last update before master merge?

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index 1836a113dfd287b548ddce05fd5c962eade4e480..2a7b71da629149c35425ee403cc6e60ba6e8a725 100644 (file)
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -1,5 +1,6 @@
 # API
 server {
+  # Service: API | https://api.dev.nutra.tk
   server_name api-dev.nutra.tk api.dev.nutra.tk;
   #listen 80;
   listen 443 ssl;
@@ -10,6 +11,7 @@ server {
   add_header Alt-Svc 'h3=":443"; ma=86400' always;
   # HSTS
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
 
   # Sanic
   location / {
@@ -35,6 +37,7 @@ server {
 
 # Store Front (MedusaJS)
 server {
+  # Service: Store | https://store.nutra.tk
   server_name store.nutra.tk;
   #listen 80;
   listen 443 ssl;
@@ -43,6 +46,8 @@ server {
   http2 on;
   http3 on;
   add_header Alt-Svc 'h3=":443"; ma=86400' always;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   location / {
     proxy_pass http://localhost:8000;
   }
@@ -50,6 +55,7 @@ server {
 
 # Store [Admin UI] (MedusaJS)
 server {
+  # Service: Store Admin | https://store-admin-8b56411b.nutra.tk
   server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk;
   #listen 80;
   listen 443 ssl;
@@ -58,6 +64,8 @@ server {
   http2 on;
   http3 on;
   add_header Alt-Svc 'h3=":443"; ma=86400' always;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   location / {
     proxy_pass http://localhost:9000;
   }
@@ -92,12 +100,12 @@ server {
   #ssl_stapling on;
   #ssl_stapling_verify on;
 
-  # React app (base URL)
+  # Services Map (Homepage)
+  root /var/www;
+  index homepage.html;
+
   location / {
-    #return 302 https://$host/api$request_uri;
-    root /var/www/app;
-    index index.html;
-    #try_files $uri $uri/ /index.html =404;
+    try_files $uri $uri/ =404;
   }
 
 #  # Blog / Sphinx
@@ -156,6 +164,11 @@ server {
   include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
+  # HTTP3 and Security Headers
+  add_header Alt-Svc 'h3=":443"; ma=86400' always;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
+
   return 301 https://dev.nutra.tk$request_uri;
 }
 
@@ -168,9 +181,12 @@ server {
   http2 on;
   http3 on;
   add_header Alt-Svc 'h3=":443"; ma=86400' always;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   server_name matrix.nutra.tk chat.nutra.tk;
 
   location / {
+    # Service: Matrix Chat | https://chat.nutra.tk
     proxy_pass http://127.0.0.1:8008;
     proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
     proxy_set_header X-Forwarded-For $remote_addr;
@@ -185,6 +201,13 @@ server {
 server {
   listen 8448 ssl default_server;
   listen [::]:8448 ssl default_server;
+  listen 8448 quic default_server;
+  listen [::]:8448 quic default_server;
+  http2 on;
+  http3 on;
+  add_header Alt-Svc 'h3=":8448"; ma=86400' always;
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   server_name dev.nutra.tk;
 
   location / {

diff --git a/opt/stalwart/etc/config.toml b/opt/stalwart/etc/config.toml
index be02ce341a28af430ff02c66078094338324e225..ec990720f3b63083a690d5f32a248b750b4c1675 100755 (executable)
Binary files a/opt/stalwart/etc/config.toml and b/opt/stalwart/etc/config.toml differ