From b794f84da1aaf446a3965f9b9363f997b3183872 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Sun, 6 Oct 2019 05:53:11 +0200 Subject: Initial configuration --- certs/localhost.conf | 31 ++++ certs/localhost.crt | 21 +++ certs/localhost.key | 28 ++++ conf.d/00_network.conf | 1 + conf.d/01_ipranges.conf | 5 + conf.d/02_ssl.conf | 8 + conf.d/03_config.conf | 1 + conf.d/fossils.conf | 6 + conf.d/git.conf | 13 ++ conf.d/ipepdv.conf | 6 + conf.d/katrin.conf | 10 ++ conf.d/ufo.conf | 10 ++ katrin.d/adei.conf | 11 ++ katrin.d/data.conf | 1 + katrin.d/data_local.variant | 10 ++ katrin.d/data_proxy.variant | 11 ++ katrin.d/ipe.conf | 3 + katrin.d/kaas-auto-gen.sh | 24 +++ katrin.d/kaas-auto.conf | 372 ++++++++++++++++++++++++++++++++++++++++++ katrin.d/kaas-auto.template | 12 ++ katrin.d/kaas.conf | 4 + katrin.d/katrin.conf | 15 ++ katrin.d/kopmann.conf | 15 ++ katrin.d/orca.conf | 11 ++ pdv.d/trac.conf | 4 + template.d/autoindex.template | 8 + ufo.d/kickstart.conf | 14 ++ ufo.d/repos.conf | 7 + ufo.d/ufoweb.conf | 9 + 29 files changed, 671 insertions(+) create mode 100644 certs/localhost.conf create mode 100644 certs/localhost.crt create mode 100644 certs/localhost.key create mode 100644 conf.d/00_network.conf create mode 100644 conf.d/01_ipranges.conf create mode 100644 conf.d/02_ssl.conf create mode 100644 conf.d/03_config.conf create mode 100644 conf.d/fossils.conf create mode 100644 conf.d/git.conf create mode 100644 conf.d/ipepdv.conf create mode 100644 conf.d/katrin.conf create mode 100644 conf.d/ufo.conf create mode 100644 katrin.d/adei.conf create mode 120000 katrin.d/data.conf create mode 100644 katrin.d/data_local.variant create mode 100644 katrin.d/data_proxy.variant create mode 100644 katrin.d/ipe.conf create mode 100755 katrin.d/kaas-auto-gen.sh create mode 100644 katrin.d/kaas-auto.conf create mode 100644 katrin.d/kaas-auto.template create mode 100644 katrin.d/kaas.conf create mode 100644 katrin.d/katrin.conf create mode 100644 katrin.d/kopmann.conf create mode 100644 katrin.d/orca.conf create mode 100644 pdv.d/trac.conf create mode 100644 template.d/autoindex.template create mode 100644 ufo.d/kickstart.conf create mode 100644 ufo.d/repos.conf create mode 100644 ufo.d/ufoweb.conf diff --git a/certs/localhost.conf b/certs/localhost.conf new file mode 100644 index 0000000..02cfc8b --- /dev/null +++ b/certs/localhost.conf @@ -0,0 +1,31 @@ +[req] +default_bits = 2048 +default_keyfile = localhost.key +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_ca + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = DE +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = BW +localityName = Locality Name (eg, city) +localityName_default = Karlsruhe +organizationName = Organization Name (eg, company) +organizationName_default = IPE +organizationalUnitName = organizationalunit +organizationalUnitName_default = PDV +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = localhost +commonName_max = 64 + +[req_ext] +subjectAltName = @alt_names + +[v3_ca] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = 127.0.0.1 diff --git a/certs/localhost.crt b/certs/localhost.crt new file mode 100644 index 0000000..ff270fa --- /dev/null +++ b/certs/localhost.