diff --git a/NginxConf202311/LEEME.md b/NginxConf202311/LEEME.md index 7378d8e0..709841c9 100644 --- a/NginxConf202311/LEEME.md +++ b/NginxConf202311/LEEME.md @@ -1,39 +1,46 @@ -##### -# # Para crear un servicio nuevo -# -En /etc/nginx/sites-available hay un fichero llamado plantilla.conf +En **/etc/nginx/sites-available** hay un fichero llamado *plantilla.conf* -Hay que copiar este fichero a otro con el nombre del servicio, por ejemplo, calibre.conf +Hay que copiar este fichero a otro con el nombre del servicio, por ejemplo, *calibre.conf* En el fichero calibre.conf hay que cambiar el nombre del dominio, en este caso a calibre.reymota.es -En es mismo fichero hay que poner el puerto NodePort que tiene asociado nuestro servicio en kubernetes. +En es mismo fichero hay que poner el puerto **NodePort** que tiene asociado nuestro servicio en kubernetes. -Se guarda el fichero y se crea un enlace simbólico en /etc/nginx/sites-enabled +Se guarda el fichero y se crea un enlace simbólico en **/etc/nginx/sites-enabled** -ln -s /etc/nginx/sites-available/calibre.conf /etc/nginx/sites-enable + ln -s /etc/nginx/sites-available/calibre.conf /etc/nginx/sites-enable y se reinicia nginx -systemctl restart nginx + systemctl restart nginx -Luego, en ionos hay que crear un registro A en la pestaña DNS de nuestro dominio y que apunte a la ip pública +Luego, en **IONOS** hay que crear un registro A en la pestaña DNS de nuestro dominio y que apunte a la ip pública Con esto ya podríamos acceder a nuestro servicio, pero sin HTTPS. -##### -# Para instalar el certificado let's encrypt hay que llamar a -# certbot --nginx -# -sudo certbot --nginx +# Instalar el certificado let's encrypt +Para instalar el certificado let's encrypt hay que llamar a -nos pedirá sobre qué dominio lo queremos hacer y nos ofrecerá las opciones que no son más que los que hayamos -puesto en /etc/nginx/sites-enabled + sudo certbot --nginx +La fuente es [esta](https://blog.tekspace.io/how-to-setup-lets-encrypt-ssl-certificate-with-nginx-on-ubuntu-22-04/) + +nos pedirá sobre qué dominio lo queremos hacer y nos ofrecerá las opciones que no son más que los que hayamos puesto en **/etc/nginx/sites-enabled** + +Una de las preguntas es: + +*Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +1: No redirect - Make no further changes to the webserver configuration. +2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for +new sites, or if you're confident your site works on HTTPS. You can undo this +change by editing your web server's configuration.* + +hay que elegir la **2**. Una vez hecho ya funcionara con https. @@ -41,10 +48,10 @@ Por último, para que nuestra dirección pública sea vista por ionos hay que re Esto se con -domain-connect-dyndns setup --domain calibre.reymota.es - + domain-connect-dyndns setup --domain calibre.reymota.es el resultado es un enlace para que lo abramos en el navegador y autoricemos la asociación entre el dominio y nuestra IP pública. + Entramos en sesión si no lo estamos ya y le damos a permitir. Esto nos garantiza el acceso y nos da un código que hay que copiar y pegar en la petición que nos está haciendo domain-connect-dyndns @@ -57,7 +64,7 @@ finalmente, hay que estar vigilando que las ip pública no cambie y que si lo ha # para IONOS, para que los dominios apunten a mi red -*/1 * * * * /usr/bin/flock -n /tmp/ipupdate.lck /usr/local/bin/domain-connect-dyndns update --all --config /root/dyndns/settings.txt +\*/1 * * * * /usr/bin/flock -n /tmp/ipupdate.lck /usr/local/bin/domain-connect-dyndns update --all --config /root/dyndns/settings.txt -Puede ser en el usuario creylopez (crontab -e) +Puede ser en el usuario creylopez (crontab -e), por ejemplo. diff --git a/NginxConf202311/nginx/calibre.conf