nhcarrigan/nginx-configs
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 1 Pull Requests Actions Releases Activity

refactor: restructure nginx config into per-app files (#1)
Test nginx configuration / Static Analysis (push) Successful in 5s
Details
Test nginx configuration / nginx Syntax Check (push) Successful in 18s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 2m39s
Details

Browse Source 
## Summary

- Added `push.sh` script to deploy configs to prod via `sudo rsync` (with `--delete` for exact mirroring)
- Split the monolithic `conf.d/server.conf` (1,682 lines, 96 server blocks) into 28 per-app files under `sites-available/`, with corresponding symlinks in `sites-enabled/`
- Extracted custom `nginx.conf` settings (`log_format` directives, `server_names_hash_bucket_size`) into dedicated `conf.d/logging.conf` and `conf.d/tuning.conf` files, leaving `nginx.conf` as close to stock as possible

## Test plan

- [x] `sudo nginx -t` passes on prod after the sites-available restructure

 This PR was created with help from Hikari~ 🌸

Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Reviewed-on: #1
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>
This commit was merged in pull request #1.
This commit is contained in:
Hikari
2026-03-07 02:05:29 -08:00
committed by Naomi Carrigan
parent d06178c01b
commit db36f98578
79 changed files with 2800 additions and 979 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx/nginx/cloudflare_ips.conf
+28
View File
@@ -0,0 +1,28 @@
# Auto-generated Cloudflare IP ranges
# Updated: Mon Mar 2 09:45:19 PM PST 2026
real_ip_header CF-Connecting-IP;
# IPv4 ranges
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
# IPv6 ranges
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
nginx/nginx/conf.d/logging.conf
+47
View File
@@ -0,0 +1,47 @@
log_format custom_format '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for"';
access_log /var/log/nginx/access.log custom_format;
log_format json_analytics escape=json '{'
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
'"connection": "$connection", ' # connection serial number
'"connection_requests": "$connection_requests", ' # number of requests made in connection
'"pid": "$pid", ' # process pid
'"request_id": "$request_id", ' # the unique request id
'"request_length": "$request_length", ' # request length (including headers and body)
'"remote_addr": "$remote_addr", ' # client IP
'"remote_user": "$remote_user", ' # client HTTP username
'"remote_port": "$remote_port", ' # client port
'"time_local": "$time_local", '
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
'"request": "$request", ' # full path no arguments if the request
'"request_uri": "$request_uri", ' # full path and arguments if the request
'"args": "$args", ' # args
'"status": "$status", ' # response status code
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
'"http_referer": "$http_referer", ' # HTTP referer
'"http_user_agent": "$http_user_agent", ' # user agent
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
'"http_host": "$http_host", ' # the request Host: header
'"server_name": "$server_name", ' # the name of the vhost serving the request
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
'"upstream_response_time": "$upstream_response_time", ' # time spent receiving upstream body
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
'"scheme": "$scheme", ' # http or https
'"request_method": "$request_method", ' # request method
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
'"gzip_ratio": "$gzip_ratio", '
'}';
access_log /var/log/nginx/json_access.log json_analytics;
nginx/nginx/conf.d/tuning.conf
+1
View File
@@ -0,0 +1 @@
server_names_hash_bucket_size 128;
nginx/nginx/fastcgi.conf
+27
View File
@@ -0,0 +1,27 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
nginx/nginx/fastcgi_params
+26
View File
@@ -0,0 +1,26 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
nginx/nginx/koi-utf
+109
View File
@@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}
nginx/nginx/koi-win
+103
View File
@@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}
nginx/nginx/mime.types
+101
View File
@@ -0,0 +1,101 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/ogg ogv;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-matroska mkv;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
nginx/nginx/nginx.conf
+52
View File
@@ -0,0 +1,52 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Look at the real IP, not the cloudflare IP.
