# Cache (jak w oryginale) proxy_cache_path /var/cache/angie/redirector levels=1:2 keys_zone=redirect_cache:10m max_size=100m inactive=24h use_temp_path=off; ############################## # 1) Blok tylko do redirectów ############################## # HTTP -> HTTPS + normalizacja do www server { listen 80; server_name linuxiarz.pl www.linuxiarz.pl; # Ścieżkowe redirecty z HTTP prosto do docelowych hostów rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent; rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent; # Reszta na HTTPS z www return 301 https://www.linuxiarz.pl$request_uri; } # HTTPS non‑www -> www (tylko redirect) server { listen 443 ssl; server_name linuxiarz.pl; include config/wildcard.conf; ssl_protocols TLSv1.3 TLSv1.2; # Bez Alt-Svc tutaj: ten blok tylko przekierowuje return 301 https://www.linuxiarz.pl$request_uri; } ######################################### # 2) Główny vhost treści: www + HTTP/3 ######################################### server { # TCP (HTTP/1.1 + HTTP/2) listen 443 ssl; http2 on; # UDP (QUIC + HTTP/3) listen 443 quic; http3 on; ssl_protocols TLSv1.3 TLSv1.2; ssl_early_data on; # Alt-Svc tylko tu, gdzie serwowana jest treść add_header Alt-Svc 'h3=":443"; ma=86400'; server_name www.linuxiarz.pl; include config/wildcard.conf; # logging access_log /var/log/angie/linuxiarz.pl.access.log main; error_log /var/log/angie/linuxiarz.pl.error.log warn; status_zone www.linuxiarz.pl; # Dozwolone metody if ($request_method !~ ^(GET|HEAD|POST)$) { return 405; } # Ścieżkowe redirecty również z HTTPS na www rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent; rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent; # Główne proxy do Varnish na 6081 location / { proxy_pass http://127.0.0.1:6081/; include config/proxy.conf; } # Przykład ads.txt (opcjonalnie): # location = /ads.txt { root /var/www/ads; } } ################################## # 3) Backend HTTP na porcie 8080 ################################## server { listen 8080; server_name www.linuxiarz.pl linuxiarz.pl; # Domyślna ścieżka: pliki -> fallback do aplikacji na :8000 error_page 404 = @redirect_check; location / { try_files $uri $uri/ @to8000; } location @to8000 { proxy_intercept_errors on; # pozwala przechwycić 404/5xx i skierować do @redirect_check proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_pass http://127.0.0.1:8000; proxy_request_buffering off; client_body_timeout 120s; proxy_read_timeout 120s; proxy_connect_timeout 120s; proxy_send_timeout 120s; proxy_http_version 1.1; error_page 404 = @redirect_check; } location @redirect_check { add_header Cache-Control "no-cache, max-age=0, no-store"; set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; proxy_pass http://127.0.0.1:8282; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Endpointy bez cache location ~ ^/(stats|user-info|health)$ { add_header Cache-Control "no-cache, max-age=0, no-store"; proxy_cache off; proxy_pass http://127.0.0.1:8282; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Pliki RBL z lokalnego root location ~ ^/(id-rbl\.txt|domain-rbl\.txt)$ { add_header Cache-Control "no-cache, no-store"; root /var/www/www.linuxiarz.pl; try_files $uri =404; } # Stały redirect do osobnej subdomeny location /listapp/ { return 301 https://listapp.linuxiarz.pl$request_uri; } # PHP przez FastCGI location ~ \.php$ { include config/php_fastcgi.conf; } }