From 445f31f37992c5fbcf367f7abaec1b0191ef5f28 Mon Sep 17 00:00:00 2001
From: Filip Wandzio <contact@philw.dev>
Date: Thu, 25 Dec 2025 21:26:08 +0100
Subject: Create backup of nginx default site

---
 nginx/default | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 nginx/default

(limited to 'nginx')

diff --git a/nginx/default b/nginx/default
new file mode 100644
index 0000000..f09c25d
--- /dev/null
+++ b/nginx/default
@@ -0,0 +1,115 @@
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name philw.dev www.philw.dev;
+    root /var/www/philw/;
+    index index.html;
+    quic_retry on;
+    ssl_early_data on;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    add_header Alt-Svc 'h3=":443"';
+    add_header X-QUIC 'h3';
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+
+    location ~* ^(/_matrix/push) {
+        proxy_pass http://localhost:7183;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+    }
+
+
+    location ~* ^(/_matrix|/_synapse/client) {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        client_max_body_size 50M;
+    }
+
+
+    location /.well-known/matrix/client {
+        alias /var/www/philw/.well-known/matrix/client;
+        default_type application/json;
+    }
+
+    location /.well-known/matrix/server {
+        alias /var/www/philw/.well-known/matrix/server;
+        default_type application/json;
+    }
+
+
+}
+
+
+server {
+    if ($host = www.philw.dev) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = philw.dev) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    listen [::]:80;
+    server_name philw.dev www.philw.dev;
+    return 301 https://$host$request_uri;
+
+
+
+
+}
+
+
+# LiveKit WebSocket (SFU)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name matrixrtc.philw.dev;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        proxy_pass http://localhost:7880;  # LiveKit kontener (port wewnętrzny)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+}
+
+# JWT Service
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name jwt.philw.dev;
+    ssl_certificate /etc/letsencrypt/live/philw.dev-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/philw.dev-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        proxy_pass http://localhost:8080;  # JWT serwis kontener
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+}
-- 
cgit v1.2.3