3 files changed, 57 insertions, 5 deletions

diff --git a/terminaldweller.com/browsh/docker-compose.yaml b/terminaldweller.com/browsh/docker-compose.yaml
index 4778988..992887e 100644
--- a/terminaldweller.com/browsh/docker-compose.yaml
+++ b/terminaldweller.com/browsh/docker-compose.yaml
@@ -5,9 +5,29 @@ services:
     networks:
       - browshnet
     ports:
-      - "4333:4333"
+      - "127.0.0.1:2333:4333"
     restart: unless-stopped
     entrypoint: "/app/bin/browsh"
     command: ["--http-server-mode"]
+    depends_on:
+      - nginx
+  nginx:
+    image: nginx:stable
+    ports:
+      - "4333:443"
+    networks:
+      - browshnet
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - /etc/letsencrypt/archive/browsh.terminaldweller.com/:/certs/:ro
 networks:
   browshnet:
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 26e90f2..c6c9ce7 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -62,8 +62,9 @@ frontend http
   http-request redirect scheme https code 301 if http git-host !letsencrypt-acl
   # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl
   http-request redirect scheme https code 301 if http cargo-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http browsh-host !letsencrypt-acl
   #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl
-  # http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl
+  http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl
 
   #Conditions
   use_backend blog-backend-cert if letsencrypt-acl blog-host
@@ -77,6 +78,7 @@ frontend http
   use_backend searx-backend-cert if letsencrypt-acl rssgen-host
   use_backend searx-backend-cert if letsencrypt-acl git-host
   use_backend searx-backend-cert if letsencrypt-acl cargo-host
+  use_backend vpn6-cert-backend if letsencrypt-acl browsh-host
 #  use_backend editor-backend-cert if letsencrypt-acl editor-host
   use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host
   use_backend blog-backend if blog-host
@@ -110,6 +112,7 @@ frontend https
   acl editorsave-host-s req.ssl_sni -i editorsave.terminaldweller.com
   acl discord-host-s req.ssl_sni -i discord.terminaldweller.com
   acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com
+  acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com
   #Conditions
   use_backend mail-backend-s if mail-host-s
   #use_backend chat-backend-s if chat-host-s
@@ -124,6 +127,7 @@ frontend https
   use_backend editorsave-backend-s if editorsave-host-s
   use_backend git-backend-s if git-host-s
   use_backend rssgen-backend-s if rssgen-host-s
+  use_backend browsh-backend-s if browsh-host-s
 
 #frontend jabber5222
 #  bind *:5222
@@ -381,3 +385,11 @@ backend git-backend-s
 backend browsh-backend
   mode http
   server browsh-host 185.130.45.46:4333
+backend browsh-backend-s
+  mode tcp
+  option tcp-check
+  server browsh-host-s 185.130.45.46:4333
+
+backend vpn6-cert-backend
+  mode http
+  server vpn6-cert-host 185.130.45.46:80
diff --git a/terminaldweller.com/rss-bridge/docker-compose.yaml b/terminaldweller.com/rss-bridge/docker-compose.yaml
index 0cc8325..2dd98f4 100644
--- a/terminaldweller.com/rss-bridge/docker-compose.yaml
+++ b/terminaldweller.com/rss-bridge/docker-compose.yaml
@@ -5,12 +5,32 @@ services:
     networks:
       - rssbridgenet
     ports:
+      - "127.0.0.1:3080:80"
+    restart: unless-stopped
+    depends_on:
+      - nginx
+    # volumes:
+    #   - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    #   - /etc/letsencrypt/archive/rssgen.terminaldweller.com/:/certs/:ro
+    # cap_drop:
+    #   - ALL
+  nginx:
+    image: nginx:stable
+    ports:
       - "3000:443"
+    networks:
+      - rssbridgenet
     restart: unless-stopped
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - /etc/letsencrypt/archive/rssgen.terminaldweller.com/:/certs/:ro
-    # cap_drop:
-    #   - ALL
+      - /etc/letsencrypt/archive/browsh.terminaldweller.com/:/certs/:ro
 networks:
   rssbridgenet: