From cc1efe944169660c761b1bab6c3908e1a303d30b Mon Sep 17 00:00:00 2001 From: Jonathan Chan Date: Sun, 23 Feb 2025 17:22:56 +0100 Subject: [PATCH] ionathan.ch -> ionchy.ca --- git.ionchy.ca | 29 +++++++++++++++++++++++++++++ next.ionchy.ca | 45 +++++++++++++++++++++++++++++++++++++++++++++ rss.ionchy.ca | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 git.ionchy.ca create mode 100644 next.ionchy.ca create mode 100644 rss.ionchy.ca diff --git a/git.ionchy.ca b/git.ionchy.ca new file mode 100644 index 0000000..1e6fdfd --- /dev/null +++ b/git.ionchy.ca @@ -0,0 +1,29 @@ +server { + server_name git.ionchy.ca; + location / { + proxy_pass http://localhost:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot + + + +} + +server { + if ($host = git.ionchy.ca) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name git.ionchy.ca; + listen 80; + listen [::]:80; + return 404; # managed by Certbot +} diff --git a/next.ionchy.ca b/next.ionchy.ca new file mode 100644 index 0000000..65cad25 --- /dev/null +++ b/next.ionchy.ca @@ -0,0 +1,45 @@ +server { + server_name next.ionchy.ca; + client_max_body_size 512M; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + + location / { + proxy_pass http://localhost:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/webfinger { + return 301 $scheme://$host/index.php/.well-known/webfinger; + } + location = /.well-known/nodeinfo { + return 301 $scheme://$host/index.php/.well-known/nodeinfo; + } + + include mime.types; + + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot + + +} + +server { + if ($host = next.ionchy.ca) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name next.ionchy.ca; + listen 80; + listen [::]:80; + return 404; # managed by Certbot +} diff --git a/rss.ionchy.ca b/rss.ionchy.ca new file mode 100644 index 0000000..1d20df7 --- /dev/null +++ b/rss.ionchy.ca @@ -0,0 +1,48 @@ +upstream freshrss { + server localhost:8080; + keepalive 64; +} + +server { + server_name rss.ionchy.ca; + + location / { + # The final `/` is important. + proxy_pass http://freshrss/; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_read_timeout 90; + + # Forward the Authorization header for the Google Reader API. + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + + listen 443 ssl; # managed by Certbot + listen [::]:443 ssl; + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot + + + +} + +server { + if ($host = rss.ionchy.ca) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name rss.ionchy.ca; + listen 80; + listen [::]:80; + return 404; # managed by Certbot +}