include /etc/nginx/cloudflare_ips.conf;
}
nginx/nginx/proxy_params
+4
View File
@@ -0,0 +1,4 @@
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
nginx/nginx/scgi_params
+17
View File
@@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;
nginx/nginx/sites-available/afp.conf
+13
View File
@@ -0,0 +1,13 @@
# AFP service proxy.
server {
listen 443 ssl;
server_name afp.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/afp.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/afp.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:10080;
proxy_redirect off;
}
}
nginx/nginx/sites-available/aria.conf
+59
View File
@@ -0,0 +1,59 @@
# Aria bot, Cordelia AI assistant, trans-related services, and legacy redirects.
server {
listen 443 ssl;
server_name aria.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/aria.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aria.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5001;
}
}
server {
listen 443 ssl;
server_name assistant.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem;
location / {
return 301 https://cordelia.nhcarrigan.com$uri$is_args$args;
}
}
server {
listen 443 ssl;
server_name cordelia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/cordelia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cordelia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5002;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name trans-bot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
location / {
return 301 https://aria.nhcarrigan.com;
}
}
server {
listen 443 ssl;
server_name trans.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:5000;
}
}
nginx/nginx/sites-available/bots.conf
+252
View File
@@ -0,0 +1,252 @@
# Discord bots and automated services (one entry per bot, sorted alphabetically).
server {
listen 443 ssl;
server_name altaria.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/altaria.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/altaria.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6022;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name amari.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/amari.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amari.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7044;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name becca.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/becca.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/becca.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5010;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name caelia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/caelia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/caelia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7055;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name callista.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/callista.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/callista.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6111;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name chibika.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/chibika.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chibika.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5018;
}
}
server {
listen 443 ssl;
server_name gwen.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/gwen.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gwen.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5012;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name keiko.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/keiko.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/keiko.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name liora.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/liora.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liora.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5022;
}
}
server {
listen 443 ssl;
server_name maylin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/maylin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maylin.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5011;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name melody.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/melody.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/melody.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5443;
}
}
server {
listen 443 ssl;
server_name pavelle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/pavelle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pavelle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6019;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name ruubot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4443;
}
}
server {
listen 443 ssl;
server_name saisoku.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/saisoku.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/saisoku.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9100;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name serenya.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/serenya.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/serenya.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7066;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name sorielle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/sorielle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sorielle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5019;
}
}
server {
listen 443 ssl;
server_name tyche.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/tyche.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tyche.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8123;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name umbrelle.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/umbrelle.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/umbrelle.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6088;
}
}
server {
listen 443 ssl;
server_name valerium.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/valerium.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/valerium.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3443;
}
}
server {
listen 443 ssl;
server_name veluna.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/veluna.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/veluna.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:6099;
}
}
nginx/nginx/sites-available/cdn.conf
+52
View File
@@ -0,0 +1,52 @@
# CDN reverse proxy to Hetzner object storage, with legacy path redirects and CORS headers.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cdn.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/cdn.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cdn.nhcarrigan.com/privkey.pem;
# Catches "/new-avatars/name-full.png" and redirects to "/avatars/name.png"
location ~ ^/new-avatars/(.+)-full\.png$ {
return 301 $scheme://$host/avatars/$1.png;
}
# Catches anything else starting with "/new-avatars/" and moves it to "/avatars/"
location ~ ^/new-avatars/(.*)$ {
return 301 $scheme://$host/avatars/$1;
}
location / {
proxy_pass https://nhcarrigan.hel1.your-objectstorage.com;
proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com;
proxy_ssl_server_name on;
proxy_ssl_name nhcarrigan.hel1.your-objectstorage.com;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Authorization "";
proxy_set_header x-amz-date "";
proxy_set_header x-amz-security-token "";
add_header X-Debug-Cdn "Proxy-Active" always;
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
}
}
nginx/nginx/sites-available/celestine.conf
+24
View File
@@ -0,0 +1,24 @@
# Celestine webhook handler and legacy hooks redirect.
server {
listen 443 ssl;
server_name celestine.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/celestine.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/celestine.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9080;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name hooks.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem;
location / {
return 301 https://celestine.nhcarrigan.com$uri$is_args$args;
