From: nutra-bot Date: Tue, 20 Jan 2026 19:54:55 +0000 (+0000) Subject: last update before master merge? X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=640276d57b97a8ea227171ac208bf379e690f4c0;p=nutratech%2Fvps-root.git last update before master merge? --- diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf index 1836a11..2a7b71d 100644 --- a/etc/nginx/conf.d/default.conf +++ b/etc/nginx/conf.d/default.conf @@ -1,5 +1,6 @@ # API server { + # Service: API | https://api.dev.nutra.tk server_name api-dev.nutra.tk api.dev.nutra.tk; #listen 80; listen 443 ssl; @@ -10,6 +11,7 @@ server { add_header Alt-Svc 'h3=":443"; ma=86400' always; # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; # Sanic location / { @@ -35,6 +37,7 @@ server { # Store Front (MedusaJS) server { + # Service: Store | https://store.nutra.tk server_name store.nutra.tk; #listen 80; listen 443 ssl; @@ -43,6 +46,8 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; location / { proxy_pass http://localhost:8000; } @@ -50,6 +55,7 @@ server { # Store [Admin UI] (MedusaJS) server { + # Service: Store Admin | https://store-admin-8b56411b.nutra.tk server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk; #listen 80; listen 443 ssl; @@ -58,6 +64,8 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; location / { proxy_pass http://localhost:9000; } @@ -92,12 +100,12 @@ server { #ssl_stapling on; #ssl_stapling_verify on; - # React app (base URL) + # Services Map (Homepage) + root /var/www; + index homepage.html; + location / { - #return 302 https://$host/api$request_uri; - root /var/www/app; - index index.html; - #try_files $uri $uri/ /index.html =404; + try_files $uri $uri/ =404; } # # Blog / Sphinx @@ -156,6 +164,11 @@ server { include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + # HTTP3 and Security Headers + add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; + return 301 https://dev.nutra.tk$request_uri; } @@ -168,9 +181,12 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; server_name matrix.nutra.tk chat.nutra.tk; location / { + # Service: Matrix Chat | https://chat.nutra.tk proxy_pass http://127.0.0.1:8008; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-For $remote_addr; @@ -185,6 +201,13 @@ server { server { listen 8448 ssl default_server; listen [::]:8448 ssl default_server; + listen 8448 quic default_server; + listen [::]:8448 quic default_server; + http2 on; + http3 on; + add_header Alt-Svc 'h3=":8448"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; server_name dev.nutra.tk; location / { diff --git a/opt/stalwart/etc/config.toml b/opt/stalwart/etc/config.toml index be02ce3..ec99072 100755 Binary files a/opt/stalwart/etc/config.toml and b/opt/stalwart/etc/config.toml differ