diff --git a/nginx/nginx/conf.d/server.conf b/nginx/nginx/conf.d/server.conf deleted file mode 100644 index a16c106..0000000 --- a/nginx/nginx/conf.d/server.conf +++ /dev/null @@ -1,1682 +0,0 @@ -server { - listen 443 ssl; - server_name secrets.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/secrets.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/secrets.nhcarrigan.com/privkey.pem; - - root /home/naomi/secrets; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name silly.nhcarrigan.com; - - # SSL Certificate paths (update these to match your cert locations) - ssl_certificate /etc/letsencrypt/live/silly.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/silly.nhcarrigan.com/privkey.pem; - - # Root directory (update this to your actual path) - root /home/naomi/silly; - index index.html; - - # Main site - location = / { - try_files /index.html =404; - } - - # Handle subpaths like /travel-agency/ - location / { - # First try to serve request as file - # Then try as directory with index.html - # Then try with .html extension - # Finally, fall back to 404 - try_files $uri $uri/ $uri.html $uri/index.html =404; - } - - # Static assets (CSS, JS, images, fonts) - location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|webp)$ { - expires 30d; - add_header Cache-Control "public, immutable"; - access_log off; - } - - # Disable access to hidden files (except .well-known for Let's Encrypt) - location ~ /\.(?!well-known) { - deny all; - } -} - -server { - listen 443 ssl http2; - server_name support.nhcarrigan.com; - - # SSL Config - Adjust these paths if you use Certbot/Let's Encrypt - ssl_certificate /etc/letsencrypt/live/support.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/support.nhcarrigan.com/privkey.pem; - - # Modern SSL security settings - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - - # ---------------------------------------------------------------------- - # CRITICAL: Allow larger file uploads (Discourse default is 10MB) - # ---------------------------------------------------------------------- - client_max_body_size 20M; - - location / { - # Proxy to your Discourse container on the specific port you chose - proxy_pass http://localhost:32121; - - # Standard Headers - proxy_set_header Host $http_host; - proxy_http_version 1.1; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # ---------------------------------------------------------------------- - # CRITICAL: Tell Discourse we are using HTTPS - # Prevents "infinite redirect loop" errors - # ---------------------------------------------------------------------- - proxy_set_header X-Forwarded-Proto https; - - # WebSocket Support (Required for live updates/MessageBus) - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} - -server { - listen 443 ssl; - server_name afp.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/afp.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/afp.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:10080; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name library.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/library.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/library.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:12321; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name alerts.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem; - - # Redirect ONLY root `/` - location = / { - return 307 https://rosalia.nhcarrigan.com; - } - - # Proxy everything else - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5003; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name altaria.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/altaria.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/altaria.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:6022; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name amari.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/amari.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/amari.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:7044; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name analytics.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/analytics.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/analytics.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:11080; - } - - location = /live/websocket { - proxy_pass http://127.0.0.1:11080; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } -} - -server { - listen 443 ssl; - server_name announcements.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; - - return 301 https://hikari.nhcarrigan.com/announcements; -} - -server { - listen 443 ssl; - server_name aria.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/aria.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aria.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5001; - } -} - -server { - listen 443 ssl; - server_name assistant.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; - } -} - -server { - listen 443 ssl; - server_name beccalia.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/beccalia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/beccalia.nhcarrigan.com/privkey.pem; - - root /home/naomi/games/beccalia; - - location / { - index index.html; - } - - location /origins { - index index.html; - } - - location /prologue { - index index.html; - } -} - -server { - listen 443 ssl; - server_name becca.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/becca.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/becca.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5010; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name blog.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/blog.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/blog.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3003; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name board.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/board.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/board.nhcarrigan.com/privkey.pem; - - location ~ /ws/* { - proxy_pass http://127.0.0.1:43333; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - client_max_body_size 50M; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - client_body_timeout 60; - send_timeout 300; - lingering_timeout 5; - proxy_connect_timeout 1d; - proxy_send_timeout 1d; - proxy_read_timeout 1d; - } - - location / { - proxy_pass http://127.0.0.1:43333; - client_max_body_size 50M; - proxy_set_header Connection ""; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - proxy_read_timeout 600s; - proxy_cache_revalidate on; - proxy_cache_min_uses 2; - proxy_cache_use_stale timeout; - proxy_cache_lock on; - proxy_http_version 1.1; - } -} - -server { - listen 443 ssl; - server_name books.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/books.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/books.nhcarrigan.com/privkey.pem; - - root /home/naomi/books; - - location / { - index index.html; - } - - location /books.json { - try_files /books.json =404; - } -} - -server { - listen 443 ssl; - server_name caelia.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/caelia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/caelia.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:7055; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name callista.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/callista.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/callista.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:6111; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name chat.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/chat.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/chat.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://discord.gg/KKe7BaEnQB; - } -} - -server { - # 1. Listen on ALL ports and protocols to catch Cloudflare - listen 80; - listen [::]:80; - listen 443 ssl; - listen [::]:443 ssl; - - server_name cdn.nhcarrigan.com; - - ssl_certificate /etc/letsencrypt/live/cdn.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cdn.nhcarrigan.com/privkey.pem; - - # Catches "/new-avatars/name-full.png" and redirects to "/avatars/name.png" - # The (.+) captures the part into variable $1 - location ~ ^/new-avatars/(.+)-full\.png$ { - return 301 $scheme://$host/avatars/$1.png; - } - - # Catches anything else starting with "/new-avatars/" and moves it to "/avatars/" - # The (.*) captures everything after the folder into variable $1 - location ~ ^/new-avatars/(.*)$ { - return 301 $scheme://$host/avatars/$1; - } - - location / { - # Proxy Settings - proxy_pass https://nhcarrigan.hel1.your-objectstorage.com; - proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com; - - # SSL Handshake - proxy_ssl_server_name on; - proxy_ssl_name nhcarrigan.hel1.your-objectstorage.com; - - # Connection Cleanup - proxy_http_version 1.1; - proxy_set_header Connection ""; - - # Strip Headers - proxy_set_header Authorization ""; - proxy_set_header x-amz-date ""; - proxy_set_header x-amz-security-token ""; - - # 2. Debug Header - If you see this, we finally hit the right block! - add_header X-Debug-Cdn "Proxy-Active" always; - - # 1. Hide any partial CORS headers S3 might try to send (avoids duplicates) - proxy_hide_header Access-Control-Allow-Origin; - - # 2. Force NGINX to send the wildcard CORS header - add_header Access-Control-Allow-Origin "*" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; - add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; - - # 3. Handle OPTIONS method (Preflight) for strict browsers - if ($request_method = 'OPTIONS') { - add_header Access-Control-Allow-Origin "*" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; - add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; - add_header Content-Type "text/plain; charset=utf-8"; - add_header Content-Length 0; - return 204; - } - } -} -server { - listen 443 ssl; - server_name chibika.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/chibika.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/chibika.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5018; - } -} - -server { - listen 443 ssl; - server_name celestine.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/celestine.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/celestine.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:9080; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name contact.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/contact.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/contact.nhcarrigan.com/privkey.pem; - - root /home/naomi/socials; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name cordelia.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/cordelia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cordelia.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5002; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name data.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/data.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/data.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:9999; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name docs.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/docs.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/docs.nhcarrigan.com/privkey.pem; - - root /home/naomi/docs/dist; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name donate.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/donate.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/donate.nhcarrigan.com/privkey.pem; - - root /home/naomi/donate; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name eclaire.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/eclaire.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/eclaire.nhcarrigan.com/privkey.pem; - - root /home/naomi/eclaire/dist/eclaire/browser; - index index.html; - - location / { - try_files $uri $uri/ /index.html; - } -} - -server { - listen 443 ssl; - server_name elowyn.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/elowyn.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/elowyn.nhcarrigan.com/privkey.pem; - - root /home/naomi/elowyn; - - location / { - index index.html; - try_files $uri $uri/ /index.html; - } - - location ~* \.(js|css)$ { - try_files $uri $uri/ @rewrite; - } -} - -server { - listen 443 ssl; - server_name forms-api.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/forms-api.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/forms-api.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:1234; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name forms.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/forms.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/forms.nhcarrigan.com/privkey.pem; - -########################### -# REDIRECTS FOR OLD FORMS # -########################### - - # Volunteer Application Form - location ~* ^/form/PEpB3gA79gxP8wmfEf4zou96opkpUTjssTcaeYjhoi8$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/mCxDu3snk9TzFiDjrT4Vc8/4; - } - - # Mentorship Application Form (now Discord self-selectable role) - location ~* ^/form/gNv4NYZmdiMWpkUcnknII2yYCvnYNGAmabG5O5He9Mo$ { - return 301 https://docs.nhcarrigan.com/about/mentorship; - } - - # Testimonials Form - location ~* ^/form/M_GrmqASymmO744axMOmu2LaMAaT5F0LmdVcU2c8-gQ$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/6kULn8zswT8vYcoC8wE1Zi/4; - } - - # Community Appeals Form - location ~* ^/form/l3PC15yalSWjdZASTQvGo22q_uj_7OtXAhZdcW35ev8$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/4w5VHsYiEkiS2mewvtuJYL/4; - } - - # Recognition/Nomination Form - location ~* ^/form/wksk-NuR3HBuovSixbXFEnkYq-3Gp-bZMH-n__PNRKw$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/to2oFocVgALyr23EC84xM9/4; - } - - # Community Feedback Form (now Discord forum channel) - location ~* ^/form/IDdo5e4OJS44QYFm9_aRJ36lY3Ox-BBTAM9zfnkhfoo$ { - return 301 https://docs.nhcarrigan.com/community/feedback; - } - - # Product Feedback Form (now Discord forum channel) - location ~* ^/form/jkcGg0hMIa4U0hDL2OMip5pMX2UujN5W5n4Qn8HReJ8$ { - return 301 https://docs.nhcarrigan.com/community/feedback; - } - - # Meeting Request Form (now Zcal scheduling) - location ~* ^/form/uUKZiJSDm6847iDOlpZkD5QF7cAjoTbTm0F4T0EdW0I$ { - return 301 https://zcal.co/nhcarrigan/meet; - } - - # Commission Request Form - location ~* ^/form/XRlQjeu8CbMrTA-v0IPOxlUPEPitLKXTWg70UUCIORA$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/a9K6uzJkpnTfnKgo19b4Rp/4; - } - - # Contact Form - location ~* ^/form/HyqoJ9Th5QDiOn_GPLNIRhe1a5ON7mDQf-O_ukM6R4g$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/8XTPmbrFtvDJAKSPgBgsvA/4; - } - - # Git Account Request Form (no longer available - now Discord forum channels) - location ~* ^/form/c0_N5hb-VcmC2ClzaGOvDxVirMN_coiWG7eoPhDPsZ0$ { - return 301 https://docs.nhcarrigan.com/about/contact; - } - - # Event/Publication Request Form - location ~* ^/form/Xqap3Q8hazzJd4Rrp9OOs9ip8Pa7C9zOVThlyFoPCbU$ { - return 301 https://forms.nhcarrigan.com/o/docs/forms/3xEKnDEbqQKG8GJp4kXRCs/4; - } - - - # Match any path ending in /forms/ - location ~ /forms/([^/]+)(?:/(.*))?$ { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_http_version 1.1; - proxy_pass http://127.0.0.1:11111; - proxy_redirect off; -# 3. CRITICAL: Disable Gzip from Upstream - # If Grist zips the response, Nginx cannot inject the CSS. - proxy_set_header Accept-Encoding ""; - - # 4. INJECT THE CSS - # We replace the closing body tag with our styles + the closing body tag. - sub_filter '' ' -'; - - sub_filter_once on; - } - # Upgrade websocket requests and route the api backend - location ~ ^/(api|ws)/ { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://127.0.0.1:11111; - } - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_http_version 1.1; - proxy_pass http://127.0.0.1:11111; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name forum.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/forum.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/forum.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://support.nhcarrigan.com; - } -} - -server { - listen 443 ssl; - server_name games.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem; - - root /home/naomi/games; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name goblin.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/goblin.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/goblin.nhcarrigan.com/privkey.pem; - - root /home/naomi/games/goblin; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name logs.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/logs.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/logs.nhcarrigan.com/privkey.pem; - - location / { - proxy_pass http://127.0.0.1:9000; - proxy_set_header Host $host; - - # Ensuring it can use websockets - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto http; - proxy_redirect http:// $scheme://; - - # These sets the timeout so that the websocket can stay alive - proxy_connect_timeout 1m; - proxy_send_timeout 1m; - proxy_read_timeout 1m; - } -} - -server { - listen 443 ssl; - server_name gwen.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/gwen.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gwen.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5012; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name git.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/git.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/git.nhcarrigan.com/privkey.pem; - - location / { - client_max_body_size 5000M; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:53000; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name hikari.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/hikari.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/hikari.nhcarrigan.com/privkey.pem; - - root /home/naomi/hikari/client/dist/client/browser; - index index.html; - - location /api/ { - proxy_pass http://127.0.0.1:20000/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header cf-connecting-ip $http_cf_connecting_ip; - proxy_set_header origin $http_origin; - - # This removes /api from the forwarded URL - rewrite ^/api/(.*)$ /$1 break; - } - - location / { - try_files $uri $uri/ /index.html; - } -} - -server { - listen 443 ssl; - server_name hooks.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://celestine.nhcarrigan.com$uri$is_args$args; - } -} - -server { - listen 443 ssl; - server_name incidents.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/incidents.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/incidents.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3001; - } -} - -server { - listen 443 ssl; - server_name keiko.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/keiko.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/keiko.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3333; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name liora.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/liora.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/liora.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5022; - } -} - -server { - listen 443 ssl; - server_name loan.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/loan.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/loan.nhcarrigan.com/privkey.pem; - - root /home/naomi/games/loan; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name lore.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/lore.