}
}
nginx/nginx/sites-available/content.conf
+99
View File
@@ -0,0 +1,99 @@
# Static content and publishing sites: blog, books, donate, music, secrets, style, testimonials.
server {
listen 443 ssl;
server_name blog.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/blog.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3003;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name books.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/books.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/books.nhcarrigan.com/privkey.pem;
root /home/naomi/books;
location / {
index index.html;
}
location /books.json {
try_files /books.json =404;
}
}
server {
listen 443 ssl;
server_name donate.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/donate.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/donate.nhcarrigan.com/privkey.pem;
root /home/naomi/donate;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name music.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/music.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/music.nhcarrigan.com/privkey.pem;
root /home/naomi/music;
location / {
index index.html;
}
location /songs.json {
try_files /songs.json =404;
}
}
server {
listen 443 ssl;
server_name secrets.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/secrets.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/secrets.nhcarrigan.com/privkey.pem;
root /home/naomi/secrets;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name style.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/style.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/style.nhcarrigan.com/privkey.pem;
root /home/naomi/style;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name testimonials.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/testimonials.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testimonials.nhcarrigan.com/privkey.pem;
root /home/naomi/testimonials;
location / {
index index.html;
}
}
nginx/nginx/sites-available/data.conf
+13
View File
@@ -0,0 +1,13 @@
# Data service proxy.
server {
listen 443 ssl;
server_name data.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/data.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/data.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9999;
proxy_redirect off;
}
}
nginx/nginx/sites-available/default
+18
View File
@@ -0,0 +1,18 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
nginx/nginx/sites-available/docs.conf
+65
View File
@@ -0,0 +1,65 @@
# Documentation and informational sites: contact, docs, manual, sitemap, socials.
server {
listen 443 ssl;
server_name contact.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/contact.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/contact.nhcarrigan.com/privkey.pem;
root /home/naomi/socials;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name docs.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/docs.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/docs.nhcarrigan.com/privkey.pem;
root /home/naomi/docs/dist;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name manual.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/manual.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/manual.nhcarrigan.com/privkey.pem;
root /home/naomi/manual;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name sitemap.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/sitemap.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitemap.nhcarrigan.com/privkey.pem;
root /home/naomi/sitemap;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name socials.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/socials.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/socials.nhcarrigan.com/privkey.pem;
root /home/naomi/socials;
location / {
index index.html;
}
}
nginx/nginx/sites-available/eclaire.conf
+14
View File
@@ -0,0 +1,14 @@
# Eclaire Angular SPA.
server {
listen 443 ssl;
server_name eclaire.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/eclaire.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eclaire.nhcarrigan.com/privkey.pem;
root /home/naomi/eclaire/dist/eclaire/browser;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
nginx/nginx/sites-available/elowyn.conf
+18
View File
@@ -0,0 +1,18 @@
# Elowyn Angular SPA.
server {
listen 443 ssl;
server_name elowyn.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/elowyn.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/elowyn.nhcarrigan.com/privkey.pem;
root /home/naomi/elowyn;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location ~* \.(js|css)$ {
try_files $uri $uri/ @rewrite;
}
}
nginx/nginx/sites-available/elysium.conf
+24
View File
@@ -0,0 +1,24 @@
# Elysium Vite SPA and Hono API backend.
server {
listen 443 ssl;
server_name elysium.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/elysium.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/elysium.nhcarrigan.com/privkey.pem;
root /home/naomi/elysium/apps/web/dist;
location /api/ {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3898;
proxy_redirect off;
}
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location ~* \.(js|css)$ {
try_files $uri $uri/ @rewrite;
