From c2dcb5708aa783a8804d2f6bb50d166338224364 Mon Sep 17 00:00:00 2001
From: Catalin Mititiuc <webdevcat@proton.me>
Date: Wed, 11 Jun 2025 13:21:00 -0700
Subject: [PATCH] Add prod conf to source control

---
 conf/nginx.prod.conf | 120 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 120 insertions(+)
 create mode 100644 conf/nginx.prod.conf

diff --git a/conf/nginx.prod.conf b/conf/nginx.prod.conf
new file mode 100644
index 0000000..68e7585
--- /dev/null
+++ b/conf/nginx.prod.conf
@@ -0,0 +1,120 @@
+worker_processes  1;
+error_log logs/error.log;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    server {
+        listen 80;
+        listen 443 ssl;
+
+        include mime.types;
+        charset utf-8;
+        default_type text/html;
+
+        ssl_certificate /var/www/certs/miti.sh/fullchain.pem;
+        ssl_certificate_key /var/www/certs/miti.sh/privkey.pem;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
+        try_files $uri $uri/ $uri.html =404;
+
+        # return `/posts/index.html` from `/posts`
+        location = /posts {
+            rewrite ^ /posts/ break;
+        }
+
+        # redirect requests ending in a forward slash
+        location ~ ^/(.+)/$ {
+            return 302 /$1;
+        }
+
+        location /css {
+            expires 1h;
+            alias css;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name git.miti.sh;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
+        location / {
+            client_max_body_size 1024M;
+            proxy_pass http://localhost:3000;
+            proxy_set_header Connection $http_connection;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name apps.miti.sh;
+
+        root /var/www/sites/apps.miti.sh;
+
+        include mime.types;
+        charset utf-8;
+        default_type text/html;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name webdevcat.me;
+
+        include mime.types;
+        charset utf-8;
+        default_type text/html;
+
+        ssl_certificate /var/www/certs/webdevcat.me/fullchain.pem;
+        ssl_certificate_key /var/www/certs/webdevcat.me/privkey.pem;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
+        location / {
+            return 301 https://miti.sh$request_uri;
+        }
+
+        location ~ ^/git/(.*)$ {
+            return 301 https://git.miti.sh/ccm/$1;
+        }
+
+        location ~ ^/apps/(.*)$ {
+            return 301 https://apps.miti.sh/$1;
+        }
+    }
+    server {
+        listen 443 ssl;
+        server_name git.webdevcat.me;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+    }
+    server {
+        listen 443 ssl;
+        server_name apps.webdevcat.me;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+    }
+}