nhcarrigan/nginx-configs
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 1 Pull Requests Actions Releases Activity

Compare commits

base: nhcarrigan/nginx-configs:49fd7812dd7e70478b16892bb089ef3f8e0bce50
Branches Tags
nhcarrigan/nginx-configs:main
...
compare: nhcarrigan/nginx-configs:main
Branches Tags
nhcarrigan/nginx-configs:main

6 Commits
49fd7812dd ... main

Author SHA1 Message Date
naomi b3ac647b00 chore: fix link
Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 2s
Details
Test nginx configuration / Static Analysis (push) Failing after 5s
Details
Test nginx configuration / nginx Syntax Check (push) Failing after 16s
Details
2026-05-11 17:05:35 -07:00
naomi 63a008f4f2 feat: image site
Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 2s
Details
Test nginx configuration / Static Analysis (push) Failing after 4s
Details
Test nginx configuration / nginx Syntax Check (push) Failing after 15s
Details
2026-05-11 16:55:46 -07:00
naomi c07d24f69f feat: new learn site
Test nginx configuration / Static Analysis (push) Failing after 5s
Details
Test nginx configuration / nginx Syntax Check (push) Failing after 17s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m41s
Details
2026-05-07 19:16:39 -07:00
hikari 5517e9d77d feat: add personality.nhcarrigan.com
Test nginx configuration / Static Analysis (push) Failing after 6s
Details
Test nginx configuration / nginx Syntax Check (push) Failing after 19s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m46s
Details
2026-04-20 21:45:14 -07:00
hikari fb6080ae87 fix: resolve CORS header suppression on cdn.nhcarrigan.com
Test nginx configuration / Static Analysis (push) Failing after 5s
Details
Test nginx configuration / nginx Syntax Check (push) Failing after 16s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m38s
Details 
Restructures the location block to avoid the nginx "if is evil" pattern
where add_header directives inside an if block suppress those in the
parent location context. Also adds Access-Control-Max-Age and removes
POST from allowed methods since the CDN serves static assets only.
 2026-04-20 18:32:45 -07:00
naomi f6c4e2dac7 feat: grimoire and memes 2026-04-20 10:07:57 -07:00
8 changed files with 109 additions and 15 deletions
Expand all files Collapse all files
nginx/nginx/cloudflare_ips.conf
+1 -1
View File
@@ -1,5 +1,5 @@
# Auto-generated Cloudflare IP ranges
# Updated: Thu Apr 16 10:50:50 PM PDT 2026
# Updated: Wed May 6 10:53:55 PM PDT 2026
real_ip_header CF-Connecting-IP;
nginx/nginx/sites-available/cdn.conf
+13 -12
View File
@@ -18,7 +18,18 @@ server {
return 301 $scheme://$host/avatars/$1;
}
# Handle CORS preflight requests without the "if is evil" pattern.
location / {
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
add_header Access-Control-Max-Age 86400 always;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
proxy_pass https://nhcarrigan.hel1.your-objectstorage.com;
proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com;
@@ -32,22 +43,12 @@ server {
proxy_set_header x-amz-date "";
proxy_set_header x-amz-security-token "";
add_header X-Debug-Cdn "Proxy-Active" always;
proxy_hide_header Access-Control-Allow-Origin;
add_header X-Debug-Cdn "Proxy-Active" always;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
add_header Content-Type "text/plain; charset=utf-8";
add_header Content-Length 0;
return 204;
}
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
nginx/nginx/sites-available/content.conf
+43 -2
View File
@@ -1,5 +1,4 @@
# Static content and publishing sites: blog, books, donate, music, secrets, style, testimonials.
# Static content and publishing sites: blog, books, donate, music, personality, secrets, style, testimonials.
server {
listen 443 ssl;
server_name blog.nhcarrigan.com;
@@ -46,6 +45,34 @@ server {
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name grimoire.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/grimoire.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/grimoire.nhcarrigan.com/privkey.pem;
root /home/naomi/grimoire;
location / {
index index.html;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name memes.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/memes.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/memes.nhcarrigan.com/privkey.pem;
root /home/naomi/memes;
location / {
index index.html;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name music.nhcarrigan.com;
@@ -64,6 +91,20 @@ server {
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name personality.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/personality.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/personality.nhcarrigan.com/privkey.pem;
root /home/naomi/personality/dist;
location / {
index index.html;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
listen 443 ssl;
server_name secrets.nhcarrigan.com;
nginx/nginx/sites-available/img.conf
+36
View File
@@ -0,0 +1,36 @@
server {
listen 443 ssl;
server_name img.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/img.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/img.nhcarrigan.com/privkey.pem;
# allow large file uploads
client_max_body_size 50000M;
# disable buffering uploads to prevent OOM on reverse proxy server and make uploads twice as fast (no pause)
proxy_request_buffering off;
# increase body buffer to avoid limiting upload speed
client_body_buffer_size 1024k;
# Set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# enable websockets: http://nginx.org/en/docs/http/websocket.html
proxy_http_version 1.1;
proxy_redirect off;
# set timeout
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
location / {
proxy_pass http://127.0.0.1:2283;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
nginx/nginx/sites-available/learn.conf
+13
View File
@@ -0,0 +1,13 @@
server {
listen 443 ssl;
server_name learn.nhcarrigan.com;
ssl_certificate /etc/letsencrypt/live/learn.nhcarrigan.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/learn.nhcarrigan.com/privkey.pem;
root /home/naomi/learn/dist;
location / {
index index.html;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
nginx/nginx/sites-enabled/img.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/img.conf
nginx/nginx/sites-enabled/learn.conf
Symlink
+1
View File
@@ -0,0 +1 @@
../sites-available/learn.conf
sites-enabled
Symlink
+1
View File
@@ -0,0 +1 @@
sites-available/img.conf