From b43880fafa92b85428565e4271e57801dda74421 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Jan 2026 16:35:32 -0600 Subject: [PATCH] Stable. --- .gitignore | 25 +++++ beszel/docker-compose.yml | 25 +++++ ddns.sh | 98 +++++++++++++++++++ mqtt-broker/docker-compose.yml | 21 ++++ mqtt-broker/mosquitto/config/mosquitto.conf | 8 ++ mqtt-broker/mosquitto/config/password.txt | 1 + nginx-proxy/conf.d/00-acme-challenge.conf | 15 +++ nginx-proxy/conf.d/bentopdf.atomic6.net.conf | 27 +++++ nginx-proxy/conf.d/frigate.atomic6.net.conf | 27 +++++ nginx-proxy/conf.d/gitea.nase.dev.conf | 27 +++++ nginx-proxy/conf.d/home-assistant.conf | 84 ++++++++++++++++ nginx-proxy/conf.d/immich.atomic6.net.conf | 28 ++++++ nginx-proxy/conf.d/jellyfin.conf | 74 ++++++++++++++ nginx-proxy/conf.d/memos.atomic6.net.conf | 26 +++++ nginx-proxy/conf.d/nextcloud.atomic6.net.conf | 26 +++++ nginx-proxy/conf.d/openwebui.atomic6.net.conf | 29 ++++++ nginx-proxy/conf.d/qr.atomic6.net.conf | 29 ++++++ nginx-proxy/conf.d/salt.nase.dev.conf | 28 ++++++ nginx-proxy/conf.d/survey.atomic6.net.conf | 59 +++++++++++ nginx-proxy/docker-compose.yml | 21 ++++ zwavejs/docker-compose.yml | 24 +++++ 21 files changed, 702 insertions(+) create mode 100644 .gitignore create mode 100644 beszel/docker-compose.yml create mode 100755 ddns.sh create mode 100644 mqtt-broker/docker-compose.yml create mode 100644 mqtt-broker/mosquitto/config/mosquitto.conf create mode 100644 mqtt-broker/mosquitto/config/password.txt create mode 100644 nginx-proxy/conf.d/00-acme-challenge.conf create mode 100644 nginx-proxy/conf.d/bentopdf.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/frigate.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/gitea.nase.dev.conf create mode 100644 nginx-proxy/conf.d/home-assistant.conf create mode 100644 nginx-proxy/conf.d/immich.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/jellyfin.conf create mode 100644 nginx-proxy/conf.d/memos.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/nextcloud.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/openwebui.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/qr.atomic6.net.conf create mode 100644 nginx-proxy/conf.d/salt.nase.dev.conf create mode 100644 nginx-proxy/conf.d/survey.atomic6.net.conf create mode 100644 nginx-proxy/docker-compose.yml create mode 100644 zwavejs/docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c6231c8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,25 @@ +* + +!.gitignore +!ddns.sh + +!nginx-proxy/ +!nginx-proxy/docker-compose.yml +!nginx-proxy/conf.d +!nginx-proxy/conf.d/* + +!mqtt-broker/ +!mqtt-broker/mosquitto/ +!mqtt-broker/mosquitto/config +!mqtt-broker/mosquitto/config/mosquitto.conf +!mqtt-broker/mosquitto/config/password.txt +!mqtt-broker/docker-compose.yml + +!homeassistant/ +!homeassistant/docker-compose.yml + +!zwavejs/ +!zwavejs/docker-compose.yml + +!beszel/ +!beszel/docker-compose.yml diff --git a/beszel/docker-compose.yml b/beszel/docker-compose.yml new file mode 100644 index 0000000..94408c2 --- /dev/null +++ b/beszel/docker-compose.yml @@ -0,0 +1,25 @@ +services: + beszel: + image: henrygd/beszel + container_name: beszel + restart: unless-stopped + ports: + - 8090:8090 + volumes: + - ./beszel_data:/beszel_data + + beszel-agent: + image: henrygd/beszel-agent + container_name: beszel-agent + restart: unless-stopped + network_mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./beszel_agent_data:/var/lib/beszel-agent + # monitor other disks / partitions by mounting a folder in /extra-filesystems + # - /mnt/disk/.beszel:/extra-filesystems/sda1:ro + environment: + LISTEN: 45876 + KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+dzh2ruWrqxVsXXWKYM7FcajNV7+3cz/6V+Hkfzwvr' + TOKEN: 3ca1b-5cc7a7a4e-39f3e-f1dbbd32a + HUB_URL: http://192.168.1.98:8090 diff --git a/ddns.sh b/ddns.sh new file mode 100755 index 0000000..446bc33 --- /dev/null +++ b/ddns.