b/NginxConf202311/nginx/calibre.conf new file mode 100644 index 00000000..d880095b --- /dev/null +++ b/NginxConf202311/nginx/calibre.conf @@ -0,0 +1,40 @@ +server { + ## + # Aquí va el nombre del servidor + ## + server_name calibre.reymota.es; + + location / { + ## + # El puerto tiene que ser el del servicio por el que la aplicación escucha + ## + proxy_pass http://127.0.0.1:30830/; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 64M; + proxy_read_timeout 300s; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/calibre.reymota.es/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/calibre.reymota.es/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = calibre.reymota.es) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name calibre.reymota.es; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/NginxConf202311/ddns-net.conf b/NginxConf202311/nginx/ddns-net.conf similarity index 100% rename from NginxConf202311/ddns-net.conf rename to NginxConf202311/nginx/ddns-net.conf diff --git a/NginxConf202311/firefly-reymota.conf b/NginxConf202311/nginx/firefly-reymota.conf similarity index 100% rename from NginxConf202311/firefly-reymota.conf rename to NginxConf202311/nginx/firefly-reymota.conf diff --git a/NginxConf202311/miweb.conf b/NginxConf202311/nginx/miweb.conf similarity index 100% rename from NginxConf202311/miweb.conf rename to NginxConf202311/nginx/miweb.conf diff --git a/NginxConf202311/nginx/navidrome.conf b/NginxConf202311/nginx/navidrome.conf new file mode 100644 index 00000000..7fba9252 --- /dev/null +++ b/NginxConf202311/nginx/navidrome.conf @@ -0,0 +1,40 @@ +server { + ## + # Aquí va el nombre del servidor + ## + server_name navidrome.reymota.es; + + location / { + ## + # El puerto tiene que ser el del servicio por el que la aplicación escucha + ## + proxy_pass http://127.0.0.1:30681/; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 64M; + proxy_read_timeout 300s; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/navidrome.reymota.es/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/navidrome.reymota.es/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = navidrome.reymota.es) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name navidrome.reymota.es; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/NginxConf202311/nginx/nextcloud.conf b/NginxConf202311/nginx/nextcloud.conf new file mode 100644 index 00000000..cf8036af --- /dev/null +++ b/NginxConf202311/nginx/nextcloud.conf @@ -0,0 +1,40 @@ +server { + ## + # Aquí va el nombre del servidor + ## + server_name nextcloud.reymota.es; + + location / { + ## + # El puerto tiene que ser el del servicio por el que la aplicación escucha + ## + proxy_pass http://127.0.0.1:30580/; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 64M; + proxy_read_timeout 300s; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/nextcloud.reymota.es/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/nextcloud.reymota.es/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = nextcloud.reymota.es) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name nextcloud.reymota.es; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/NginxConf202311/plantilla.conf b/NginxConf202311/nginx/plantilla.conf similarity index 100% rename from NginxConf202311/plantilla.conf rename to NginxConf202311/nginx/plantilla.conf diff --git a/NginxConf202311/nginx/vaultwarden.conf b/NginxConf202311/nginx/vaultwarden.conf new file mode 100644 index 00000000..f048797c --- /dev/null +++ b/NginxConf202311/nginx/vaultwarden.conf @@ -0,0 +1,40 @@ +server { + ## + # Aquí va el nombre del servidor + ## + server_name vaultwarden.reymota.es; + + location / { + ## + # El puerto tiene que ser el del servicio por el que la aplicación escucha + ## + proxy_pass