chore: fix link

feat: image site
feat: new learn site
2026-05-11 17:05:35 -07:00 · 2026-05-11 16:55:46 -07:00 · 2026-05-07 19:16:39 -07:00 · 2026-04-20 21:45:14 -07:00 · 2026-04-20 18:32:45 -07:00 · 2026-04-20 10:07:57 -07:00
8 changed files with 109 additions and 15 deletions
@@ -1,5 +1,5 @@
 # Auto-generated Cloudflare IP ranges
-# Updated: Thu Apr 16 10:50:50 PM PDT 2026
+# Updated: Wed May  6 10:53:55 PM PDT 2026
 real_ip_header CF-Connecting-IP;
@@ -18,7 +18,18 @@ server {
        return 301 $scheme://$host/avatars/$1;
    }
    # Handle CORS preflight requests without the "if is evil" pattern.
    location / {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin "*" always;
            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
            add_header Access-Control-Max-Age 86400 always;
            add_header Content-Type "text/plain; charset=utf-8";
            add_header Content-Length 0;
            return 204;
        }
        proxy_pass https://nhcarrigan.hel1.your-objectstorage.com;
        proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com;
@@ -32,22 +43,12 @@ server {
        proxy_set_header x-amz-date "";
        proxy_set_header x-amz-security-token "";
        add_header X-Debug-Cdn "Proxy-Active" always;
        proxy_hide_header Access-Control-Allow-Origin;
        add_header X-Debug-Cdn "Proxy-Active" always;
        add_header Access-Control-Allow-Origin "*" always;
-        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
+        add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
        if ($request_method = 'OPTIONS') {
            add_header Access-Control-Allow-Origin "*" always;
            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
            add_header Content-Type "text/plain; charset=utf-8";
            add_header Content-Length 0;
            return 204;
        }
    }
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
@@ -1,5 +1,4 @@
-# Static content and publishing sites: blog, books, donate, music, secrets, style, testimonials.
+# Static content and publishing sites: blog, books, donate, music, personality, secrets, style, testimonials.
 server {
  listen 443 ssl;
  server_name blog.nhcarrigan.com;
@@ -46,6 +45,34 @@ server {
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
 server {
  listen 443 ssl;
  server_name grimoire.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/grimoire.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/grimoire.nhcarrigan.com/privkey.pem;
  root /home/naomi/grimoire;
  location / {
    index index.html;
  }
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
 server {
  listen 443 ssl;
  server_name memes.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/memes.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/memes.nhcarrigan.com/privkey.pem;
  root /home/naomi/memes;
  location / {
    index index.html;
  }
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
 server {
  listen 443 ssl;
  server_name music.nhcarrigan.com;
@@ -64,6 +91,20 @@ server {
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
 server {
  listen 443 ssl;
  server_name personality.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/personality.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/personality.nhcarrigan.com/privkey.pem;
  root /home/naomi/personality/dist;
  location / {
    index index.html;
  }
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
 server {
  listen 443 ssl;
  server_name secrets.nhcarrigan.com;
@@ -0,0 +1,36 @@
 server {
    listen 443 ssl;
    server_name img.nhcarrigan.com;
    ssl_certificate /etc/letsencrypt/live/img.nhcarrigan.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/img.nhcarrigan.com/privkey.pem;
    # allow large file uploads
    client_max_body_size 50000M;
    # disable buffering uploads to prevent OOM on reverse proxy server and make uploads twice as fast (no pause)
    proxy_request_buffering off;
    # increase body buffer to avoid limiting upload speed
    client_body_buffer_size 1024k;
    # Set headers
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # enable websockets: http://nginx.org/en/docs/http/websocket.html
    proxy_http_version 1.1;
    proxy_redirect     off;
    # set timeout
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout       600s;
    location / {
        proxy_pass http://127.0.0.1:2283;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }
 }
@@ -0,0 +1,13 @@
 server {
  listen 443 ssl;
  server_name learn.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/learn.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/learn.nhcarrigan.com/privkey.pem;
  root /home/naomi/learn/dist;
  location / {
    index index.html;
  }
  include /etc/nginx/snippets/deny-dotfiles.conf;
 }
@@ -0,0 +1 @@
 ../sites-available/img.conf
@@ -0,0 +1 @@
 ../sites-available/learn.conf
@@ -0,0 +1 @@
 sites-available/img.conf
Author	SHA1	Message	Date
naomi	b3ac647b00	chore: fix link Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 2s Details Test nginx configuration / Static Analysis (push) Failing after 5s Details Test nginx configuration / nginx Syntax Check (push) Failing after 16s Details	2026-05-11 17:05:35 -07:00
naomi	63a008f4f2	feat: image site Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 2s Details Test nginx configuration / Static Analysis (push) Failing after 4s Details Test nginx configuration / nginx Syntax Check (push) Failing after 15s Details	2026-05-11 16:55:46 -07:00
naomi	c07d24f69f	feat: new learn site Test nginx configuration / Static Analysis (push) Failing after 5s Details Test nginx configuration / nginx Syntax Check (push) Failing after 17s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m41s Details	2026-05-07 19:16:39 -07:00
hikari	5517e9d77d	feat: add personality.nhcarrigan.com Test nginx configuration / Static Analysis (push) Failing after 6s Details Test nginx configuration / nginx Syntax Check (push) Failing after 19s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m46s Details	2026-04-20 21:45:14 -07:00
hikari	fb6080ae87	fix: resolve CORS header suppression on cdn.nhcarrigan.com Test nginx configuration / Static Analysis (push) Failing after 5s Details Test nginx configuration / nginx Syntax Check (push) Failing after 16s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m38s Details Restructures the location block to avoid the nginx "if is evil" pattern where add_header directives inside an if block suppress those in the parent location context. Also adds Access-Control-Max-Age and removes POST from allowed methods since the CDN serves static assets only.	2026-04-20 18:32:45 -07:00
naomi	f6c4e2dac7	feat: grimoire and memes	2026-04-20 10:07:57 -07:00