ingress

services/ingress/gitea.nginx.conf

@@ -0,0 +1,27 @@
+server {
+        server_name gitea.skazochnik.spb.ru;
+        location / {
+                proxy_pass http://localhost:3005/;
+                client_max_body_size 0;
+        }
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/gitea.skazochnik.spb.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/gitea.skazochnik.spb.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = gitea.skazochnik.spb.ru) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name gitea.skazochnik.spb.ru;
+    listen 80;
+    return 404; # managed by Certbot
+}
+

services/ingress/nextcloud.conf

@@ -0,0 +1,28 @@
+server {
+    listen 443 ssl default_server; # managed by Certbot
+	server_name skazochnik.spb.ru gipat;
+	location / {
+		proxy_pass http://gipat:5002/;
+        sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/";
+		client_max_body_size 0;
+	}
+
+    ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    listen 8989 ssl default_server; # managed by Certbot
+	server_name skazochnik.spb.ru  gipat;
+	location / {
+		root   /var/www/website_frontend;
+        index  index.html index.htm;
+	}
+
+    ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}

services/ingress/pigallery.conf

@@ -0,0 +1,10 @@
+server {
+        server_name photos.skazochnik.spb.ru;
+        listen 443 ssl;
+        location / {
+                proxy_pass http://localhost:7780/;
+        }
+
+    ssl_certificate /etc/letsencrypt/live/photos.skazochnik.spb.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/photos.skazochnik.spb.ru/privkey.pem; # managed by Certbot
+}

services/ingress/portainer.conf_disabled

@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+        server_name portainer.skazochnik.spb.ru;
+        location / {
+            proxy_pass http://localhost:8077;
+        }
+
+
+    ssl_certificate /etc/letsencrypt/live/portainer.skazochnik.spb.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/portainer.skazochnik.spb.ru/privkey.pem; # managed by Certbot
+}

services/ingress/ports.txt

@@ -0,0 +1,12 @@
+== Internet ports
+
+== Open
+
+443 - nextcloud, pigallery, gitea
+6881 (+udp) - deluge
+
+== Closed
+
+443 - portainer
+51413 (+udp) - transmission
+8989 - custom web site (test)