Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
I
init-things
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nanahira
init-things
Commits
f2c17391
Commit
f2c17391
authored
Dec 03, 2021
by
nanahira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
minio
fix key
parent
6c5d10d5
Pipeline
#7339
failed with stages
in 23 seconds
Changes
4
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
140 additions
and
0 deletions
+140
-0
things/minio/conf.d/mycard_real_ip.conf
things/minio/conf.d/mycard_real_ip.conf
+17
-0
things/minio/conf.d/ssl.conf
things/minio/conf.d/ssl.conf
+54
-0
things/minio/conf.d/thief.conf
things/minio/conf.d/thief.conf
+35
-0
things/minio/docker-compose.yml
things/minio/docker-compose.yml
+34
-0
No files found.
things/minio/conf.d/mycard_real_ip.conf
0 → 100644
View file @
f2c17391
set_real_ip_from
172
.
16
.
0
.
0
/
12
;
set_real_ip_from
127
.
0
.
0
.
0
/
8
;
set_real_ip_from
192
.
168
.
1
.
203
/
32
;
set_real_ip_from
185
.
234
.
212
.
0
/
24
;
set_real_ip_from
10
.
198
.
0
.
0
/
24
;
set_real_ip_from
10
.
198
.
6
.
8
/
32
;
set_real_ip_from
47
.
240
.
76
.
111
/
32
;
set_real_ip_from
47
.
240
.
53
.
91
/
32
;
set_real_ip_from
10
.
198
.
7
.
52
/
32
;
set_real_ip_from
10
.
198
.
5
.
142
/
32
;
set_real_ip_from
10
.
0
.
1
.
2
/
32
;
set_real_ip_from
10
.
198
.
16
.
244
/
32
;
set_real_ip_from
10
.
198
.
20
.
231
/
32
;
set_real_ip_from
10
.
198
.
12
.
211
/
32
;
set_real_ip_from
10
.
198
.
25
.
137
/
32
;
real_ip_header
X
-
Forwarded
-
For
;
real_ip_recursive
on
;
things/minio/conf.d/ssl.conf
0 → 100644
View file @
f2c17391
# Genreated by MyCard cert update.
ssl_prefer_server_ciphers
on
;
ssl_ciphers
CHACHA20
:-
DHE
:
AESGCM
:
AESCCM
+
ECDH
:-
SHA256
:
AES
:+
AES256
:+
DHE
:+
AESCCM8
:+
SHA256
:-
SHA384
:+
SHA
:-
RSA
:-
ECDH
+
ECDSA
+
SHA
:!
DSS
:!
PSK
:!
aNULL
:!
SRP
:!
aECDH
;
ssl_ecdh_curve
X25519
:
prime256v1
:
secp384r1
:
secp521r1
;
resolver
127
.
0
.
0
.
11
;
client_max_body_size
10
g
;
ssl_session_timeout
10
m
;
ssl_session_cache
shared
:
SSL
:
10
m
;
ssl_stapling
on
;
ssl_stapling_verify
on
;
ssl_trusted_certificate
/
etc
/
nginx
/
certs
/
mycard
.
moe
/
chain
.
pem
;
ssl_dhparam
/
etc
/
nginx
/
certs
/
mycard
.
moe
/
dhparam
.
pem
;
ssl_certificate
/
etc
/
nginx
/
certs
/
mycard
.
moe
/
fullchain
.
pem
;
ssl_certificate_key
/
etc
/
nginx
/
certs
/
mycard
.
moe
/
privkey
.
pem
;
ssl_protocols
SSLv2
SSLv3
TLSv1
.
1
TLSv1
.
2
TLSv1
.
3
;
gzip
on
;
gzip_vary
on
;
gzip_comp_level
6
;
gzip_disable
msie6
;
gzip_proxied
any
;
gzip_types
text
/
plain
text
/
css
text
/
javascript
application
/
javascript
application
/
json
application
/
x
-
javascript
text
/
xml
application
/
xml
application
/
xml
+
rss
;
proxy_cache_path
/
etc
/
nginx
/
cache
levels
=
1
:
2
keys_zone
=
my_cache
:
10
m
max_size
=
10
g
inactive
=
60
m
use_temp_path
=
off
;
proxy_cache
my_cache
;
proxy_cache_revalidate
on
;
proxy_cache_background_update
on
;
proxy_cache_lock
on
;
proxy_cache_key
$
scheme
://$
host
$
request_uri
;
client_header_buffer_size
128
k
;
client_body_buffer_size
1
m
;
proxy_buffer_size
128
k
;
proxy_buffers
256
128
k
;
proxy_busy_buffers_size
4
m
;
proxy_temp_file_write_size
2
m
;
add_header
X
-
Cache
-
Status
$
upstream_cache_status
;
map
$
http_upgrade
$
connection_upgrade
{
default
upgrade
;
''
close
;
}
log_format
vcombined
'$host:$server_port '
'$remote_addr - $remote_user [$time_local] '
'"$request_method $scheme://$host$request_uri" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$upstream_cache_status" "$upstream_http_cache_control"'
;
things/minio/conf.d/thief.conf
0 → 100644
View file @
f2c17391
# vim: set ft=nginx:
server
{
listen
80
;
listen
443
ssl
http2
;
listen
444
ssl
http2
;
server_name
minio
.
mycard
.
moe
*.
minio
.
mycard
.
moe
;
# To allow special characters in headers
ignore_invalid_headers
off
;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size
0
;
# To disable buffering
proxy_buffering
off
;
proxy_cache
off
;
location
/ {
proxy_set_header
X
-
Real
-
IP
$
remote_addr
;
proxy_set_header
X
-
Forwarded
-
For
$
proxy_add_x_forwarded_for
;
proxy_set_header
X
-
Forwarded
-
Proto
$
scheme
;
proxy_set_header
Host
$
http_host
;
proxy_connect_timeout
300
;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version
1
.
1
;
proxy_set_header
Connection
""
;
chunked_transfer_encoding
off
;
proxy_pass
https
://
minio
.
mycard
.
moe
;
# If you are using docker-compose this would be the hostname i.e. minio
# Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
# /minio/health/live;
}
}
things/minio/docker-compose.yml
0 → 100644
View file @
f2c17391
version
:
'
2.4'
services
:
nginx
:
restart
:
always
image
:
git-registry.mycard.moe/nanahira/docker-nginx-plus
ports
:
-
'
80:80'
-
'
443:443'
-
'
444:443'
volumes
:
-
./conf.d:/etc/nginx/conf.d:ro
-
/data/nginx/cache:/etc/nginx/cache
-
./certs:/etc/nginx/certs:ro
#- ./iso:/data/iso:ro
minio
:
restart
:
always
image
:
minio/minio:RELEASE.2021-06-17T00-10-46Z
volumes
:
-
/data/minio/data:/data
-
/data/minio/config:/root/.minio
-
./certs/mycard.moe/fullchain.pem:/root/.minio/certs/public.crt:ro
-
./certs/mycard.moe/privkey.pem:/root/.minio/certs/private.key:ro
command
:
server --address ":443" /data
ports
:
-
9000:443
networks
:
default
:
aliases
:
-
minio.mycard.moe
environment
:
MINIO_ACCESS_KEY
:
access_key
MINIO_SECRET_KEY
:
secret_key
MINIO_DOMAIN
:
minio.mycard.moe
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment