ionathan.ch -> ionchy.ca

git.ionchy.ca

@@ -0,0 +1,29 @@
+server {
+    server_name git.ionchy.ca;
+    location / {
+        proxy_pass http://localhost:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    listen [::]:443 ssl;
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot
+
+
+
+}
+
+server {
+    if ($host = git.ionchy.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name git.ionchy.ca;
+    listen 80;
+    listen [::]:80;
+    return 404; # managed by Certbot
+}

next.ionchy.ca

@@ -0,0 +1,45 @@
+server {
+    server_name next.ionchy.ca;
+    client_max_body_size 512M;
+    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+
+    location / {
+        proxy_pass http://localhost:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    location = /.well-known/carddav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+    location = /.well-known/webfinger {
+        return 301 $scheme://$host/index.php/.well-known/webfinger;
+    }
+    location = /.well-known/nodeinfo {
+        return 301 $scheme://$host/index.php/.well-known/nodeinfo;
+    }
+
+    include mime.types;
+
+    listen 443 ssl; # managed by Certbot
+    listen [::]:443 ssl;
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot
+
+
+}
+
+server {
+    if ($host = next.ionchy.ca) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name next.ionchy.ca;
+    listen 80;
+    listen [::]:80;
+    return 404; # managed by Certbot
+}

rss.ionchy.ca

@@ -0,0 +1,48 @@
+upstream freshrss {
+  server localhost:8080;
+  keepalive 64;
+}
+
+server {
+	server_name rss.ionchy.ca;
+
+	location / {
+		# The final `/` is important.
+		proxy_pass http://freshrss/;
+		add_header X-Frame-Options SAMEORIGIN;
+		add_header X-XSS-Protection "1; mode=block";
+		proxy_redirect off;
+		proxy_buffering off;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Port $server_port;
+		proxy_read_timeout 90;
+
+		# Forward the Authorization header for the Google Reader API.
+		proxy_set_header Authorization $http_authorization;
+		proxy_pass_header Authorization;
+	}
+
+  listen 443 ssl; # managed by Certbot
+  listen [::]:443 ssl;
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.ionchy.ca/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.ionchy.ca/privkey.pem; # managed by Certbot
+
+
+
+}
+
+server {
+  if ($host = rss.ionchy.ca) {
+    return 301 https://$host$request_uri;
+  } # managed by Certbot
+
+  server_name rss.ionchy.ca;
+  listen 80;
+  listen [::]:80;
+  return 404; # managed by Certbot
+}