include modules.d/*.conf; events { worker_connections 3024; } http { include mime.types; sendfile on; limit_req_zone $binary_remote_addr zone=req_per_ip:20m rate=5r/s; limit_req zone=req_per_ip burst=20; limit_req_status 429; upstream nitter { server 127.0.0.1:8924; } upstream redlib { server 127.0.0.1:8925; } upstream cgit { server 127.0.0.1:8926; } upstream matrix { server 127.0.0.1:8008; } upstream invidious { server 127.0.0.1:3000; } upstream invidious_companion { server 127.0.0.1:8282; } upstream searxng { server 127.0.0.1:8888; } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name system72.dev; location / { root /srv/http/system72.dev; index index.html; } location /store { alias /srv/http/system72.dev/store; default_type text/plain; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name matrix.system72.dev; location ~ ^(/_matrix|/_synapse/client) { proxy_pass http://matrix; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name nitter.system72.dev; location / { proxy_pass http://nitter; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; proxy_set_header X-Http-Version $server_protocol; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name redlib.system72.dev; location / { proxy_pass http://redlib; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; proxy_set_header X-Http-Version $server_protocol; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name invidious.system72.dev; location / { proxy_pass http://invidious; } location /companion { proxy_pass http://invidious_companion; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name cgit.system72.dev; location @cgit { proxy_pass http://cgit; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; proxy_set_header X-Http-Version $server_protocol; } } server { default_type text/html; client_body_timeout 5s; client_header_timeout 5s; listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/nginx/domain.cert.pem; ssl_certificate_key /etc/nginx/private.key.pem; server_name searxng.system72.dev; location / { proxy_pass http://searxng; } } }