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lore.nhcarrigan.com/privkey.pem; - - root /home/naomi/lore/dist/lore/browser; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name lucinda.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/lucinda.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lucinda.nhcarrigan.com/privkey.pem; - - root /home/naomi/lucinda/client/dist/client/browser; - index index.html; - - location /api/ { - proxy_pass http://127.0.0.1:12346/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # This removes /api from the forwarded URL - rewrite ^/api/(.*)$ /$1 break; - } - - location / { - try_files $uri $uri/ /index.html; - } -} - -server { - listen 443 ssl; - server_name lynira.link; - ssl_certificate /etc/letsencrypt/live/lynira.link/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lynira.link/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5044; - } -} - -server { - listen 443 ssl; - server_name manual.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/manual.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/manual.nhcarrigan.com/privkey.pem; - - root /home/naomi/manual; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name maylin.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/maylin.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/maylin.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5011; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name melody.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/melody.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/melody.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5443; - } -} - -server { - listen 443 ssl; - server_name cyc.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/cyc.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem; - - return 301 https://zcal.co/nhcarrigan/cyc; -} - -server { - listen 443 ssl; - server_name meet.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/meet.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem; - - return 301 https://zcal.co/nhcarrigan/meet; -} - -server { - listen 443 ssl; - server_name mommy-bot.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8009; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name mommy.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8008; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name mommy-slack.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8010; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name music.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/music.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/music.nhcarrigan.com/privkey.pem; - - root /home/naomi/music; - - location / { - index index.html; - } - - location /songs.json { - try_files /songs.json =404; - } -} - -server { - listen 443 ssl; - server_name nails-api.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/nails-api.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/nails-api.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:1235; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name nails.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/nails.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/nails.nhcarrigan.com/privkey.pem; - - root /home/naomi/nails/client/dist/client/browser; - - location / { - index index.html; - try_files $uri $uri/ /index.html; - } - - location ~* \.(js|css)$ { - try_files $uri $uri/ @rewrite; - } -} - -server { - listen 443 ssl; - server_name naomi.lgbt; - ssl_certificate /etc/letsencrypt/live/naomi.lgbt/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/naomi.lgbt/privkey.pem; - - root /home/naomi/portfolio/site; - - location / { - index index.html; - } - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } - - location /games { - try_files /games.html =404; - } - - location /koikatsu { - try_files /koikatsu.html =404; - } -} - -server { - listen 443 ssl; - server_name naomi.party; - ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem; - - root /home/naomi/bsky; - - location / { - index index.html; - } - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } -} - -server { - listen 443 ssl; - server_name nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem; - - root /home/naomi/portfolio/site; - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } - - location / { - index index.html; - } - - location /games { - try_files /games.html =404; - } - - location /koikatsu { - try_files /koikatsu.html =404; - } -} - -server { - listen 443 ssl; - server_name nhcarrigan.link; - ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem; - - root /home/naomi/link-redirector; - - location / { - index index.html; - } - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } -} - -server { - listen 443 ssl; - server_name notes.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/notes.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/notes.nhcarrigan.com/privkey.pem; - - location ~ ^/(collab|socket\.io)(/.*)?$ { - proxy_pass http://127.0.0.1:30000; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - client_max_body_size 50M; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - client_body_timeout 60; - send_timeout 300; - lingering_timeout 5; - proxy_connect_timeout 1d; - proxy_send_timeout 1d; - proxy_read_timeout 1d; - } - - location / { - proxy_pass http://127.0.0.1:30000; - client_max_body_size 50M; - proxy_set_header Connection ""; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_buffers 256 16k; - proxy_buffer_size 16k; - proxy_read_timeout 600s; - proxy_cache_revalidate on; - proxy_cache_min_uses 2; - proxy_cache_use_stale timeout; - proxy_cache_lock on; - proxy_http_version 1.1; - } -} - -server { - listen 443 ssl; - server_name valerium.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/valerium.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/valerium.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3443; - } -} - -server { - listen 443 ssl; - server_name pavelle.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/pavelle.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/pavelle.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:6019; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name products.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://hikari.nhcarrigan.com/products; - } -} - -server { - listen 443 ssl; - server_name quality.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/quality.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/quality.nhcarrigan.com/privkey.pem; - - client_max_body_size 1g; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:9500; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name rosalia.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/rosalia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/rosalia.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5003; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name resume.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/resume.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/resume.nhcarrigan.com/privkey.pem; - - root /home/naomi/resume/site; - - location /resume.yaml { - default_type text/plain; - add_header Content-Type "text/plain; charset=utf-8"; - } - - location / { - index index.html; - try_files $uri $uri/ /index.html; - } -} - -server { - listen 443 ssl; - server_name ruubot.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass https://127.0.0.1:4443; - } -} - -server { - listen 443 ssl; - server_name saisoku.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/saisoku.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/saisoku.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:9100; - proxy_redirect off; - } -} - - -server { - listen 443 ssl; - server_name security.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem; - - location /report { - alias /home/naomi/defectdojo; - - index report.html; - } - location / { - # Proxy to the local Docker port we set in compose (8081) - proxy_pass http://127.0.0.1:43434; - - # Standard Headers - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CRITICAL FOR SCANNERS - # DefectDojo ingests large JSON/XML reports. - # If this is too low, uploads will fail silently or with 413 errors. - client_max_body_size 100M; - - # Timeout settings (Optional, helpful for very large reports) - proxy_read_timeout 90; - } -} - -server { - listen 443 ssl; - server_name serenya.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/serenya.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/serenya.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:7066; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name sitemap.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/sitemap.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sitemap.nhcarrigan.com/privkey.pem; - - root /home/naomi/sitemap; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name socials.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/socials.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/socials.nhcarrigan.com/privkey.pem; - - root /home/naomi/socials; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name sorielle.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/sorielle.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sorielle.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5019; - } -} - -server { - listen 443 ssl; - server_name tasks.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://melody.nhcarrigan.com$uri$is_args$args; - } -} - -server { - listen 443 ssl; - server_name telemetry.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/telemetry.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/telemetry.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5080; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name testimonials.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/testimonials.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/testimonials.nhcarrigan.com/privkey.pem; - - root /home/naomi/testimonials; - - location / { - index index.html; - } -} - -server { - listen 443 ssl; - server_name trans-bot.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://aria.nhcarrigan.com; - } -} - -server { - listen 443 ssl; - server_name trans.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://0.0.0.0:5000; - } -} - -server { - listen 443 ssl; - server_name tyche.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/tyche.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/tyche.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8123; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name umbrelle.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/umbrelle.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/umbrelle.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:6088; - } -} - -server { - listen 443 ssl; - server_name uptime.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/uptime.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/uptime.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3001; - } -} - -server { - listen 443 ssl; - server_name veluna.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/veluna.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/veluna.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:6099; - } -} - -server { - listen 443 ssl; - server_name vitalia-api.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:12345; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name vitalia.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem; - - root /home/naomi/vitalia/client/dist/client/browser; - - location / { - index index.html; - try_files $uri $uri/ /index.html; - } - - location ~* \.(js|css)$ { - try_files $uri $uri/ @rewrite; - } -} - -server { - listen 443 ssl; - server_name wompwomp.club; - ssl_certificate /etc/letsencrypt/live/wompwomp.club/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/wompwomp.club/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5033; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name wtf.naomi.lgbt; - ssl_certificate /etc/letsencrypt/live/wtf.naomi.lgbt/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/wtf.naomi.lgbt/privkey.pem; - client_max_body_size 100M; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3456; - proxy_redirect off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} - -server { - listen 443 ssl; - server_name www.lynira.link; - ssl_certificate /etc/letsencrypt/live/www.lynira.link/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.lynira.link/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5044; - } -} - -server { - listen 443 ssl; - server_name www.naomi.lgbt; - ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem; - - root /home/naomi/portfolio/site; - - location / { - index index.html; - } - - location /games { - try_files /games.html =404; - } - - location /koikatsu { - try_files /koikatsu.html =404; - } -} - -server { - listen 443 ssl; - server_name www.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/www.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.nhcarrigan.com/privkey.pem; - - root /home/naomi/portfolio/site; - - location / { - index index.html; - } - - location /games { - try_files /games.html =404; - } - - location /koikatsu { - try_files /koikatsu.html =404; - } -} - -server { - listen 443 ssl; - server_name www.wompwomp.club; - ssl_certificate /etc/letsencrypt/live/www.wompwomp.club/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.wompwomp.club/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5033; - proxy_redirect off; - } -} - -server { - listen 443 ssl; - server_name www.yurigpt.com; - ssl_certificate /etc/letsencrypt/live/www.yurigpt.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.yurigpt.com/privkey.pem; - - root /home/naomi/yurigpt/dist/yurigpt/browser; - index index.html; - - location / { - try_files $uri $uri/ /index.html; - } - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } -} - -server { - listen 443 ssl; - server_name yurigpt.com; - ssl_certificate /etc/letsencrypt/live/yurigpt.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/yurigpt.com/privkey.pem; - - root /home/naomi/yurigpt/dist/yurigpt/browser; - index index.html; - - location / { - try_files $uri $uri/ /index.html; - } - - location /ads.txt { - add_header Content-Type text/plain; - return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; - } -} - -# This MUST be at the bottom so that dedicated subdomains are parsed first! - -server { - listen 443 ssl; - server_name ~^(?.+)\.naomi\.lgbt$; - - ssl_certificate /etc/letsencrypt/live/*.naomi.lgbt/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/*.naomi.lgbt/privkey.pem; - - location / { - return 301 https://$subdomain.nhcarrigan.com$request_uri; - } -} diff --git a/nginx/nginx/sites-available/afp.conf b/nginx/nginx/sites-available/afp.conf new file mode 100644 index 0000000..21ed3e0 --- /dev/null +++ b/nginx/nginx/sites-available/afp.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + server_name afp.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/afp.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/afp.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:10080; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/aria.conf b/nginx/nginx/sites-available/aria.conf new file mode 100644 index 0000000..c074266 --- /dev/null +++ b/nginx/nginx/sites-available/aria.conf @@ -0,0 +1,58 @@ +server { + listen 443 ssl; + server_name aria.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/aria.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/aria.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5001; + } +} + +server { + listen 443 ssl; + server_name assistant.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; + } +} + +server { + listen 443 ssl; + server_name cordelia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/cordelia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cordelia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5002; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name trans.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://0.0.0.0:5000; + } +} + +server { + listen 443 ssl; + server_name trans-bot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://aria.nhcarrigan.com; + } +} diff --git a/nginx/nginx/sites-available/bots.conf b/nginx/nginx/sites-available/bots.conf new file mode 100644 index 0000000..5e7d57c --- /dev/null +++ b/nginx/nginx/sites-available/bots.conf @@ -0,0 +1,251 @@ +server { + listen 443 ssl; + server_name altaria.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/altaria.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/altaria.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6022; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name amari.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/amari.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/amari.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:7044; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name becca.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/becca.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/becca.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5010; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name caelia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/caelia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/caelia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:7055; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name callista.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/callista.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/callista.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6111; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name chibika.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/chibika.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chibika.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5018; + } +} + +server { + listen 443 ssl; + server_name gwen.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/gwen.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gwen.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5012; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name keiko.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/keiko.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/keiko.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3333; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name liora.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/liora.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/liora.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5022; + } +} + +server { + listen 443 ssl; + server_name maylin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/maylin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/maylin.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5011; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name melody.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/melody.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/melody.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5443; + } +} + +server { + listen 443 ssl; + server_name pavelle.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/pavelle.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pavelle.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6019; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name ruubot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass https://127.0.0.1:4443; + } +} + +server { + listen 443 ssl; + server_name saisoku.