From 640276d57b97a8ea227171ac208bf379e690f4c0 Mon Sep 17 00:00:00 2001 From: nutra-bot Date: Tue, 20 Jan 2026 19:54:55 +0000 Subject: [PATCH] last update before master merge? --- etc/nginx/conf.d/default.conf | 33 ++++++++++++++++++++++++++++----- opt/stalwart/etc/config.toml | Bin 2315 -> 7508 bytes 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf index 1836a11..2a7b71d 100644 --- a/etc/nginx/conf.d/default.conf +++ b/etc/nginx/conf.d/default.conf @@ -1,5 +1,6 @@ # API server { + # Service: API | https://api.dev.nutra.tk server_name api-dev.nutra.tk api.dev.nutra.tk; #listen 80; listen 443 ssl; @@ -10,6 +11,7 @@ server { add_header Alt-Svc 'h3=":443"; ma=86400' always; # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; # Sanic location / { @@ -35,6 +37,7 @@ server { # Store Front (MedusaJS) server { + # Service: Store | https://store.nutra.tk server_name store.nutra.tk; #listen 80; listen 443 ssl; @@ -43,6 +46,8 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; location / { proxy_pass http://localhost:8000; } @@ -50,6 +55,7 @@ server { # Store [Admin UI] (MedusaJS) server { + # Service: Store Admin | https://store-admin-8b56411b.nutra.tk server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk; #listen 80; listen 443 ssl; @@ -58,6 +64,8 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; location / { proxy_pass http://localhost:9000; } @@ -92,12 +100,12 @@ server { #ssl_stapling on; #ssl_stapling_verify on; - # React app (base URL) + # Services Map (Homepage) + root /var/www; + index homepage.html; + location / { - #return 302 https://$host/api$request_uri; - root /var/www/app; - index index.html; - #try_files $uri $uri/ /index.html =404; + try_files $uri $uri/ =404; } # # Blog / Sphinx @@ -156,6 +164,11 @@ server { include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + # HTTP3 and Security Headers + add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; + return 301 https://dev.nutra.tk$request_uri; } @@ -168,9 +181,12 @@ server { http2 on; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; server_name matrix.nutra.tk chat.nutra.tk; location / { + # Service: Matrix Chat | https://chat.nutra.tk proxy_pass http://127.0.0.1:8008; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-For $remote_addr; @@ -185,6 +201,13 @@ server { server { listen 8448 ssl default_server; listen [::]:8448 ssl default_server; + listen 8448 quic default_server; + listen [::]:8448 quic default_server; + http2 on; + http3 on; + add_header Alt-Svc 'h3=":8448"; ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; server_name dev.nutra.tk; location / { diff --git a/opt/stalwart/etc/config.toml b/opt/stalwart/etc/config.toml index be02ce341a28af430ff02c66078094338324e225..ec990720f3b63083a690d5f32a248b750b4c1675 100755 GIT binary patch literal 7508 zcmV-a9joF1M@dveQdv+`0A19hZ0T)?>8oThrUly8LEIG&4%t3oGO5{M8FM9#_mek6iL5HRs?P1b1^vcU_1nu+X^szsoJSz$S@wrM)O!+ca>i7>$+84xu(xDtc+z3Wy zP&YvnzGCBPRP*)|KF>k9M?kP!-qa)wlN^!Z5F4l~{{)qLxo{)*V||}6D!-9egkVy5 z#7nwy_)i73dHMQob40ysE#<%L8omdV)iClju=IFQyhiaFKpaN89jtwtx(tqt|D{6Z zGoGhy*B!VrX9$*Yeo9Z`Q+ID}2Z&N300yrtU+&O2Q>;#voQY_m-TfE}Z3Q=4oD56g zma3*>iz(Y9jM^_!JX2f*LO&Bn_+Bevd2O?9zo`w4U>wy!9lahU(;sBBCyYNL{lmF} zDn@^#C9~8UVp>7s1Rd4J{@UPo!?F>z11EhPbk&H=(K(|D`@*az2gARy4f0~rRAuL4 z*Qo_R6L6CWk|!EnY~36#gomwEkc>^MN+o}<@voy=akVt+| z)vyOD#i;7FT-k8!|G*>%T<}_iFDp^ zz>2Qptvd7PCQ+3Sy59T?DpIUvH6Jz)B05-*r^+WDjPNtPAvpLISBc0;eGxx)GHnT!YI1pkaUpRUQl^1VHcjvE3Z`h$z9a zY1d$JwCCy_UnDPW#5fRj1Cl|*Gn4Qk9B<4S4Sfh!ySn_3o#iYrP$4#CU2n+Nm5?t)al z-wzy{oxHP+sf27^QAg0xY0JvCOPij0a_a4>VDbaJoJ)F?RcMbcx>^Vw9EQ zu@5GbBb41mWo{Ul=X9+|<$Uf$UK8SsQnzKP};#aHVQj`C#21O@y9gZh%b2DgJOfE{@vKbjcbi9sI zcoA!@PzeVn97l9^WHh0FK*K>1nf++3u!2;GP=hQkf&dzj;9l_vj!$Tj@rIcE87DD3 ze0HiEpOdwQ#I#f-<7y} znbqX`*kx`$JZqe3C1XN(d(C{QY7D*_%JOuwL1dwROq#njgeOBc6P*b{mgSFCa3Qxc z{Bd~OI5kB;@T{9%7=Q3W$+vS6x4@BZGY_T6y8a+;(-U5Pt!#?_9vi_6?^J1bG7TEx zyvd}J7JdFf5}y*~qWO)hQYV;iYrs@NGlHq$kH{QWZD{i$IA$Ahu-lNGR@2XMv+oPK z{^|vG9VsOPm4I-$p~5JCMlS#pMW0jlMmm7!w6m+Z30)}YPc#&CfE4n`-$S~WXYa)S zj=WwvK;Mh6DW)d^AyFuhlCA_t-09+JILG``N7LHMW}8A{c;LHS zI`Dt5CcI@BtQU-P3}jT>u;g(IXUL%XIxBm!XV)1x{_*E$cYQaY%qnEY(R1$X&FiJW zwvFoi^YNASMUvp+6}+e{CXMV#^ok2XiHZNVG3onx613Wk+_xE3Vm^1YO<7Z6t+Z~C z2{|*~(gsO@nGb2wEFYF$l7gUp3j}4xoH|JBCf&~0kF0$(dJ+@U-HoN=)j=dz>D4NL zj?NwVmvbmGYl~U_h2nzHm|%@p%7oclm(qQ1)KFpu*p3kOeK+rKp$RQBdqZ5KSDDrt z+8~Mlmg6vit;B8Mo|*TAw1I~+DLG6EFKsk*h$}q$o{nyC=~goMewoM{6<>uZP|)SI zg=M2xQ^u21A5*|$Sh15iXO#$EyJK!?bKeG!Ez+dL?Yy($OR0>$;zO(!)+Al3b4JZ< zFx&Fh!mgjl2QC?u=jmj?vvM}DqJsAr&9~ryVs$$#42CH{7s@nmyk^e~l=i@)vkW~A z#mSVg^EJbkHj+qN;xOX?`V1Rb__=Ki=lf3cPDlPhU*vKF4EH>Ab@c{fCgQ{ssrA7p zH6RvFRAV@`&IfskSv=*N#HLG%yRAn;%^v-mrm^s-oW@8nRaZOCf%}qT5K8Bb5)#uI z2w}U<{$k?y^5Ac*^lBo78KEFz8 z6Wy^Pz(icvvz9*+T|2Xwd$j$yaK0xbLV_a3=Fx_bGciu2g-58t?#1JAoy52P8%Cs> zxHaUFqV3S5lcV(*U35dwLC=wK`F9{IQ$PpyghdNpWCalTx@_NqNo-Q798sad!rpZ{ zMg;7CZLYRu7fQexBTwc-TY)zl-cyM((GIgswGET&)DSM$;{|~ar09M9OS3@ERIk2c zM5h6(n(ddRz-$>_fN_FZn0vW=w*go8*;?4jHpNIVQl_oTev@R1>%DTIEJ?*AIM+(X+&^ z1)M7D;Tdi_TSHfLu|=FHc%Rh}(O$9qUN&Csw3ktUXMTXOOYm)2nP;fKSGV+k$};47 zs!^7_jHfbLw^ti!13f*p#ljgI zMm!IB`Cf-sh7JV6BNswAtlZKGBBKV=r@d6&_J$9S>eXJZ&;mWA^Kqsy@1n=rNd}6K z7d?A=Ws2C|gKcoz^r?lwy?@@-Pq-qXftYF~n&e|OzrDV&7aRmP1U7%VU>qQ|05!Io zvmI0$C7E3x^B$NF5eL(OsMdJuI3Y*WEYf#y_}}|gN3&;k~Q?}R#sKD zqsRE(5JXPnAvpSs5I)JyP$ppnKTGx&gx9L~JQG1KLr^pc(-IIm1nfrV$RTNE@sQnO zf8r%(`QL2hr&So@U~uBd#ScteW%#dU6;_xi2K3PmJggTQLz?x1s22;j@Rz1`HDJ1x zDQ2U}Xj~U`>^R!dA>ny+z(j3N&q5ld3G--~4%8R~3lTdWH|>fbj_x-KNRA~1-_Vi$ z=G$^!&5|>f3OKlanW=5nYqCm*l60|<$7{mkXpsJB2pS*+gOkT#g(pbSKz=MY56qeC zz1y)5&yr9h853yS=@zzr8uX(X3v_E!qH{{QJqObgaJ#}T!ID*f=p@L~7_I3hRl=l; zAcC8eF2YvaegDWX(!>h2PBvNX>U(fCvdP7-^%l39g8eOzQbUN{Z->DwWdlkhSIh!g z{&mv9_Qgk7vwh-9yl3@t-^`Ex$wtQN{ds|%N)0xU6X#sv}s*wiB>5~|Q%R>xGJC|fj}qSsQPc`aH@;(a_LZMUf|ZOpKmfvC;EFs z=CGkH2#W80IIm0Bjo@+Gp}TvbnctR}_;B+e#`o1DYqod30|3L=`#Q$J#E>?DzNiwx zW|`Uz?4XNJ2m>;7C&Vgx0$`6&j{5?Fy7AjUnCXdPS=uu_7H0OQ%yaaa&tnxd_?pIh zD<^1jKik3U| zT%gBOzQm&*r`jd33WAqQW6*X0j9x5BAnW0hW~g;QtX zB$j}^?|S8NfGpiAp11)N(G$=@WZn-^p-iX5_XJL&wjntdo^x~Xm&Q&_r@z&|4CPXN zz^}8`3VZ-#t%EZOEinl5#pO(+WZ5HTO{CUuVtbL&pIOnVxPjz7gD>j&hN*QDg0zbA zz~H3XA9RYS=u6Z_7R(aH>DF-{J_ftu#&e_&hn)%46)JmPGTn%AI~s<6Snep;A(E=uVm>ziGDdI*nEHtOTxG=U=#-RA3$=Pz9Jmx`_w z*^2{+ih8dMFZ~qRR-pXY<{$jKh5l8mHj}jX_!%oP%)@PzOhl8Fvewi92`CI!l@jB} zrA}8AEV&RG38g<0F54yH!_VTcW6Z1zBqq z#^^V?A@L21#m9HtMn<63G3V*zTgfa&^^4F}d9Q2ka$QXXvjKaV8%z3QKXPKxE0XBD zjL1D+$tWrln75&!r9*#*`_lccI|pkw8W;f3rtBzC80uq-c7macgT z+|2QX5`z*pveCmzj0TT?{sV2*zXrlSE!My_26U=S%q!xLU#{z!btgH^SBl)n{2~ow z-gO%c$lk835VSH*(B|rvH|<{YLRTEkm3KpNNJWkhXZI%O2|ug?n%S*Y~?e-{w6Ln^_{mUdm(nPmBMZaNf2J0fg#g!{y@#Q=)^O80nJ zs5yf?LP}L6fy=IQ83WXR(_-i0W1s&^2G>6Id{%g6wc$K`OlpUs>1l0)CX=kwCf>*) zPoY)q586~^Fn|d?<8h7ZBW?d~E|;*2o)dWFBCHrr5x_pks1+Hpnc#eG_j8%P z{-C)V47wSEMJmA}8RVqQ*NQEL0ovhS*0E!v3p>t;_~Xur8rB%o=uPj=pERu&*d?t|#*u=?%@+h8<-z%sZx zrxtQJULsBP;2HrGXq#NUIOU3P>0u}Mpvom~b@H0k z1ic@1Zw&b1HCkA2CF1oLWQ(D*o20DnxE3F<(0-?HUUhi4*&-MrHQbr4GIGd=s|ljs z+5+QPvrlS4Tx(NuET0*rrh-ajrr7djlu`15vxGQP#71Qac_MoUT3fXAHXVgGdwN^g z8^}aM6GY21(azmhOT&OrtqNFDpMpt%eB z!1trqRMDO)ioV6Lz@*SgNH(1=8$(RgDPrKsz;2PAeO?dz7e|X5CD|&T+A!Hhq_Kp_ z$>OFzv3JdmSkmsWUN1rmX!&m9!+-zIeK&9GdEiUNsN8 z(apztk1e}9YOv^PE(*`O09=!@L(A#NZ}{{iqN)X%*4m&tAv61!t7K>|%4pE&L7qa9 zSEeJK-qjjLaGKJQmnp|%NH+=V(SPbuizb-B4&M$&7yOUa?%d0~%-oXWL zKHXD+pG~Ulj8ThJSJ>iORNv}Nh9xu8=8`SsXd1wlmQ_=tFn(XFy>_TOA*h4D7R*;l z+E&D8v@$s^ewLpef~o9?HEhb>W1|LI1hHvY%to?Iz_Y1;*Weyw8MO}T4xO_iAd%|| z)%F|!==h__ISGoM>n8+%876t9T4IhNy=?%#Tp|~RhF#P=dhbhNy zqmBG|EI&*fqqOJ**$n`HNekn&Ny&%VALj;OR_oX(?`&@xA$7lqACoL@qm)ZGWD%5n z_N|cu?YG=Rn!CT8#a5~h(e5ok6fqj**el1AcetcCQw=Gcl;E0%v9&OMX~8_(_#5IqkSkJ}Ua{$^wG zDRDdpDjgkXamh%UpTLUXHlIH}z}b1zL5x;DZ8%zhI?uG;`%-E2Zx7(7&q2mXXq7Jx z`A(%t1>b8lg4K}UI*lNMcu%`VaHTiZLpPkw?DDbgsf_`+n(3D7X3NMCwiu10h6odsdu}-|MVQ8du10mSbsXvn zS(&Kfj1oN~c15yrXV#~jWS`(D7=G_~2lQ6_3SLra(e#c{J%n0QNJopAfZ@GKmvz%g zMIDutj3!q@VLGpbV^@n~&bb9TMBlgUOv2L+G7+Vz8-_qWMC3Bc8#TG!_<3sl913U; zS^(TjLFfB-QVx{U_xsQeEu>g5ERtlvG5stRjAJ~GL)c~;*DEw%W0c)3eF!A!yYLmf zSafw$qWG!L2wNz}-DMC_Xwq0%0DkruU)z?1m1XP3KF+B+DhutLWsKP)s-D{^;Y^x?d6F{ z$bOLA5X-n4AoyCIMf0zeZ+(SpE}9rQ~F^Yq4=pN$)XFzAF=#6Pz(R}ACy01Q*?tL&T zV-DrS72(XZ=pQYyf{wRgb8WmqTcWHT=(Ax5f)GZq;INpCR`G=1=80rw_T9==a!lnN z?jhSMbYhb$F|YUvdyOhfg9Kz_TD&`%i~@cNW~MI|VWp3&Gx`HD{Ll-uHASQbOb-ms z0AAuVC9VO=OV$z%>Lieo{J4S$H0QDEVB6<=f0R)BMjp)=!w9+ifwl1^dtFOwktF*v zlMPVAywOuFBEUgcV&=@sm`hef6S!LGrk>eVV%#n~=XP)*iHs!98|Jj!+-eVL3hkOM z&XUXZS5QVIks_I0Tw1lxNE6$hf*0Zz!qa$tHNBcY8Sa)kHV)vY)JgbIVF0a>2q|e5 zTgis~P&02`2#1h;wAe^0oDhRXVXi``$LNc^$$1u#3p)B&ZD%`CHW)bCkq<^gG%;0k z`r8I>pMzimVy&*9Fx$RJe|My>%Ag#or0aSFKLd7z=8$l08J1H(WYzbS>0aqoREfzb zHcN*6(ubN{t#&v^_qW9e>!p*4FDE`n#w@2Y*Ki{k`JD;4UMnRK?S328)by^WwY{x) zCMZ;j{N96bxqgKgg9oUx677Kr0G}}1ns6!~I_uC|Z1)tmWMl;XZ<8W%J7KUkA!CTY z_$Xd-o*S61qQLMGD(tk^DN8kUeQWbA*9NJqy_GP3Qu-`@YU*sBC9wMTn?ooIcgCS^ z)bI%H#=RS+F5hxC)}|mDNRgA#nTF&cN^}@KzX= eI~Ijd*oawYFP-1t9itWOIztq}N+&8n%KwhbcVjdF literal 2315 zcmV+m3H0^=M@dveQdv+`0A1L;CRl`z%9PgW#*h}uZ0vq5lw&!>5LtNRAL{xrgpOvU zDK~u~Qi&m!bR*p7C8C7WLn>Cslc1)SapfZeD%a|A zj`k_ymgB-naA?VRXY{u|Ctu6{cw=;PTI0eTzjLm^79>uM$vcWR6Ga&4{*YR7jm>%E z|F1wN@K?i?KK+9aD7|C-xk}*3nL1ydZoPZYEV;j`i7ov=-4$&ey3Y#snV_oXOVu5f zTsW|W&#raJ0f1*kvU8|6rq#hpiaytRxq*OU;F1IubPAok20fIy;np%C%IpCR5sLKX z3$SqzKy1U0>7FLx`w5;j$|T=IHRd2kvV>^Bd@wvCy(^ zxZVi<_;fs=KR94~4y3Fum8!{FsohDUVg%M5mEUN2D|7{j_o<6-Xk3YPNH~*K#T|1N z-51yGd^dYeV5>-K@DnY`f$1>IgJn4Nd{bWlhf>ClRq#q#=08Xl=@abwDML>+QfG`_ z1(GQkRJ1WR1Q*%tezOP@0HDnM4{x*{){=#e#+pfvW0^~u$c$y6 z>262l(U``ReZzpqdpp6ge#a$w)|&fTAScM#a#(?@Qpec&QFkT}V+;2-t}t$%Yu7mw zVSqpBHs-dz<4|fhw+DVKLQ;Kvy{L)F_$XPZ2Qj43+RLuM9+J{SM zf@#%L>s2HQL=Iv9zgWFJ#L7=YmP+^}bLY)p;qbw1+kLL=>(J2FD;vGEcJWhyYtG^v z)SW=z&EbK<0E5WrDhVC4eepMXCM4wvmJAHM){*<^j%X`X_Wux^lgay%qG!U{^$KEn z+#vh|F&fXy4^2!NG<6yqY6N>vT@3p z&;IM|i1~m#OX3jMxHC~l$}}gx*o89BEmRi6oV~824icdot2N1T38l#W6NgR+q2~3z znFi<>{JPi(qP6*_tVo}vDN_m3NK>iEqW=zNFNsHsY&XG&-9^R5u_X=K?s>%}^!y!J zQ4!f#0I}5x?>j}0!3Q0JT8XSZbYHAr-;IZO#QfOqttyB5n{Myv%WG4r4_EA7W~cX6 zuGsFH`3@&LL`qFJI!NLQxaUis)6O{zxa1mT6>;s}ERtEE{I94SsQMWs9uxu+BicXy zeg)%LNZ|N-N2@R8iaxp^nUgO15Mt1DuJmV&U|n6cU+ThTgz+(L?R4utPdO-1nDD!T z_3a(*tw=#59fe7|GB{P?e9NKlBvr?dpt56GpG<^w8k5#fAva1%c)fS1J$5a9HGn2w zP-pXpwmGB~va944Ft?MG!tsbm)B@*O`|naO9xz9XW0Pp!E?ZcA{e>Y(vbIvB{PIl8 zJ*R{IpEce(u9JL9(P=G59`h`#kR2~F>^7q9MX4Y#bgFv{%>H4H@2q#tEy_WNgm0;G zwb<3Ss^n!?6_E@?#Xll8Wpp*mO5qW+$d_x)>>dI=@@U`rFDnGjJh4EbFa>an;X{B} zR)4eLr*X*|xfown+d$khb`=1YLiWmTUEow{1uC!5AHT~%mu>9YHQ{8!`vUfbvuZ3G zi0W&-lzzCpP~6M7x#Qsb56h>@UCL68$sZbIt4@Ql-MyS)wCj9c5dW_!dK>J-zg(!^ zWM3?3%O`+ge|fusz2pXU=CaMxqEhyoHti+nZ@YTapme-(AvjoU??XF8@YI@eF;{n* zlZJ(#sk)gbHkNoPz^y3WttFnZ*kF)2S(eZUb8VK?D-V}Ow0s4MNQutt@{|*OZ^;+ieXXqH z-;JkhO`dMPa}q}KpGvjr%vhimX>cdtnM!O_n0WPumuRN9(A5^=tiGiU1jU6ihDXyF z(e;?%@YJcV5liZZ>z$YqL~xS-{#o-PBu4Bm zi~)2f=nz%zTDxaAEuCpH2ljM8~$eqkeUY8gc*a93~z5b;G^E(Z8! zql3=Bzy!*xtqJjvg-)Oc2;vO*o1h_qan(pE8w4|~C^dk6Z!Y09N~f zHb`O?ZK26l@8wlwR-g~G?T1fb3W(KtLeX?Zgj!BIe$#b@kbAI?ggDHgo<0vnEQ@R$ zwIQE>`Hq^FATqWV49T|T{2K6AbBT5Tu?L%)kjOA5nNpiNsb3K2Bp#N@rc2wWl lV%GZ5WeD}Ot7NA{=d?H?>A`0>X?t&zs#(SH4;!-Em=}K?fGz+4 -- 2.52.0