# ====================================================== # HTTP → HTTPS (IP + semua domain) # ====================================================== server { listen 80; listen [::]:80; server_name 103.75.85.221 shofiyulqalby.dev www.shofiyulqalby.dev tools.shofiyulqalby.dev internet-positif.shofiyulqalby.dev; return 301 https://$host$request_uri; } # ====================================================== # Root path per domain / subdomain # ====================================================== map $host $root_path { shofiyulqalby.dev /var/www/html; www.shofiyulqalby.dev /var/www/html; 103.75.85.221 /var/www/html; tools.shofiyulqalby.dev /var/www/tools; internet-positif.shofiyulqalby.dev /var/www/internet-positif; default /var/www/html; } # ====================================================== # Base HTTPS Server (semua non-tools / non-IP) # ====================================================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name shofiyulqalby.dev www.shofiyulqalby.dev 103.75.85.221; ssl_certificate /etc/ssl/cloudflare/origin.crt; ssl_certificate_key /etc/ssl/cloudflare/origin.key; root $root_path; index index.html; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Gzip gzip on; gzip_vary on; gzip_min_length 1024; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript image/svg+xml; # Logging access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; # Vue / React style SPA routing location / { try_files $uri $uri/ /index.html; } # Cache static location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # Deny hidden files location ~ /\. { deny all; } } # ====================================================== # Tools Subdomain (STATIC ONLY) # ====================================================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name tools.shofiyulqalby.dev; ssl_certificate /etc/ssl/cloudflare/origin.crt; ssl_certificate_key /etc/ssl/cloudflare/origin.key; root /var/www/tools; index index.html; # Logging access_log /var/log/nginx/tools_access.log; error_log /var/log/nginx/tools_error.log; location / { try_files $uri $uri/ =404; } # Cache static location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # Security add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; location ~ /\. { deny all; } } # ====================================================== # SUBDOMAIN: internet-positif # ====================================================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name internet-positif.shofiyulqalby.dev; ssl_certificate /etc/ssl/cloudflare/origin.crt; ssl_certificate_key /etc/ssl/cloudflare/origin.key; root /var/www/internet-positif; index index.html; access_log /var/log/nginx/positif_access.log; error_log /var/log/nginx/positif_error.log; location / { try_files $uri $uri/ /index.html; } location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # Security add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; location ~ /\. { deny all; } }