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/saisoku.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/saisoku.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9100; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name serenya.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/serenya.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/serenya.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:7066; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name sorielle.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/sorielle.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/sorielle.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5019; + } +} + +server { + listen 443 ssl; + server_name tyche.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/tyche.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tyche.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8123; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name umbrelle.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/umbrelle.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/umbrelle.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6088; + } +} + +server { + listen 443 ssl; + server_name valerium.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/valerium.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/valerium.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3443; + } +} + +server { + listen 443 ssl; + server_name veluna.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/veluna.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/veluna.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6099; + } +} diff --git a/nginx/nginx/sites-available/cdn.conf b/nginx/nginx/sites-available/cdn.conf new file mode 100644 index 0000000..3fdd198 --- /dev/null +++ b/nginx/nginx/sites-available/cdn.conf @@ -0,0 +1,53 @@ +server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + server_name cdn.nhcarrigan.com; + + ssl_certificate /etc/letsencrypt/live/cdn.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cdn.nhcarrigan.com/privkey.pem; + + # Catches "/new-avatars/name-full.png" and redirects to "/avatars/name.png" + location ~ ^/new-avatars/(.+)-full\.png$ { + return 301 $scheme://$host/avatars/$1.png; + } + + # Catches anything else starting with "/new-avatars/" and moves it to "/avatars/" + location ~ ^/new-avatars/(.*)$ { + return 301 $scheme://$host/avatars/$1; + } + + location / { + proxy_pass https://nhcarrigan.hel1.your-objectstorage.com; + proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com; + + proxy_ssl_server_name on; + proxy_ssl_name nhcarrigan.hel1.your-objectstorage.com; + + proxy_http_version 1.1; + proxy_set_header Connection ""; + + proxy_set_header Authorization ""; + proxy_set_header x-amz-date ""; + proxy_set_header x-amz-security-token ""; + + add_header X-Debug-Cdn "Proxy-Active" always; + + proxy_hide_header Access-Control-Allow-Origin; + + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; + + if ($request_method = 'OPTIONS') { + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; + add_header Content-Type "text/plain; charset=utf-8"; + add_header Content-Length 0; + return 204; + } + } +} diff --git a/nginx/nginx/sites-available/celestine.conf b/nginx/nginx/sites-available/celestine.conf new file mode 100644 index 0000000..6dcfa54 --- /dev/null +++ b/nginx/nginx/sites-available/celestine.conf @@ -0,0 +1,23 @@ +server { + listen 443 ssl; + server_name celestine.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/celestine.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/celestine.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9080; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name hooks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://celestine.nhcarrigan.com$uri$is_args$args; + } +} diff --git a/nginx/nginx/sites-available/content.conf b/nginx/nginx/sites-available/content.conf new file mode 100644 index 0000000..4e0ec95 --- /dev/null +++ b/nginx/nginx/sites-available/content.conf @@ -0,0 +1,85 @@ +server { + listen 443 ssl; + server_name blog.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/blog.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/blog.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3003; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name books.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/books.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/books.nhcarrigan.com/privkey.pem; + + root /home/naomi/books; + + location / { + index index.html; + } + + location /books.json { + try_files /books.json =404; + } +} + +server { + listen 443 ssl; + server_name donate.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/donate.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/donate.nhcarrigan.com/privkey.pem; + + root /home/naomi/donate; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name music.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/music.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/music.nhcarrigan.com/privkey.pem; + + root /home/naomi/music; + + location / { + index index.html; + } + + location /songs.json { + try_files /songs.json =404; + } +} + +server { + listen 443 ssl; + server_name secrets.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/secrets.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/secrets.nhcarrigan.com/privkey.pem; + + root /home/naomi/secrets; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name testimonials.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/testimonials.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/testimonials.nhcarrigan.com/privkey.pem; + + root /home/naomi/testimonials; + + location / { + index index.html; + } +} diff --git a/nginx/nginx/sites-available/data.conf b/nginx/nginx/sites-available/data.conf new file mode 100644 index 0000000..ead034c --- /dev/null +++ b/nginx/nginx/sites-available/data.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + server_name data.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/data.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/data.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9999; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/docs.conf b/nginx/nginx/sites-available/docs.conf new file mode 100644 index 0000000..041add9 --- /dev/null +++ b/nginx/nginx/sites-available/docs.conf @@ -0,0 +1,64 @@ +server { + listen 443 ssl; + server_name contact.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/contact.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/contact.nhcarrigan.com/privkey.pem; + + root /home/naomi/socials; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name docs.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/docs.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/docs.nhcarrigan.com/privkey.pem; + + root /home/naomi/docs/dist; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name manual.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/manual.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/manual.nhcarrigan.com/privkey.pem; + + root /home/naomi/manual; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name sitemap.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/sitemap.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/sitemap.nhcarrigan.com/privkey.pem; + + root /home/naomi/sitemap; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name socials.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/socials.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/socials.nhcarrigan.com/privkey.pem; + + root /home/naomi/socials; + + location / { + index index.html; + } +} diff --git a/nginx/nginx/sites-available/eclaire.conf b/nginx/nginx/sites-available/eclaire.conf new file mode 100644 index 0000000..5fb85a3 --- /dev/null +++ b/nginx/nginx/sites-available/eclaire.conf @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + server_name eclaire.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/eclaire.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/eclaire.nhcarrigan.com/privkey.pem; + + root /home/naomi/eclaire/dist/eclaire/browser; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/nginx/nginx/sites-available/elowyn.conf b/nginx/nginx/sites-available/elowyn.conf new file mode 100644 index 0000000..88db33b --- /dev/null +++ b/nginx/nginx/sites-available/elowyn.conf @@ -0,0 +1,17 @@ +server { + listen 443 ssl; + server_name elowyn.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/elowyn.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/elowyn.nhcarrigan.com/privkey.pem; + + root /home/naomi/elowyn; + + location / { + index index.html; + try_files $uri $uri/ /index.html; + } + + location ~* \.(js|css)$ { + try_files $uri $uri/ @rewrite; + } +} diff --git a/nginx/nginx/sites-available/forms.conf b/nginx/nginx/sites-available/forms.conf new file mode 100644 index 0000000..4ac6b90 --- /dev/null +++ b/nginx/nginx/sites-available/forms.conf @@ -0,0 +1,150 @@ +server { + listen 443 ssl; + server_name forms-api.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/forms-api.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/forms-api.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:1234; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name forms.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/forms.