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIUbqaoozb4QT+MA8Qzs8wZ74dSdkgwDQYJKoZIhvcNAQEL +BQAwXjELMAkGA1UEBhMCREUxCzAJBgNVBAgMAkJXMRIwEAYDVQQHDAlLYXJsc3J1 +aGUxDDAKBgNVBAoMA0lQRTEMMAoGA1UECwwDUERWMRIwEAYDVQQDDAlsb2NhbGhv +c3QwHhcNMTkwOTIwMjIyODQ3WhcNMjAwOTE5MjIyODQ3WjBeMQswCQYDVQQGEwJE +RTELMAkGA1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDSVBF +MQwwCgYDVQQLDANQRFYxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALmGaJdjTyC3IBsBN1YtjpEG3hxMd+MvIn9G1TzZ +KOjuaURHOvymGvM04tXRmKqrSL9tSk+G1V91Om9HqfSR+ng6mqa9TB4vJYe2/eUS +/4dg+M4BwNUfjYxmBzDg5vU1388rUvTEMHdRWE98kDqkfDUBfIBfr1U6BJ7woVkl +SYq/CYyV6QrVS0wStPMx7UpQXMnpBxOg8gwMG/0jyLJerKYS30zo3ExV8yh8iipm +glHYiczkTck61vJ0uHfKBp7tCJafF2BC4b+PlIXc/43pT7IhatYGnAgZYznF1BJf +Bl71pi0mNDRgS20RqavRO4b7hcaW09Lv+n3Vr3VSpXFYrT0CAwEAAaMjMCEwHwYD +VR0RBBgwFoIJbG9jYWxob3N0ggkxMjcuMC4wLjEwDQYJKoZIhvcNAQELBQADggEB +AEPalp04jgsgwAWiBLnrlIv+3qWrewPQTDCbP6DX/0ofUpXY0vO2TnbcaDqULOtS +WTq5uwugOlAXbYFuQCnrSeWmLUK86sAYmkpPe7EDLtMInmoU76hGKtoWpMBwiGue +V9BMo0j2x8Vpj+ywNym/ClXQ9nAdj44ktZm6wdB7aD5o000g64LZCrdP3MoIOCoz +Eboajy5CgWnSYFj1C5cW5/C4xCshrpI+5gebXkM5IK1ztK9nb1KFzkBPn9rVzXKP +cp4V0X0alsL3V1JB7A9IAltVjNQRBSNnFfFGhqyk8F4alMS+kiE2XCBTLDy8BDyi +TyJcBAZNfOqxKThbBVLghj4= +-----END CERTIFICATE----- diff --git a/certs/localhost.key b/certs/localhost.key new file mode 100644 index 0000000..c3fb6b2 --- /dev/null +++ b/certs/localhost.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC5hmiXY08gtyAb +ATdWLY6RBt4cTHfjLyJ/RtU82Sjo7mlERzr8phrzNOLV0Ziqq0i/bUpPhtVfdTpv +R6n0kfp4OpqmvUweLyWHtv3lEv+HYPjOAcDVH42MZgcw4Ob1Nd/PK1L0xDB3UVhP +fJA6pHw1AXyAX69VOgSe8KFZJUmKvwmMlekK1UtMErTzMe1KUFzJ6QcToPIMDBv9 +I8iyXqymEt9M6NxMVfMofIoqZoJR2InM5E3JOtbydLh3ygae7QiWnxdgQuG/j5SF +3P+N6U+yIWrWBpwIGWM5xdQSXwZe9aYtJjQ0YEttEamr0TuG+4XGltPS7/p91a91 +UqVxWK09AgMBAAECggEAVsyhxqJ59O54oOnSwAkUeJnj9Q150drNowq63XskfsZ8 +jatd17LHTR5jOnKToNX+dUFm0QpebgjkzAeVZo2dx/5zOKu8HysjvflJlJFs6CPg +hFGhrJTUnullV+MBa5xHGCBG8amQm2J9lMLMoAMw8YO+gjlCSPeaDdq7QoAFhlnJ +pAqrPNe4275vHFw6O0vL78zJADPd/RPtNQ3sS4OHEgMxNPghczuAAiCP1Ihdq9YA +X9X9D08EE2b7+lDdMVm5RShFkG8HusO0SMMvh8qrMjfIjr98lEGTL0rEvba6ZYiY +ePCXVSLytpC0DMsI2aY2iBANmbsuUIfPMtorR/STQQKBgQDzucFE7qWs8BJRHvmZ +ejtcUgyEiOrQCTXkWI43xE7hPft4S1SXxBcAHS8L2oy7+JlYNSOUUmwbMwzRV3ll +hMjo+dkk5NYD6yMdbWN3ZJb7AS3/smBsS/nbM6ZTnJ2pDB7esiYKSfs2aoU9jkPa +NRtBWWyiWRPpMDZq3b4lTrY1uQKBgQDC3ky5SZjaZNL2t2NFLCfYAwjnW3cLpPGM +x1+0BH0laejJm48JpJuyjxA6ZCdvt3o8nW1cD22sA7WWh6cuHdcoBVubaW+0L6rX +RfcMvKXp6mJr77NiNzRKt7VvQb6xIS/dMScAX24d9tkUHsMeL/hHHM7oNMXO+vtT +zHOrt271pQKBgG3kvb5FFLLLdJbbLpQDRyyzWi2QRsASxxf0zftbKm3pMq/k13mu +0ugcQJBJtNc0mn/pReek2lXRSOBDXttlaemSblRyUgVmSmkEX6r/0gvPVlxKo6tw +/nHV8hMVNQl6C5lCHmDZRsoccYN12CZVd7qZhaAWJiIouQCqhwfvW70RAoGAOOGe +z68V+RnZIr8hMP3Um483OCFQvItnHsrLusZcqWEi3EaWGCB+ej6cZA78G/YYrjzd +wTOXtdBXXxs1x5ZaSYpW1SSPwK7xVWlM1eDzJTaPiCYt3It0riK1yUYNnbKsQAqq +8cbpY8G8V80q81LZTBiypMFSxDoqxqk1Unh24SkCgYB07nbeMyEpd5oRuoolBUqg +BO/FzmUzTFB/UX/7YLFxt8By7DIQtpndaNe+z0gN+7TlGrL606Xw2SuxGpfzfxFA +hvo+6NJMGLE2VkHODCkBP2NH+xC9N+KpDtfbO5jVXRMpo7XBUNvgLQm8zwTIJr9J +Ryez7H/weUuXyldx9OB9ww== +-----END PRIVATE KEY----- diff --git a/conf.d/00_network.conf b/conf.d/00_network.conf new file mode 100644 index 0000000..0fd88b0 --- /dev/null +++ b/conf.d/00_network.conf @@ -0,0 +1 @@ +resolver 141.52.3.3 141.52.8.18; diff --git a/conf.d/01_ipranges.conf b/conf.d/01_ipranges.conf new file mode 100644 index 0000000..5bf8ba9 --- /dev/null +++ b/conf.d/01_ipranges.conf @@ -0,0 +1,5 @@ +geo $kit_client { + default 0; + 141.52.64.0/23 1; + 192.168.26.0/24 1; +} diff --git a/conf.d/02_ssl.conf b/conf.d/02_ssl.conf new file mode 100644 index 0000000..3b00354 --- /dev/null +++ b/conf.d/02_ssl.conf @@ -0,0 +1,8 @@ +ssl_certificate /etc/nginx/certs/localhost.crt; +ssl_certificate_key /etc/nginx/certs/localhost.key; +ssl_session_timeout 5m; +ssl_prefer_server_ciphers on; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; + +proxy_ssl_server_name on; diff --git a/conf.d/03_config.conf b/conf.d/03_config.conf new file mode 100644 index 0000000..2de9b28 --- /dev/null +++ b/conf.d/03_config.conf @@ -0,0 +1 @@ +sub_filter_once off; diff --git a/conf.d/fossils.conf b/conf.d/fossils.conf new file mode 100644 index 0000000..a1f47bc --- /dev/null +++ b/conf.d/fossils.conf @@ -0,0 +1,6 @@ +server { + listen 80; + server_name www.fossils.kit.edu; + + return 301 http://fossils.kaas.kit.edu$request_uri; +} diff --git a/conf.d/git.conf b/conf.d/git.conf new file mode 100644 index 0000000..24fbde0 --- /dev/null +++ b/conf.d/git.conf @@ -0,0 +1,13 @@ +server { + listen 80; + listen 141.52.64.105:443 ssl; + server_name git.ipe.kit.edu; + + location / { + proxy_pass https://gogs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + +} diff --git a/conf.d/ipepdv.conf b/conf.d/ipepdv.conf new file mode 100644 index 0000000..3654561 --- /dev/null +++ b/conf.d/ipepdv.conf @@ -0,0 +1,6 @@ +server { + listen 80; + server_name ipepdv.ipe.kit.edu; + + include /etc/nginx/pdv.d/*.conf; +} diff --git a/conf.d/katrin.conf b/conf.d/katrin.conf new file mode 100644 index 0000000..420f457 --- /dev/null +++ b/conf.d/katrin.conf @@ -0,0 +1,10 @@ +server { + listen 80; + listen 141.52.64.14:443 ssl; + server_name katrin.kit.edu; + + include /etc/nginx/katrin.d/*.conf; + + ssl_certificate /etc/letsencrypt/live/katrin.kit.edu/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/katrin.kit.edu/privkey.pem; # managed by Certbot +} diff --git a/conf.d/ufo.conf b/conf.d/ufo.conf new file mode 100644 index 0000000..cfb2ee1 --- /dev/null +++ b/conf.d/ufo.conf @@ -0,0 +1,10 @@ +server { + listen 80; + listen 141.52.64.54:443 ssl; + server_name ufo.kit.edu; + + ssl_certificate /etc/letsencrypt/live/ufo.kit.edu/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ufo.kit.edu/privkey.pem; # managed by Certbot + + include /etc/nginx/ufo.d/*.conf; +} diff --git a/katrin.d/adei.conf b/katrin.d/adei.conf new file mode 100644 index 0000000..0a67f8f --- /dev/null +++ b/katrin.d/adei.conf @@ -0,0 +1,11 @@ +set $pcebessadei "http://pcebessadei.competence-e.kit.edu"; + +location ~ /adei-hiu/(.*) { + proxy_pass $pcebessadei/adei-hiu/$1$is_args$args; +} + +location /adei-battery-partner(.