}
}
nginx/nginx/sites-available/forms.conf
+151
View File
@@ -0,0 +1,151 @@
# Grist forms platform (forms-api backend + forms frontend with CSS injection) and legacy form URL redirects.
server {
listen 443 ssl;
server_name forms-api.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/forms-api.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forms-api.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:1234;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name forms.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/forms.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forms.nhcarrigan.com/privkey.pem;
###########################
# REDIRECTS FOR OLD FORMS #
###########################
# Volunteer Application Form
location ~* ^/form/PEpB3gA79gxP8wmfEf4zou96opkpUTjssTcaeYjhoi8$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/mCxDu3snk9TzFiDjrT4Vc8/4;
}
# Mentorship Application Form (now Discord self-selectable role)
location ~* ^/form/gNv4NYZmdiMWpkUcnknII2yYCvnYNGAmabG5O5He9Mo$ {
return 301 https://docs.nhcarrigan.com/about/mentorship;
}
# Testimonials Form
location ~* ^/form/M_GrmqASymmO744axMOmu2LaMAaT5F0LmdVcU2c8-gQ$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/6kULn8zswT8vYcoC8wE1Zi/4;
}
# Community Appeals Form
location ~* ^/form/l3PC15yalSWjdZASTQvGo22q_uj_7OtXAhZdcW35ev8$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/4w5VHsYiEkiS2mewvtuJYL/4;
}
# Recognition/Nomination Form
location ~* ^/form/wksk-NuR3HBuovSixbXFEnkYq-3Gp-bZMH-n__PNRKw$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/to2oFocVgALyr23EC84xM9/4;
}
# Community Feedback Form (now Discord forum channel)
location ~* ^/form/IDdo5e4OJS44QYFm9_aRJ36lY3Ox-BBTAM9zfnkhfoo$ {
return 301 https://docs.nhcarrigan.com/community/feedback;
}
# Product Feedback Form (now Discord forum channel)
location ~* ^/form/jkcGg0hMIa4U0hDL2OMip5pMX2UujN5W5n4Qn8HReJ8$ {
return 301 https://docs.nhcarrigan.com/community/feedback;
}
# Meeting Request Form (now Zcal scheduling)
location ~* ^/form/uUKZiJSDm6847iDOlpZkD5QF7cAjoTbTm0F4T0EdW0I$ {
return 301 https://zcal.co/nhcarrigan/meet;
}
# Commission Request Form
location ~* ^/form/XRlQjeu8CbMrTA-v0IPOxlUPEPitLKXTWg70UUCIORA$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/a9K6uzJkpnTfnKgo19b4Rp/4;
}
# Contact Form
location ~* ^/form/HyqoJ9Th5QDiOn_GPLNIRhe1a5ON7mDQf-O_ukM6R4g$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/8XTPmbrFtvDJAKSPgBgsvA/4;
}
# Git Account Request Form (no longer available - now Discord forum channels)
location ~* ^/form/c0_N5hb-VcmC2ClzaGOvDxVirMN_coiWG7eoPhDPsZ0$ {
return 301 https://docs.nhcarrigan.com/about/contact;
}
# Event/Publication Request Form
location ~* ^/form/Xqap3Q8hazzJd4Rrp9OOs9ip8Pa7C9zOVThlyFoPCbU$ {
return 301 https://forms.nhcarrigan.com/o/docs/forms/3xEKnDEbqQKG8GJp4kXRCs/4;
}
# Match any path ending in /forms/<id>
location ~ /forms/([^/]+)(?:/(.*))?$ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:11111;
proxy_redirect off;
# Disable Gzip from upstream so nginx can inject CSS
proxy_set_header Accept-Encoding "";
# Inject CSS and remove Grist branding
sub_filter '</body>' '<style>
/* 1. Remove the "Powered by Grist" footer */
footer[class] {
display: none !important;
}
/* 2. Remove the Border/Shadow from the container */
.test-form-framing {
border: none !important;
box-shadow: none !important;
}
/* 3. Remove the "Grist Form" badge (First child of framing) */
.test-form-framing > *:first-child {
display: none !important;
}
main {
margin-bottom: auto !important;
}
div:has(> main:first-child) {
border-radius: 10px;
margin-bottom: 50px;
}
</style><script src="https://cdn.nhcarrigan.com/headers/index.js"></script><script>document.querySelector("footer")?.remove();</script>
</body>';
sub_filter_once on;
}
# Upgrade websocket requests and route the api backend
location ~ ^/(api|ws)/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:11111;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:11111;
proxy_redirect off;
}
}
nginx/nginx/sites-available/games.conf
+165
View File
@@ -0,0 +1,165 @@
# Games and gaming projects: beccalia, games hub, goblin, loan, lore, silly, wompwomp, yurigpt.
server {
listen 443 ssl;
server_name beccalia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/beccalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beccalia.nhcarrigan.com/privkey.pem;
root /home/naomi/games/beccalia;
location / {
index index.html;
}
location /origins {
index index.html;
}
location /prologue {
index index.html;
}
}
server {
listen 443 ssl;
server_name games.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
root /home/naomi/games;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name goblin.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/goblin.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/goblin.nhcarrigan.com/privkey.pem;
root /home/naomi/games/goblin;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name loan.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/loan.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loan.nhcarrigan.com/privkey.pem;
root /home/naomi/games/loan;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name lore.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/lore.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lore.nhcarrigan.com/privkey.pem;
root /home/naomi/lore/dist/lore/browser;
location / {
index index.html;
}
}
server {
listen 443 ssl;
server_name silly.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/silly.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/silly.nhcarrigan.com/privkey.pem;
root /home/naomi/silly;
index index.html;
location = / {
try_files /index.html =404;
}
location / {
try_files $uri $uri/ $uri.html $uri/index.html =404;
}
location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|eot|webp)$ {
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~ /\.(?!well-known) {
deny all;
}
}
server {
listen 443 ssl;
server_name wompwomp.club;
ssl_certificate /etc/letsencrypt/live/wompwomp.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wompwomp.club/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5033;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name www.wompwomp.club;
ssl_certificate /etc/letsencrypt/live/www.wompwomp.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.wompwomp.club/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5033;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name www.yurigpt.com;
ssl_certificate /etc/letsencrypt/live/www.yurigpt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.yurigpt.com/privkey.pem;
root /home/naomi/yurigpt/dist/yurigpt/browser;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
}
server {
listen 443 ssl;
server_name yurigpt.com;
ssl_certificate /etc/letsencrypt/live/yurigpt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yurigpt.com/privkey.pem;
root /home/naomi/yurigpt/dist/yurigpt/browser;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
