update our config from old prod

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index c661fac2dece1d5971016db66fe191eacb177978..d5f349b1f4efd63c7e7c880a3eccb6a9e2197aa4 100644 (file)
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -7,32 +7,32 @@ server {
 }
 
 # API
-server {
-  server_name api.nutra.tk;
-  #listen 80;
-  listen 443 ssl http2;
-  # HSTS
-  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-
-  # Sanic
-  location / {
-    proxy_pass http://127.0.0.1:20000;  # API server
-    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
-    proxy_http_version 1.1;
-    proxy_request_buffering off;
-    proxy_buffering off;
-    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
-    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
-    # Allow websockets and keep-alive (avoid connection: close)
-    proxy_set_header connection "upgrade";
-    proxy_set_header upgrade $http_upgrade;
-  }
-
-  # default favicon
-  location /favicon.ico {
-    alias /var/www/favicon.gif;
-  }
-}
+#server {
+#  server_name api.nutra.tk;
+#  #listen 80;
+#  listen 443 ssl http2;
+#  # HSTS
+#  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+#
+#  # Sanic
+#  location / {
+#    proxy_pass http://127.0.0.1:20000;  # API server
+#    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
+#    proxy_http_version 1.1;
+#    proxy_request_buffering off;
+#    proxy_buffering off;
+#    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
+#    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
+#    # Allow websockets and keep-alive (avoid connection: close)
+#    proxy_set_header connection "upgrade";
+#    proxy_set_header upgrade $http_upgrade;
+#  }
+#
+#  # default favicon
+#  location /favicon.ico {
+#    alias /var/www/favicon.gif;
+#  }
+#}
 
 # UI, blog, favicon, default server
 server {
@@ -44,9 +44,10 @@ server {
   # HSTS
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
   # OCSP stapling
-  ssl_stapling on;
-  ssl_stapling_verify on;
-  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
+  # no-op as of 2025 (disabled by letsencrypt)
+  #ssl_stapling on;
+  #ssl_stapling_verify on;
+  #ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
 
   client_max_body_size 50m;
 
@@ -59,10 +60,10 @@ server {
   }
 
   # Blog / Sphinx
-  location /blog {
-    alias /var/www/blog;
-    index index.html;
-  }
+  #location /blog {
+  #  alias /var/www/blog;
+  #  index index.html;
+  #}
 
   # default favicon
   location = /favicon.ico {