*) { + proxy_pass $pcebessadei/adei-battery-partner/$1$is_args$args; +} + +#RewriteRule ^/adei-smartgrid(.*) http://adei-smartgrid.kaas.kit.edu$1?%{QUERY_STRING} [L] diff --git a/katrin.d/data.conf b/katrin.d/data.conf new file mode 120000 index 0000000..d244cc7 --- /dev/null +++ b/katrin.d/data.conf @@ -0,0 +1 @@ +data_proxy.variant \ No newline at end of file diff --git a/katrin.d/data_local.variant b/katrin.d/data_local.variant new file mode 100644 index 0000000..27c0ba4 --- /dev/null +++ b/katrin.d/data_local.variant @@ -0,0 +1,10 @@ +location /data { + root /mnt/pdv; + + deny all; + + sendfile on; + + location ~ "/data/(astor/|thunderstorm.*|orca.*)?$" { include /etc/nginx/template.d/autoindex.template; } + location ~ "/data/astor/(fossils|wave)" { include /etc/nginx/template.d/autoindex.template; } +} diff --git a/katrin.d/data_proxy.variant b/katrin.d/data_proxy.variant new file mode 100644 index 0000000..2b9a795 --- /dev/null +++ b/katrin.d/data_proxy.variant @@ -0,0 +1,11 @@ +location /data { + if ($kit_client) { + return 301 http://192.168.26.170$request_uri; + } + + return 301 http://$host/remote$request_uri; +} + +location /remote/data { + proxy_pass http://192.168.26.170/data; +} diff --git a/katrin.d/ipe.conf b/katrin.d/ipe.conf new file mode 100644 index 0000000..c245c7f --- /dev/null +++ b/katrin.d/ipe.conf @@ -0,0 +1,3 @@ +location /bscw { + return 301 https://fuzzy.fzk.de/bscw/bscw.cgi/1244850; +} diff --git a/katrin.d/kaas-auto-gen.sh b/katrin.d/kaas-auto-gen.sh new file mode 100755 index 0000000..2f3e635 --- /dev/null +++ b/katrin.d/kaas-auto-gen.sh @@ -0,0 +1,24 @@ +#! /bin/bash + +function oc { + cfg="/root/security/kaas.kit.edu.kubeconfig" + /usr/local/bin/oc --config "$cfg" "$@" +} + + +function gen { + sites=$(oc get route --all-namespaces | grep -P "^(adei|katrin|status|web) | grep kaas.kit.edu" | awk '{ print $3 }' | cut -d '.' -f 1) # " + + for site in $sites; do + adei=$(echo $site | grep -P "^adei-") + + url="" + [ -n "$adei" ] && url="/adei" + + cat kaas-auto.template | sed -re "s|@name@|$site|g; s|@url@|$url|g" + done +} + +gen > kaas-auto.conf + + diff --git a/katrin.d/kaas-auto.conf b/katrin.d/kaas-auto.conf new file mode 100644 index 0000000..c487330 --- /dev/null +++ b/katrin.d/kaas-auto.conf @@ -0,0 +1,372 @@ +location /adei-darwin/ { + proxy_set_header Host adei-darwin.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-darwin.kaas.kit.edu/; + sub_filter adei-darwin.kaas.kit.edu $host/adei-darwin; + proxy_redirect default; +# proxy_redirect http://adei-darwin.kaas.kit.edu http://$host/adei-darwin; +} +location /adei-darwin-debug/ { + proxy_set_header Host adei-darwin-debug.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-darwin-debug.kaas.kit.edu/; + sub_filter adei-darwin-debug.kaas.kit.edu $host/adei-darwin-debug; + proxy_redirect default; +# proxy_redirect http://adei-darwin-debug.kaas.kit.edu http://$host/adei-darwin-debug; +} +location /adei-darwin-logs/ { + proxy_set_header Host adei-darwin-logs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-darwin-logs.kaas.kit.edu/; + sub_filter adei-darwin-logs.kaas.kit.edu $host/adei-darwin-logs; + proxy_redirect default; +# proxy_redirect http://adei-darwin-logs.kaas.kit.edu http://$host/adei-darwin-logs; +} +location /adei-katrin/ { + proxy_set_header Host adei-katrin.