migrate to coreos

2026-06-28 01:58:34 +00:00 · 2025-04-19 02:24:10 -07:00
parent 12039fb862
commit 8bd3def755
42 changed files with 752 additions and 579 deletions
@@ -1,6 +1,5 @@
 # adapted from /etc/nginx/nginx.conf
 worker_processes auto;
-pid /home/me/nginx/site.pid;
 error_log /dev/stderr;

 events {
@@ -15,42 +14,37 @@ http {

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
-    ssl_certificate     /home/me/certbot/live/matthewtran.com/fullchain.pem;
-    ssl_certificate_key /home/me/certbot/live/matthewtran.com/privkey.pem;
+    ssl_certificate     /data/live/matthewtran.com/fullchain.pem;
+    ssl_certificate_key /data/live/matthewtran.com/privkey.pem;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

-    access_log            /dev/stdout;
-    client_body_temp_path /home/me/nginx/body;
-    proxy_temp_path       /home/me/nginx/proxy;
-    fastcgi_temp_path     /home/me/nginx/fastcgi;
-    uwsgi_temp_path       /home/me/nginx/uwsgi;
-    scgi_temp_path        /home/me/nginx/scgi;
+    access_log /dev/stdout;

    # SSL redirect
    server {
-        listen 8080 default_server;
-        listen [::]:8080 default_server;
+        listen 80 default_server;
+        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
    }

    # default
    server {
-        listen 8443 ssl default_server;
-        listen [::]:8443 ssl default_server;
+        listen 443 ssl default_server;
+        listen [::]:443 ssl default_server;
        server_name _;
        return 404;
    }

    # website
    server {
-        listen 8443 ssl;
-        listen [::]:8443 ssl;
+        listen 443 ssl;
+        listen [::]:443 ssl;
        server_name matthewtran.com www.matthewtran.com;

-        root /home/me/html;
+        root /var/www/html;
        index index.html;
        location / {
            try_files $uri $uri/ =404;
@@ -59,13 +53,13 @@ http {

    # gitea
    server {
-        listen 8443 ssl;
-        listen [::]:8443 ssl;
+        listen 443 ssl;
+        listen [::]:443 ssl;
        server_name git.matthewtran.com;

        location / {
            client_max_body_size 512M;
-            proxy_pass http://gitea:3000;
+            proxy_pass http://127.0.0.1:3000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;