hyungi/home-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add ai/mark/document proxy, add news/kuma servers

Browse Source 
- document.hyungi.net: DEVONthink → Paperless-ngx (NAS)
- mark.hyungi.net: Karakeep 추가 (NAS)
- ai.hyungi.net: Open WebUI 추가 (Mac Mini)
- news.hyungi.net: FreshRSS 추가
- kuma.hyungi.net: Uptime Kuma 추가
- Remove unused VNC stream port (5901)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hyungi
2026-02-25 15:21:20 +09:00
parent 789de08f99
commit 256c3e56a4
2 changed files with 119 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose-ssl.yml
View File

@@ -9,7 +9,7 @@ services:
ports:
- "80:80" # HTTP (Let's Encrypt 인증용)
- "8443:443" # HTTPS (최종 접속용)
- "5901:5901" # macOS Screen Sharing (TCP Stream)
volumes:
- ./nginx-ssl.conf:/etc/nginx/nginx.conf:ro
- ./security.conf:/etc/nginx/conf.d/security.conf:ro

126
nginx-ssl.conf
View File

@@ -88,7 +88,17 @@ http {
}
upstream document_backend {
server 192.168.1.122:8181;
server 192.168.1.227:8000; # Paperless-ngx (시놀로지 NAS)
keepalive 16;
}
upstream mark_backend {
server 192.168.1.227:3000; # Karakeep (시놀로지 NAS)
keepalive 16;
}
upstream ai_backend {
server 192.168.1.122:3080; # Open WebUI (Mac Mini)
keepalive 16;
}
@@ -127,13 +137,23 @@ http {
keepalive 16;
}
upstream news_backend {
server 192.168.1.122:8080; # FreshRSS on Mac Mini
keepalive 16;
}
upstream kuma_backend {
server 192.168.1.227:3001;
keepalive 16;
}
# HTTP → HTTPS 리다이렉트
server {
listen 80;
server_name jellyfin.hyungi.net komga.hyungi.net webdav.hyungi.net ds1525.hyungi.net document.hyungi.net git.hyungi.net vault.hyungi.net link.hyungi.net mailplus.hyungi.net contacts.hyungi.net calendar.hyungi.net note.hyungi.net;
server_name jellyfin.hyungi.net komga.hyungi.net webdav.hyungi.net ds1525.hyungi.net document.hyungi.net mark.hyungi.net ai.hyungi.net git.hyungi.net vault.hyungi.net link.hyungi.net mailplus.hyungi.net contacts.hyungi.net calendar.hyungi.net note.hyungi.net news.hyungi.net kuma.hyungi.net;
# Let's Encrypt 인증 경로
location /.well-known/acme-challenge/ {
@@ -320,9 +340,9 @@ http {
deny all;
}
location ~ /\. {
deny all;
}
# location ~ /\. {
# deny all;
# }
}
# HTTPS 서버 - DSM (Synology)
@@ -346,7 +366,7 @@ http {
}
}
# HTTPS 서버 - DevonThink (Document)
# HTTPS 서버 - Paperless-ngx (Document)
server {
listen 443 ssl;
http2 on;
@@ -354,13 +374,57 @@ http {
ssl_certificate /etc/nginx/ssl/live/hyungi.net/fullchain_clean.pem;
ssl_certificate_key /etc/nginx/ssl/live/hyungi.net/privkey_clean.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
client_max_body_size 100M;
location / {
proxy_pass http://document_backend;
include /etc/nginx/conf.d/security.conf;
}
}
# HTTPS 서버 - Open WebUI (AI)
server {
listen 443 ssl;
http2 on;
server_name ai.hyungi.net;
ssl_certificate /etc/nginx/ssl/live/hyungi.net/fullchain_clean.pem;
ssl_certificate_key /etc/nginx/ssl/live/hyungi.net/privkey_clean.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://document_backend;
proxy_pass http://ai_backend;
include /etc/nginx/conf.d/security.conf;
# WebSocket 지원 (채팅 스트리밍)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# HTTPS 서버 - Karakeep (Mark/Bookmark)
server {
listen 443 ssl;
http2 on;
server_name mark.hyungi.net;
ssl_certificate /etc/nginx/ssl/live/hyungi.net/fullchain_clean.pem;
ssl_certificate_key /etc/nginx/ssl/live/hyungi.net/privkey_clean.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://mark_backend;
include /etc/nginx/conf.d/security.conf;
}
}
@@ -522,4 +586,50 @@ http {
proxy_set_header Connection "upgrade";
}
}
# HTTPS 서버 - freshrss
server {
listen 443 ssl;
http2 on;
server_name news.hyungi.net;
ssl_certificate /etc/nginx/ssl/live/hyungi.net/fullchain_clean.pem;
ssl_certificate_key /etc/nginx/ssl/live/hyungi.net/privkey_clean.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://news_backend;
include /etc/nginx/conf.d/security.conf;
# WebSocket support for freshrss notifications
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# HTTPS 서버 - Uptime Kuma
server {
listen 443 ssl;
http2 on;
server_name kuma.hyungi.net;
ssl_certificate /etc/nginx/ssl/live/hyungi.net/fullchain_clean.pem;
ssl_certificate_key /etc/nginx/ssl/live/hyungi.net/privkey_clean.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://kuma_backend;
include /etc/nginx/conf.d/security.conf;
# WebSocket 지원 (Uptime Kuma 실시간 업데이트용)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}