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-katrin.kaas.kit.edu/; + sub_filter adei-katrin.kaas.kit.edu $host/adei-katrin; + proxy_redirect default; +# proxy_redirect http://adei-katrin.kaas.kit.edu http://$host/adei-katrin; +} +location /adei-katrin-debug/ { + proxy_set_header Host adei-katrin-debug.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-katrin-debug.kaas.kit.edu/; + sub_filter adei-katrin-debug.kaas.kit.edu $host/adei-katrin-debug; + proxy_redirect default; +# proxy_redirect http://adei-katrin-debug.kaas.kit.edu http://$host/adei-katrin-debug; +} +location /adei-katrin-logs/ { + proxy_set_header Host adei-katrin-logs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-katrin-logs.kaas.kit.edu/; + sub_filter adei-katrin-logs.kaas.kit.edu $host/adei-katrin-logs; + proxy_redirect default; +# proxy_redirect http://adei-katrin-logs.kaas.kit.edu http://$host/adei-katrin-logs; +} +location /adei-munin/ { + proxy_set_header Host adei-munin.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-munin.kaas.kit.edu/; + sub_filter adei-munin.kaas.kit.edu $host/adei-munin; + proxy_redirect default; +# proxy_redirect http://adei-munin.kaas.kit.edu http://$host/adei-munin; +} +location /adei-munin-debug/ { + proxy_set_header Host adei-munin-debug.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-munin-debug.kaas.kit.edu/; + sub_filter adei-munin-debug.kaas.kit.edu $host/adei-munin-debug; + proxy_redirect default; +# proxy_redirect http://adei-munin-debug.kaas.kit.edu http://$host/adei-munin-debug; +} +location /adei-munin-logs/ { + proxy_set_header Host adei-munin-logs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-munin-logs.kaas.kit.edu/; + sub_filter adei-munin-logs.kaas.kit.edu $host/adei-munin-logs; + proxy_redirect default; +# proxy_redirect http://adei-munin-logs.kaas.kit.edu http://$host/adei-munin-logs; +} +location /adei-smartgrid/ { + proxy_set_header Host adei-smartgrid.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-smartgrid.kaas.kit.edu/; + sub_filter adei-smartgrid.kaas.kit.edu $host/adei-smartgrid; + proxy_redirect default; +# proxy_redirect http://adei-smartgrid.kaas.kit.edu http://$host/adei-smartgrid; +} +location /adei-smartgrid-debug/ { + proxy_set_header Host adei-smartgrid-debug.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-smartgrid-debug.kaas.kit.edu/; + sub_filter adei-smartgrid-debug.kaas.kit.edu $host/adei-smartgrid-debug; + proxy_redirect default; +# proxy_redirect http://adei-smartgrid-debug.kaas.kit.edu http://$host/adei-smartgrid-debug; +} +location /adei-smartgrid-logs/ { + proxy_set_header Host adei-smartgrid-logs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://adei-smartgrid-logs.kaas.kit.edu/; + sub_filter adei-smartgrid-logs.kaas.kit.edu $host/adei-smartgrid-logs; + proxy_redirect default; +# proxy_redirect http://adei-smartgrid-logs.kaas.kit.edu http://$host/adei-smartgrid-logs; +} +location /munin/ { + proxy_set_header Host munin.