From e64aff5adab8a7160a23bd3bd84f926aabaa0058 Mon Sep 17 00:00:00 2001
From: zhuifenghero <zhuifenghero@live.cn>
Date: Sun, 3 May 2026 18:59:27 +0000
Subject: [PATCH] =?UTF-8?q?nginx=20=E5=AE=8C=E6=95=B4=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf.d/erp.conf                 | 51 ++++++++++++++++++++
 conf.d/nextcloud.conf           | 32 +++++++++++++
 conf.d/wiki.conf                | 38 +++++++++++++++
 nginx.conf                      | 83 +++++++++++++++++++++++++++++++++
 sites-enabled/filebrowser       |  1 +
 sites-enabled/fip.140103.xyz    |  1 +
 sites-enabled/form.140103.xyz   | 37 +++++++++++++++
 sites-enabled/forum.140103.xyz  |  1 +
 sites-enabled/ftp.140103.xyz    |  1 +
 sites-enabled/git.140103.xyz    | 28 +++++++++++
 sites-enabled/happy.140103.xyz  |  1 +
 sites-enabled/joplin.conf       |  1 +
 sites-enabled/kids              |  1 +
 sites-enabled/manager-io        |  1 +
 sites-enabled/mcp.140103.xyz    |  1 +
 sites-enabled/n8n               |  1 +
 sites-enabled/nocodb.140103.xyz |  1 +
 sites-enabled/office.140103.xyz |  1 +
 sites-enabled/pad.140103.xyz    |  1 +
 sites-enabled/sso.conf          |  1 +
 sites-enabled/tianna.140103.xyz | 30 ++++++++++++
 sites-enabled/upload            |  1 +
 sites-enabled/vaultwarden       |  1 +
 sites-enabled/vikunja           |  1 +
 sites-enabled/ybih.140103.xyz   | 40 ++++++++++++++++
 sites-enabled/zitadel.conf      |  1 +
 26 files changed, 357 insertions(+)
 create mode 100644 conf.d/erp.conf
 create mode 100644 conf.d/nextcloud.conf
 create mode 100644 conf.d/wiki.conf
 create mode 100644 nginx.conf
 create mode 120000 sites-enabled/filebrowser
 create mode 120000 sites-enabled/fip.140103.xyz
 create mode 100644 sites-enabled/form.140103.xyz
 create mode 120000 sites-enabled/forum.140103.xyz
 create mode 120000 sites-enabled/ftp.140103.xyz
 create mode 100644 sites-enabled/git.140103.xyz
 create mode 120000 sites-enabled/happy.140103.xyz
 create mode 120000 sites-enabled/joplin.conf
 create mode 120000 sites-enabled/kids
 create mode 120000 sites-enabled/manager-io
 create mode 120000 sites-enabled/mcp.140103.xyz
 create mode 120000 sites-enabled/n8n
 create mode 120000 sites-enabled/nocodb.140103.xyz
 create mode 120000 sites-enabled/office.140103.xyz
 create mode 120000 sites-enabled/pad.140103.xyz
 create mode 120000 sites-enabled/sso.conf
 create mode 100644 sites-enabled/tianna.140103.xyz
 create mode 120000 sites-enabled/upload
 create mode 120000 sites-enabled/vaultwarden
 create mode 120000 sites-enabled/vikunja
 create mode 100644 sites-enabled/ybih.140103.xyz
 create mode 120000 sites-enabled/zitadel.conf

diff --git a/conf.d/erp.conf b/conf.d/erp.conf
new file mode 100644
index 0000000..a71fc20
--- /dev/null
+++ b/conf.d/erp.conf
@@ -0,0 +1,51 @@
+server {
+    server_name erp.140103.xyz;
+location /assets {
+    alias /home/administrator/frappe-bench/sites/assets;
+    try_files $uri $uri/ =404;
+    expires 1y;
+    client_max_body_size 100M;
+    add_header Cache-Control "public";
+}
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+proxy_set_header Expert "";
+        proxy_cache_bypass $http_upgrade;
+proxy_ignore_client_abort on;
+
+    }
+
+location /socket.io {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_pass http://127.0.0.1:9000;
+}
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/erp.140103.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/erp.140103.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = erp.140103.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name erp.140103.xyz;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/conf.d/nextcloud.conf b/conf.d/nextcloud.conf
new file mode 100644
index 0000000..b49fbea
--- /dev/null
+++ b/conf.d/nextcloud.conf
@@ -0,0 +1,32 @@
+server {
+    server_name nextcloud.140103.xyz;
+    client_max_body_size 16G;
+    location / {
+        proxy_pass http://127.0.0.1:12000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/nextcloud.140103.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/nextcloud.140103.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = nextcloud.140103.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name nextcloud.140103.xyz;
+    client_max_body_size 16G;    
+    return 404; # managed by Certbot
+
+
+}
