From 188215f7741673b93177b7d1eb35c831675f2d34 Mon Sep 17 00:00:00 2001
From: "committer@t470p" <committer0@t470p.com>
Date: Wed, 22 Apr 2026 07:15:45 -0500
Subject: [PATCH] shlink.io | wa.fo will point to sc.op.fo

start using shlink.io instead of own fwd solution. moving back to sc.op.fo as shortcut domain, as pikapod needs a subdomain (no root). wa.fo will no redirect traffic to sc.op.fo.
---
 cfg/ngx/wa.fo.conf                 | 77 ++-----------------------
 {cfg => obs/cfg}/ngx/sc.op.fo.conf |  0
 obs/cfg/ngx/wa.fo.conf.postgrest   | 91 ++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+), 72 deletions(-)
 rename {cfg => obs/cfg}/ngx/sc.op.fo.conf (100%)
 create mode 100644 obs/cfg/ngx/wa.fo.conf.postgrest

diff --git a/cfg/ngx/wa.fo.conf b/cfg/ngx/wa.fo.conf
index 8db9787..b361b61 100644
--- a/cfg/ngx/wa.fo.conf
+++ b/cfg/ngx/wa.fo.conf
@@ -1,15 +1,15 @@
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# configuration of wa.fo / frode klevstul / oct 2025
+# configuration of wa.fo / frode klevstul / apr 2026
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
-# http ➔ https
+# sc.op.fo ➔ wa.fo (http)
 server {
     listen 80;
     server_name wa.fo;
-    return 301 https://$host$request_uri;
+    return 301 https://sc.op.fo$request_uri;
 }
 
-# * ➔ bare domain (https)
+# wa.fo ➔ sc.op.fo (https)
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
@@ -19,73 +19,6 @@ server {
     ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
     ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
 
-    server_name *.wa.fo;
-    return 301 $scheme://wa.fo$request_uri;
-}
-
-# upstream configuration for postgrest (used as reversed proxy)
-upstream postgrest {
-    server localhost:3001;
-}
-
-# https
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    http2 on;
-
-    ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
-    ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
-    ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
-
-    add_header Strict-Transport-Security "max-age=63072000" always;
-
-    root /var/www/wa.fo;
-    index index.html;
     server_name wa.fo;
-
-    location @myownredirect {
-        return 302 /;
-    }
-
-    # redirect 404 not found to the root
-    location / {
-        error_page 404 = @myownredirect;
-    }
-
-    # maintenance mode, as index.html on the root is used when the postgrest proxy is being maintained
-    #location ~ ^/(index.html|[A-Za-z0-9]+) {
-    #}
-
-    # enable access to certain files in the www root folder
-    location ~ ^/(robots.txt|favicon.ico|Inconsolata.ttf) {
-        # do nothing, which means avoid the postgrest proxy
-    }
-
-    # /dbg/shortcode | debug mode
-    location ~ ^/dbg/(\w+) {
-        default_type  application/json;
-        proxy_hide_header Content-Location;
-        add_header Content-Location  /rpc/$upstream_http_content_location;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_http_version 1.1;
-        proxy_pass http://postgrest/rpc/idx?p_shortcode=$1&p_dbg=true;
-    }
-
-    # /shortcode | normal mode
-    location ~ ^/([A-Za-z0-9]+) {
-        # https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
-        rewrite ^/([A-Za-z0-9]+) /rpc/idx break;
-        default_type  application/json;
-        proxy_hide_header Content-Location;
-        add_header Content-Location  /rpc/$upstream_http_content_location;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # used to get client ip
-        proxy_http_version 1.1;
-        # note, that if writing 'post' (lowercase) instead of 'POST' (uppercase), that will lead to the postgrest error "cannot use the post method on rpc"
-        proxy_method POST;
-        # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_body
-        proxy_set_body '{"p_shortcode": "$1", "p_dbg": "false"}';
-        proxy_pass http://postgrest;
-    }
-
+    return 301 https://sc.op.fo$request_uri;
 }
diff --git a/cfg/ngx/sc.op.fo.conf b/obs/cfg/ngx/sc.op.fo.conf
similarity index 100%
rename from cfg/ngx/sc.op.fo.conf
rename to obs/cfg/ngx/sc.op.fo.conf
diff --git a/obs/cfg/ngx/wa.fo.conf.postgrest b/obs/cfg/ngx/wa.fo.conf.postgrest
new file mode 100644
index 0000000..8db9787
--- /dev/null
+++ b/obs/cfg/ngx/wa.fo.conf.postgrest
@@ -0,0 +1,91 @@
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# configuration of wa.fo / frode klevstul / oct 2025
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# http ➔ https
+server {
+    listen 80;
+    server_name wa.fo;
+    return 301 https://$host$request_uri;
+}
+
+# * ➔ bare domain (https)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
+    ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
+    ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
+
+    server_name *.wa.fo;
+    return 301 $scheme://wa.fo$request_uri;
+}
+
+# upstream configuration for postgrest (used as reversed proxy)
+upstream postgrest {
+    server localhost:3001;
+}
+
+# https
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
+    ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
+    ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
+
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    root /var/www/wa.fo;
+    index index.html;
+    server_name wa.fo;
+
+    location @myownredirect {
+        return 302 /;
+    }
+
+    # redirect 404 not found to the root
+    location / {
+        error_page 404 = @myownredirect;
+    }
+
+    # maintenance mode, as index.html on the root is used when the postgrest proxy is being maintained
+    #location ~ ^/(index.html|[A-Za-z0-9]+) {
+    #}
+
+    # enable access to certain files in the www root folder
+    location ~ ^/(robots.txt|favicon.ico|Inconsolata.ttf) {
+        # do nothing, which means avoid the postgrest proxy
+    }
+
+    # /dbg/shortcode | debug mode
+    location ~ ^/dbg/(\w+) {
+        default_type  application/json;
+        proxy_hide_header Content-Location;
+        add_header Content-Location  /rpc/$upstream_http_content_location;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_pass http://postgrest/rpc/idx?p_shortcode=$1&p_dbg=true;
+    }
+
+    # /shortcode | normal mode
+    location ~ ^/([A-Za-z0-9]+) {
+        # https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
+        rewrite ^/([A-Za-z0-9]+) /rpc/idx break;
+        default_type  application/json;
+        proxy_hide_header Content-Location;
+        add_header Content-Location  /rpc/$upstream_http_content_location;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # used to get client ip
+        proxy_http_version 1.1;
+        # note, that if writing 'post' (lowercase) instead of 'POST' (uppercase), that will lead to the postgrest error "cannot use the post method on rpc"
+        proxy_method POST;
+        # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_body
+        proxy_set_body '{"p_shortcode": "$1", "p_dbg": "false"}';
+        proxy_pass http://postgrest;
+    }
+
+}