diff --git a/configs/prod.conf b/configs/prod.conf index f0f1cab..df48ac3 100644 --- a/configs/prod.conf +++ b/configs/prod.conf @@ -17,6 +17,12 @@ server { ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem; + # Redirect ONLY root `/` + location = / { + return 307 https://rosalia.nhcarrigan.com; + } + + # Proxy everything else location / { proxy_set_header Host $host; proxy_pass http://127.0.0.1:5003; @@ -53,6 +59,18 @@ server { return 301 https://forum.nhcarrigan.com/c/announcements/14; } +server { + listen 443 ssl; + server_name aria.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/aria.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/aria.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5001; + } +} + server { listen 443 ssl; server_name assistant.nhcarrigan.com; @@ -60,9 +78,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem; location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5002; - proxy_redirect off; + return 301 https://cordelia.nhcarrigan.com$uri$is_args$args; } } @@ -187,6 +203,19 @@ server { } } +server { + listen 443 ssl; + server_name celestine.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/celestine.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/celestine.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9080; + proxy_redirect off; + } +} + server { listen 443 ssl; server_name contact.nhcarrigan.com; @@ -196,6 +225,19 @@ server { return 301 https://docs.nhcarrigan.com/about/contact/; } +server { + listen 443 ssl; + server_name cordelia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/cordelia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cordelia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5002; + proxy_redirect off; + } +} + server { listen 443 ssl; server_name docs.nhcarrigan.com; @@ -332,6 +374,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header cf-connecting-ip $http_cf_connecting_ip; + proxy_set_header origin $http_origin; # This removes /api from the forwarded URL rewrite ^/api/(.*)$ /$1 break; @@ -349,9 +393,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; location / { - proxy_set_header Host $host; - proxy_pass https://127.0.0.1:9443; - proxy_redirect off; + return 301 https://celestine.nhcarrigan.com$uri$is_args$args; } } @@ -380,6 +422,31 @@ server { } } +server { + listen 443 ssl; + server_name lucinda.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/lucinda.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lucinda.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/lucinda/client/dist/client/browser; + index index.html; + + location /api/ { + proxy_pass http://127.0.0.1:12346/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # This removes /api from the forwarded URL + rewrite ^/api/(.*)$ /$1 break; + } + + location / { + try_files $uri $uri/ /index.html; + } +} + server { listen 443 ssl; server_name manual.nhcarrigan.com; @@ -406,6 +473,18 @@ server { } } +server { + listen 443 ssl; + server_name melody.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/melody.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/melody.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5443; + } +} + server { listen 443 ssl; server_name mommy-bot.nhcarrigan.com; @@ -599,11 +678,8 @@ server { ssl_certificate /etc/letsencrypt/live/products.nhcarrigan.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/products.nhcarrigan.com/privkey.pem; - root /home/nhcarrigan/products; - location / { - index index.html; - try_files $uri $uri/ /index.html; + return 301 https://hikari.nhcarrigan.com/products; } } @@ -622,6 +698,19 @@ server { } } +server { + listen 443 ssl; + server_name rosalia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/rosalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rosalia.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5003; + proxy_redirect off; + } +} + server { listen 443 ssl; server_name resume.nhcarrigan.com; @@ -686,8 +775,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5443; + return 301 https://melody.nhcarrigan.com$uri$is_args$args; } } @@ -711,8 +799,7 @@ server { ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:5001; + return 301 https://aria.nhcarrigan.com; } } @@ -813,6 +900,44 @@ server { } } +server { + listen 443 ssl; + server_name www.yurigpt.com; + ssl_certificate /etc/letsencrypt/live/www.yurigpt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.yurigpt.com/privkey.pem; + + root /home/nhcarrigan/yurigpt/dist/yurigpt/browser; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} + +server { + listen 443 ssl; + server_name yurigpt.com; + ssl_certificate /etc/letsencrypt/live/yurigpt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/yurigpt.com/privkey.pem; + + root /home/nhcarrigan/yurigpt/dist/yurigpt/browser; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + + location /ads.txt { + add_header Content-Type text/plain; + return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0"; + } +} + # This MUST be at the bottom so that dedicated subdomains are parsed first! server {