Create backup of nginx default siteHEAD master

author: Filip Wandzio <contact@philw.dev> 2025-12-25 21:26:08 +0100
committer: Filip Wandzio <contact@philw.dev> 2025-12-25 21:26:08 +0100
commit: 445f31f37992c5fbcf367f7abaec1b0191ef5f28 (patch)
tree: 7e7752c32ab57b9cbcf1187c7c7cc69384968be4
download: server-master.tar.gz
server-master.zip
1 files changed, 115 insertions, 0 deletions
diff --git a/nginx/default b/nginx/default
new file mode 100644
index 0000000..f09c25d
--- /dev/null
+++ b/nginx/default
@@ -0,0 +1,115 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name philw.dev www.philw.dev;
+    root /var/www/philw/;
+    index index.html;
+    quic_retry on;
+    ssl_early_data on;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    add_header Alt-Svc 'h3=":443"';
+    add_header X-QUIC 'h3';
+    location / {
+        try_files $uri $uri/ =404;
+    }
+    location ~* ^(/_matrix/push) {
+        proxy_pass http://localhost:7183;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+    }
+    location ~* ^(/_matrix|/_synapse/client) {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        client_max_body_size 50M;
+    }
+    location /.well-known/matrix/client {
+        alias /var/www/philw/.well-known/matrix/client;
+        default_type application/json;
+    }
+    location /.well-known/matrix/server {
+        alias /var/www/philw/.well-known/matrix/server;
+        default_type application/json;
+    }
+}
+server {
+    if ($host = www.philw.dev) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+    if ($host = philw.dev) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+    listen 80;
+    listen [::]:80;
+    server_name philw.dev www.philw.dev;
+    return 301 https://$host$request_uri;
+}
+# LiveKit WebSocket (SFU)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name matrixrtc.philw.dev;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    location / {
+        proxy_pass http://localhost:7880;  # LiveKit kontener (port wewnętrzny)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+# JWT Service
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name jwt.philw.dev;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    location / {
+        proxy_pass http://localhost:8080;  # JWT serwis kontener
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
author	Filip Wandzio <contact@philw.dev>	2025-12-25 21:26:08 +0100
committer	Filip Wandzio <contact@philw.dev>	2025-12-25 21:26:08 +0100
commit	445f31f37992c5fbcf367f7abaec1b0191ef5f28 (patch)
tree	7e7752c32ab57b9cbcf1187c7c7cc69384968be4
download	server-master.tar.gz server-master.zip

diff --git a/nginx/default b/nginx/default new file mode 100644 index 0000000..f09c25d --- /dev/null +++ b/nginx/default
@@ -0,0 +1,115 @@
	1
	2	server {
	3	listen 443 ssl;
	4	listen [::]:443 ssl;
	5	server_name philw.dev www.philw.dev;
	6	root /var/www/philw/;
	7	index index.html;
	8	quic_retry on;
	9	ssl_early_data on;
	10	ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
	11	ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
	12	include /etc/letsencrypt/options-ssl-nginx.conf;
	13	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
	14	add_header Alt-Svc 'h3=":443"';
	15	add_header X-QUIC 'h3';
	16
	17	location / {
	18	try_files $uri $uri/ =404;
	19	}
	20
	21
	22	location ~* ^(/_matrix/push) {
	23	proxy_pass http://localhost:7183;
	24	proxy_set_header X-Forwarded-For $remote_addr;
	25	proxy_set_header X-Forwarded-Proto $scheme;
	26	proxy_set_header Host $host;
	27	}
	28
	29
	30	location ~* ^(/_matrix\|/_synapse/client) {
	31	proxy_pass http://localhost:8008;
	32	proxy_set_header X-Forwarded-For $remote_addr;
	33	proxy_set_header X-Forwarded-Proto $scheme;
	34	proxy_set_header Host $host;
	35	client_max_body_size 50M;
	36	}
	37
	38
	39	location /.well-known/matrix/client {
	40	alias /var/www/philw/.well-known/matrix/client;
	41	default_type application/json;
	42	}
	43
	44	location /.well-known/matrix/server {
	45	alias /var/www/philw/.well-known/matrix/server;
	46	default_type application/json;
	47	}
	48
	49
	50	}
	51
	52
	53	server {
	54	if ($host = www.philw.dev) {
	55	return 301 https://$host$request_uri;
	56	} # managed by Certbot
	57
	58
	59	if ($host = philw.dev) {
	60	return 301 https://$host$request_uri;
	61	} # managed by Certbot
	62
	63
	64	listen 80;
	65	listen [::]:80;
	66	server_name philw.dev www.philw.dev;
	67	return 301 https://$host$request_uri;
	68
	69
	70
	71
	72	}
	73
	74
	75	# LiveKit WebSocket (SFU)
	76	server {
	77	listen 443 ssl;
	78	listen [::]:443 ssl;
	79	server_name matrixrtc.philw.dev;
	80	ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
	81	ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
	82	include /etc/letsencrypt/options-ssl-nginx.conf;
	83	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
	84
	85	location / {
	86	proxy_pass http://localhost:7880; # LiveKit kontener (port wewnętrzny)
	87	proxy_http_version 1.1;
	88	proxy_set_header Upgrade $http_upgrade;
	89	proxy_set_header Connection "Upgrade";
	90	proxy_set_header Host $host;
	91	proxy_set_header X-Forwarded-For $remote_addr;
	92	proxy_set_header X-Forwarded-Proto $scheme;
	93	}
	94
	95	}
	96
	97	# JWT Service
	98	server {
	99	listen 443 ssl;
	100	listen [::]:443 ssl;
	101	server_name jwt.philw.dev;
	102	ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
	103	ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
	104	include /etc/letsencrypt/options-ssl-nginx.conf;
	105	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
	106
	107	location / {
	108	proxy_pass http://localhost:8080; # JWT serwis kontener
	109	proxy_set_header Host $host;
	110	proxy_set_header X-Real-IP $remote_addr;
	111	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	112	proxy_set_header X-Forwarded-Proto $scheme;
	113	}
	114
	115	}