Backup before adding SMTP stream proxy configuration

sites-enabled/default

@@ -1 +0,0 @@
-/etc/nginx/sites-available/default

sites-enabled/feuer.conf

@@ -0,0 +1 @@
+/etc/nginx/sites-available/feuer.conf

sites-enabled/portal.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/portal.conf

sites-enabled/portal.conf

@@ -0,0 +1,87 @@
+add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+
+server {
+    listen 80;
+    server_name portal.egonetix.de;
+
+    # Redirect all HTTP traffic to HTTPS
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 10.0.0.29:443 ssl http2;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
+
+    # Remove or update unsupported origin trial features.
+    # For example, comment out or remove these if not using them:
+    # add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
+
+    # Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
+
+    ssl on;
+    ssl_certificate     /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
+    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
+
+    server_name portal.egonetix.de;
+    access_log /var/log/nginx/portal-access_log;
+    error_log  /var/log/nginx/portal-error_log;
+
+    root /var/www/html;
+    index index.html index.php;  # Added index.php as potential index file
+
+    # PHP Processing Configuration - Updated for PHP 8.1
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        
+        # Use PHP 8.1 socket (most common path on Ubuntu 22.04)
+        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+        
+        # Alternative options if the above doesn't work:
+        #fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+        #fastcgi_pass 127.0.0.1:9000;
+        
+        # Increase timeout and buffer size for troubleshooting
+        fastcgi_connect_timeout 300;
+        fastcgi_read_timeout 300;
+        fastcgi_send_timeout 300;
+        fastcgi_buffer_size 32k;
+        fastcgi_buffers 16 16k;
+        
+        # Set the correct document root
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_intercept_errors on;
+    }
+
+    # Reverse proxy for KidsAI Explorer API calls
+    location /api/ {
+        proxy_pass http://127.0.0.1:3001/api/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        # Add CORS headers for API requests
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
+        add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
+        add_header Access-Control-Allow-Credentials true always;
+        
+        # Handle preflight requests
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
+            add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
+            add_header Access-Control-Allow-Credentials true;
+            add_header Access-Control-Max-Age 1728000;
+            add_header Content-Type 'text/plain charset=UTF-8';
+            add_header Content-Length 0;
+            return 204;
+        }
+    }
+}
+

sites-enabled/portal.conf.backup.working.20250929

@@ -0,0 +1,87 @@
+add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+
+server {
+    listen 80;
+    server_name portal.egonetix.de;
+
+    # Redirect all HTTP traffic to HTTPS
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 10.0.0.29:443 ssl http2;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
+
+    # Remove or update unsupported origin trial features.
+    # For example, comment out or remove these if not using them:
+    # add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
+
+    # Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
+
+    ssl on;
+    ssl_certificate     /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
+    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
+
+    server_name portal.egonetix.de;
+    access_log /var/log/nginx/portal-access_log;
+    error_log  /var/log/nginx/portal-error_log;
+
+    root /var/www/html;
+    index index.html index.php;  # Added index.php as potential index file
+
+    # PHP Processing Configuration - Updated for PHP 8.1
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        
+        # Use PHP 8.1 socket (most common path on Ubuntu 22.04)
+        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+        
+        # Alternative options if the above doesn't work:
+        #fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+        #fastcgi_pass 127.0.0.1:9000;
+        
+        # Increase timeout and buffer size for troubleshooting
+        fastcgi_connect_timeout 300;
+        fastcgi_read_timeout 300;
+        fastcgi_send_timeout 300;
+        fastcgi_buffer_size 32k;
+        fastcgi_buffers 16 16k;
+        
+        # Set the correct document root
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_intercept_errors on;
+    }
+
+    # Reverse proxy for KidsAI Explorer API calls
+    location /api/ {
+        proxy_pass http://127.0.0.1:3001/api/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        # Add CORS headers for API requests
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
+        add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
+        add_header Access-Control-Allow-Credentials true always;
+        
+        # Handle preflight requests
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Origin $http_origin;
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
+            add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
+            add_header Access-Control-Allow-Credentials true;
+            add_header Access-Control-Max-Age 1728000;
+            add_header Content-Type 'text/plain charset=UTF-8';
+            add_header Content-Length 0;
+            return 204;
+        }
+    }
+}
+

sites-enabled/rezepte.conf

@@ -1 +0,0 @@
-/etc/nginx/sites-available/rezepte.conf

sites-enabled/rezepte.conf

@@ -0,0 +1,62 @@
+add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+
+proxy_cache_path /tmp/rezepte/ levels=1:2 keys_zone=my_cache_rezepte:10m max_size=10g 
+                 inactive=60m use_temp_path=off;
+
+upstream swarm_nodes {
+server 10.0.0.48:8090;
+}
+
+
+resolver 10.0.0.21;
+
+server{
+listen 80;
+server_name rezepte.egonetix.de;
+return 301 https://$server_name$request_uri;
+}
+
+server {
+ listen 10.0.0.29:443 ssl http2;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+ # SSL config
+ ssl on;
+ ssl_certificate /etc/letsencrypt/live/rezepte.egonetix.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/rezepte.egonetix.de/privkey.pem;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+ # Make site accessible from http://localhost/
+ server_name rezepte.egonetix.de;
+
+ access_log /var/log/nginx/rezepte-access_log;
+ error_log /var/log/nginx/rezepte-error_log;
+
+ set $upstream 10.0.0.48;
+ #set $upstream swarm_nodes;
+ #set $upstream 10.0.0.46;
+
+
+ location / {
+
+ proxy_cache my_cache_rezepte;
+ proxy_cache_revalidate on;
+ proxy_cache_min_uses 3;
+ proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+ proxy_cache_lock on;
+ proxy_pass_header Authorization;
+ proxy_pass http://$upstream:8090;
+# proxy_pass http://swarm_nodes;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ proxy_buffering off;
+ client_max_body_size 0;
+ proxy_read_timeout 36000s;
+ proxy_redirect off;
+ proxy_ssl_session_reuse off;
+ }
+
+}