diff --git a/nginx/nginx/conf.d/redirects.conf b/nginx/nginx/conf.d/redirects.conf new file mode 100644 index 0000000..49a4c89 --- /dev/null +++ b/nginx/nginx/conf.d/redirects.conf @@ -0,0 +1,151 @@ +# Pure-redirect virtual hosts — server blocks whose only purpose is a 301/302 to another URL. + +# val.nhcarrigan.com → headpat image +server { + listen 443 ssl; + server_name val.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/val.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/val.nhcarrigan.com/privkey.pem; + + location / { + return 302 https://cdn.nhcarrigan.com/val-headpat.jpg; + } +} + +# assistant.nhcarrigan.com → cordelia (legacy name) +server { + listen 443 ssl; + server_name assistant.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# trans-bot.nhcarrigan.com → aria (legacy name) +server { + listen 443 ssl; + server_name trans-bot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://aria.nhcarrigan.com; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# announcements.nhcarrigan.com → hikari /announcements +server { + listen 443 ssl; + server_name announcements.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; + + return 301 https://hikari.nhcarrigan.com/announcements; + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# products.nhcarrigan.com → hikari /products +server { + listen 443 ssl; + server_name products.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://hikari.nhcarrigan.com/products; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# hooks.nhcarrigan.com → celestine (legacy name) +server { + listen 443 ssl; + server_name hooks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://celestine.nhcarrigan.com$uri$is_args$args; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# chat.nhcarrigan.com → Discord invite +server { + listen 443 ssl; + server_name chat.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/chat.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://discord.gg/KKe7BaEnQB; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# forum.nhcarrigan.com → support (legacy name) +server { + listen 443 ssl; + server_name forum.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/forum.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/forum.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://support.nhcarrigan.com; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# cyc.nhcarrigan.com → zcal scheduling +server { + listen 443 ssl; + server_name cyc.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/cyc.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem; + + return 301 https://zcal.co/nhcarrigan/cyc; + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# meet.nhcarrigan.com → zcal scheduling +server { + listen 443 ssl; + server_name meet.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/meet.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem; + + return 301 https://zcal.co/nhcarrigan/meet; + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# tasks.nhcarrigan.com → melody +server { + listen 443 ssl; + server_name tasks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://melody.nhcarrigan.com$uri$is_args$args; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} + +# Wildcard: *.naomi.lgbt → *.nhcarrigan.com +server { + listen 443 ssl; + server_name ~^(?.+)\.naomi\.lgbt$; + + ssl_certificate /etc/letsencrypt/live/*.naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/*.naomi.lgbt/privkey.pem; + + location / { + return 301 https://$subdomain.nhcarrigan.com$request_uri; + } + include /etc/nginx/snippets/deny-dotfiles.conf; +} diff --git a/nginx/nginx/sites-available/aria.conf b/nginx/nginx/sites-available/aria.conf index d97b5a8..94269a4 100644 --- a/nginx/nginx/sites-available/aria.conf +++ b/nginx/nginx/sites-available/aria.conf @@ -1,4 +1,4 @@ -# Aria bot, Cordelia AI assistant, trans-related services, and legacy redirects. +# Aria bot, Cordelia AI assistant, and trans-related services. server { listen 443 ssl; server_name aria.nhcarrigan.com; @@ -12,18 +12,6 @@ server { include /etc/nginx/snippets/deny-dotfiles.conf; } -server { - listen 443 ssl; - server_name assistant.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} - server { listen 443 ssl; server_name cordelia.nhcarrigan.com; @@ -38,18 +26,6 @@ server { include /etc/nginx/snippets/deny-dotfiles.conf; } -server { - listen 443 ssl; - server_name trans-bot.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://aria.nhcarrigan.com; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} - server { listen 443 ssl; server_name trans.nhcarrigan.com; diff --git a/nginx/nginx/sites-available/celestine.conf b/nginx/nginx/sites-available/celestine.conf index 4971efd..999dc14 100644 --- a/nginx/nginx/sites-available/celestine.conf +++ b/nginx/nginx/sites-available/celestine.conf @@ -1,4 +1,4 @@ -# Celestine webhook handler and legacy hooks redirect. +# Celestine webhook handler. server { listen 443 ssl; server_name celestine.nhcarrigan.com; @@ -13,14 +13,3 @@ server { include /etc/nginx/snippets/deny-dotfiles.conf; } -server { - listen 443 ssl; - server_name hooks.