}
nginx/nginx/sites-available/git.conf
+14
View File
@@ -0,0 +1,14 @@
# Self-hosted Gitea instance.
server {
listen 443 ssl;
server_name git.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/git.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.nhcarrigan.com/privkey.pem;
location / {
client_max_body_size 5000M;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:53000;
proxy_redirect off;
}
}
nginx/nginx/sites-available/hikari.conf
+47
View File
@@ -0,0 +1,47 @@
# Hikari desktop app (Angular SPA + API backend) and legacy redirect subdomains.
server {
listen 443 ssl;
server_name announcements.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem;
return 301 https://hikari.nhcarrigan.com/announcements;
}
server {
listen 443 ssl;
server_name hikari.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/hikari.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hikari.nhcarrigan.com/privkey.pem;
root /home/naomi/hikari/client/dist/client/browser;
index index.html;
location /api/ {
proxy_pass http://127.0.0.1:20000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header cf-connecting-ip $http_cf_connecting_ip;
proxy_set_header origin $http_origin;
# This removes /api from the forwarded URL
rewrite ^/api/(.*)$ /$1 break;
}
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 443 ssl;
server_name products.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem;
location / {
return 301 https://hikari.nhcarrigan.com/products;
}
}
nginx/nginx/sites-available/library.conf
+13
View File
@@ -0,0 +1,13 @@
# Library service proxy.
server {
listen 443 ssl;
server_name library.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/library.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/library.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:12321;
proxy_redirect off;
}
}
nginx/nginx/sites-available/lucinda.conf
+25
View File
@@ -0,0 +1,25 @@
# Lucinda full-stack app (Angular SPA + API backend).
server {
listen 443 ssl;
server_name lucinda.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/lucinda.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lucinda.nhcarrigan.com/privkey.pem;
root /home/naomi/lucinda/client/dist/client/browser;
index index.html;
location /api/ {
proxy_pass http://127.0.0.1:12346/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# This removes /api from the forwarded URL
rewrite ^/api/(.*)$ /$1 break;
}
location / {
try_files $uri $uri/ /index.html;
}
}
nginx/nginx/sites-available/lynira.conf
+24
View File
@@ -0,0 +1,24 @@
# Lynira.link domain (bare + www).
server {
listen 443 ssl;
server_name lynira.link;
ssl_certificate /etc/letsencrypt/live/lynira.link/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lynira.link/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5044;
}
}
server {
listen 443 ssl;
server_name www.lynira.link;
ssl_certificate /etc/letsencrypt/live/www.lynira.link/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.lynira.link/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5044;
}
}
nginx/nginx/sites-available/mommy.conf
+39
View File
@@ -0,0 +1,39 @@
# Mommy bot suite: mommy-bot Discord bot, mommy-slack Slack bot, mommy web front-end.
server {
listen 443 ssl;
server_name mommy-bot.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mommy-bot.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8009;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name mommy-slack.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mommy-slack.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8010;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name mommy.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8008;
proxy_redirect off;
