From 878d731c836a6676387d819f83664c531978a201 Mon Sep 17 00:00:00 2001 From: Shane Jaroch Date: Tue, 20 Jan 2026 17:10:47 -0500 Subject: [PATCH] Disable unused services in prod config --- etc/nginx/conf.d/default.prod.conf | 143 +++++++++++++++-------------- 1 file changed, 72 insertions(+), 71 deletions(-) diff --git a/etc/nginx/conf.d/default.prod.conf b/etc/nginx/conf.d/default.prod.conf index 500897e..984420c 100644 --- a/etc/nginx/conf.d/default.prod.conf +++ b/etc/nginx/conf.d/default.prod.conf @@ -7,77 +7,78 @@ server { } # API -server { - # Service: API | https://api.nutra.tk - server_name api.nutra.tk; - #listen 80; - listen 443 ssl; - listen 443 quic; - listen [::]:443 quic; - http2 on; - http3 on; - add_header Alt-Svc 'h3=":443"; ma=86400' always; - # HSTS - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; - - # Sanic - location / { - proxy_pass http://127.0.0.1:20000; # API server - # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered) - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_buffering off; - # Proxy forwarding (password configured in app.config.FORWARDED_SECRET) - # and stored in: /etc/nginx/conf.d/secrets.conf - proxy_set_header forwarded "$proxy_forwarded;secret=\"$proxy_secret_key\""; - # Allow websockets and keep-alive (avoid connection: close) - proxy_set_header connection "upgrade"; - proxy_set_header upgrade $http_upgrade; - } - - # default favicon - location /favicon.ico { - alias /var/www/favicon.gif; - } -} - - -# Store Front (MedusaJS) -server { - # Service: Store | https://store.nutra.tk - server_name store.nutra.tk; - #listen 80; - listen 443 ssl; - listen 443 quic; - listen [::]:443 quic; - http2 on; - http3 on; - add_header Alt-Svc 'h3=":443"; ma=86400' always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; - location / { - proxy_pass http://localhost:8000; - } -} - -# Store [Admin UI] (MedusaJS) -server { - # Service: Store Admin | https://store-admin-8b56411b.nutra.tk - server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk; - #listen 80; - listen 443 ssl; - listen 443 quic; - listen [::]:443 quic; - http2 on; - http3 on; - add_header Alt-Svc 'h3=":443"; ma=86400' always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; - location / { - proxy_pass http://localhost:9000; - } -} +# API (Disabled in Prod) +#server { +# # Service: API | https://api.nutra.tk +# server_name api.nutra.tk; +# #listen 80; +# listen 443 ssl; +# listen 443 quic; +# listen [::]:443 quic; +# http2 on; +# http3 on; +# add_header Alt-Svc 'h3=":443"; ma=86400' always; +# # HSTS +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +# ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; +# +# # Sanic +# location / { +# proxy_pass http://127.0.0.1:20000; # API server +# # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered) +# proxy_http_version 1.1; +# proxy_request_buffering off; +# proxy_buffering off; +# # Proxy forwarding (password configured in app.config.FORWARDED_SECRET) +# # and stored in: /etc/nginx/conf.d/secrets.conf +# proxy_set_header forwarded "$proxy_forwarded;secret=\"$proxy_secret_key\""; +# # Allow websockets and keep-alive (avoid connection: close) +# proxy_set_header connection "upgrade"; +# proxy_set_header upgrade $http_upgrade; +# } +# +# # default favicon +# location /favicon.ico { +# alias /var/www/favicon.gif; +# } +#} + + +# Store Front (MedusaJS) - Disabled in Prod +#server { +# # Service: Store | https://store.nutra.tk +# server_name store.nutra.tk; +# #listen 80; +# listen 443 ssl; +# listen 443 quic; +# listen [::]:443 quic; +# http2 on; +# http3 on; +# add_header Alt-Svc 'h3=":443"; ma=86400' always; +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +# ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; +# location / { +# proxy_pass http://localhost:8000; +# } +#} + +# Store [Admin UI] (MedusaJS) - Disabled in Prod +#server { +# # Service: Store Admin | https://store-admin-8b56411b.nutra.tk +# server_name store-api.nutra.tk store-admin-8b56411b.nutra.tk; +# #listen 80; +# listen 443 ssl; +# listen 443 quic; +# listen [::]:443 quic; +# http2 on; +# http3 on; +# add_header Alt-Svc 'h3=":443"; ma=86400' always; +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +# ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; +# location / { +# proxy_pass http://localhost:9000; +# } +#} # UI, blog, favicon, default server -- 2.52.0