http://127.0.0.1:31078/; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 64M; + proxy_read_timeout 300s; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vaultwarden.reymota.es/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vaultwarden.reymota.es/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = vaultwarden.reymota.es) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name vaultwarden.reymota.es; + listen 80; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/NginxConf202311/nginx/wordpress.conf b/NginxConf202311/nginx/wordpress.conf new file mode 100644 index 00000000..9b813430 --- /dev/null +++ b/NginxConf202311/nginx/wordpress.conf @@ -0,0 +1,34 @@ +server { + server_name wordpress.reymota.es; + + location / { + proxy_pass http://127.0.0.1:30088/; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 64M; + proxy_read_timeout 300s; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/wordpress.reymota.es/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/wordpress.reymota.es/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = wordpress.reymota.es) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name wordpress.reymota.es; + listen 80; + return 404; # managed by Certbot + + +} diff --git a/NginxConf202311/registraDominioDDNS.sh b/NginxConf202311/registraDominioDDNS.sh index 9c3bdcf8..89153f68 100644 --- a/NginxConf202311/registraDominioDDNS.sh +++ b/NginxConf202311/registraDominioDDNS.sh @@ -1 +1 @@ -domain-connect-dyndns setup --domain calibre.reymota.es +domain-connect-dyndns setup --domain $1 diff --git a/NginxConf202311/settings.txt b/NginxConf202311/settings.txt new file mode 100644 index 00000000..1da770b4 --- /dev/null +++ b/NginxConf202311/settings.txt @@ -0,0 +1,68 @@ +{ + "calibre.reymota.es": { + "access_token": "MTLjwg8Y1F7I7-lOBR8rR230wEYScfxrh8_BcR2hkhE", + "access_token_expires_in": 604800, + "iat": 1701169962, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTL9t53GG8VQjJZl5XK8RsAJBW52IAk2pc3rD29XynA", + "url_api": "https://api.domainconnect.ionos.com" + }, + "firefly.reymota.es": { + "access_token": "MTKLiJ4idlJTj-Oad4H2icCN8iOwkykcpYBgjS7tKVA", + "access_token_expires_in": 604800, + "iat": 1700831804, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTJ5vwRQod6MzSE0HIyxw7J4p-e1M1TMoy5JyjqdBHU", + "url_api": "https://api.domainconnect.ionos.com" + }, + "navidrome.reymota.es": { + "access_token": "MTLAxLSdjm3FMvs1clgJCsQ4ge9beFkCQd0PdrJZnG4", + "access_token_expires_in": 604800, + "iat": 1701267662, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTJOVQ2mlI2zxYAkuDlikymRA61Je7gDCbZmjlOceGY", + "url_api": "https://api.domainconnect.ionos.com" + }, + "nextcloud.reymota.es": { + "access_token": "MTKYzYq1uIszzzxtlvAF0nLjHFVoX3xzAgtHyNMH3WU", + "access_token_expires_in": 604800, + "iat": 1700831845, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTIceY1LFporCa-9SM9UGYbYJ-3jFCZ6HRQp576pzYE", + "url_api": "https://api.domainconnect.ionos.com" + }, + "vaultwarden.reymota.es": { + "access_token": "MTKgf9AEERC1cDm-NQxiZF9SW8-0gDFUtj7oBMgPMho", + "access_token_expires_in": 604800, + "iat": 1700831885, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTI92td_J2HAdQpft1gXmRrqMHsfqw7O078N7-xOvCE", + "url_api": "https://api.domainconnect.ionos.com" + }, + "wordpress.reymota.es": { + "access_token": "MTKrxCvCy-CSwCqettnSaxa8DVqG5nis8-BGvps0Pu4", + "access_token_expires_in": 604800, + "iat": 1700831966, + "protocols": [ + "IPv4" + ], + "provider_name": "IONOS", + "refresh_token": "MTI4p2vx8X5i1CH4WP76TDJulwU6DgFGfpJU8zvonNs", + "url_api": "https://api.domainconnect.ionos.com" + } +} \ No newline at end of file diff --git a/OnePage.tar.gz b/OnePage.tar.gz new file mode 100644 index 00000000..06555a16 Binary files /dev/null and b/OnePage.tar.gz differ