if is evil (better www -> non-www redirect)

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index ed321a442c142e573b0441ef1e6fe321ab6ed2d5..7da95dc95f151b18c58e8109f77389c6ee8dd55a 100644 (file)
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -117,8 +117,9 @@ server {
   }
 
   # resumes
-  location = /cv/swe~/resume.pdf {
+  location ~ ^/cv/(~?swe|swe~/resume\.pdf)$ {
     alias /var/www/cv/swe/resume.pdf;
+    default_type application/pdf;
   }
 #  location = /cv/dataeng~/resume.pdf {
 #    alias /var/www/cv/de/resume.pdf;
@@ -140,11 +141,23 @@ server {
   ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
 
-  # TODO: better redirect based on server, not if?
-  if ($host = www.dev.nutra.tk) {
-    return 301 https://dev.nutra.tk$request_uri;
-  }
+# Redirect www.dev.nutra.tk -> dev.nutra.tk
+server {
+  listen 443 ssl;
+  listen 443 quic;
+  listen [::]:443 quic;
+  http2 on;
+  http3 on;
+  server_name www.dev.nutra.tk;
+
+  ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+  return 301 https://dev.nutra.tk$request_uri;
 }
 
 # Listen on 443 with matrix / synapse