From: nutra-bot Date: Thu, 15 Jan 2026 18:09:40 +0000 (+0000) Subject: update X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=7c290e973f8ba272ecd2a3a17643f729da8d2b16;p=nutratech%2Fvps-root.git update --- diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf index 172ffb0..1836a11 100644 --- a/etc/nginx/conf.d/default.conf +++ b/etc/nginx/conf.d/default.conf @@ -3,7 +3,11 @@ server { server_name api-dev.nutra.tk api.dev.nutra.tk; #listen 80; listen 443 ssl; + listen 443 quic; + listen [::]:443 quic; http2 on; + http3 on; + add_header Alt-Svc 'h3=":443"; ma=86400' always; # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; @@ -34,7 +38,11 @@ server { server_name store.nutra.tk; #listen 80; listen 443 ssl; + listen 443 quic; + listen [::]:443 quic; http2 on; + http3 on; + add_header Alt-Svc 'h3=":443"; ma=86400' always; location / { proxy_pass http://localhost:8000; } @@ -45,7 +53,11 @@ server { server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk; #listen 80; listen 443 ssl; + listen 443 quic; + listen [::]:443 quic; http2 on; + http3 on; + add_header Alt-Svc 'h3=":443"; ma=86400' always; location / { proxy_pass http://localhost:9000; } @@ -69,7 +81,7 @@ server { http3 on; # Advertise HTTP/3 availability - add_header Alt-Svc 'h3=":443"; ma=86400'; + add_header Alt-Svc 'h3=":443"; ma=86400' always; client_max_body_size 50m; @@ -80,13 +92,13 @@ server { #ssl_stapling on; #ssl_stapling_verify on; -# # React app (base URL) -# location / { -# #return 302 https://$host/api$request_uri; -# root /var/www/app; -# index index.html; -# #try_files $uri $uri/ /index.html =404; -# } + # React app (base URL) + location / { + #return 302 https://$host/api$request_uri; + root /var/www/app; + index index.html; + #try_files $uri $uri/ /index.html =404; + } # # Blog / Sphinx # location /blog { @@ -104,16 +116,15 @@ server { allow all; } - # resumes - location = /cv/swe~/resume.pdf { + # CV paths + location ~ ^/cv/(~?swe|swe~/resume\.pdf)$ { alias /var/www/cv/swe/resume.pdf; + default_type application/pdf; + } + location ~ ^/resume(\.pdf|/swe\.pdf)$ { + alias /var/www/cv/swe/resume.pdf; + default_type application/pdf; } -# location = /cv/dataeng~/resume.pdf { -# alias /var/www/cv/de/resume.pdf; -# } -# location = /cv/datasci~/resume.pdf { -# alias /var/www/cv/ds/resume.pdf; -# } # public folder location /public { @@ -128,17 +139,35 @@ server { ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} - # TODO: better redirect based on server, not if? - if ($host = www.dev.nutra.tk) { - return 301 https://dev.nutra.tk$request_uri; - } +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Redirect www.dev.nutra.tk -> dev.nutra.tk +server { + listen 443 ssl; + listen 443 quic; + listen [::]:443 quic; + http2 on; + http3 on; + server_name www.dev.nutra.tk; + + ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + return 301 https://dev.nutra.tk$request_uri; } +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Listen on 443 with matrix / synapse +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ server { listen 443 ssl; + listen 443 quic; http2 on; + http3 on; + add_header Alt-Svc 'h3=":443"; ma=86400' always; server_name matrix.nutra.tk chat.nutra.tk; location / { @@ -158,11 +187,6 @@ server { listen [::]:8448 ssl default_server; server_name dev.nutra.tk; -# # New chat (matrix / element) -# location ~ /v2/chat/ { -# proxy_pass http://127.0.0.1:8008; -# proxy_set_header X-Forwarded-For $remote_addr; -# } location / { proxy_pass http://127.0.0.1:8008; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; @@ -175,52 +199,3 @@ server { include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } - - -# Chat (mattermost) -#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; -#server { -# listen 443 ssl http2; -# server_name chat.nutra.tk; -# -# location ~ /api/v[0-9]+/(users/)?websocket$ { -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header Connection "upgrade"; -# client_max_body_size 50M; -# proxy_set_header Host $http_host; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Frame-Options SAMEORIGIN; -# proxy_buffers 256 16k; -# proxy_buffer_size 16k; -# client_body_timeout 60; -# send_timeout 300; -# lingering_timeout 5; -# proxy_connect_timeout 90; -# proxy_send_timeout 300; -# proxy_read_timeout 90s; -# proxy_http_version 1.1; -# proxy_pass http://localhost:8065; -# } -# -# location / { -# client_max_body_size 50M; -# proxy_set_header Connection ""; -# proxy_set_header Host $http_host; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Frame-Options SAMEORIGIN; -# proxy_buffers 256 16k; -# proxy_buffer_size 16k; -# proxy_read_timeout 600s; -# proxy_cache mattermost_cache; -# proxy_cache_revalidate on; -# proxy_cache_min_uses 2; -# proxy_cache_use_stale timeout; -# proxy_cache_lock on; -# proxy_http_version 1.1; -# proxy_pass http://localhost:8065; -# } -#} diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index b54eeaa..4f67f52 100644 Binary files a/etc/postfix/main.cf and b/etc/postfix/main.cf differ