From b6660d656f0e5867e1d09c8e08362322ebecf631 Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sun, 18 Apr 2021 21:10:43 +0200
Subject: [PATCH] Add cdn redirect

---
 nginx/nginx.conf | 86 +++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 77 insertions(+), 9 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 6302691..d420877 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -36,8 +36,8 @@ http {
 	#server 10.0.0.3:4442;
     }
     upstream backend_db {
-        #server localhost:4441;
-	server 10.0.0.3:4441;
+        server localhost:4441;
+	#server 10.0.0.3:4441;
     }
 
     proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHEZONE:10m inactive=60m max_size=400m;
@@ -47,9 +47,6 @@ http {
     server {
         server_name sponsor.ajay.app api.sponsor.ajay.app;
 
-	access_log off;
-        error_log /dev/null;
-
 	error_page 404 /404.html;
 	error_page 500 @myerrordirective_500;
 	error_page 502 @myerrordirective_502;
@@ -109,7 +106,7 @@ http {
         }
      
 	location /database/ {
-	     alias /home/sbadmin/sponsor/docker/database-export/;
+	     return 307 https://cdnsponsor.ajay.app$request_uri;
 	}
 	location /database {
             proxy_pass http://backend_db;
@@ -172,17 +169,74 @@ http {
         }
         
     
-    listen 443 default_server ssl; # managed by Certbot
+    listen 443 default_server ssl http2; # managed by Certbot
+    #listen 443 http3 reuseport;
+    ssl_protocols TLSv1.2 TLSv1.3;
     #listen 80;
-    ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app/privkey.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app-0001/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
 
 
+
+
+
+
 }
     
+    server {
+        server_name cdnsponsor.ajay.app;
+
+	error_page 404 /404.html;
+	
+	location /database/ {
+	     alias /home/sbadmin/sponsor/docker/database-export/;
+	}
+
+	location / {
+            root /home/sbadmin/SponsorBlockSite/public-prod;            
+
+            ### CORS
+            if ($request_method = 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                #
+                # Custom headers and headers various browsers *should* be OK with but aren't
+                #
+                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+                #
+                # Tell client that this pre-flight info is valid for 20 days
+                #
+                add_header 'Access-Control-Max-Age' 1728000;
+                add_header 'Content-Type' 'text/plain; charset=utf-8';
+                add_header 'Content-Length' 0;
+                return 204;
+             }
+             if ($request_method = 'POST') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+             }
+             if ($request_method = 'GET') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+             }
+        }
+    
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app-0001/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
     
 
 
@@ -191,6 +245,7 @@ http {
 
 	 access_log off;
         error_log /dev/null;
+	
 
     if ($host = api.sponsor.ajay.app) {
         return 301 https://$host$request_uri;
@@ -209,4 +264,17 @@ http {
 
 
 
+}
+    
+    server {
+    if ($host = cdnsponsor.ajay.app) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+        server_name cdnsponsor.ajay.app;
+    listen 80;
+    return 404; # managed by Certbot
+
+
 }}