22:57:55 -05:00
3 changed files with 171 additions and 64 deletions
Show Stats Expand all files Collapse all files

77
apache24/httpd.conf
View File

@ -1,7 +1,9 @@
ServerName othostash.com
ServerRoot /usr/local
ServerRoot "/usr/local" Listen [2603:3015:1003:566d::dad:db]:80
Listen [2603:3015:1003:566d::dad:db]:443
Listen 443 Listen 10.1.9.10:443
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so LoadModule authn_file_module libexec/apache24/mod_authn_file.so
@ -49,44 +51,55 @@ Group www
Require all denied Require all denied
</Directory> </Directory>
MDomain othostash.com MDCertificateAgreement accepted
MDContactEmail admin@othostash.com
MDomain othostash.com www.othostash.com
#<VirtualHost 10.1.9.10:443> # <VirtualHost [2603:3015:1003:566d::dad:feed]:443>
# ServerName "plex.othostash.com"
# SSLEngine on
# ProxyPass "/" "http://localhost:32400"
# ProxyPassReverse "/" "http://localhost:32400"
# </VirtualHost>
<Location "/md-status"> <VirtualHost 10.1.9.10:443 [2603:3015:1003:566d::dad:db]:443>
ServerName "www.othostash.com"
ServerName "othostash.com"
<Location "/md-status">
SetHandler md-status SetHandler md-status
</Location> </Location>
DocumentRoot "/data" DocumentRoot "/data"
<Directory "/data"> <Directory "/data">
Options Indexes Options Indexes
AllowOverride Options Indexes FileInfo AuthConfig AllowOverride Options Indexes FileInfo AuthConfig
AuthType Basic AuthType Basic
AuthName "Who be you?" AuthName "Who be you?"
AuthUserFile /usr/local/etc/apache24/.badpass AuthUserFile /usr/local/etc/apache24/.badpass
Require valid-user Require valid-user
</Directory> </Directory>
<DirectoryMatch "^.*/\..*"> <DirectoryMatch "^.*/\..*">
Require all denied Require all denied
</DirectoryMatch> </DirectoryMatch>
<Files ".*"> <Files ".*">
Require all denied Require all denied
</Files> </Files>
<IfModule dir_module> <IfModule dir_module>
DirectoryIndex index.html DirectoryIndex index.html
</IfModule> </IfModule>
SSLEngine on SSLEngine on
SSLCertificateFile /usr/local/etc/apache24/fullchain.pem # SSLCertificateFile /usr/local/etc/apache24/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/apache24/privkey.pem # SSLCertificateKeyFile /usr/local/etc/apache24/privkey.pem
ErrorLog "/var/log/httpd-error.log" ErrorLog "/var/log/httpd-error.log"
LogLevel warn LogLevel warn
<IfModule log_config_module> <IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b" common
@ -96,27 +109,29 @@ LogLevel warn
</IfModule> </IfModule>
CustomLog "/var/log/httpd-access.log" common CustomLog "/var/log/httpd-access.log" common
</IfModule> </IfModule>
<IfModule alias_module> <IfModule alias_module>
ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/" ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/"
</IfModule> </IfModule>
<Directory "/data/metadata/www/cgi-bin"> <Directory "/data/metadata/www/cgi-bin">
AllowOverride None AllowOverride None
Options None Options None
Require all granted Require all granted
</Directory> </Directory>
<IfModule headers_module> <IfModule headers_module>
RequestHeader unset Proxy early RequestHeader unset Proxy early
</IfModule> </IfModule>
<IfModule mime_module> <IfModule mime_module>
TypesConfig etc/apache24/mime.types TypesConfig etc/apache24/mime.types
AddType application/x-compress .Z AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz AddType application/x-gzip .gz .tgz
</IfModule> </IfModule>
</VirtualHost>
<IfModule ssl_module> <IfModule ssl_module>
SSLRandomSeed startup builtin SSLRandomSeed startup builtin

37
dns.tf
View File

@ -18,22 +18,47 @@ terraform {
provider "namecheap" {} provider "namecheap" {}
variable "stashbox-vip" { variable "network" {
type = string type = string
default = "stashbox.delhi.o4data.net." default = "2603:3015:1003:566d"
}
variable "ipv4" {
type = string
default = "96.78.236.124"
} }
resource "namecheap_domain_records" "othostash" { resource "namecheap_domain_records" "othostash" {
domain = "othostash.com" domain = "othostash.com"
record { record {
hostname = "@" hostname = "@"
address = var.stashbox-vip address = "${var.network}::dad:db"
type = "ALIAS" type = "AAAA"
ttl = 300 }
record {
hostname = "feed"
address = "${var.network}::dad:feed"
type = "AAAA"
} }
record { record {
hostname = "www" hostname = "www"
address = "othostash.com." address = "othostash.com"
type = "CNAME" type = "CNAME"
} }
record {
hostname = "plex"
address = "feed.othostash.com"
type = "CNAME"
}
record {
hostname = "@"
address = var.ipv4
type = "A"
}
record {
hostname = "feed"
address = var.ipv4
type = "A"
}
} }

67
nginx/nginx.conf Normal file
View File

@ -0,0 +1,67 @@
#user nobody;
worker_processes auto;
# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
#error_log /var/log/nginx/error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server [::1]:32400; # replace 'plex' with the name you gave to your plex container if necessary!
keepalive 32;
}
server {
listen [2603:3015:1003:566d::dad:feed]:80;
listen 10.1.9.10:80;
resolver [2603:3015:1003:5661::cede];
server_name plex.othostash.com;
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header Referer localhost;
proxy_set_header Origin $scheme://localhost:$server_port;
proxy_set_header X-Real-IP $remote_addr;
#When using ngx_http_realip_module change $proxy_add_x_forwarded_for to '$http_x_forwarded_for,$realip_remote_addr'
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Accept-Encoding "";
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
location / {
proxy_pass http://plex_backend;
}
}
}