From 6410cd9e01133af1766d4a81efda6c3c593f3026 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Mon, 24 Nov 2025 11:59:01 +0100
Subject: [PATCH] new vhost

---
 sites-available/zot.linuxiarz.pl.conf | 80 +++++++++++++++++++++++++++
 sites-enabled/zot.linuxiarz.pl.conf   |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 sites-available/zot.linuxiarz.pl.conf
 create mode 120000 sites-enabled/zot.linuxiarz.pl.conf

diff --git a/sites-available/zot.linuxiarz.pl.conf b/sites-available/zot.linuxiarz.pl.conf
new file mode 100644
index 0000000..80aef01
--- /dev/null
+++ b/sites-available/zot.linuxiarz.pl.conf
@@ -0,0 +1,80 @@
+upstream zot {
+    zone zot 1m;
+    server 127.0.0.1:8789;
+    keepalive 16;
+}
+
+limit_req_zone $binary_remote_addr zone=zot_limit:10m rate=50r/s;
+
+server {
+    listen 443 ssl http2;
+    listen 443 quic;
+    http2 on;
+    http3 on;
+
+    ssl_protocols TLSv1.3;
+    ssl_early_data on;
+    add_header Alt-Svc 'h3=":$server_port"; ma=10000';
+    server_name zot.linuxiarz.pl;
+
+    # Include your wildcard SSL cert/key config here
+    include config/wildcard.conf;
+
+    access_log /var/log/angie/zot.linuxiarz.pl.access.log;
+    error_log /var/log/angie/zot.linuxiarz.pl.error.log warn;
+
+    # Status zone (optional, douse to your monitoring)
+    status_zone zot.linuxiarz.pl;
+
+    limit_req zone=zot_limit burst=100 nodelay;
+
+    location ~* \.(css|js|jpg|jpeg|gif|png|ico|svg|woff|woff2|ttf|eot)$ {
+        proxy_pass http://zot;
+        include config/proxy.conf;
+
+        proxy_cache public-cache;
+        proxy_cache_valid 200 304 30d;
+        proxy_cache_valid 301 302 1h;
+        proxy_cache_valid any 1m;
+        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+        proxy_cache_background_update on;
+        proxy_cache_lock on;
+        proxy_cache_revalidate on;
+
+        add_header Cache-Control "public, max-age=2592000, immutable";
+        add_header X-Cache-Status $upstream_cache_status;
+        expires 30d;
+    }
+
+    location ~ ^/(api|.*\.git) {
+        limit_req zone=zot_limit burst=5 nodelay;
+
+        proxy_pass http://zot;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 600s;
+    }
+
+    location / {
+        proxy_pass http://zot;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+
+    }
+}
+
+server {
+    listen 80;
+    server_name zot.linuxiarz.pl;
+
+    location / {
+        return 301 https://zot.linuxiarz.pl$request_uri;
+    }
+}
diff --git a/sites-enabled/zot.linuxiarz.pl.conf b/sites-enabled/zot.linuxiarz.pl.conf
new file mode 120000
index 0000000..8dcd9dd
--- /dev/null
+++ b/sites-enabled/zot.linuxiarz.pl.conf
@@ -0,0 +1 @@
+../sites-available/zot.linuxiarz.pl.conf
\ No newline at end of file