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# ============================================================================ +# DYNAMIC DNS UPDATER FOR NAMECHEAP (MULTI-DOMAIN) +# ============================================================================ +# Configuration - Edit these values +# ============================================================================ + +# Define your domains/hosts as an array of space-separated strings +# Format: "HOSTNAME:DOMAIN:PASSWORD" +# Use '@' for root domain, 'sub' for subdomain (e.g., 'home', 'video') +DOMAINS=( + "home:seanowiecki.com:d7b38fc4de474e81a79a309824aa8e2a" + "video:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "frigate:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "survey:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "memos:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "openwebui:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "immich:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "matrix:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "minecraft:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "chat:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "bentopdf:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "home:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "nextcloud:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "obico:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "obsidian:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "qr:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "cachet:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "grafana:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "valheim:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "satisfactory:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "vpn:atomic6.net:2a687057401f4401b4248d1d31b2ba81" + "salt:nase.dev:1fa7b1a67d404b339e38107db98c87f0" + "gitea:nase.dev:1fa7b1a67d404b339e38107db98c87f0" +) + +# IP checking service (choose one that works reliably for you) +IP_SERVICE="https://api.ipify.org" # Alternatives: "https://ifconfig.io/ip", "https://icanhazip.com" + +# ============================================================================ +# Script Core - Do not edit below unless you know what you're doing +# ============================================================================ + +# Get current public IP +echo "[$(date)] Checking public IP..." +CURRENT_IP=$(curl -s "$IP_SERVICE") + +if [ -z "$CURRENT_IP" ]; then + echo "[$(date)] ERROR: Could not fetch public IP. Check network or IP service." + exit 1 +fi + +echo "[$(date)] Current public IP: $CURRENT_IP" + +# Process each domain entry +for ENTRY in "${DOMAINS[@]}"; do + # Split the entry into components + IFS=":" read -r HOSTNAME DOMAIN PASSWORD <<< "$ENTRY" + + # Create a unique identifier for this host/domain combination + RECORD_ID="${HOSTNAME}.${DOMAIN}" + + # File to store last IP for this specific record + IP_FILE="/tmp/last_ip_${RECORD_ID//[^a-zA-Z0-9]/_}.txt" + + # Read last recorded IP if file exists + if [ -f "$IP_FILE" ]; then + LAST_IP=$(cat "$IP_FILE") + else + LAST_IP="" + fi + + # Update only if IP has changed + if [ "$CURRENT_IP" != "$LAST_IP" ]; then + echo "[$(date)] IP changed for $RECORD_ID ($LAST_IP → $CURRENT_IP). Updating..." + + # Call Namecheap's API + RESPONSE=$(curl -s "https://dynamicdns.park-your-domain.com/update?host=$HOSTNAME&domain=$DOMAIN&password=$PASSWORD&ip=$CURRENT_IP") + + # Check response for success + if echo "$RESPONSE" | grep -q "0"; then + echo "[$(date)] ✓ Successfully updated $RECORD_ID" + echo "$CURRENT_IP" > "$IP_FILE" + else + # Extract error message from response + ERROR=$(echo "$RESPONSE" | grep -o ".*" | sed 's/\(.*\)<\/Err1>/\1/') + echo "[$(date)] ✗ Failed to update $RECORD_ID: $ERROR" + fi + + # Optional: Log full response for debugging + # echo "API Response: $RESPONSE" + else + echo "[$(date)] IP unchanged for $RECORD_ID ($CURRENT_IP). Skipping." + fi +done + +echo "[$(date)] DDNS update cycle completed." diff --git a/mqtt-broker/docker-compose.yml b/mqtt-broker/docker-compose.yml new file mode 100644 index 0000000..1d8bdd7 --- /dev/null +++ b/mqtt-broker/docker-compose.yml @@ -0,0 +1,21 @@ +services: + mosquitto: + image: eclipse-mosquitto:latest + container_name: mosquitto + labels: + - "beszel.monitor=true" + - "beszel.service=mosquitto" + restart: unless-stopped + ports: + - "1883:1883" # Main MQTT port for all devices + - "9001:9001" # WebSocket port (optional) + volumes: + - ./mosquitto/config:/mosquitto/config + - ./mosquitto/data:/mosquitto/data + - ./mosquitto/log:/mosquitto/log + networks: + - mqtt-network + +networks: + mqtt-network: + driver: bridge diff --git a/mqtt-broker/mosquitto/config/mosquitto.conf b/mqtt-broker/mosquitto/config/mosquitto.conf new file mode 100644 index 0000000..c0b5e03 --- /dev/null +++ b/mqtt-broker/mosquitto/config/mosquitto.conf @@ -0,0 +1,8 @@ +persistence true +persistence_location /mosquitto/data/ +log_dest file /mosquitto/log/mosquitto.log +listener 1883 0.0.0.0 # Listen on all network interfaces + +# Authentication - Start with this to test, then add passwords +allow_anonymous true +password_file /mosquitto/config/password.txt diff --git a/mqtt-broker/mosquitto/config/password.txt b/mqtt-broker/mosquitto/config/password.txt new file mode 100644 index 0000000..96528bb --- /dev/null +++ b/mqtt-broker/mosquitto/config/password.txt @@ -0,0 +1 @@ +nase:$7$101$6qku4pTCy9Z/iAYo$NNZNmy3ZSRj9FVZG6rkfMJu8Lk4eD3HUaR8oYtdNwm8NCF99VE6PR9PXoviw9DDsfh1DtHpUt34QdxjW7ZvPTQ== diff --git a/nginx-proxy/conf.d/00-acme-challenge.conf b/nginx-proxy/conf.d/00-acme-challenge.conf new file mode 100644 index 0000000..3f10e49 --- /dev/null +++ b/nginx-proxy/conf.d/00-acme-challenge.conf @@ -0,0 +1,15 @@ +server { + listen 80; + listen [::]:80; + server_name _; # Catch-all + + location /.well-known/acme-challenge/ { + root /var/www/html; + try_files $uri =404; + } + + # Redirect ALL HTTP traffic to HTTPS (using the original host) + location / { + return 301 https://$host$request_uri; + } +} diff --git a/nginx-proxy/conf.d/bentopdf.atomic6.net.conf b/nginx-proxy/conf.d/bentopdf.atomic6.net.conf new file mode 100644 index 0000000..462881e --- /dev/null +++ b/nginx-proxy/conf.d/bentopdf.atomic6.net.conf @@ -0,0 +1,27 @@ +server { + listen 80; + server_name bentopdf.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name bentopdf.atomic6.net; + + ssl_certificate /etc/letsencrypt/live/bentopdf.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bentopdf.atomic6.net/privkey.pem; + location / { + proxy_pass http://192.168.1.208:3000; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/frigate.atomic6.net.conf b/nginx-proxy/conf.d/frigate.atomic6.net.conf new file mode 100644 index 0000000..261a730 --- /dev/null +++ b/nginx-proxy/conf.d/frigate.atomic6.net.conf @@ -0,0 +1,27 @@ +server { + listen 80; + server_name frigate.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect ALL other HTTP traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +# HTTPS server block (can remain as is) +server { + listen 443 ssl; + server_name frigate.atomic6.net; + ssl_certificate /etc/letsencrypt/live/frigate.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/frigate.atomic6.net/privkey.pem; + location / { + proxy_pass http://192.168.1.131:8971; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/gitea.nase.dev.conf b/nginx-proxy/conf.d/gitea.nase.dev.conf new file mode 100644 index 0000000..7635864 --- /dev/null +++ b/nginx-proxy/conf.d/gitea.nase.dev.conf @@ -0,0 +1,27 @@ +server { + listen 80; + server_name gitea.nase.dev; + + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name gitea.nase.dev; + + ssl_certificate /etc/letsencrypt/live/gitea.nase.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gitea.nase.dev/privkey.pem; + + location / { + proxy_pass http://192.168.1.208:3005; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/home-assistant.conf b/nginx-proxy/conf.d/home-assistant.conf new file mode 100644 index 0000000..704b686 --- /dev/null +++ b/nginx-proxy/conf.d/home-assistant.conf @@ -0,0 +1,84 @@ +# HTTP Server Block - REQUIRED for Let's Encrypt and redirects +server { + listen 80; + # listen [::]:80; + server_name home.seanowiecki.com; + + # Location for Let's Encrypt HTTP-01 challenge renewal + # This path must match the webroot path used by the certbot command + location /.well-known/acme-challenge/ { + root /var/www/html; + # Ensure this directory exists in your nginx container + try_files $uri =404; + } + + # Redirect ALL other HTTP traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +# HTTPS Server Block - Your existing config, corrected +server { + listen 443 ssl; + http2 on; + server_name home.seanowiecki.com; + + # SSL Configuration + ssl_certificate /etc/letsencrypt/live/home.seanowiecki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/home.seanowiecki.com/privkey.pem; + + # SSL Settings (your existing settings are good) + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 1d; + + # Proxy configuration for Home Assistant + location / { + proxy_pass http://192.168.1.98:8123; # Use your Docker service name or IP + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Essential WebSocket support