diff --git a/conf.d/wiki.conf b/conf.d/wiki.conf
new file mode 100644
index 0000000..970102d
--- /dev/null
+++ b/conf.d/wiki.conf
@@ -0,0 +1,38 @@
+server {
+    server_name wiki.yaobai.org;
+
+    location / {
+        # 既然 IP:3000 能通，这里直接用 127.0.0.1 是最稳的
+        proxy_pass http://127.0.0.1:3000; 
+        
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        
+        # 必须传递这些信息，否则 Wiki.js 会因为安全策略拒绝 HTTPS 访问
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    # 下面是 Certbot 自动生成的证书路径，请保留不要删除
+    ssl_certificate /etc/letsencrypt/live/wiki.yaobai.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/wiki.yaobai.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+}
+
+server {
+    if ($host = wiki.yaobai.org) {
+        return 301 https://$host$request_uri;
+    }
+    listen 80;
+    server_name wiki.yaobai.org;
+    return 404;
+
+
+}
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..18a1744
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,83 @@
+user administrator;
+worker_processes auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+        client_max_body_size 256M;
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
diff --git a/sites-enabled/filebrowser b/sites-enabled/filebrowser
new file mode 120000
index 0000000..2485722
--- /dev/null
+++ b/sites-enabled/filebrowser
@@ -0,0 +1 @@
+/etc/nginx/sites-available/filebrowser
\ No newline at end of file
diff --git a/sites-enabled/fip.140103.xyz b/sites-enabled/fip.140103.xyz
new file mode 120000
index 0000000..b7429f6
--- /dev/null
+++ b/sites-enabled/fip.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/fip.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/form.140103.xyz b/sites-enabled/form.140103.xyz
new file mode 100644
index 0000000..fc3e167
--- /dev/null
+++ b/sites-enabled/form.140103.xyz
@@ -0,0 +1,37 @@
+server {
+    server_name form.140103.xyz;
+
+location / {
+    proxy_pass http://localhost:3100;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_cache_bypass $http_upgrade;
+    add_header Content-Security-Policy "frame-ancestors *";
+}
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/form.140103.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/form.140103.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = form.140103.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name form.140103.xyz;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/sites-enabled/forum.140103.xyz b/sites-enabled/forum.140103.xyz
new file mode 120000
index 0000000..158129c
--- /dev/null
+++ b/sites-enabled/forum.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/forum.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/ftp.140103.xyz b/sites-enabled/ftp.140103.xyz
new file mode 120000
index 0000000..e3d9459
--- /dev/null
+++ b/sites-enabled/ftp.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/ftp.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/git.140103.xyz b/sites-enabled/git.140103.xyz
new file mode 100644
index 0000000..52ce6e7
--- /dev/null
+++ b/sites-enabled/git.140103.xyz
@@ -0,0 +1,28 @@
+server {
+    server_name git.140103.xyz;
+    location / {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.140103.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.140103.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = git.140103.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name git.140103.xyz;
+    return 404; # managed by Certbot
+
+
+}
\ No newline at end of file
diff --git a/sites-enabled/happy.140103.xyz b/sites-enabled/happy.140103.xyz
new file mode 120000
index 0000000..e618160
--- /dev/null
+++ b/sites-enabled/happy.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/happy.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/joplin.conf b/sites-enabled/joplin.conf
new file mode 120000
index 0000000..c6afc14
--- /dev/null
+++ b/sites-enabled/joplin.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/joplin.conf
\ No newline at end of file
diff --git a/sites-enabled/kids b/sites-enabled/kids
new file mode 120000
index 0000000..af62443
--- /dev/null
+++ b/sites-enabled/kids
@@ -0,0 +1 @@
+/etc/nginx/sites-available/kids
\ No newline at end of file
diff --git a/sites-enabled/manager-io b/sites-enabled/manager-io
new file mode 120000
index 0000000..4543b2c
--- /dev/null
+++ b/sites-enabled/manager-io
@@ -0,0 +1 @@
+/etc/nginx/sites-available/manager-io
\ No newline at end of file
diff --git a/sites-enabled/mcp.140103.xyz b/sites-enabled/mcp.140103.xyz
new file mode 120000
index 0000000..b50374d
--- /dev/null
+++ b/sites-enabled/mcp.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/mcp.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/n8n b/sites-enabled/n8n
new file mode 120000
index 0000000..33c216e
--- /dev/null
+++ b/sites-enabled/n8n
@@ -0,0 +1 @@
+/etc/nginx/sites-available/n8n
\ No newline at end of file
diff --git a/sites-enabled/nocodb.140103.xyz b/sites-enabled/nocodb.140103.xyz
new file mode 120000
index 0000000..019d3b8
--- /dev/null
+++ b/sites-enabled/nocodb.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/nocodb.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/office.140103.xyz b/sites-enabled/office.140103.xyz
new file mode 120000
index 0000000..8f06492
--- /dev/null
+++ b/sites-enabled/office.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/office.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/pad.140103.xyz b/sites-enabled/pad.140103.xyz
new file mode 120000
index 0000000..545be37
--- /dev/null
+++ b/sites-enabled/pad.140103.xyz
@@ -0,0 +1 @@
+/etc/nginx/sites-available/pad.140103.xyz
\ No newline at end of file
diff --git a/sites-enabled/sso.conf b/sites-enabled/sso.conf
new file mode 120000
index 0000000..3ac5051
--- /dev/null
+++ b/sites-enabled/sso.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/sso.conf
\ No newline at end of file
diff --git a/sites-enabled/tianna.140103.xyz b/sites-enabled/tianna.140103.xyz
new file mode 100644
index 0000000..0d76aae
--- /dev/null
+++ b/sites-enabled/tianna.140103.xyz
@@ -0,0 +1,30 @@
+server {
+    server_name tianna.140103.xyz;
+
+    location / {
+    proxy_pass http://127.0.0.1:11005;
+    proxy_set_header Host $http_host; # 这一行非常关键
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/tianna.140103.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/tianna.140103.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = tianna.140103.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name tianna.140103.xyz;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/sites-enabled/upload b/sites-enabled/upload
new file mode 120000
index 0000000..ba53ba0
--- /dev/null
+++ b/sites-enabled/upload
@@ -0,0 +1 @@
+/etc/nginx/sites-available/upload
\ No newline at end of file
diff --git a/sites-enabled/vaultwarden b/sites-enabled/vaultwarden
new file mode 120000
index 0000000..c832619
--- /dev/null
+++ b/sites-enabled/vaultwarden
@@ -0,0 +1 @@
+/etc/nginx/sites-available/vaultwarden
\ No newline at end of file
diff --git a/sites-enabled/vikunja b/sites-enabled/vikunja
new file mode 120000
index 0000000..43b4214
--- /dev/null
+++ b/sites-enabled/vikunja
@@ -0,0 +1 @@
+/etc/nginx/sites-available/vikunja
\ No newline at end of file
diff --git a/sites-enabled/ybih.140103.xyz b/sites-enabled/ybih.140103.xyz
new file mode 100644
index 0000000..e3da888
--- /dev/null
+++ b/sites-enabled/ybih.140103.xyz
@@ -0,0 +1,40 @@
+server {
+    listen 443 ssl;
+    server_name www.yaobai.org;
+    ssl_certificate /etc/letsencrypt/live/www.yaobai.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.yaobai.org/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    location /aisearch {
+        proxy_pass http://127.0.0.1:8766/search;
+        proxy_set_header Host $host;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 120s;
+        add_header Access-Control-Allow-Origin *;
+    }
+    
+
+    location / {
+        proxy_pass http://127.0.0.1:11006;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name ybih.140103.xyz;
+    ssl_certificate /etc/letsencrypt/live/ybih.140103.xyz/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ybih.140103.xyz/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    return 301 https://www.yaobai.org$request_uri;
+}
+
+server {
+    listen 80;
+    server_name www.yaobai.org ybih.140103.xyz;
+    return 301 https://www.yaobai.org$request_uri;
+}
diff --git a/sites-enabled/zitadel.conf b/sites-enabled/zitadel.conf
new file mode 120000
index 0000000..34d6b73
--- /dev/null
+++ b/sites-enabled/zitadel.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/zitadel.conf
\ No newline at end of file