}
}
nginx/nginx/sites-available/monitoring.conf
+80
View File
@@ -0,0 +1,80 @@
# Monitoring stack: analytics, incidents, logs, telemetry, uptime.
server {
listen 443 ssl;
server_name analytics.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/analytics.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/analytics.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:11080;
}
location = /live/websocket {
proxy_pass http://127.0.0.1:11080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name incidents.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/incidents.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/incidents.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
}
}
server {
listen 443 ssl;
server_name logs.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/logs.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/logs.nhcarrigan.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 1m;
proxy_send_timeout 1m;
proxy_read_timeout 1m;
}
}
server {
listen 443 ssl;
server_name telemetry.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/telemetry.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/telemetry.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5080;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name uptime.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/uptime.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/uptime.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
}
}
nginx/nginx/sites-available/nails.conf
+31
View File
@@ -0,0 +1,31 @@
# Nails app: Angular front-end SPA and API backend.
server {
listen 443 ssl;
server_name nails-api.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/nails-api.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nails-api.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:1235;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name nails.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/nails.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nails.nhcarrigan.com/privkey.pem;
root /home/naomi/nails/client/dist/client/browser;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location ~* \.(js|css)$ {
try_files $uri $uri/ @rewrite;
}
}
nginx/nginx/sites-available/notes.conf
+92
View File
@@ -0,0 +1,92 @@
# SilverBullet notes instance and Planka project board.
server {
listen 443 ssl;
server_name board.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/board.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/board.nhcarrigan.com/privkey.pem;
location ~ /ws/* {
proxy_pass http://127.0.0.1:43333;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 1d;
proxy_send_timeout 1d;
proxy_read_timeout 1d;
}
location / {
proxy_pass http://127.0.0.1:43333;
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
}
}
server {
listen 443 ssl;
server_name notes.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/notes.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/notes.nhcarrigan.com/privkey.pem;
location ~ ^/(collab|socket\.io)(/.*)?$ {
proxy_pass http://127.0.0.1:30000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 1d;
proxy_send_timeout 1d;
proxy_read_timeout 1d;
}
location / {
proxy_pass http://127.0.0.1:30000;
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
}
}
nginx/nginx/sites-available/portfolio.conf
+163
View File
@@ -0,0 +1,163 @@
# Personal portfolio and vanity domains (naomi.lgbt, naomi.party, nhcarrigan.com, nhcarrigan.link, resume)
# plus a wildcard catch-all that redirects *.naomi.lgbt → *.nhcarrigan.com.
server {
listen 443 ssl;
server_name naomi.lgbt;
ssl_certificate /etc/letsencrypt/live/naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/naomi.lgbt/privkey.pem;
root /home/naomi/portfolio/site;
location / {
index index.html;
}
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
location /games {
try_files /games.html =404;
}
location /koikatsu {
try_files /koikatsu.html =404;
}
}
server {
listen 443 ssl;
server_name naomi.party;
ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
root /home/naomi/bsky;
location / {
index index.html;
}
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
}
server {
listen 443 ssl;
server_name nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem;
root /home/naomi/portfolio/site;
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
location / {
index index.html;
}
location /games {
try_files /games.html =404;
}
location /koikatsu {
try_files /koikatsu.html =404;
}
}
server {
listen 443 ssl;
server_name nhcarrigan.link;
ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
root /home/naomi/link-redirector;
location / {
index index.html;
}
location /ads.txt {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
}
server {
listen 443 ssl;
server_name resume.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/resume.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/resume.nhcarrigan.com/privkey.pem;
root /home/naomi/resume/site;
location /resume.yaml {
default_type text/plain;
add_header Content-Type "text/plain; charset=utf-8";
}
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
}
server {
listen 443 ssl;
server_name www.naomi.lgbt;
ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem;
root /home/naomi/portfolio/site;
location / {
index index.html;
}
location /games {
try_files /games.html =404;
}
location /koikatsu {
try_files /koikatsu.html =404;
}
}
server {
listen 443 ssl;
server_name www.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/www.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nhcarrigan.com/privkey.pem;
root /home/naomi/portfolio/site;
location / {
index index.html;
}
location /games {
try_files /games.html =404;
}
location /koikatsu {
try_files /koikatsu.html =404;
}
}
# Wildcard catch-all — must remain last so specific subdomains take priority
server {
listen 443 ssl;
server_name ~^(?<subdomain>.+)\.naomi\.lgbt$;
ssl_certificate /etc/letsencrypt/live/*.naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/*.naomi.lgbt/privkey.pem;
location / {
return 301 https://$subdomain.nhcarrigan.com$request_uri;