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/forms.nhcarrigan.com/privkey.pem; + +########################### +# REDIRECTS FOR OLD FORMS # +########################### + + # Volunteer Application Form + location ~* ^/form/PEpB3gA79gxP8wmfEf4zou96opkpUTjssTcaeYjhoi8$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/mCxDu3snk9TzFiDjrT4Vc8/4; + } + + # Mentorship Application Form (now Discord self-selectable role) + location ~* ^/form/gNv4NYZmdiMWpkUcnknII2yYCvnYNGAmabG5O5He9Mo$ { + return 301 https://docs.nhcarrigan.com/about/mentorship; + } + + # Testimonials Form + location ~* ^/form/M_GrmqASymmO744axMOmu2LaMAaT5F0LmdVcU2c8-gQ$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/6kULn8zswT8vYcoC8wE1Zi/4; + } + + # Community Appeals Form + location ~* ^/form/l3PC15yalSWjdZASTQvGo22q_uj_7OtXAhZdcW35ev8$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/4w5VHsYiEkiS2mewvtuJYL/4; + } + + # Recognition/Nomination Form + location ~* ^/form/wksk-NuR3HBuovSixbXFEnkYq-3Gp-bZMH-n__PNRKw$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/to2oFocVgALyr23EC84xM9/4; + } + + # Community Feedback Form (now Discord forum channel) + location ~* ^/form/IDdo5e4OJS44QYFm9_aRJ36lY3Ox-BBTAM9zfnkhfoo$ { + return 301 https://docs.nhcarrigan.com/community/feedback; + } + + # Product Feedback Form (now Discord forum channel) + location ~* ^/form/jkcGg0hMIa4U0hDL2OMip5pMX2UujN5W5n4Qn8HReJ8$ { + return 301 https://docs.nhcarrigan.com/community/feedback; + } + + # Meeting Request Form (now Zcal scheduling) + location ~* ^/form/uUKZiJSDm6847iDOlpZkD5QF7cAjoTbTm0F4T0EdW0I$ { + return 301 https://zcal.co/nhcarrigan/meet; + } + + # Commission Request Form + location ~* ^/form/XRlQjeu8CbMrTA-v0IPOxlUPEPitLKXTWg70UUCIORA$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/a9K6uzJkpnTfnKgo19b4Rp/4; + } + + # Contact Form + location ~* ^/form/HyqoJ9Th5QDiOn_GPLNIRhe1a5ON7mDQf-O_ukM6R4g$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/8XTPmbrFtvDJAKSPgBgsvA/4; + } + + # Git Account Request Form (no longer available - now Discord forum channels) + location ~* ^/form/c0_N5hb-VcmC2ClzaGOvDxVirMN_coiWG7eoPhDPsZ0$ { + return 301 https://docs.nhcarrigan.com/about/contact; + } + + # Event/Publication Request Form + location ~* ^/form/Xqap3Q8hazzJd4Rrp9OOs9ip8Pa7C9zOVThlyFoPCbU$ { + return 301 https://forms.nhcarrigan.com/o/docs/forms/3xEKnDEbqQKG8GJp4kXRCs/4; + } + + # Match any path ending in /forms/ + location ~ /forms/([^/]+)(?:/(.*))?$ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_http_version 1.1; + proxy_pass http://127.0.0.1:11111; + proxy_redirect off; + + # Disable Gzip from upstream so nginx can inject CSS + proxy_set_header Accept-Encoding ""; + + # Inject CSS and remove Grist branding + sub_filter '' ' +'; + + sub_filter_once on; + } + + # Upgrade websocket requests and route the api backend + location ~ ^/(api|ws)/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://127.0.0.1:11111; + } + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_http_version 1.1; + proxy_pass http://127.0.0.1:11111; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/games.conf b/nginx/nginx/sites-available/games.conf new file mode 100644 index 0000000..cb7acb9 --- /dev/null +++ b/nginx/nginx/sites-available/games.conf @@ -0,0 +1,164 @@ +server { + listen 443 ssl; + server_name beccalia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/beccalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/beccalia.nhcarrigan.com/privkey.pem; + + root /home/naomi/games/beccalia; + + location / { + index index.html; + } + + location /origins { + index index.html; + } + + location /prologue { + index index.html; + } +} + +server { + listen 443 ssl; + server_name games.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem; + + root /home/naomi/games; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name goblin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/goblin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/goblin.nhcarrigan.com/privkey.pem; + + root /home/naomi/games/goblin; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name loan.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/loan.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/loan.nhcarrigan.com/privkey.pem; + + root /home/naomi/games/loan; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name lore.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/lore.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lore.nhcarrigan.com/privkey.pem; + + root /home/naomi/lore/dist/lore/browser; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name silly.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/silly.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/silly.nhcarrigan.com/privkey.pem; + + root /home/naomi/silly; + index index.html; + + location = / { + try_files /index.html =404; + } + + location / { + try_files $uri $uri/ $uri.html $uri/index.html =404; + } + + location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|webp)$ { + expires 30d; + add_header Cache-Control "public, immutable"; + access_log off; + } + + location ~ /\.(?!well-known) { + deny all; + } +} + +server { + listen 443 ssl; + server_name wompwomp.club; + ssl_certificate /etc/letsencrypt/live/wompwomp.club/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wompwomp.club/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5033; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name www.wompwomp.club; + ssl_certificate /etc/letsencrypt/live/www.wompwomp.club/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.wompwomp.club/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5033; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name www.yurigpt.com; + ssl_certificate /etc/letsencrypt/live/www.yurigpt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.yurigpt.com/privkey.pem; + + root /home/naomi/yurigpt/dist/yurigpt/browser; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} + +server { + listen 443 ssl; + server_name yurigpt.com; + ssl_certificate /etc/letsencrypt/live/yurigpt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/yurigpt.com/privkey.pem; + + root /home/naomi/yurigpt/dist/yurigpt/browser; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} diff --git a/nginx/nginx/sites-available/git.conf b/nginx/nginx/sites-available/git.conf new file mode 100644 index 0000000..e54d528 --- /dev/null +++ b/nginx/nginx/sites-available/git.conf @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + server_name git.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/git.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.nhcarrigan.com/privkey.pem; + + location / { + client_max_body_size 5000M; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:53000; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/hikari.conf b/nginx/nginx/sites-available/hikari.conf new file mode 100644 index 0000000..5f3fe4c --- /dev/null +++ b/nginx/nginx/sites-available/hikari.conf @@ -0,0 +1,46 @@ +server { + listen 443 ssl; + server_name announcements.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; + + return 301 https://hikari.nhcarrigan.com/announcements; +} + +server { + listen 443 ssl; + server_name hikari.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/hikari.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/hikari.nhcarrigan.com/privkey.pem; + + root /home/naomi/hikari/client/dist/client/browser; + index index.html; + + location /api/ { + proxy_pass http://127.0.0.1:20000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header cf-connecting-ip $http_cf_connecting_ip; + proxy_set_header origin $http_origin; + + # This removes /api from the forwarded URL + rewrite ^/api/(.*)$ /$1 break; + } + + location / { + try_files $uri $uri/ /index.html; + } +} + +server { + listen 443 ssl; + server_name products.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://hikari.nhcarrigan.com/products; + } +} diff --git a/nginx/nginx/sites-available/library.conf b/nginx/nginx/sites-available/library.conf new file mode 100644 index 0000000..1894511 --- /dev/null +++ b/nginx/nginx/sites-available/library.conf @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + server_name library.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/library.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/library.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:12321; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/lucinda.conf b/nginx/nginx/sites-available/lucinda.conf new file mode 100644 index 0000000..a14a8eb --- /dev/null +++ b/nginx/nginx/sites-available/lucinda.conf @@ -0,0 +1,24 @@ +server { + listen 443 ssl; + server_name lucinda.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/lucinda.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lucinda.nhcarrigan.com/privkey.pem; + + root /home/naomi/lucinda/client/dist/client/browser; + index index.html; + + location /api/ { + proxy_pass http://127.0.0.1:12346/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # This removes /api from the forwarded URL + rewrite ^/api/(.*)$ /$1 break; + } + + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/nginx/nginx/sites-available/lynira.conf b/nginx/nginx/sites-available/lynira.conf new file mode 100644 index 0000000..3f5db4c --- /dev/null +++ b/nginx/nginx/sites-available/lynira.conf @@ -0,0 +1,23 @@ +server { + listen 443 ssl; + server_name lynira.link; + ssl_certificate /etc/letsencrypt/live/lynira.link/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lynira.link/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5044; + } +} + +server { + listen 443 ssl; + server_name www.lynira.link; + ssl_certificate /etc/letsencrypt/live/www.lynira.link/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.lynira.link/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5044; + } +} diff --git a/nginx/nginx/sites-available/mommy.conf b/nginx/nginx/sites-available/mommy.conf new file mode 100644 index 0000000..88cd0ff --- /dev/null +++ b/nginx/nginx/sites-available/mommy.conf @@ -0,0 +1,38 @@ +server { + listen 443 ssl; + server_name mommy-bot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8009; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name mommy.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8008; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name mommy-slack.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8010; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/monitoring.conf b/nginx/nginx/sites-available/monitoring.conf new file mode 100644 index 0000000..39061b2 --- /dev/null +++ b/nginx/nginx/sites-available/monitoring.conf @@ -0,0 +1,79 @@ +server { + listen 443 ssl; + server_name analytics.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/analytics.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/analytics.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:11080; + } + + location = /live/websocket { + proxy_pass http://127.0.0.1:11080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } +} + +server { + listen 443 ssl; + server_name incidents.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/incidents.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/incidents.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3001; + } +} + +server { + listen 443 ssl; + server_name logs.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/logs.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/logs.nhcarrigan.com/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:9000; + proxy_set_header Host $host; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto http; + proxy_redirect http:// $scheme://; + + proxy_connect_timeout 1m; + proxy_send_timeout 1m; + proxy_read_timeout 1m; + } +} + +server { + listen 443 ssl; + server_name telemetry.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/telemetry.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/telemetry.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5080; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name uptime.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/uptime.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/uptime.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3001; + } +} diff --git a/nginx/nginx/sites-available/nails.conf b/nginx/nginx/sites-available/nails.conf new file mode 100644 index 0000000..febcd26 --- /dev/null +++ b/nginx/nginx/sites-available/nails.conf @@ -0,0 +1,30 @@ +server { + listen 443 ssl; + server_name nails-api.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/nails-api.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nails-api.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:1235; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name nails.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/nails.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nails.nhcarrigan.com/privkey.pem; + + root /home/naomi/nails/client/dist/client/browser; + + location / { + index index.html; + try_files $uri $uri/ /index.html; + } + + location ~* \.(js|css)$ { + try_files $uri $uri/ @rewrite; + } +} diff --git a/nginx/nginx/sites-available/notes.conf b/nginx/nginx/sites-available/notes.conf new file mode 100644 index 0000000..7f7dfc4 --- /dev/null +++ b/nginx/nginx/sites-available/notes.conf @@ -0,0 +1,91 @@ +server { + listen 443 ssl; + server_name board.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/board.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/board.nhcarrigan.com/privkey.pem; + + location ~ /ws/* { + proxy_pass http://127.0.0.1:43333; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + client_max_body_size 50M; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_body_timeout 60; + send_timeout 300; + lingering_timeout 5; + proxy_connect_timeout 1d; + proxy_send_timeout 1d; + proxy_read_timeout 1d; + } + + location / { + proxy_pass http://127.0.0.1:43333; + client_max_body_size 50M; + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + proxy_read_timeout 600s; + proxy_cache_revalidate on; + proxy_cache_min_uses 2; + proxy_cache_use_stale timeout; + proxy_cache_lock on; + proxy_http_version 1.1; + } +} + +server { + listen 443 ssl; + server_name notes.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/notes.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/notes.nhcarrigan.com/privkey.pem; + + location ~ ^/(collab|socket\.io)(/.*)?$ { + proxy_pass http://127.0.0.1:30000; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + client_max_body_size 50M; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_body_timeout 60; + send_timeout 300; + lingering_timeout 5; + proxy_connect_timeout 1d; + proxy_send_timeout 1d; + proxy_read_timeout 1d; + } + + location / { + proxy_pass http://127.0.0.1:30000; + client_max_body_size 50M; + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + proxy_read_timeout 600s; + proxy_cache_revalidate on; + proxy_cache_min_uses 2; + proxy_cache_use_stale timeout; + proxy_cache_lock on; + proxy_http_version 1.1; + } +} diff --git a/nginx/nginx/sites-available/portfolio.conf b/nginx/nginx/sites-available/portfolio.conf new file mode 100644 index 0000000..5de0b76 --- /dev/null +++ b/nginx/nginx/sites-available/portfolio.conf @@ -0,0 +1,161 @@ +server { + listen 443 ssl; + server_name naomi.lgbt; + ssl_certificate /etc/letsencrypt/live/naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/naomi.lgbt/privkey.pem; + + root /home/naomi/portfolio/site; + + location / { + index index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } + + location /games { + try_files /games.html =404; + } + + location /koikatsu { + try_files /koikatsu.html =404; + } +} + +server { + listen 443 ssl; + server_name naomi.party; + ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem; + + root /home/naomi/bsky; + + location / { + index index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} + +server { + listen 443 ssl; + server_name nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem; + + root /home/naomi/portfolio/site; + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } + + location / { + index index.html; + } + + location /games { + try_files /games.html =404; + } + + location /koikatsu { + try_files /koikatsu.html =404; + } +} + +server { + listen 443 ssl; + server_name nhcarrigan.link; + ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem; + + root /home/naomi/link-redirector; + + location / { + index index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} + +server { + listen 443 ssl; + server_name resume.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/resume.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/resume.nhcarrigan.com/privkey.pem; + + root /home/naomi/resume/site; + + location /resume.yaml { + default_type text/plain; + add_header Content-Type "text/plain; charset=utf-8"; + } + + location / { + index index.html; + try_files $uri $uri/ /index.html; + } +} + +server { + listen 443 ssl; + server_name www.naomi.lgbt; + ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem; + + root /home/naomi/portfolio/site; + + location / { + index index.html; + } + + location /games { + try_files /games.html =404; + } + + location /koikatsu { + try_files /koikatsu.html =404; + } +} + +server { + listen 443 ssl; + server_name www.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/www.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.nhcarrigan.com/privkey.pem; + + root /home/naomi/portfolio/site; + + location / { + index index.html; + } + + location /games { + try_files /games.html =404; + } + + location /koikatsu { + try_files /koikatsu.html =404; + } +} + +# Wildcard catch-all — must remain last so specific subdomains take priority +server { + listen 443 ssl; + server_name ~^(?.+)\.naomi\.lgbt$; + + ssl_certificate /etc/letsencrypt/live/*.naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/*.naomi.lgbt/privkey.pem; + + location / { + return 301 https://$subdomain.nhcarrigan.com$request_uri; + } +} diff --git a/nginx/nginx/sites-available/rosalia.conf b/nginx/nginx/sites-available/rosalia.conf new file mode 100644 index 0000000..4806f6a --- /dev/null +++ b/nginx/nginx/sites-available/rosalia.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + server_name alerts.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem; + + # Redirect ONLY root `/` + location = / { + return 307 https://rosalia.nhcarrigan.com; + } + + # Proxy everything else + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5003; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name rosalia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/rosalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rosalia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5003; + proxy_redirect off; + } +} diff --git a/nginx/nginx/sites-available/scheduling.conf b/nginx/nginx/sites-available/scheduling.conf new file mode 100644 index 0000000..2f60743 --- /dev/null +++ b/nginx/nginx/sites-available/scheduling.conf @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + server_name cyc.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/cyc.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem; + + return 301 https://zcal.co/nhcarrigan/cyc; +} + +server { + listen 443 ssl; + server_name meet.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/meet.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem; + + return 301 https://zcal.co/nhcarrigan/meet; +} + +server { + listen 443 ssl; + server_name tasks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://melody.nhcarrigan.com$uri$is_args$args; + } +} diff --git a/nginx/nginx/sites-available/security.conf b/nginx/nginx/sites-available/security.conf new file mode 100644 index 0000000..89d430e --- /dev/null +++ b/nginx/nginx/sites-available/security.conf @@ -0,0 +1,38 @@ +server { + listen 443 ssl; + server_name quality.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/quality.