headers[citation:2] + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # DISABLE buffering for the initial response + proxy_buffering off; + + # CRITICAL: Increase timeouts for the initial data load[citation:3] + proxy_read_timeout 86400s; # Keep connections alive for a long time + proxy_send_timeout 86400s; + proxy_connect_timeout 30s; + + # Optimize buffers for data transfer +# proxy_buffering off; +# proxy_buffer_size 128k; +# proxy_buffers 4 256k; +# proxy_busy_buffers_size 256k; + + # Ensure nginx doesn't buffer WebSocket frames + proxy_http_version 1.1; + } + + location /api/websocket { + proxy_pass http://192.168.1.98:8123; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400s; # Keep WS connection alive + } + + # Security headers + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; +} diff --git a/nginx-proxy/conf.d/immich.atomic6.net.conf b/nginx-proxy/conf.d/immich.atomic6.net.conf new file mode 100644 index 0000000..49ce3f7 --- /dev/null +++ b/nginx-proxy/conf.d/immich.atomic6.net.conf @@ -0,0 +1,28 @@ +server { + listen 80; + server_name immich.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name immich.atomic6.net; + ssl_certificate /etc/letsencrypt/live/immich.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/immich.atomic6.net/privkey.pem; + client_max_body_size 0; + + location / { + proxy_pass http://192.168.1.208:2283; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/jellyfin.conf b/nginx-proxy/conf.d/jellyfin.conf new file mode 100644 index 0000000..46c5644 --- /dev/null +++ b/nginx-proxy/conf.d/jellyfin.conf @@ -0,0 +1,74 @@ +server { + listen 80; + server_name video.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + http2 on; + server_name video.atomic6.net; + + # SSL Configuration + ssl_certificate /etc/letsencrypt/live/home.seanowiecki.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/home.seanowiecki.com/privkey.pem; + + # SSL Settings + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # Media server proxy configuration + location / { + proxy_pass http://192.168.1.131:8096; + + # Essential headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port 443; + + # Disable SSL verification for backend + proxy_ssl_verify off; + proxy_ssl_server_name on; + + # WebSocket support + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts for media streaming + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + proxy_buffering off; + + # Allow large file uploads/downloads + client_max_body_size 0; + } + + # Explicit WebSocket endpoint + location /ws { + proxy_pass http://192.168.1.131:8096/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + } + + # Security headers + add_header X-Frame-Options SAMEORIGIN; + add_header Referrer-Policy same-origin; +} diff --git a/nginx-proxy/conf.d/memos.atomic6.net.conf b/nginx-proxy/conf.d/memos.atomic6.net.conf new file mode 100644 index 0000000..4b7d8be --- /dev/null +++ b/nginx-proxy/conf.d/memos.atomic6.net.conf @@ -0,0 +1,26 @@ +server { + listen 80; + server_name memos.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name memos.atomic6.net; + ssl_certificate /etc/letsencrypt/live/memos.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/memos.atomic6.net/privkey.pem; + location / { + proxy_pass http://192.168.1.208:5230; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/nextcloud.atomic6.net.conf b/nginx-proxy/conf.d/nextcloud.atomic6.net.conf new file mode 100644 index 0000000..1b3dafc --- /dev/null +++ b/nginx-proxy/conf.d/nextcloud.atomic6.net.conf @@ -0,0 +1,26 @@ +server { + listen 80; + server_name nextcloud.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name nextcloud.atomic6.net; + ssl_certificate /etc/letsencrypt/live/nextcloud.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nextcloud.atomic6.net/privkey.pem; + location / { + proxy_pass http://192.168.1.131:8081; + proxy_set_header Host $host; + } +} \ No newline at end of file diff --git a/nginx-proxy/conf.d/openwebui.atomic6.net.conf b/nginx-proxy/conf.d/openwebui.atomic6.net.conf new file mode 100644 index 0000000..e3146e6 --- /dev/null +++ b/nginx-proxy/conf.d/openwebui.atomic6.net.conf @@ -0,0 +1,29 @@ +server { + listen 80; + server_name openwebui.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name openwebui.atomic6.net; + ssl_certificate /etc/letsencrypt/live/openwebui.