}
}
nginx/nginx/sites-available/rosalia.conf
+32
View File
@@ -0,0 +1,32 @@
# Rosalia alerting service and legacy alerts redirect.
server {
listen 443 ssl;
server_name alerts.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem;
# Redirect ONLY root `/`
location = / {
return 307 https://rosalia.nhcarrigan.com;
}
# Proxy everything else
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5003;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name rosalia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/rosalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rosalia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:5003;
proxy_redirect off;
}
}
nginx/nginx/sites-available/scheduling.conf
+29
View File
@@ -0,0 +1,29 @@
# Scheduling shortcuts that redirect to zcal.co (cyc, meet) and tasks redirect.
server {
listen 443 ssl;
server_name cyc.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/cyc.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyc.nhcarrigan.com/privkey.pem;
return 301 https://zcal.co/nhcarrigan/cyc;
}
server {
listen 443 ssl;
server_name meet.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/meet.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meet.nhcarrigan.com/privkey.pem;
return 301 https://zcal.co/nhcarrigan/meet;
}
server {
listen 443 ssl;
server_name tasks.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem;
location / {
return 301 https://melody.nhcarrigan.com$uri$is_args$args;
}
}
nginx/nginx/sites-available/security.conf
+39
View File
@@ -0,0 +1,39 @@
# Security tooling: SonarQube code quality gate and DefectDojo vulnerability management.
server {
listen 443 ssl;
server_name quality.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/quality.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/quality.nhcarrigan.com/privkey.pem;
client_max_body_size 1g;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9500;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name security.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
location /report {
alias /home/naomi/defectdojo;
index report.html;
}
location / {
proxy_pass http://127.0.0.1:43434;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M;
proxy_read_timeout 90;
}
}
nginx/nginx/sites-available/support.conf
+47
View File
@@ -0,0 +1,47 @@
# Discourse community support forum and legacy chat/forum redirects.
server {
listen 443 ssl;
server_name chat.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/chat.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.nhcarrigan.com/privkey.pem;
location / {
return 301 https://discord.gg/KKe7BaEnQB;
}
}
server {
listen 443 ssl;
server_name forum.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/forum.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forum.nhcarrigan.com/privkey.pem;
location / {
return 301 https://support.nhcarrigan.com;
}
}
server {
listen 443 ssl http2;
server_name support.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/support.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/support.nhcarrigan.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 20M;
location / {
proxy_pass http://localhost:32121;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
nginx/nginx/sites-available/vitalia.conf
+31
View File
@@ -0,0 +1,31 @@
# Vitalia app: Angular front-end SPA and API backend.
server {
listen 443 ssl;
server_name vitalia-api.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:12345;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name vitalia.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/vitalia.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vitalia.nhcarrigan.com/privkey.pem;
root /home/naomi/vitalia/client/dist/client/browser;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location ~* \.(js|css)$ {
try_files $uri $uri/ @rewrite;
}
}
nginx/nginx/sites-available/wtf.conf
+17
View File
@@ -0,0 +1,17 @@
# wtf.naomi.lgbt personal project.
server {
listen 443 ssl;
server_name wtf.naomi.lgbt;
ssl_certificate /etc/letsencrypt/live/wtf.naomi.lgbt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wtf.naomi.lgbt/privkey.pem;
client_max_body_size 100M;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3456;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
nginx/nginx/sites-enabled/afp.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/afp.conf
nginx/nginx/sites-enabled/aria.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/aria.conf
nginx/nginx/sites-enabled/bots.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/bots.conf
nginx/nginx/sites-enabled/cdn.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/cdn.conf
nginx/nginx/sites-enabled/celestine.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/celestine.conf
nginx/nginx/sites-enabled/content.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/content.conf
nginx/nginx/sites-enabled/data.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/data.conf
nginx/nginx/sites-enabled/default
