commit fcdb22a41371ae965f79d89c7e3c7aee6c2b085a
Author: Isaac Shoebottom <ir.shoebottom@gmail.com>
Date:   Fri Oct 7 00:40:05 2022 -0300

    Initial Commit

diff --git a/dynmap.conf b/dynmap.conf
new file mode 100644
index 0000000..1b40bbb
--- /dev/null
+++ b/dynmap.conf
@@ -0,0 +1,42 @@
+server {
+    server_name  dynmap.shoebottom.ca;
+    ssl_certificate /etc/letsencrypt/live/dynmap.shoebottom.ca/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dynmap.shoebottom.ca/privkey.pem;
+
+    location / {
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:8123/;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/dynmap.shoebottom.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dynmap.shoebottom.ca/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
+
+
+    ssl_trusted_certificate /etc/letsencrypt/live/dynmap.shoebottom.ca/chain.pem; # managed by Certbot
+    ssl_stapling on; # managed by Certbot
+    ssl_stapling_verify on; # managed by Certbot
+
+}
+server {
+    if ($host = dynmap.shoebottom.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    listen [::]:80;
+    server_name dynmap.shoebottom.ca;
+
+    # Uncomment to redirect HTTP to HTTPS
+    return 301 https://$host$request_uri;
+}
\ No newline at end of file
diff --git a/gitea.conf b/gitea.conf
new file mode 100644
index 0000000..b639a2c
--- /dev/null
+++ b/gitea.conf
@@ -0,0 +1,33 @@
+server {
+    server_name git.shoebottom.ca;
+
+    location / {
+        proxy_pass http://localhost:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+	# Increase size because commits would fail
+	client_max_body_size 500m;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.shoebottom.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.shoebottom.ca/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = git.shoebottom.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name git.shoebottom.ca;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/homepage.conf b/homepage.conf
new file mode 100644
index 0000000..2a6cae7
--- /dev/null
+++ b/homepage.conf
@@ -0,0 +1,66 @@
+server {
+    server_name shoebottom.ca; # managed by Certbot
+    root /home/isaac/www/shoebottom.ca;
+    index index.html;
+
+
+    listen [::]:443 ssl ipv6only=on default_server; # managed by Certbot
+    listen 443 ssl default_server; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/shoebottom.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/shoebottom.ca/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
+
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1";
+    add_header X-Content-Type-Options "nosniff";
+    # add_header Content-Security-Policy "default-src 'self' https://i.imgur.com;" always;	
+
+    ssl_trusted_certificate /etc/letsencrypt/live/shoebottom.ca/chain.pem; # managed by Certbot
+    ssl_stapling on; # managed by Certbot
+    ssl_stapling_verify on; # managed by Certbot
+    
+    location /music {
+        autoindex on;
+        sendfile on;
+        alias /home/isaac/Media/Music;
+    }
+
+    location /movies {
+        autoindex on;
+        sendfile on;
+        alias /home/isaac/Media/Movies;
+    }
+    location /tv {
+        autoindex on;
+        sendfile on;
+        alias /home/isaac/Media/TV;
+    }
+    location /anime {
+        autoindex on;
+        sendfile on;
+        alias /home/isaac/Media/Anime;
+    }
+
+    location /host {
+        autoindex off;
+        sendfile on;
+        alias /home/isaac/Media/Host;
+    }      
+}
+server {
+    if ($host = shoebottom.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name shoebottom.ca; # managed by Certbot
+    root /home/isaac/www/shoebottom.ca;
+    index index.html;
+}
diff --git a/jellyfin-vue.conf b/jellyfin-vue.conf
new file mode 100644
index 0000000..e3e385c
--- /dev/null
+++ b/jellyfin-vue.conf
@@ -0,0 +1,7 @@
+server {
+        listen 8000;
+        listen [::]:8000;
+        root /home/isaac/www/jellyfin-vue.shoebottom.ca;
+        index index.html;
+        server_name jellyfin-vue.shoebottom.ca;
+}
diff --git a/jellyfin.conf b/jellyfin.conf
new file mode 100644
index 0000000..2bd589b
--- /dev/null
+++ b/jellyfin.conf
@@ -0,0 +1,85 @@
+# Uncomment the commented sections after you have acquired a SSL Certificate
+server {
+    listen 80;
+    listen [::]:80;
+    server_name jellyfin.shoebottom.ca;
+
+    # Uncomment to redirect HTTP to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name jellyfin.shoebottom.ca;
+
+    # use a variable to store the upstream proxy
+    # in this example we are using a hostname which is resolved via DNS
+    # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
+    set $jellyfin 127.0.0.1;
+    #  resolver 127.0.0.1 valid=30;
+
+    ssl_certificate /etc/letsencrypt/live/jellyfin.shoebottom.ca/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/jellyfin.shoebottom.ca/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_trusted_certificate /etc/letsencrypt/live/jellyfin.shoebottom.ca/chain.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    # Content Security Policy
+    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+    # Enforces https content and restricts JS/CSS to origin
+    # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
+    # add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
+
+    location = / {
+        return 302 https://$host/web/;
+    }
+
+    location / {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://$jellyfin:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+    }
+
+    # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
+    location = /web/ {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://$jellyfin:8096/web/index.html;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    location /socket {
+        # Proxy Jellyfin Websockets traffic
+        proxy_pass http://$jellyfin:8096;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+}
diff --git a/owncast.conf b/owncast.conf
new file mode 100644
index 0000000..cb14301
--- /dev/null
+++ b/owncast.conf
@@ -0,0 +1,38 @@
+server {
+
+    server_name live.shoebottom.ca;
+
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass http://127.0.0.1:8080;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/live.shoebottom.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/live.shoebottom.ca/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = live.shoebottom.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+
+    server_name live.shoebottom.ca;
+    listen 80;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/pihole.conf b/pihole.conf
new file mode 100644
index 0000000..d16428d
--- /dev/null
+++ b/pihole.conf
@@ -0,0 +1,41 @@
+server {
+    listen 31415;
+    listen [::]:31415;
+
+    root /var/www/html;
+    server_name dns.shoebottom.ca;
+    autoindex off;
+
+    index pihole/index.php index.php index.html index.htm;
+
+    location / {
+        expires max;
+        try_files $uri $uri/ =404;
+    }
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+        fastcgi_param FQDN true;
+#        auth_basic "Restricted"; # For Basic Auth
+#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+    }
+
+    location /*.js {
+        index pihole/index.js;
+#        auth_basic "Restricted"; # For Basic Auth
+#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+    }
+
+    location /admin {
+        root /var/www/html;
+        index index.php index.html index.htm;
+#        auth_basic "Restricted"; # For Basic Auth
+#        auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}