{ lib, pkgs, config, ... }: { services.nginx = { enable = true; virtualHosts = let pdxDestinyRoot = pkgs.runCommand "pdxdestiny-web" {} '' mkdir -p $out cp ${./pdxdestiny/index.html} $out/index.html cp ${pkgs.copyPathToStore ./pdxdestiny/gold.jpg} $out/gold.jpg ''; in { "_default" = { listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } ]; serverName = "_"; extraConfig = '' deny all; return 444; ''; }; "pdxdestiny.com" = { enableACME = true; forceSSL = false; addSSL = true; root = pdxDestinyRoot; }; "fbksdigital.com" = { enableACME = true; # Enable Let's Encrypt certificate for HTTPS forceSSL = false; # Redirect HTTP to HTTPS? addSSL = true; root = "/dev/null"; locations."/" = { extraConfig = '' return 301 http://fbksdigital.lpages.co/fbksdigital/; ''; }; }; "www.philippeterson.com" = { enableACME = true; forceSSL = false; addSSL = true; locations."/" = { extraConfig = '' return 301 https://philippeterson.com$request_uri; ''; }; }; "philippeterson.com" = { enableACME = true; # Enable Let's Encrypt certificate for HTTPS forceSSL = false; # Redirect HTTP to HTTPS? addSSL = true; root = "/etc/pullomatic/com_philippeterson"; locations."~ /.git(/.*)$ " = { extraConfig = '' deny all; return 404; ''; }; locations."/games/atcsim" = { extraConfig = '' return 301 /games/atcsim/; ''; }; locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { extraConfig = '' index index.html index.htm; rewrite ^/games/atcsim/?$ "/index.html" break; rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; root /etc/pullomatic/atcsim; ''; }; locations."/portfolio" = { extraConfig = '' return 301 /portfolio/; ''; }; locations."~ ^/portfolio/" = { extraConfig = '' index index.html index.htm; rewrite ^/portfolio/?$ "/index.html" break; rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; root /etc/pullomatic/my-portfolio; ''; }; locations."~ ^/echo(?((/[^/\\s]*)*))$" = { extraConfig = '' add_header Content-Type text/plain; return 200 "$query"; ''; }; locations."/" = { extraConfig = '' try_files $uri $uri.php $uri/ =404; index index.php index.html index.htm; rewrite ^/contact$ /contact.php last; rewrite ^/resume$ /resume.php last; ''; }; locations."~ \.php$" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; ''; }; }; "blog.quineglobal.com" = { enableACME = false; forceSSL = false; addSSL = false; locations."/" = { proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container }; }; "riverside.coldairnetworks.com" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3011/"; }; }; "quineglobal.com" = { enableACME = false; forceSSL = false; addSSL = false; locations."/" = { extraConfig = '' index index.html index.htm; root /etc/pullomatic/com_quineglobal; ''; }; }; "webdav.philippeterson.com" = { serverName = "webdav.philippeterson.com"; enableACME = true; onlySSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav extraConfig = '' # Pass required headers for WebDAV proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Pass Authorization header if required proxy_set_header Authorization $http_authorization; # Set timeouts for large file uploads or long WebDAV operations proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; # Increase client body size for large uploads client_max_body_size 100M; # Optional: Disable caching for WebDAV operations proxy_buffering off; proxy_cache off; ''; }; }; "forge.quinefoundation.com-https" = { serverName = "forge.quinefoundation.com"; enableACME = true; onlySSL = true; extraConfig = '' client_max_body_size 0; ''; locations."/" = { proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo }; }; "forge.quinefoundation.com-http" = { serverName = "forge.quinefoundation.com"; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "[::]"; port = 80; } ]; locations."/" = { # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS # Instead, temporarily redirect to HTTPS extraConfig = '' return 302 https://$host$request_uri; ''; }; }; }; # Optionally configure additional options recommendedGzipSettings = true; recommendedProxySettings = true; recommendedTlsSettings = true; }; services.phpfpm.pools = { main = { phpEnv."PATH" = lib.makeBinPath [pkgs.php]; user = "nginx"; group = "nginx"; settings = { # listen = /run/phpfpm.sock # "listen.mode = 0660 "listen.owner" = "nginx"; "listen.group" = "nginx"; "pm" = "dynamic"; "pm.max_children" = 75; "pm.start_servers" = 10; "pm.min_spare_servers" = 5; "pm.max_spare_servers" = 20; "pm.max_requests" = 500; "php_admin_value[error_log]" = "stderr"; "php_admin_flag[log_errors]" = true; "catch_workers_output" = true; }; }; }; }