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://celestine.nhcarrigan.com$uri$is_args$args; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} diff --git a/nginx/nginx/sites-available/content.conf b/nginx/nginx/sites-available/content.conf index 9f3b5d2..68bdc7c 100644 --- a/nginx/nginx/sites-available/content.conf +++ b/nginx/nginx/sites-available/content.conf @@ -1,16 +1,5 @@ # Static content and publishing sites: blog, books, donate, music, secrets, style, testimonials. -server { - listen 443 ssl; - server_name val.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/val.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/val.nhcarrigan.com/privkey.pem; - - location / { - return 302 https://cdn.nhcarrigan.com/val-headpat.jpg; - } -} - server { listen 443 ssl; server_name blog.nhcarrigan.com; diff --git a/nginx/nginx/sites-available/hikari.conf b/nginx/nginx/sites-available/hikari.conf index 446c580..1840fa6 100644 --- a/nginx/nginx/sites-available/hikari.conf +++ b/nginx/nginx/sites-available/hikari.conf @@ -1,14 +1,4 @@ -# Hikari desktop app (Angular SPA + API backend) and legacy redirect subdomains. -server { - listen 443 ssl; - server_name announcements.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; - - return 301 https://hikari.nhcarrigan.com/announcements; - include /etc/nginx/snippets/deny-dotfiles.conf; -} - +# Hikari desktop app (Angular SPA + API backend). server { listen 443 ssl; server_name hikari.nhcarrigan.com; @@ -37,14 +27,3 @@ server { include /etc/nginx/snippets/deny-dotfiles.conf; } -server { - listen 443 ssl; - server_name products.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://hikari.nhcarrigan.com/products; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} diff --git a/nginx/nginx/sites-available/portfolio.conf b/nginx/nginx/sites-available/portfolio.conf index 1b22af2..47f4974 100644 --- a/nginx/nginx/sites-available/portfolio.conf +++ b/nginx/nginx/sites-available/portfolio.conf @@ -1,5 +1,4 @@ -# Personal portfolio and vanity domains (naomi.lgbt, naomi.party, nhcarrigan.com, nhcarrigan.link, resume) -# plus a wildcard catch-all that redirects *.naomi.lgbt → *.nhcarrigan.com. +# Personal portfolio and vanity domains (naomi.lgbt, naomi.party, nhcarrigan.com, nhcarrigan.link, resume). server { listen 443 ssl; server_name naomi.lgbt; @@ -160,16 +159,3 @@ server { include /etc/nginx/snippets/deny-dotfiles.conf; } -# Wildcard catch-all — must remain last so specific subdomains take priority -server { - listen 443 ssl; - server_name ~^(?.+)\.naomi\.lgbt$; - - ssl_certificate /etc/letsencrypt/live/*.naomi.lgbt/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/*.naomi.lgbt/privkey.pem; - - location / { - return 301 https://$subdomain.nhcarrigan.com$request_uri; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} diff --git a/nginx/nginx/sites-available/scheduling.conf b/nginx/nginx/sites-available/scheduling.conf deleted file mode 100644 index 0bbec95..0000000 --- a/nginx/nginx/sites-available/scheduling.conf +++ /dev/null @@ -1,32 +0,0 @@ -# Scheduling shortcuts that redirect to zcal.co (cyc, meet) and tasks redirect. -server { - listen 443 ssl; - server_name cyc.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/cyc.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem; - - return 301 https://zcal.co/nhcarrigan/cyc; - include /etc/nginx/snippets/deny-dotfiles.conf; -} - -server { - listen 443 ssl; - server_name meet.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/meet.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem; - - return 301 https://zcal.co/nhcarrigan/meet; - include /etc/nginx/snippets/deny-dotfiles.conf; -} - -server { - listen 443 ssl; - server_name tasks.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://melody.nhcarrigan.com$uri$is_args$args; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} diff --git a/nginx/nginx/sites-available/support.conf b/nginx/nginx/sites-available/support.conf index ed21f79..d1882e5 100644 --- a/nginx/nginx/sites-available/support.conf +++ b/nginx/nginx/sites-available/support.conf @@ -1,28 +1,4 @@ -# Discourse community support forum and legacy chat/forum redirects. -server { - listen 443 ssl; - server_name chat.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/chat.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/chat.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://discord.gg/KKe7BaEnQB; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} - -server { - listen 443 ssl; - server_name forum.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/forum.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/forum.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://support.nhcarrigan.com; - } - include /etc/nginx/snippets/deny-dotfiles.conf; -} - +# Discourse community support forum. server { listen 443 ssl http2; server_name support.nhcarrigan.com; diff --git a/nginx/nginx/sites-enabled/scheduling.conf b/nginx/nginx/sites-enabled/scheduling.conf deleted file mode 120000 index 9d38a39..0000000 --- a/nginx/nginx/sites-enabled/scheduling.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/scheduling.conf \ No newline at end of file