exp

http_archive/homarr-http

@@ -0,0 +1,15 @@
+# HTTP-only NGINX config for home.aaf.systems (no SSL)
+server {
+    listen 80;
+    server_name home.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:7575;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

sites-available/affine

@@ -0,0 +1,33 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name notes.aaf.systems;
+
+    # This redirect is managed by Certbot's --redirect flag, 
+    # but we include it for completeness.
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name notes.aaf.systems;
+
+    # --- This is the location block that was missing ---
+    location / {
+        proxy_pass http://100.93.165.98:3010;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+    # --- End of location block ---
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}

sites-available/exp

@@ -0,0 +1,28 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name exp.aaf.systems;
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name exp.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:8080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/exp.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/exp.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}

sites-available/gitea

@@ -1,19 +1,17 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
 server {
     listen 80;
     server_name git.aaf.systems;
-    # Redirect all HTTP traffic to HTTPS
     return 301 https://$host$request_uri;
 }
 
+# Block 2: Handles the secure HTTPS traffic
 server {
     listen 443 ssl http2;
     server_name git.aaf.systems;
 
-    # SSL Certificates (managed by Certbot)
-    ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem;
-
     location / {
+        # IMPORTANT: Replace with the correct Tailscale IP for your Gitea server
         proxy_pass http://100.93.165.98:3000;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -22,4 +20,10 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }

sites-available/homarr

@@ -0,0 +1,28 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name home.aaf.systems;
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name home.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:7575;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/home.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/home.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}

sites-available/koel

@@ -0,0 +1,28 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name music.aaf.systems;
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name music.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:4075;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/music.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/music.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}

sites-available/plane

@@ -0,0 +1,28 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name projects.aaf.systems;
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name projects.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:3050;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/projects.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/projects.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}

sites-available/vert

@@ -0,0 +1,28 @@
+# Block 1: Redirects all HTTP traffic to HTTPS
+server {
+    listen 80;
+    server_name convert.aaf.systems;
+    return 301 https://$host$request_uri;
+}
+
+# Block 2: Handles the secure HTTPS traffic
+server {
+    listen 443 ssl http2;
+    server_name convert.aaf.systems;
+
+    location / {
+        proxy_pass http://100.93.165.98:3090;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # SSL settings managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/convert.aaf.systems/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/convert.aaf.systems/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}