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/quality.nhcarrigan.com/privkey.pem; + + client_max_body_size 1g; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9500; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name security.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem; + + location /report { + alias /home/naomi/defectdojo; + index report.html; + } + + location / { + proxy_pass http://127.0.0.1:43434; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_max_body_size 100M; + proxy_read_timeout 90; + } +} diff --git a/nginx/nginx/sites-available/support.conf b/nginx/nginx/sites-available/support.conf new file mode 100644 index 0000000..be67f78 --- /dev/null +++ b/nginx/nginx/sites-available/support.conf @@ -0,0 +1,46 @@ +server { + listen 443 ssl; + server_name chat.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/chat.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://discord.gg/KKe7BaEnQB; + } +} + +server { + listen 443 ssl; + server_name forum.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/forum.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/forum.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://support.nhcarrigan.com; + } +} + +server { + listen 443 ssl http2; + server_name support.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/support.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/support.nhcarrigan.com/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + client_max_body_size 20M; + + location / { + proxy_pass http://localhost:32121; + + proxy_set_header Host $http_host; + proxy_http_version 1.1; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/nginx/nginx/sites-available/vitalia.conf b/nginx/nginx/sites-available/vitalia.conf new file mode 100644 index 0000000..3bf9200 --- /dev/null +++ b/nginx/nginx/sites-available/vitalia.conf @@ -0,0 +1,30 @@ +server { + listen 443 ssl; + server_name vitalia-api.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:12345; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name vitalia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem; + + root /home/naomi/vitalia/client/dist/client/browser; + + location / { + index index.html; + try_files $uri $uri/ /index.html; + } + + location ~* \.(js|css)$ { + try_files $uri $uri/ @rewrite; + } +} diff --git a/nginx/nginx/sites-available/wtf.conf b/nginx/nginx/sites-available/wtf.conf new file mode 100644 index 0000000..30b3fc8 --- /dev/null +++ b/nginx/nginx/sites-available/wtf.conf @@ -0,0 +1,16 @@ +server { + listen 443 ssl; + server_name wtf.naomi.lgbt; + ssl_certificate /etc/letsencrypt/live/wtf.naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wtf.naomi.lgbt/privkey.pem; + client_max_body_size 100M; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3456; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/nginx/nginx/sites-enabled/afp.conf b/nginx/nginx/sites-enabled/afp.conf new file mode 120000 index 0000000..8f556ac --- /dev/null +++ b/nginx/nginx/sites-enabled/afp.conf @@ -0,0 +1 @@ +../sites-available/afp.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/aria.conf b/nginx/nginx/sites-enabled/aria.conf new file mode 120000 index 0000000..298f0fb --- /dev/null +++ b/nginx/nginx/sites-enabled/aria.conf @@ -0,0 +1 @@ +../sites-available/aria.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/bots.conf b/nginx/nginx/sites-enabled/bots.conf new file mode 120000 index 0000000..52a55db --- /dev/null +++ b/nginx/nginx/sites-enabled/bots.conf @@ -0,0 +1 @@ +../sites-available/bots.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/cdn.conf b/nginx/nginx/sites-enabled/cdn.conf new file mode 120000 index 0000000..eb70532 --- /dev/null +++ b/nginx/nginx/sites-enabled/cdn.conf @@ -0,0 +1 @@ +../sites-available/cdn.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/celestine.conf b/nginx/nginx/sites-enabled/celestine.conf new file mode 120000 index 0000000..e88a55b --- /dev/null +++ b/nginx/nginx/sites-enabled/celestine.conf @@ -0,0 +1 @@ +../sites-available/celestine.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/content.conf b/nginx/nginx/sites-enabled/content.conf new file mode 120000 index 0000000..e0b350e --- /dev/null +++ b/nginx/nginx/sites-enabled/content.conf @@ -0,0 +1 @@ +../sites-available/content.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/data.conf b/nginx/nginx/sites-enabled/data.conf new file mode 120000 index 0000000..aa7f98f --- /dev/null +++ b/nginx/nginx/sites-enabled/data.conf @@ -0,0 +1 @@ +../sites-available/data.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/docs.conf b/nginx/nginx/sites-enabled/docs.conf new file mode 120000 index 0000000..d2890f7 --- /dev/null +++ b/nginx/nginx/sites-enabled/docs.conf @@ -0,0 +1 @@ +../sites-available/docs.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/eclaire.conf b/nginx/nginx/sites-enabled/eclaire.conf new file mode 120000 index 0000000..4027839 --- /dev/null +++ b/nginx/nginx/sites-enabled/eclaire.conf @@ -0,0 +1 @@ +../sites-available/eclaire.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/elowyn.conf b/nginx/nginx/sites-enabled/elowyn.conf new file mode 120000 index 0000000..55e1045 --- /dev/null +++ b/nginx/nginx/sites-enabled/elowyn.conf @@ -0,0 +1 @@ +../sites-available/elowyn.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/forms.conf b/nginx/nginx/sites-enabled/forms.conf new file mode 120000 index 0000000..42910d9 --- /dev/null +++ b/nginx/nginx/sites-enabled/forms.conf @@ -0,0 +1 @@ +../sites-available/forms.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/games.conf b/nginx/nginx/sites-enabled/games.conf new file mode 120000 index 0000000..d01bfa2 --- /dev/null +++ b/nginx/nginx/sites-enabled/games.conf @@ -0,0 +1 @@ +../sites-available/games.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/git.conf b/nginx/nginx/sites-enabled/git.conf new file mode 120000 index 0000000..3abc7b2 --- /dev/null +++ b/nginx/nginx/sites-enabled/git.conf @@ -0,0 +1 @@ +../sites-available/git.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/hikari.conf b/nginx/nginx/sites-enabled/hikari.conf new file mode 120000 index 0000000..780dd41 --- /dev/null +++ b/nginx/nginx/sites-enabled/hikari.conf @@ -0,0 +1 @@ +../sites-available/hikari.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/library.conf b/nginx/nginx/sites-enabled/library.conf new file mode 120000 index 0000000..6592987 --- /dev/null +++ b/nginx/nginx/sites-enabled/library.conf @@ -0,0 +1 @@ +../sites-available/library.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/lucinda.conf b/nginx/nginx/sites-enabled/lucinda.conf new file mode 120000 index 0000000..841b59d --- /dev/null +++ b/nginx/nginx/sites-enabled/lucinda.conf @@ -0,0 +1 @@ +../sites-available/lucinda.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/lynira.conf b/nginx/nginx/sites-enabled/lynira.conf new file mode 120000 index 0000000..bb535a0 --- /dev/null +++ b/nginx/nginx/sites-enabled/lynira.conf @@ -0,0 +1 @@ +../sites-available/lynira.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/mommy.conf b/nginx/nginx/sites-enabled/mommy.conf new file mode 120000 index 0000000..af528a3 --- /dev/null +++ b/nginx/nginx/sites-enabled/mommy.conf @@ -0,0 +1 @@ +../sites-available/mommy.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/monitoring.conf b/nginx/nginx/sites-enabled/monitoring.conf new file mode 120000 index 0000000..8cda051 --- /dev/null +++ b/nginx/nginx/sites-enabled/monitoring.conf @@ -0,0 +1 @@ +../sites-available/monitoring.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/nails.conf b/nginx/nginx/sites-enabled/nails.conf new file mode 120000 index 0000000..c2000b6 --- /dev/null +++ b/nginx/nginx/sites-enabled/nails.conf @@ -0,0 +1 @@ +../sites-available/nails.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/notes.conf b/nginx/nginx/sites-enabled/notes.conf new file mode 120000 index 0000000..f349177 --- /dev/null +++ b/nginx/nginx/sites-enabled/notes.conf @@ -0,0 +1 @@ +../sites-available/notes.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/portfolio.conf b/nginx/nginx/sites-enabled/portfolio.conf new file mode 120000 index 0000000..ee09510 --- /dev/null +++ b/nginx/nginx/sites-enabled/portfolio.conf @@ -0,0 +1 @@ +../sites-available/portfolio.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/rosalia.conf b/nginx/nginx/sites-enabled/rosalia.conf new file mode 120000 index 0000000..b74dc5b --- /dev/null +++ b/nginx/nginx/sites-enabled/rosalia.conf @@ -0,0 +1 @@ +../sites-available/rosalia.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/scheduling.conf b/nginx/nginx/sites-enabled/scheduling.conf new file mode 120000 index 0000000..9d38a39 --- /dev/null +++ b/nginx/nginx/sites-enabled/scheduling.conf @@ -0,0 +1 @@ +../sites-available/scheduling.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/security.conf b/nginx/nginx/sites-enabled/security.conf new file mode 120000 index 0000000..ddda831 --- /dev/null +++ b/nginx/nginx/sites-enabled/security.conf @@ -0,0 +1 @@ +../sites-available/security.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/support.conf b/nginx/nginx/sites-enabled/support.conf new file mode 120000 index 0000000..41db21b --- /dev/null +++ b/nginx/nginx/sites-enabled/support.conf @@ -0,0 +1 @@ +../sites-available/support.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/vitalia.conf b/nginx/nginx/sites-enabled/vitalia.conf new file mode 120000 index 0000000..01bf332 --- /dev/null +++ b/nginx/nginx/sites-enabled/vitalia.conf @@ -0,0 +1 @@ +../sites-available/vitalia.conf \ No newline at end of file diff --git a/nginx/nginx/sites-enabled/wtf.conf b/nginx/nginx/sites-enabled/wtf.conf new file mode 120000 index 0000000..583d565 --- /dev/null +++ b/nginx/nginx/sites-enabled/wtf.conf @@ -0,0 +1 @@ +../sites-available/wtf.conf \ No newline at end of file