--- /dev/null
+VPS_HOST=nutra.tk
+VPS_USER=gg
# Ignore all
-*
+#*
#**/*
#**
# Unignore all with extensions
--- /dev/null
+.SHELL := /bin/bash
+# .ONESHELL:
+
+-include .env
+
+VPS_HOST ?= dev.nutra.tk
+VPS_USER ?= gg
+VPS = $(VPS_USER)@$(VPS_HOST)
+
+.PHONY: stage/nginx
+stage/nginx:
+ @echo "Staging files on $(VPS_HOST)..."
+ tar --transform 's|.*/||' -czf - etc/nginx/conf.d/*.conf scripts/deploy.sh | \
+ ssh $(VPS) "rm -rf ~/nginx-staging && mkdir -p ~/nginx-staging && tar -xzv -C ~/nginx-staging"
+
+.PHONY: diff/nginx
+diff/nginx:
+ @echo "Checking diff against $(VPS_HOST)..."
+ ssh -t $(VPS) "bash ~/nginx-staging/deploy.sh diff"
+
+.PHONY: deploy/nginx
+deploy/nginx:
+ @echo "Deploying checked-in nginx config to $(VPS_HOST)..."
+ ssh -t $(VPS) "bash ~/nginx-staging/deploy.sh"
# proxy_request_buffering off;
# proxy_buffering off;
# # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
-# proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
+# proxy_set_header forwarded "$proxy_forwarded;secret=\"$proxy_secret_key\"";
# # Allow websockets and keep-alive (avoid connection: close)
# proxy_set_header connection "upgrade";
# proxy_set_header upgrade $http_upgrade;
http2 on;
# Advertise HTTP/3 availability to browsers
- add_header Alt-Svc 'h3=":443"; ma=86400';
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# index index.html;
#}
+ # CV paths - Redirect to Dev (only hosted there)
+ location ~ ^/(cv/(~?swe|swe~/resume\.pdf)|resume(\.pdf|/swe\.pdf))$ {
+ return 301 https://dev.$server_name/resume.pdf;
+ }
+
# default favicon
location = /favicon.ico {
alias /var/www/favicon.gif;
ssl_certificate_key /etc/letsencrypt/live/nutra.tk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
- # TODO: better redirect based on server, not if?
- if ($host = www.nutra.tk) {
- return 301 https://nutra.tk$request_uri;
- }
+# Redirect www.nutra.tk -> nutra.tk
+server {
+ listen 443 ssl;
+ listen 443 quic;
+ listen [::]:443 quic;
+ http2 on;
+ http3 on;
+ server_name www.nutra.tk;
+
+ ssl_certificate /etc/letsencrypt/live/nutra.tk/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/nutra.tk/privkey.pem; # managed by Certbot
+ include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+ return 301 https://nutra.tk$request_uri;
}
--- /dev/null
+#!/bin/bash
+set -e
+
+STAGING_DIR=~/.nginx-staging
+CONF_DIR=/etc/nginx/conf.d
+echo "Deploying configuration from $STAGING_DIR to $CONF_DIR..."
+
+echo "Detected changes (diff):"
+# Diff existing vs staging. "|| true" prevents exit on diff found.
+diff -u -r --color=always "$CONF_DIR/" "$STAGING_DIR/" || true
+echo ""
+
+echo "Running pre-flight validation on staged config..."
+TMP_NGINX_CONF=$(mktemp)
+
+if sudo nginx -t -c "$TMP_NGINX_CONF"; then
+ echo "✓ Pre-flight validation passed."
+ rm "$TMP_NGINX_CONF"
+else
+ echo "✗ Pre-flight validation FAILED. Aborting."
+ rm "$TMP_NGINX_CONF"
+ exit 1
+fi
+
+# If diff subcommand, exit early.
+if [ "$1" = "diff" ]; then exit 0; fi
+
+# Create timestamped backup
+BACKUP_DIR=~/nginx_backup_$(date +%s)
+echo "Creating backup at $BACKUP_DIR..."
+mkdir -p "$BACKUP_DIR"
+
+# Backup existing configs if they exist
+if sudo ls "$CONF_DIR"/*.conf >/dev/null 2>&1; then
+ sudo cp "$CONF_DIR"/*.conf "$BACKUP_DIR/"
+fi
+
+echo "Installing new configurations..."
+sudo mv "$STAGING_DIR"/*.conf "$CONF_DIR/"
+rm -rf "$STAGING_DIR"
+
+echo "Verifying configuration..."
+if sudo nginx -t; then
+ echo "Configuration is valid. Reloading Nginx..."
+ sudo nginx -s reload
+ echo "✓ Deployment successful."
+else
+ echo "✗ Configuration failed validation! Rolling back..."
+ sudo cp "$BACKUP_DIR"/*.conf "$CONF_DIR/"
+ echo "Rollback complete. Verifying rollback..."
+ sudo nginx -t
+ exit 1
+fi
projects / nutratech / vps-root.git / commitdiff