{ lib, pkgs, config, ... }: { services.nginx = { enable = true; virtualHosts = let pdxDestinyRoot = pkgs.runCommand "pdxdestiny-web" {} '' mkdir -p $out cp ${./pdxdestiny/index.html} $out/index.html cp ${pkgs.copyPathToStore ./pdxdestiny/gold.jpg} $out/gold.jpg ''; in { "_default" = { listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } ]; serverName = "_"; extraConfig = '' deny all; return 444; ''; }; "pdxdestiny.com" = { enableACME = true; forceSSL = false; addSSL = true; root = pdxDestinyRoot; }; "fbksdigital.com" = { enableACME = true; # Enable Let's Encrypt certificate for HTTPS forceSSL = false; # Redirect HTTP to HTTPS? addSSL = true; root = "/dev/null"; locations."/" = { extraConfig = '' return 301 http://fbksdigital.lpages.co/fbksdigital/; ''; }; }; #"philippeterson.com" = { # enableACME = true; # Enable Let's Encrypt certificate for HTTPS # forceSSL = false; # Redirect HTTP to HTTPS? # addSSL = true; # root = "/etc/pullomatic/com_philippeterson"; # locations."~ /.git(/.*)$ " = { # extraConfig = '' # deny all; # return 404; # ''; # }; # locations."/games/atcsim" = { # extraConfig = '' # return 301 /games/atcsim/; # ''; # }; # locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { # extraConfig = '' # index index.html index.htm; # rewrite ^/games/atcsim/?$ "/index.html" break; # rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; # root /etc/pullomatic/atcsim; # ''; # }; # locations."/portfolio" = { # extraConfig = '' # return 301 /portfolio/; # ''; # }; # locations."~ ^/portfolio/" = { # extraConfig = '' # index index.html index.htm; # rewrite ^/portfolio/?$ "/index.html" break; # rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; # root /etc/pullomatic/my-portfolio; # ''; # }; # locations."~ ^/echo(?((/[^/\\s]*)*))$" = { # extraConfig = '' # add_header Content-Type text/plain; # return 200 "$query"; # ''; # }; # locations."/" = { # extraConfig = '' # try_files $uri $uri.php $uri/ =404; # index index.php index.html index.htm; # rewrite ^/contact$ /contact.php last; # rewrite ^/resume$ /resume.php last; # ''; # }; # locations."~ \.php$" = { # extraConfig = '' # include ${pkgs.nginx}/conf/fastcgi.conf; # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; # ''; # }; #}; "blog.quineglobal.com" = { enableACME = false; forceSSL = false; addSSL = false; locations."/" = { proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container }; }; "quineglobal.com" = { enableACME = false; forceSSL = false; addSSL = false; locations."/" = { extraConfig = '' index index.html index.htm; root /etc/pullomatic/com_quineglobal; ''; }; }; "webdav.philippeterson.com" = { serverName = "webdav.philippeterson.com"; enableACME = true; onlySSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav extraConfig = '' # Pass required headers for WebDAV proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Pass Authorization header if required proxy_set_header Authorization $http_authorization; # Set timeouts for large file uploads or long WebDAV operations proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; # Increase client body size for large uploads client_max_body_size 100M; # Optional: Disable caching for WebDAV operations proxy_buffering off; proxy_cache off; ''; }; }; "forge.quinefoundation.com-https" = { serverName = "forge.quinefoundation.com"; enableACME = true; onlySSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo }; }; "forge.quinefoundation.com-http" = { serverName = "forge.quinefoundation.com"; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } ]; locations."/" = { # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS # Instead, temporarily redirect to HTTPS extraConfig = '' return 302 https://$host$request_uri; ''; }; }; }; # Optionally configure additional options recommendedGzipSettings = true; recommendedProxySettings = true; recommendedTlsSettings = true; }; services.phpfpm.pools = { main = { phpEnv."PATH" = lib.makeBinPath [pkgs.php]; user = "nginx"; group = "nginx"; settings = { # listen = /run/phpfpm.sock # "listen.mode = 0660 "listen.owner" = "nginx"; "listen.group" = "nginx"; "pm" = "dynamic"; "pm.max_children" = 75; "pm.start_servers" = 10; "pm.min_spare_servers" = 5; "pm.max_spare_servers" = 20; "pm.max_requests" = 500; "php_admin_value[error_log]" = "stderr"; "php_admin_flag[log_errors]" = true; "catch_workers_output" = true; }; }; }; }