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://munin.kaas.kit.edu/; + sub_filter munin.kaas.kit.edu $host/munin; + proxy_redirect default; +# proxy_redirect http://munin.kaas.kit.edu http://$host/munin; +} +location /phpmyadmin/ { + proxy_set_header Host phpmyadmin.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://phpmyadmin.kaas.kit.edu/; + sub_filter phpmyadmin.kaas.kit.edu $host/phpmyadmin; + proxy_redirect default; +# proxy_redirect http://phpmyadmin.kaas.kit.edu http://$host/phpmyadmin; +} +location /katrin-webdav/ { + proxy_set_header Host katrin-webdav.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://katrin-webdav.kaas.kit.edu/; + sub_filter katrin-webdav.kaas.kit.edu $host/katrin-webdav; + proxy_redirect default; +# proxy_redirect http://katrin-webdav.kaas.kit.edu http://$host/katrin-webdav; +} +location /kdb/ { + proxy_set_header Host kdb.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kdb.kaas.kit.edu/; + sub_filter kdb.kaas.kit.edu $host/kdb; + proxy_redirect default; +# proxy_redirect http://kdb.kaas.kit.edu http://$host/kdb; +} +location /kdb-backup/ { + proxy_set_header Host kdb-backup.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kdb-backup.kaas.kit.edu/; + sub_filter kdb-backup.kaas.kit.edu $host/kdb-backup; + proxy_redirect default; +# proxy_redirect http://kdb-backup.kaas.kit.edu http://$host/kdb-backup; +} +location /kali/ { + proxy_set_header Host kali.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kali.kaas.kit.edu/; + sub_filter kali.kaas.kit.edu $host/kali; + proxy_redirect default; +# proxy_redirect http://kali.kaas.kit.edu http://$host/kali; +} +location /kdb-orig/ { + proxy_set_header Host kdb-orig.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kdb-orig.kaas.kit.edu/; + sub_filter kdb-orig.kaas.kit.edu $host/kdb-orig; + proxy_redirect default; +# proxy_redirect http://kdb-orig.kaas.kit.edu http://$host/kdb-orig; +} +location /kdb-orig-backup/ { + proxy_set_header Host kdb-orig-backup.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kdb-orig-backup.kaas.kit.edu/; + sub_filter kdb-orig-backup.kaas.kit.edu $host/kdb-orig-backup; + proxy_redirect default; +# proxy_redirect http://kdb-orig-backup.kaas.kit.edu http://$host/kdb-orig-backup; +} +location /kdb-test/ { + proxy_set_header Host kdb-test.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://kdb-test.kaas.kit.edu/; + sub_filter kdb-test.kaas.kit.edu $host/kdb-test; + proxy_redirect default; +# proxy_redirect http://kdb-test.kaas.kit.edu http://$host/kdb-test; +} +location /status-sds/ { + proxy_set_header Host status-sds.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://status-sds.kaas.kit.edu/; + sub_filter status-sds.kaas.kit.edu $host/status-sds; + proxy_redirect default; +# proxy_redirect http://status-sds.kaas.kit.edu http://$host/status-sds; +} +location /status-sts/ { + proxy_set_header Host status-sts.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://status-sts.kaas.kit.edu/; + sub_filter status-sts.kaas.kit.edu $host/status-sts; + proxy_redirect default; +# proxy_redirect http://status-sts.kaas.kit.edu http://$host/status-sts; +} +location /held/ { + proxy_set_header Host held.