x99percent/default

## default
# Redirect all http traffic to https
server {
    listen 80;
    return 301 https://$host$request_uri;
}

# Portainer Upstream
upstream portainer {
    server YOUR.PI.IP.ADDRESS:9000;
    keepalive 32;
}

# Home Assistant Upstream
upstream homeassistant {
    server YOUR.PI.IP.ADDRESS:8123;
    keepalive 32;
}

# Node-RED Upstream
upstream nodered {
    server YOUR.PI.IP.ADDRESS:1880;
    keepalive 32;
}

# Organizr Upstream
upstream organizr {
    server YOUR.PI.IP.ADDRESS:443;
    keepalive 32;
}

server {
        listen 443 ssl http2;

        root /config/www;
        index index.html index.htm index.php;

        server_name portainer.YOURDOMAIN.duckdns.org;

        client_max_body_size 0;

        ssl_certificate /etc/letsencrypt/live/portainer.YOURDOMAIN.duckdns.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/portainer.YOURDOMAIN.duckdns.org/privkey.pem;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://portainer/;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        }

        location /api/websocket/ {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
                proxy_pass http://portainer/api/websocket/;
        }
}

server {
        listen 443 ssl http2;

        root /config/www;
        index index.html index.htm index.php;

        server_name ha.YOURDOMAIN.duckdns.org;

        client_max_body_size 0;

        ssl_certificate /etc/letsencrypt/live/ha.YOURDOMAIN.duckdns.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/ha.YOURDOMAIN.duckdns.org/privkey.pem;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://homeassistant/;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        }

    location /api/websocket {
            proxy_pass http://homeassistant/api/websocket;
            proxy_set_header Host $host;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }
}

server {
        listen 443 ssl http2;

        root /config/www;
        index index.html index.htm index.php;

        server_name nodered.YOURDOMAIN.duckdns.org;

        client_max_body_size 0;

        ssl_certificate /etc/letsencrypt/live/nodered.YOURDOMAIN.duckdns.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/nodered.YOURDOMAIN.duckdns.org/privkey.pem;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass http://nodered/;
            proxy_http_version 1.1;
            proxy_set_header Connection "upgrade";
            proxy_set_header Upgrade $http_upgrade;
        }
}

server {
    listen 443 ssl http2 default_server;
    server_name YOURDOMAIN.duckdns.org;
    root /config/www/Dashboard;
    index index.html index.htm index.php;

    client_max_body_size 0;

    #SSL settings
    ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.duckdns.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.duckdns.org/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl_prefer_server_ciphers on;

    location / {
        try_files $uri $uri/ /index.html /index.php?$args =404;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # With php5-cgi alone:
        fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }

    # BLOCK ORGANIZR DASHBOARD FILES
    location ~ /loginLog.json|chat.db|users.db|org.log {
        return 404;
    }

    location /auth-admin {
        internal;
        proxy_pass http://organizr/auth.php?admin;
        proxy_set_header Content-Length "";
    }

    location /auth-user {
        internal;
        proxy_pass http://organizr/auth.php?user;
        proxy_set_header Content-Length "";
    }
}
	# Redirect all http traffic to https
	server {
	listen 80;
	return 301 https://$host$request_uri;
	}

	# Portainer Upstream
	upstream portainer {
	server YOUR.PI.IP.ADDRESS:9000;
	keepalive 32;
	}

	# Home Assistant Upstream
	upstream homeassistant {
	server YOUR.PI.IP.ADDRESS:8123;
	keepalive 32;
	}

	# Node-RED Upstream
	upstream nodered {
	server YOUR.PI.IP.ADDRESS:1880;
	keepalive 32;
	}

	# Organizr Upstream
	upstream organizr {
	server YOUR.PI.IP.ADDRESS:443;
	keepalive 32;
	}

	server {
	listen 443 ssl http2;

	root /config/www;
	index index.html index.htm index.php;

	server_name portainer.YOURDOMAIN.duckdns.org;

	client_max_body_size 0;

	ssl_certificate /etc/letsencrypt/live/portainer.YOURDOMAIN.duckdns.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/portainer.YOURDOMAIN.duckdns.org/privkey.pem;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	ssl_prefer_server_ciphers on;

	location / {
	proxy_pass http://portainer/;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	}

	location /api/websocket/ {
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_http_version 1.1;
	proxy_pass http://portainer/api/websocket/;
	}
	}

	server {
	listen 443 ssl http2;

	root /config/www;
	index index.html index.htm index.php;

	server_name ha.YOURDOMAIN.duckdns.org;

	client_max_body_size 0;

	ssl_certificate /etc/letsencrypt/live/ha.YOURDOMAIN.duckdns.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/ha.YOURDOMAIN.duckdns.org/privkey.pem;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	ssl_prefer_server_ciphers on;

	location / {
	proxy_pass http://homeassistant/;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	}

	location /api/websocket {
	proxy_pass http://homeassistant/api/websocket;
	proxy_set_header Host $host;

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}
	}

	server {
	listen 443 ssl http2;

	root /config/www;
	index index.html index.htm index.php;

	server_name nodered.YOURDOMAIN.duckdns.org;

	client_max_body_size 0;

	ssl_certificate /etc/letsencrypt/live/nodered.YOURDOMAIN.duckdns.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/nodered.YOURDOMAIN.duckdns.org/privkey.pem;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	ssl_prefer_server_ciphers on;

	location / {
	proxy_pass http://nodered/;
	proxy_http_version 1.1;
	proxy_set_header Connection "upgrade";
	proxy_set_header Upgrade $http_upgrade;
	}
	}

	server {
	listen 443 ssl http2 default_server;
	server_name YOURDOMAIN.duckdns.org;
	root /config/www/Dashboard;
	index index.html index.htm index.php;

	client_max_body_size 0;

	#SSL settings
	ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.duckdns.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.duckdns.org/privkey.pem;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	ssl_prefer_server_ciphers on;

	location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# With php5-cgi alone:
	fastcgi_pass 127.0.0.1:9000;
	# With php5-fpm:
	#fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	}

	# BLOCK ORGANIZR DASHBOARD FILES
	location ~ /loginLog.json\|chat.db\|users.db\|org.log {
	return 404;
	}

	location /auth-admin {
	internal;
	proxy_pass http://organizr/auth.php?admin;
	proxy_set_header Content-Length "";
	}

	location /auth-user {
	internal;
	proxy_pass http://organizr/auth.php?user;
	proxy_set_header Content-Length "";
	}
	}