Backup before adding SMTP stream proxy configuration

sites-available/portal.conf

@@ -1,90 +1,65 @@
-add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
-
+add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
 server {
-    listen 80;
-    server_name portal.egonetix.de;
+        listen       80;
+        server_name portal.egonetix.de;
+
+        # Redirect any HTTP request to HTTPS
+        return 301 https://$server_name$request_uri;
 
-    # Redirect all HTTP traffic to HTTPS
-    return 301 https://$server_name$request_uri;
 }
 
+
 server {
-    listen 10.0.0.29:443 ssl http2;
+# The IP that you forwarded in your router (nginx proxy)
+  listen 10.0.0.29:443 ssl http2;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
-    # Remove or update unsupported origin trial features.
-    # For example, comment out or remove these if not using them:
-    # add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
+ # SSL config
+ ssl on;
+ ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
 
-    # Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
+# Make site accessible from http://localhost/
+ server_name portal.egonetix.de;
 
-    ssl on;
-    ssl_certificate     /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
-    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
+ access_log /var/log/nginx/portal-access_log;
+ error_log /var/log/nginx/portal-error_log;
 
-    server_name portal.egonetix.de;
-    access_log /var/log/nginx/portal-access_log;
-    error_log  /var/log/nginx/portal-error_log;
+ # Gzip compression for static content
+ gzip on;
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 5;
+ gzip_types text/plain text/css text/xml text/javascript 
+            application/json application/javascript application/xml+rss image/svg+xml;
+ gzip_min_length 1000;
 
-    root /var/www/html;
-    index index.html index.php;  # Added index.php as potential index file
+# return         301 https://$server_name$request_uri;
+# The internal IP of the VM that hosts your Apache config
+# set $upstream 10.0.0.10;
 
-    # PHP Processing Configuration - Updated for PHP 8.1
-    location ~ \.php$ {
-        include snippets/fastcgi-php.conf;
-        
-        # Use PHP 8.1 socket (most common path on Ubuntu 22.04)
-        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
-        
-        # Alternative options if the above doesn't work:
-        #fastcgi_pass unix:/run/php/php8.1-fpm.sock;
-        #fastcgi_pass 127.0.0.1:9000;
-        
-        # Increase timeout and buffer size for troubleshooting
-        fastcgi_connect_timeout 300;
-        fastcgi_read_timeout 300;
-        fastcgi_send_timeout 300;
-        fastcgi_buffer_size 32k;
-        fastcgi_buffers 16 16k;
-        
-        # Set the correct document root
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors on;
-    }
+root /var/www/html;
+    index index.html;
 
-    # Reverse proxy for API calls to KidsAI Explorer backend
-    # Proxy all /api/ requests to the Node.js server running on port 3002
-    location /api/ {
-        proxy_pass http://127.0.0.1:3002;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        # Additional headers for better compatibility
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Server $host;
-        
-        # Increase timeouts for AI processing
-        proxy_connect_timeout       300;
-        proxy_send_timeout          300;
-        proxy_read_timeout          300;
-        send_timeout                300;
-    }
+#    location /.well-known {
+#            alias /var/www/sub.domain.com/.well-known;
+#    }
 
-    # Serve KidsAI Explorer static files
-    location /kidsai/ {
-        alias /var/www/html/kidsai/;
-        try_files $uri $uri/ /kidsai/index.html;
-        
-        # Cache static assets
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-        }
-    }
+# location / {
+ 
+# proxy_pass_header Authorization;
+# proxy_pass http://$upstream;
+# proxy_set_header Host $host;
+# proxy_set_header X-Real-IP $remote_addr;
+# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+# proxy_http_version 1.1;
+# proxy_set_header Connection "";
+# proxy_buffering off;
+# client_max_body_size 0;
+# proxy_read_timeout 36000s;
+# proxy_redirect off; 
+#}
 }