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://held.kaas.kit.edu/; + sub_filter held.kaas.kit.edu $host/held; + proxy_redirect default; +# proxy_redirect http://held.kaas.kit.edu http://$host/held; +} +location /wordpressdb/ { + proxy_set_header Host wordpressdb.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://wordpressdb.kaas.kit.edu/; + sub_filter wordpressdb.kaas.kit.edu $host/wordpressdb; + proxy_redirect default; +# proxy_redirect http://wordpressdb.kaas.kit.edu http://$host/wordpressdb; +} +location /test-web/ { + proxy_set_header Host test-web.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://test-web.kaas.kit.edu/; + sub_filter test-web.kaas.kit.edu $host/test-web; + proxy_redirect default; +# proxy_redirect http://test-web.kaas.kit.edu http://$host/test-web; +} +location /trac-adei/ { + proxy_set_header Host trac-adei.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://trac-adei.kaas.kit.edu/; + sub_filter trac-adei.kaas.kit.edu $host/trac-adei; + proxy_redirect default; +# proxy_redirect http://trac-adei.kaas.kit.edu http://$host/trac-adei; +} +location /trac-pdv/ { + proxy_set_header Host trac-pdv.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://trac-pdv.kaas.kit.edu/; + sub_filter trac-pdv.kaas.kit.edu $host/trac-pdv; + proxy_redirect default; +# proxy_redirect http://trac-pdv.kaas.kit.edu http://$host/trac-pdv; +} +location /ufo-web/ { + proxy_set_header Host ufo-web.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://ufo-web.kaas.kit.edu/; + sub_filter ufo-web.kaas.kit.edu $host/ufo-web; + proxy_redirect default; +# proxy_redirect http://ufo-web.kaas.kit.edu http://$host/ufo-web; +} +location /ufo/ { + proxy_set_header Host ufo.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://ufo.kaas.kit.edu/; + sub_filter ufo.kaas.kit.edu $host/ufo; + proxy_redirect default; +# proxy_redirect http://ufo.kaas.kit.edu http://$host/ufo; +} +location /web-kopmann/ { + proxy_set_header Host web-kopmann.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://web-kopmann.kaas.kit.edu/; + sub_filter web-kopmann.kaas.kit.edu $host/web-kopmann; + proxy_redirect default; +# proxy_redirect http://web-kopmann.kaas.kit.edu http://$host/web-kopmann; +} diff --git a/katrin.d/kaas-auto.template b/katrin.d/kaas-auto.template new file mode 100644 index 0000000..502d2b9 --- /dev/null +++ b/katrin.d/kaas-auto.template @@ -0,0 +1,12 @@ +location /@name@/ { + proxy_set_header Host @name@.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept-Encoding ""; + + proxy_pass http://@name@.kaas.kit.edu/; + sub_filter @name@.kaas.kit.edu $host/@name@; + proxy_redirect default; +# proxy_redirect http://@name@.kaas.kit.edu http://$host/@name@; +} diff --git a/katrin.d/kaas.conf b/katrin.d/kaas.conf new file mode 100644 index 0000000..fd05ef5 --- /dev/null +++ b/katrin.d/kaas.conf @@ -0,0 +1,4 @@ +location /adei/ { + proxy_pass http://adei-katrin.kaas.kit.edu; + +} diff --git a/katrin.d/katrin.conf b/katrin.d/katrin.conf new file mode 100644 index 0000000..ec215a4 --- /dev/null +++ b/katrin.d/katrin.conf @@ -0,0 +1,15 @@ +location = / { + return 301 https://www.katrin.kit.edu; +} + +location /elog-detector { + return 301 https://crunch5.npl.washington.edu:8443; +} + +location /elog { + return 301 https://neutrino.ikp.kit.edu:8080; +} + +location /wiki { + return 301 http://ikp-katrin-wiki.ikp.kit.edu/katrin; +} diff --git a/katrin.d/kopmann.conf b/katrin.d/kopmann.conf new file mode 100644 index 0000000..4371eee --- /dev/null +++ b/katrin.d/kopmann.conf @@ -0,0 +1,15 @@ +location /docs { + return 301 http://web-kopmann.kaas.kit.edu/docs; +} + +location /docs/data { + return 301 http://$host/data/orca/; +} + +location /softare { + return 301 http://ipepdvsrv1.ipe.kit.edu/software/; +} + +location /drivers { + proxy_pass http://ipepdvsrv1.ipe.kit.edu/software/Drivers/; +} diff --git a/katrin.d/orca.conf b/katrin.d/orca.conf new file mode 100644 index 0000000..aed5b8b --- /dev/null +++ b/katrin.d/orca.conf @@ -0,0 +1,11 @@ +location /OrcaWeb { + proxy_pass http://192.168.110.67/OrcaWeb/; +} + +location /OrcaDbAccess { + proxy_pass http://192.168.110.67/OrcaDbAccess/; +} + +location /OrcaHelp { + return 301 http://orca.physics.unc.edu/~markhowe/; +} diff --git a/pdv.d/trac.conf b/pdv.d/trac.conf new file mode 100644 index 0000000..928e3d0 --- /dev/null +++ b/pdv.d/trac.conf @@ -0,0 +1,4 @@ +location /trac { + rewrite ^/trac(/.*)$ http://trac-pdv.kaas.kit.edu$1 permanent; +} + diff --git a/template.d/autoindex.template b/template.d/autoindex.template new file mode 100644 index 0000000..f465ca1 --- /dev/null +++ b/template.d/autoindex.template @@ -0,0 +1,8 @@ +allow all; + +autoindex on; +autoindex_exact_size off; +autoindex_localtime off; +autoindex_format html; + +disable_symlinks off; diff --git a/ufo.d/kickstart.conf b/ufo.d/kickstart.conf new file mode 100644 index 0000000..027c496 --- /dev/null +++ b/ufo.d/kickstart.conf @@ -0,0 +1,14 @@ +location /ands { + proxy_pass http://ands.kaas.kit.edu/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header ANDS-Real-IP $remote_addr; + proxy_set_header ANDS-Forwarded-For $proxy_add_x_forwarded_for; +} + +# Compatibility +location /ands/repos/centos74 { proxy_pass http://ands.kaas.kit.edu/repos/centos7/centos74/; } +location /ands/repos/gluster312 { proxy_pass http://ands.kaas.kit.edu/repos/centos7/centos312/; } +location /ands/repos/openshift37 { proxy_pass http://ands.kaas.kit.edu/repos/centos7/openshift37/; } +location /ands/repos/hardware { proxy_pass http://ands.kaas.kit.edu/repos/centos7/hardware/; } diff --git a/ufo.d/repos.conf b/ufo.d/repos.conf new file mode 100644 index 0000000..2afa765 --- /dev/null +++ b/ufo.d/repos.conf @@ -0,0 +1,7 @@ +location /ufo { + return 301 http://darksoft.org/webbzr/alps/; +} + +location /sources/csa { + rewrite ^/sources/csa(/.*)$ http://darksoft.org/bzr/alps$1 permanent; +} diff --git a/ufo.d/ufoweb.conf b/ufo.d/ufoweb.conf new file mode 100644 index 0000000..5a134a2 --- /dev/null +++ b/ufo.d/ufoweb.conf @@ -0,0 +1,9 @@ +rewrite ^/$ http://ufo.kit.edu/dis/; + +location /dis { + proxy_pass https://192.168.26.211/dis/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; +} -- cgit v1.2.3