server_name api-dev.nutra.tk api.dev.nutra.tk;
#listen 80;
listen 443 ssl;
+ listen 443 quic;
+ listen [::]:443 quic;
http2 on;
+ http3 on;
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
server_name store.nutra.tk;
#listen 80;
listen 443 ssl;
+ listen 443 quic;
+ listen [::]:443 quic;
http2 on;
+ http3 on;
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
location / {
proxy_pass http://localhost:8000;
}
server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk;
#listen 80;
listen 443 ssl;
+ listen 443 quic;
+ listen [::]:443 quic;
http2 on;
+ http3 on;
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
location / {
proxy_pass http://localhost:9000;
}
http3 on;
# Advertise HTTP/3 availability
- add_header Alt-Svc 'h3=":443"; ma=86400';
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
client_max_body_size 50m;
#ssl_stapling on;
#ssl_stapling_verify on;
-# # React app (base URL)
-# location / {
-# #return 302 https://$host/api$request_uri;
-# root /var/www/app;
-# index index.html;
-# #try_files $uri $uri/ /index.html =404;
-# }
+ # React app (base URL)
+ location / {
+ #return 302 https://$host/api$request_uri;
+ root /var/www/app;
+ index index.html;
+ #try_files $uri $uri/ /index.html =404;
+ }
# # Blog / Sphinx
# location /blog {
allow all;
}
- # resumes
- location = /cv/swe~/resume.pdf {
+ # CV paths
+ location ~ ^/cv/(~?swe|swe~/resume\.pdf)$ {
alias /var/www/cv/swe/resume.pdf;
+ default_type application/pdf;
+ }
+ location ~ ^/resume(\.pdf|/swe\.pdf)$ {
+ alias /var/www/cv/swe/resume.pdf;
+ default_type application/pdf;
}
-# location = /cv/dataeng~/resume.pdf {
-# alias /var/www/cv/de/resume.pdf;
-# }
-# location = /cv/datasci~/resume.pdf {
-# alias /var/www/cv/ds/resume.pdf;
-# }
# public folder
location /public {
ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
- # TODO: better redirect based on server, not if?
- if ($host = www.dev.nutra.tk) {
- return 301 https://dev.nutra.tk$request_uri;
- }
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Redirect www.dev.nutra.tk -> dev.nutra.tk
+server {
+ listen 443 ssl;
+ listen 443 quic;
+ listen [::]:443 quic;
+ http2 on;
+ http3 on;
+ server_name www.dev.nutra.tk;
+
+ ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+ return 301 https://dev.nutra.tk$request_uri;
}
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Listen on 443 with matrix / synapse
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
server {
listen 443 ssl;
+ listen 443 quic;
http2 on;
+ http3 on;
+ add_header Alt-Svc 'h3=":443"; ma=86400' always;
server_name matrix.nutra.tk chat.nutra.tk;
location / {
listen [::]:8448 ssl default_server;
server_name dev.nutra.tk;
-# # New chat (matrix / element)
-# location ~ /v2/chat/ {
-# proxy_pass http://127.0.0.1:8008;
-# proxy_set_header X-Forwarded-For $remote_addr;
-# }
location / {
proxy_pass http://127.0.0.1:8008;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
-
-
-# Chat (mattermost)
-#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
-#server {
-# listen 443 ssl http2;
-# server_name chat.nutra.tk;
-#
-# location ~ /api/v[0-9]+/(users/)?websocket$ {
-# proxy_set_header Upgrade $http_upgrade;
-# proxy_set_header Connection "upgrade";
-# client_max_body_size 50M;
-# proxy_set_header Host $http_host;
-# proxy_set_header X-Real-IP $remote_addr;
-# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-# proxy_set_header X-Forwarded-Proto $scheme;
-# proxy_set_header X-Frame-Options SAMEORIGIN;
-# proxy_buffers 256 16k;
-# proxy_buffer_size 16k;
-# client_body_timeout 60;
-# send_timeout 300;
-# lingering_timeout 5;
-# proxy_connect_timeout 90;
-# proxy_send_timeout 300;
-# proxy_read_timeout 90s;
-# proxy_http_version 1.1;
-# proxy_pass http://localhost:8065;
-# }
-#
-# location / {
-# client_max_body_size 50M;
-# proxy_set_header Connection "";
-# proxy_set_header Host $http_host;
-# proxy_set_header X-Real-IP $remote_addr;
-# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-# proxy_set_header X-Forwarded-Proto $scheme;
-# proxy_set_header X-Frame-Options SAMEORIGIN;
-# proxy_buffers 256 16k;
-# proxy_buffer_size 16k;
-# proxy_read_timeout 600s;
-# proxy_cache mattermost_cache;
-# proxy_cache_revalidate on;
-# proxy_cache_min_uses 2;
-# proxy_cache_use_stale timeout;
-# proxy_cache_lock on;
-# proxy_http_version 1.1;
-# proxy_pass http://localhost:8065;
-# }
-#}
projects / nutratech / vps-root.git / commitdiff