linuxiarz_vps_angie/sites-available/linuxiarz.pl_new.conf

# Cache (jak w oryginale)
proxy_cache_path /var/cache/angie/redirector
    levels=1:2
    keys_zone=redirect_cache:10m
    max_size=100m
    inactive=24h
    use_temp_path=off;

##############################
# 1) Blok tylko do redirectów
##############################

# HTTP -> HTTPS + normalizacja do www
server {
    listen 80;
    server_name linuxiarz.pl www.linuxiarz.pl;

    # Ścieżkowe redirecty z HTTP prosto do docelowych hostów
    rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
    rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;

    # Reszta na HTTPS z www
    return 301 https://www.linuxiarz.pl$request_uri;
}

# HTTPS non‑www -> www (tylko redirect)
server {
    listen 443 ssl;
    server_name linuxiarz.pl;

    include                 config/wildcard.conf;

    ssl_protocols TLSv1.3 TLSv1.2;

    # Bez Alt-Svc tutaj: ten blok tylko przekierowuje
    return 301 https://www.linuxiarz.pl$request_uri;
}

#########################################
# 2) Główny vhost treści: www + HTTP/3
#########################################
server {
    # TCP (HTTP/1.1 + HTTP/2)
    listen 443 ssl;
    http2 on;

    # UDP (QUIC + HTTP/3)
    listen 443 quic;
    http3 on;

    ssl_protocols       TLSv1.3 TLSv1.2;
    ssl_early_data on;

    # Alt-Svc tylko tu, gdzie serwowana jest treść
    add_header Alt-Svc 'h3=":443"; ma=86400';

    server_name www.linuxiarz.pl;

    include                 config/wildcard.conf;

    # logging
    access_log /var/log/angie/linuxiarz.pl.access.log main;
    error_log  /var/log/angie/linuxiarz.pl.error.log warn;

    status_zone www.linuxiarz.pl;
    # Dozwolone metody
    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 405;
    }

    # Ścieżkowe redirecty również z HTTPS na www
    rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
    rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;

    # Główne proxy do Varnish na 6081
    location / {
        proxy_pass http://127.0.0.1:6081/;
        include config/proxy.conf;
    }

    # Przykład ads.txt (opcjonalnie):
    # location = /ads.txt { root /var/www/ads; }
}

##################################
# 3) Backend HTTP na porcie 8080
##################################
server {
    listen 8080;
    server_name www.linuxiarz.pl linuxiarz.pl;

    # Domyślna ścieżka: pliki -> fallback do aplikacji na :8000
    error_page 404 = @redirect_check;

    location / {
        try_files $uri $uri/ @to8000;
    }

    location @to8000 {
        proxy_intercept_errors on;   # pozwala przechwycić 404/5xx i skierować do @redirect_check
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:8000;

        proxy_request_buffering off;
        client_body_timeout 120s;
        proxy_read_timeout 120s;
        proxy_connect_timeout 120s;
        proxy_send_timeout 120s;
        proxy_http_version 1.1;

        error_page 404 = @redirect_check;
    }

    location @redirect_check {
        add_header Cache-Control "no-cache, max-age=0, no-store";
        set_real_ip_from  127.0.0.1;
        real_ip_header    X-Forwarded-For;

        proxy_pass http://127.0.0.1:8282;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Endpointy bez cache
    location ~ ^/(stats|user-info|health)$ {
        add_header Cache-Control "no-cache, max-age=0, no-store";
        proxy_cache off;
        proxy_pass http://127.0.0.1:8282;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Pliki RBL z lokalnego root
    location ~ ^/(id-rbl\.txt|domain-rbl\.txt)$ {
        add_header Cache-Control "no-cache, no-store";
        root /var/www/www.linuxiarz.pl;
        try_files $uri =404;
    }

    # Stały redirect do osobnej subdomeny
    location /listapp/ {
        return 301 https://listapp.linuxiarz.pl$request_uri;
    }

    # PHP przez FastCGI
    location ~ \.php$ {
        include config/php_fastcgi.conf;
    }
}