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/openwebui.atomic6.net/privkey.pem; + location / { + proxy_pass http://192.168.1.131:3000; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/nginx-proxy/conf.d/qr.atomic6.net.conf b/nginx-proxy/conf.d/qr.atomic6.net.conf new file mode 100644 index 0000000..a61d3c8 --- /dev/null +++ b/nginx-proxy/conf.d/qr.atomic6.net.conf @@ -0,0 +1,29 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name qr.atomic6.net; + + ssl_certificate /etc/letsencrypt/live/qr.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/qr.atomic6.net/privkey.pem; + + location / { + proxy_pass http://192.168.1.208:3002; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Standard headers for potential API/upgrade support + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} + +# HTTP redirect (optional but recommended) +server { + listen 80; + listen [::]:80; + server_name qr.atomic6.net; + return 301 https://$server_name$request_uri; +} diff --git a/nginx-proxy/conf.d/salt.nase.dev.conf b/nginx-proxy/conf.d/salt.nase.dev.conf new file mode 100644 index 0000000..ecc04bb --- /dev/null +++ b/nginx-proxy/conf.d/salt.nase.dev.conf @@ -0,0 +1,28 @@ +server { + listen 80; + server_name salt.nase.dev; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name salt.nase.dev; + + ssl_certificate /etc/letsencrypt/live/salt.nase.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/salt.nase.dev/privkey.pem; + + location / { + proxy_pass http://192.168.1.6:3005; + proxy_set_header Host $host; + } +} diff --git a/nginx-proxy/conf.d/survey.atomic6.net.conf b/nginx-proxy/conf.d/survey.atomic6.net.conf new file mode 100644 index 0000000..06e4205 --- /dev/null +++ b/nginx-proxy/conf.d/survey.atomic6.net.conf @@ -0,0 +1,59 @@ +server { + listen 80; + server_name survey.atomic6.net; + + # Let's Encrypt challenge path + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + try_files $uri =404; + } + + # Redirect all other traffic to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + http2 on; + server_name survey.atomic6.net; + add_header X-Debug-Server "survey-config"; + + ssl_certificate /etc/letsencrypt/live/survey.atomic6.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/survey.atomic6.net/privkey.pem; + + # LimeSurvey proxy + location / { + proxy_pass http://192.168.1.208:8080; + + # CRITICAL HEADERS for LimeSurvey + proxy_set_header Host $host; + proxy_set_header Accept-Encoding ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port 443; + + # LimeSurvey specific headers + proxy_set_header X-Url-Scheme $scheme; + proxy_set_header X-Forwarded-Ssl on; + + # Timeouts + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + + # Cache static files + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + proxy_pass http://192.168.1.208:8080; + proxy_set_header Host $host; + proxy_set_header Accept-Encoding ""; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + expires 1y; + add_header Cache-Control "public, immutable"; + } +} diff --git a/nginx-proxy/docker-compose.yml b/nginx-proxy/docker-compose.yml new file mode 100644 index 0000000..3e44d29 --- /dev/null +++ b/nginx-proxy/docker-compose.yml @@ -0,0 +1,21 @@ +services: + nginx-proxy: + image: nginx:alpine + container_name: nginx-proxy + labels: + - "beszel.monitor=true" + - "beszel.service=nginx" + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - /var/www/html/.well-known/acme-challenge:/var/www/html/.well-known/acme-challenge:ro + - /home/nase/nginx-proxy/conf.d:/etc/nginx/conf.d:ro + - /etc/letsencrypt:/etc/letsencrypt:ro # Mount Let's Encrypt certificates + networks: + - proxy-network + +networks: + proxy-network: + driver: bridge diff --git a/zwavejs/docker-compose.yml b/zwavejs/docker-compose.yml new file mode 100644 index 0000000..2ab5ac8 --- /dev/null +++ b/zwavejs/docker-compose.yml @@ -0,0 +1,24 @@ +services: + zwave-js-ui: + container_name: zwave-js-ui + image: zwavejs/zwave-js-ui:latest + restart: unless-stopped + tty: true + stop_signal: SIGINT + environment: + - SESSION_SECRET=pacifier-cash-achiness5-reprise + - TZ=America/Chicago +# devices: + # 🔧 CRITICAL: Replace with your Z-Wave stick's path +# - '/dev/serial/by-id/usb-:/dev/zwave' + volumes: + # 💾 Persists Z-Wave network data and configuration + - ./zwavejs-store:/usr/src/app/store + ports: + - "8091:8091" # Web interface + - "3000:3000" # Z-Wave JS WebSocket server (for HA) + networks: + - homeautomation_net +networks: + homeautomation_net: + external: true