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/default
nginx/nginx/sites-enabled/docs.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/docs.conf
nginx/nginx/sites-enabled/eclaire.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/eclaire.conf
nginx/nginx/sites-enabled/elowyn.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/elowyn.conf
nginx/nginx/sites-enabled/elysium.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/elysium.conf
nginx/nginx/sites-enabled/forms.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/forms.conf
nginx/nginx/sites-enabled/games.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/games.conf
nginx/nginx/sites-enabled/git.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/git.conf
nginx/nginx/sites-enabled/hikari.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/hikari.conf
nginx/nginx/sites-enabled/library.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/library.conf
nginx/nginx/sites-enabled/lucinda.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/lucinda.conf
nginx/nginx/sites-enabled/lynira.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/lynira.conf
nginx/nginx/sites-enabled/mommy.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/mommy.conf
nginx/nginx/sites-enabled/monitoring.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/monitoring.conf
nginx/nginx/sites-enabled/nails.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/nails.conf
nginx/nginx/sites-enabled/notes.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/notes.conf
nginx/nginx/sites-enabled/portfolio.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/portfolio.conf
nginx/nginx/sites-enabled/rosalia.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/rosalia.conf
nginx/nginx/sites-enabled/scheduling.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/scheduling.conf
nginx/nginx/sites-enabled/security.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/security.conf
nginx/nginx/sites-enabled/support.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/support.conf
nginx/nginx/sites-enabled/vitalia.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/vitalia.conf
nginx/nginx/sites-enabled/wtf.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/wtf.conf
nginx/nginx/uwsgi_params
+17
View File
@@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
nginx/nginx/win-utf
+125
View File
@@ -0,0 +1,125 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A; # single low-9 quotation mark
84 E2809E; # double low-9 quotation mark
85 E280A6; # ellipsis
86 E280A0; # dagger
87 E280A1; # double dagger
88 E282AC; # euro
89 E280B0; # per mille
91 E28098; # left single quotation mark
92 E28099; # right single quotation mark
93 E2809C; # left double quotation mark
94 E2809D; # right double quotation mark
95 E280A2; # bullet
96 E28093; # en dash
97 E28094; # em dash
99 E284A2; # trade mark sign
A0 C2A0; # &nbsp;
A1 D18E; # capital Byelorussian short U
A2 D19E; # small Byelorussian short u
A4 C2A4; # currency sign
A5 D290; # capital Ukrainian soft G
A6 C2A6; # borken bar
A7 C2A7; # section sign
A8 D081; # capital YO
A9 C2A9; # (C)
AA D084; # capital Ukrainian YE
AB C2AB; # left-pointing double angle quotation mark
AC C2AC; # not sign
AD C2AD; # soft hypen
AE C2AE; # (R)
AF D087; # capital Ukrainian YI
B0 C2B0; # &deg;
B1 C2B1; # plus-minus sign
B2 D086; # capital Ukrainian I
B3 D196; # small Ukrainian i
B4 D291; # small Ukrainian soft g
B5 C2B5; # micro sign
B6 C2B6; # pilcrow sign
B7 C2B7; # &middot;
B8 D191; # small yo
B9 E28496; # numero sign
BA D194; # small Ukrainian ye
BB C2BB; # right-pointing double angle quotation mark
BF D197; # small Ukrainian yi
C0 D090; # capital A
C1 D091; # capital B
C2 D092; # capital V
C3 D093; # capital G
C4 D094; # capital D
C5 D095; # capital YE
C6 D096; # capital ZH
C7 D097; # capital Z
C8 D098; # capital I
C9 D099; # capital J
CA D09A; # capital K
CB D09B; # capital L
CC D09C; # capital M
CD D09D; # capital N
CE D09E; # capital O
CF D09F; # capital P
D0 D0A0; # capital R
D1 D0A1; # capital S
D2 D0A2; # capital T
D3 D0A3; # capital U
D4 D0A4; # capital F
D5 D0A5; # capital KH
D6 D0A6; # capital TS
D7 D0A7; # capital CH
D8 D0A8; # capital SH
D9 D0A9; # capital SHCH
DA D0AA; # capital hard sign
DB D0AB; # capital Y
DC D0AC; # capital soft sign
DD D0AD; # capital E
DE D0AE; # capital YU
DF D0AF; # capital YA
E0 D0B0; # small a
E1 D0B1; # small b
E2 D0B2; # small v
E3 D0B3; # small g
E4 D0B4; # small d
E5 D0B5; # small ye
E6 D0B6; # small zh
E7 D0B7; # small z
E8 D0B8; # small i
E9 D0B9; # small j
EA D0BA; # small k
EB D0BB; # small l
EC D0BC; # small m
ED D0BD; # small n
EE D0BE; # small o
EF D0BF; # small p
F0 D180; # small r
F1 D181; # small s
F2 D182; # small t
F3 D183; # small u
F4 D184; # small f
F5 D185; # small kh
F6 D186; # small ts
F7 D187; # small ch
F8 D188; # small sh
F9 D189; # small shch
FA D18A; # small hard sign
FB D18B; # small y
FC D18C; # small soft sign
FD D18D; # small e
FE D18E; # small yu
FF D18F; # small ya
}