From: nutra-bot <nutradigest@gmail.com>
Date: Mon, 19 Jan 2026 18:52:57 +0000 (+0000)
Subject: wip http3 stuff
X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=refs%2Fheads%2F_prod-vps76-ubu24.04;p=nutratech%2Fvps-root.git

wip http3 stuff
---

diff --git a/etc/letsencrypt/renewal/nutra.tk.conf b/etc/letsencrypt/renewal/nutra.tk.conf
index 02c9c6e..a737c67 100644
--- a/etc/letsencrypt/renewal/nutra.tk.conf
+++ b/etc/letsencrypt/renewal/nutra.tk.conf
@@ -15,4 +15,4 @@ authenticator = nginx
 installer = nginx
 server = https://acme-v02.api.letsencrypt.org/directory
 [acme_renewal_info]
-ari_retry_after = 2025-12-28T06:00:02
+ari_retry_after = 2026-01-19T18:00:04
diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index cddc926..2180145 100644
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -54,7 +54,7 @@ server {
   http2 on;
 
   # Advertise HTTP/3 availability to browsers
-  add_header Alt-Svc 'h3=":443"; ma=86400';
+  add_header Alt-Svc 'h3=":443"; ma=86400' always;
 
   # HSTS
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
@@ -80,6 +80,11 @@ server {
   #  index index.html;
   #}
 
+  # CV paths - Redirect to Dev (only hosted there)
+  location ~ ^/(cv/(~?swe|swe~/resume\.pdf)|resume(\.pdf|/swe\.pdf))$ {
+    return 301 https://dev.$server_name/resume.pdf;
+  }
+
   # default favicon
   location = /favicon.ico {
     alias /var/www/favicon.gif;
@@ -95,9 +100,21 @@ server {
   ssl_certificate_key /etc/letsencrypt/live/nutra.tk/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
 
-  # TODO: better redirect based on server, not if?
-  if ($host = www.nutra.tk) {
-    return 301 https://nutra.tk$request_uri;
-  }
+# Redirect www.nutra.tk -> nutra.tk
+server {
+  listen 443 ssl;
+  listen 443 quic;
+  listen [::]:443 quic;
+  http2 on;
+  http3 on;
+  server_name www.nutra.tk;
+
+  ssl_certificate /etc/letsencrypt/live/nutra.tk/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/nutra.tk/privkey.pem; # managed by Certbot
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+  return 301 https://nutra.tk$request_uri;
 }