shlink.io | wa.fo will point to sc.op.fo
start using shlink.io instead of own fwd solution. moving back to sc.op.fo as shortcut domain, as pikapod needs a subdomain (no root). wa.fo will no redirect traffic to sc.op.fo.
This commit is contained in:
committer@t470p
+5
-72
@@ -1,15 +1,15 @@
|
|||||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
# configuration of wa.fo / frode klevstul / oct 2025
|
# configuration of wa.fo / frode klevstul / apr 2026
|
||||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
|
||||||
# http ➔ https
|
# sc.op.fo ➔ wa.fo (http)
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name wa.fo;
|
server_name wa.fo;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://sc.op.fo$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# * ➔ bare domain (https)
|
# wa.fo ➔ sc.op.fo (https)
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
@@ -19,73 +19,6 @@ server {
|
|||||||
ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
|
ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
|
||||||
ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
|
ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
|
||||||
|
|
||||||
server_name *.wa.fo;
|
|
||||||
return 301 $scheme://wa.fo$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# upstream configuration for postgrest (used as reversed proxy)
|
|
||||||
upstream postgrest {
|
|
||||||
server localhost:3001;
|
|
||||||
}
|
|
||||||
|
|
||||||
# https
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
http2 on;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
|
|
||||||
ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
||||||
|
|
||||||
root /var/www/wa.fo;
|
|
||||||
index index.html;
|
|
||||||
server_name wa.fo;
|
server_name wa.fo;
|
||||||
|
return 301 https://sc.op.fo$request_uri;
|
||||||
location @myownredirect {
|
|
||||||
return 302 /;
|
|
||||||
}
|
|
||||||
|
|
||||||
# redirect 404 not found to the root
|
|
||||||
location / {
|
|
||||||
error_page 404 = @myownredirect;
|
|
||||||
}
|
|
||||||
|
|
||||||
# maintenance mode, as index.html on the root is used when the postgrest proxy is being maintained
|
|
||||||
#location ~ ^/(index.html|[A-Za-z0-9]+) {
|
|
||||||
#}
|
|
||||||
|
|
||||||
# enable access to certain files in the www root folder
|
|
||||||
location ~ ^/(robots.txt|favicon.ico|Inconsolata.ttf) {
|
|
||||||
# do nothing, which means avoid the postgrest proxy
|
|
||||||
}
|
|
||||||
|
|
||||||
# /dbg/shortcode | debug mode
|
|
||||||
location ~ ^/dbg/(\w+) {
|
|
||||||
default_type application/json;
|
|
||||||
proxy_hide_header Content-Location;
|
|
||||||
add_header Content-Location /rpc/$upstream_http_content_location;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_pass http://postgrest/rpc/idx?p_shortcode=$1&p_dbg=true;
|
|
||||||
}
|
|
||||||
|
|
||||||
# /shortcode | normal mode
|
|
||||||
location ~ ^/([A-Za-z0-9]+) {
|
|
||||||
# https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
|
|
||||||
rewrite ^/([A-Za-z0-9]+) /rpc/idx break;
|
|
||||||
default_type application/json;
|
|
||||||
proxy_hide_header Content-Location;
|
|
||||||
add_header Content-Location /rpc/$upstream_http_content_location;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # used to get client ip
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
# note, that if writing 'post' (lowercase) instead of 'POST' (uppercase), that will lead to the postgrest error "cannot use the post method on rpc"
|
|
||||||
proxy_method POST;
|
|
||||||
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_body
|
|
||||||
proxy_set_body '{"p_shortcode": "$1", "p_dbg": "false"}';
|
|
||||||
proxy_pass http://postgrest;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,91 @@
|
|||||||
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
# configuration of wa.fo / frode klevstul / oct 2025
|
||||||
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
|
||||||
|
# http ➔ https
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name wa.fo;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# * ➔ bare domain (https)
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
|
||||||
|
ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
|
||||||
|
|
||||||
|
server_name *.wa.fo;
|
||||||
|
return 301 $scheme://wa.fo$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# upstream configuration for postgrest (used as reversed proxy)
|
||||||
|
upstream postgrest {
|
||||||
|
server localhost:3001;
|
||||||
|
}
|
||||||
|
|
||||||
|
# https
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/acme.sh/wa.fo/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/acme.sh/wa.fo/key.pem;
|
||||||
|
ssl_trusted_certificate /etc/nginx/acme.sh/wa.fo/cert.pem;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
|
||||||
|
root /var/www/wa.fo;
|
||||||
|
index index.html;
|
||||||
|
server_name wa.fo;
|
||||||
|
|
||||||
|
location @myownredirect {
|
||||||
|
return 302 /;
|
||||||
|
}
|
||||||
|
|
||||||
|
# redirect 404 not found to the root
|
||||||
|
location / {
|
||||||
|
error_page 404 = @myownredirect;
|
||||||
|
}
|
||||||
|
|
||||||
|
# maintenance mode, as index.html on the root is used when the postgrest proxy is being maintained
|
||||||
|
#location ~ ^/(index.html|[A-Za-z0-9]+) {
|
||||||
|
#}
|
||||||
|
|
||||||
|
# enable access to certain files in the www root folder
|
||||||
|
location ~ ^/(robots.txt|favicon.ico|Inconsolata.ttf) {
|
||||||
|
# do nothing, which means avoid the postgrest proxy
|
||||||
|
}
|
||||||
|
|
||||||
|
# /dbg/shortcode | debug mode
|
||||||
|
location ~ ^/dbg/(\w+) {
|
||||||
|
default_type application/json;
|
||||||
|
proxy_hide_header Content-Location;
|
||||||
|
add_header Content-Location /rpc/$upstream_http_content_location;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass http://postgrest/rpc/idx?p_shortcode=$1&p_dbg=true;
|
||||||
|
}
|
||||||
|
|
||||||
|
# /shortcode | normal mode
|
||||||
|
location ~ ^/([A-Za-z0-9]+) {
|
||||||
|
# https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
|
||||||
|
rewrite ^/([A-Za-z0-9]+) /rpc/idx break;
|
||||||
|
default_type application/json;
|
||||||
|
proxy_hide_header Content-Location;
|
||||||
|
add_header Content-Location /rpc/$upstream_http_content_location;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # used to get client ip
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
# note, that if writing 'post' (lowercase) instead of 'POST' (uppercase), that will lead to the postgrest error "cannot use the post method on rpc"
|
||||||
|
proxy_method POST;
|
||||||
|
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_body
|
||||||
|
proxy_set_body '{"p_shortcode": "$1", "p_dbg": "false"}';
|
||||||
|
proxy_pass http://postgrest;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user