user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; error_log syslog:server=unix:/dev/log; events { worker_connections 768; } stream { # Map of Host -> IP # We will route the traffic to this endpoints. map $ssl_preread_server_name $selected_upstream { hostnames; # if not knonw, use some non existing response thingy :shrug: default 255.255.255.255:1; ## CLOUD proxmox.tjo.cloud batuu.system.tjo.space:4443; postgresql.tjo.cloud batuu.system.tjo.space:4443; monitor.tjo.cloud hetzner.system.tjo.cloud:4443; loki.monitor.tjo.cloud hetzner.system.tjo.cloud:4443; prometheus.monitor.tjo.cloud hetzner.system.tjo.cloud:4443; grpc.otel.monitor.tjo.cloud hetzner.system.tjo.cloud:4443; http.otel.monitor.tjo.cloud hetzner.system.tjo.cloud:4443; vault.tjo.cloud batuu.system.tjo.space:4443; ## HETZNER tjo.space hetzner.system.tjo.cloud:4443; chat.tjo.space hetzner.system.tjo.cloud:4443; webhook.chat.tjo.space hetzner.system.tjo.cloud:4443; matrix.chat.tjo.space hetzner.system.tjo.cloud:4443; yt.tjo.space hetzner.system.tjo.cloud:4443; search.tjo.space hetzner.system.tjo.cloud:4443; send.tjo.space hetzner.system.tjo.cloud:4443; ## BATUU cloud.tjo.space batuu.system.tjo.space:4443; collabora.tjo.space batuu.system.tjo.space:4443; code.tjo.space batuu.system.tjo.space:4443; vault.tjo.space batuu.system.tjo.space:4443; rss.tjo.space batuu.system.tjo.space:4443; id.tjo.space batuu.system.tjo.space:4443; ldap.id.tjo.space batuu.system.tjo.space:4443; mnts.dev batuu.system.tjo.space:4443; paperless.tjo.space batuu.system.tjo.space:4443; penpot.tjo.space batuu.system.tjo.space:4443; ## JAKKU books.tjo.space jakku.system.tjo.space:4443; media.tjo.space jakku.system.tjo.space:4443; next.media.tjo.space jakku.system.tjo.space:4443; request.media.tjo.space jakku.system.tjo.space:4443; tdarr.media.tjo.space jakku.system.tjo.space:4443; stuff.tjo.space jakku.system.tjo.space:4443; auth.media.tjo.space jakku.system.tjo.space:4443; sonarr.media.tjo.space jakku.system.tjo.space:4443; radarr.media.tjo.space jakku.system.tjo.space:4443; lidarr.media.tjo.space jakku.system.tjo.space:4443; prowlarr.media.tjo.space jakku.system.tjo.space:4443; qbittorrent.media.tjo.space jakku.system.tjo.space:4443; bazarr.media.tjo.space jakku.system.tjo.space:4443; readarr.media.tjo.space jakku.system.tjo.space:4443; } geoip2 /var/geoip.mmdb { $geoip2_data_country_iso_code country iso_code; $geoip2_data_latitude location latitude; $geoip2_data_longitude location longitude; } log_format geoip_with_upstream 'country=$geoip2_data_country_iso_code ' 'lat=$geoip2_data_latitude ' 'long=$geoip2_data_longitude ' 'ip=$remote_addr ' 'protocol=$protocol ' 'server_name=$ssl_preread_server_name ' 'server_port=$server_port ' 'upstream=$selected_upstream ' 'status=$status ' 'bytes_sent=$bytes_sent ' 'bytes_received=$bytes_received ' 'session_time=$session_time'; log_format geoip 'country=$geoip2_data_country_iso_code ' 'lat=$geoip2_data_latitude ' 'long=$geoip2_data_longitude ' 'ip=$remote_addr ' 'protocol=$protocol ' 'server_port=$server_port ' 'status=$status ' 'bytes_sent=$bytes_sent ' 'bytes_received=$bytes_received ' 'session_time=$session_time'; # HTTPS server { access_log syslog:server=unix:/dev/log geoip_with_upstream; listen 0.0.0.0:443; listen [::]:443; proxy_pass $selected_upstream; proxy_protocol on; include /etc/nginx/partials/server.conf; include /etc/nginx/partials/blocked.conf; include /etc/nginx/partials/manual-blocks.conf; } # GIT server { access_log syslog:server=unix:/dev/log geoip; listen 0.0.0.0:22; listen [::]:22; proxy_pass batuu.system.tjo.space:2244; proxy_protocol on; include /etc/nginx/partials/server.conf; include /etc/nginx/partials/blocked.conf; include /etc/nginx/partials/manual-blocks.conf; } # EMAIL server { access_log syslog:server=unix:/dev/log geoip; listen 0.0.0.0:25; listen [::]:25; listen 0.0.0.0:143; listen [::]:143; listen 0.0.0.0:465; listen [::]:465; listen 0.0.0.0:587; listen [::]:587; listen 0.0.0.0:993; listen [::]:993; listen 0.0.0.0:4190; listen [::]:4190; proxy_pass nevaroo.system.tjo.space:$server_port; proxy_protocol off; # Configure downstream first. include /etc/nginx/partials/server.conf; include /etc/nginx/partials/blocked.conf; include /etc/nginx/partials/manual-blocks.conf; } }