first commit

2025-11-16 22:26:59 +01:00
commit af14d373fa
118 changed files with 10255 additions and 0 deletions
--- a/sites-available/linuxiarz.pl_new.conf
+++ b/sites-available/linuxiarz.pl_new.conf
@@ -0,0 +1,156 @@
+# Cache (jak w oryginale)
+proxy_cache_path /var/cache/angie/redirector
+    levels=1:2
+    keys_zone=redirect_cache:10m
+    max_size=100m
+    inactive=24h
+    use_temp_path=off;
+
+##############################
+# 1) Blok tylko do redirectów
+##############################
+
+# HTTP -> HTTPS + normalizacja do www
+server {
+    listen 80;
+    server_name linuxiarz.pl www.linuxiarz.pl;
+
+    # Ścieżkowe redirecty z HTTP prosto do docelowych hostów
+    rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
+    rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
+
+    # Reszta na HTTPS z www
+    return 301 https://www.linuxiarz.pl$request_uri;
+}
+
+# HTTPS non‑www -> www (tylko redirect)
+server {
+    listen 443 ssl;
+    server_name linuxiarz.pl;
+
+    include                 config/wildcard.conf;
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+
+    # Bez Alt-Svc tutaj: ten blok tylko przekierowuje
+    return 301 https://www.linuxiarz.pl$request_uri;
+}
+
+#########################################
+# 2) Główny vhost treści: www + HTTP/3
+#########################################
+server {
+    # TCP (HTTP/1.1 + HTTP/2)
+    listen 443 ssl;
+    http2 on;
+
+    # UDP (QUIC + HTTP/3)
+    listen 443 quic;
+    http3 on;
+
+    ssl_protocols       TLSv1.3 TLSv1.2;
+    ssl_early_data on;
+
+    # Alt-Svc tylko tu, gdzie serwowana jest treść
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+
+    server_name www.linuxiarz.pl;
+
+    include                 config/wildcard.conf;
+
+    # logging
+    access_log /var/log/angie/linuxiarz.pl.access.log main;
+    error_log  /var/log/angie/linuxiarz.pl.error.log warn;
+
+    status_zone www.linuxiarz.pl;
+    # Dozwolone metody
+    if ($request_method !~ ^(GET|HEAD|POST)$) {
+        return 405;
+    }
+
+    # Ścieżkowe redirecty również z HTTPS na www
+    rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
+    rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
+
+    # Główne proxy do Varnish na 6081
+    location / {
+        proxy_pass http://127.0.0.1:6081/;
+        include config/proxy.conf;
+    }
+
+    # Przykład ads.txt (opcjonalnie):
+    # location = /ads.txt { root /var/www/ads; }
+}
+
+##################################
+# 3) Backend HTTP na porcie 8080
+##################################
+server {
+    listen 8080;
+    server_name www.linuxiarz.pl linuxiarz.pl;
+
+    # Domyślna ścieżka: pliki -> fallback do aplikacji na :8000
+    error_page 404 = @redirect_check;
+
+    location / {
+        try_files $uri $uri/ @to8000;
+    }
+
+    location @to8000 {
+        proxy_intercept_errors on;   # pozwala przechwycić 404/5xx i skierować do @redirect_check
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_pass http://127.0.0.1:8000;
+
+        proxy_request_buffering off;
+        client_body_timeout 120s;
+        proxy_read_timeout 120s;
+        proxy_connect_timeout 120s;
+        proxy_send_timeout 120s;
+        proxy_http_version 1.1;
+
+        error_page 404 = @redirect_check;
+    }
+
+    location @redirect_check {
+        add_header Cache-Control "no-cache, max-age=0, no-store";
+        set_real_ip_from  127.0.0.1;
+        real_ip_header    X-Forwarded-For;
+
+        proxy_pass http://127.0.0.1:8282;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Endpointy bez cache
+    location ~ ^/(stats|user-info|health)$ {
+        add_header Cache-Control "no-cache, max-age=0, no-store";
+        proxy_cache off;
+        proxy_pass http://127.0.0.1:8282;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Pliki RBL z lokalnego root
+    location ~ ^/(id-rbl\.txt|domain-rbl\.txt)$ {
+        add_header Cache-Control "no-cache, no-store";
+        root /var/www/www.linuxiarz.pl;
+        try_files $uri =404;
+    }
+
+    # Stały redirect do osobnej subdomeny
+    location /listapp/ {
+        return 301 https://listapp.linuxiarz.pl$request_uri;
+    }
+
+    # PHP przez FastCGI
+    location ~ \.php$ {
+        include config/php_fastcgi.conf;
+    }
+}