connecteev/api.tinyadults.com.conf Secret

## api.tinyadults.com.conf
server {
        server_name api.tinyadults.com;

        # Kunal: make sure you point to a laravel or wordpress public directory containing an index.php file
        root /home/domains/api.tinyadults.com/public/current/public;

        # Kunal: From https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#host-multiple-websites
        # This link may be outdated. adding 'main' and 'error' makes nginx crap out
        #access_log   /home/domains/apidev.isitweird.com/log/apidev.isitweird.access.log;
        error_log   /home/domains/api.tinyadults.com/log/api.tinyadults.error.log;

        # Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#limit-or-disable-content-embedding
        add_header X-Frame-Options "SAMEORIGIN";

        # Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#cross-site-scripting-xss-filter
        add_header X-XSS-Protection "1; mode=block";

        # Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#disable-content-sniffing
        add_header X-Content-Type-Options "nosniff";

        index index.html index.htm index.php;

        charset utf-8;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        #error_page 404 /index.php;
        # Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
        error_page 404 /custom_404.html;
        location = /custom_404.html {
            root /etc/nginx/sites-available/custom_nginx_error_pages;
            internal;
        }

        location ~ \.php$ {
                # Kunal: After installation of php-fpm, check in /var/run/php/ for a fpm sock file like: /var/run/php/php7.4-fpm.sock
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_index index.php;
                #fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.(?!well-known).* {
                deny all;
        }

        # Kunal: From https://www.linode.com/docs/web-servers/nginx/nginx-installation-and-basic-setup/#static-content-compression
        # Note that gzip has security vulnerabilities and it used to be off by default in the base nginx.conf file (oddly it is set to on by default now)
        # Make sure that gzip is set / enabled only in server{} blocks for individual site configs, not globally in nginx.conf.
        # Though gzip directives can go in the http block if you want it to apply to all sites served by NGINX, it’s safer to use it only inside server blocks for individual sites and content types
        gzip on;
        gzip_types text/plain text/css image/* application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        #listen 443 ssl http2 ipv6only=on; # managed by Certbot (not sure if we support ipv6 yet), modified by Kunal to add http2
        listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

        #Install SSL certificates and configure https:// on a per-domain-basis by running:
        #sudo certbot --nginx
        #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
        ssl_certificate /etc/letsencrypt/live/api.tinyadults.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/api.tinyadults.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name api.tinyadults.com;

    if ($host = api.tinyadults.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot
}

## gistfile1.txt
In simple terms, this is what I have and this is what I want to happen:
- I have nuxt.js (frontend) running on a specific port, let's say 4001 (this can be changed and does not matter).
- Nuxt.js frontend communicates with my backend APIs running php / laravel, on port 8000 (this port can also be changed and does not matter).
- I will host the frontend on domain: tinyadults.com, and apis on api.tinyadults.com (btw please dont go to these URLs, they're not configured yet).
- Furthermore, users of my site (tinyadults.com) will be able to go to tinyadults.com, create an account, and in the settings, specify what subdomain and custom domain they want to use. Similar to this https://downloads.intercomcdn.com/i/o/173567706/0ef0f78954834279ddad732e/image.png as you can see here https://help.podia.com/en/articles/101242-setting-up-your-custom-domain-name
- So, a user (say user1) should be able to the app (tinyadults.com), specify their own subdomain URL, like user1.tinyadults.com, user2.tinyadults.com etc. I probably need a nginx config with "wildcard subdomains" to do this, which I also haven't figured out how to do.
- They can also specify a custom domain (that they own), like domain1.com in the admin settings. What should happen is if you go to domain1.com, it would show the contents of that user's subdomain, user1.tinyadults.com in this example.
- All of this is exactly like what podia does here: https://help.podia.com/en/articles/101242-setting-up-your-custom-domain-name, but configuring this has been a huge issue for us. It probably requires nginx and some DNS / CNAME changes, and we haven't been able to figure out how to get it to work.

## tinyadults.com.conf
server {
    index index.html index.htm;
    server_name tinyadults.com www.tinyadults.com;

    location / {
        # WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
        #proxy_pass https://localhost:4001;
        proxy_pass http://localhost:4001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
    error_page 404 /custom_404.html;
    location = /custom_404.html {
        root /etc/nginx/sites-available/custom_nginx_error_pages;
        internal;
    }

    listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
    listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

    #Install SSL certificates and configure https:// on a per-domain-basis by running:
    #sudo certbot --nginx
    #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
    ssl_certificate /etc/letsencrypt/live/tinyadults.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tinyadults.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    server_name tinyadults.com;
    if ($host = tinyadults.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    #listen 80 default_server;
    #listen [::]:80 default_server;
    return 404; # managed by Certbot
}

## wildcard.tinyadults.com.conf
server {
    index index.html index.htm;
    server_name ~^(?<subdomain>.+)\.tinyadults\.com$;
    root /home/domains/tinyadults.com/public/current;

    location / {
        # WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
        #proxy_pass https://localhost:4001;
        proxy_pass http://localhost:4001/school/$subdomain;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
    error_page 404 /custom_404.html;
    location = /custom_404.html {
        root /etc/nginx/sites-available/custom_nginx_error_pages;
        internal;
    }

    listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
    listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

    #Install SSL certificates and configure https:// on a per-domain-basis by running:
    #sudo certbot --nginx
    #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
    ssl_certificate /etc/letsencrypt/live/tinyadults.com-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tinyadults.com-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name ~^(?<subdomain>.+)\.tinyadults\.com$;
    return 301 https://$host$request_uri;
    #if ($host = tinyadults.com) {
    #    return 301 https://$server_name$request_uri;
    #} # managed by Certbot

    #listen 80;
    #listen [::]:80;
    return 404; # managed by Certbot
}
	server {
	server_name api.tinyadults.com;

	# Kunal: make sure you point to a laravel or wordpress public directory containing an index.php file
	root /home/domains/api.tinyadults.com/public/current/public;

	# Kunal: From https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#host-multiple-websites
	# This link may be outdated. adding 'main' and 'error' makes nginx crap out
	#access_log /home/domains/apidev.isitweird.com/log/apidev.isitweird.access.log;
	error_log /home/domains/api.tinyadults.com/log/api.tinyadults.error.log;

	# Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#limit-or-disable-content-embedding
	add_header X-Frame-Options "SAMEORIGIN";

	# Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#cross-site-scripting-xss-filter
	add_header X-XSS-Protection "1; mode=block";

	# Kunal: from https://www.linode.com/docs/web-servers/nginx/slightly-more-advanced-configurations-for-nginx/#disable-content-sniffing
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	#error_page 404 /index.php;
	# Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
	error_page 404 /custom_404.html;
	location = /custom_404.html {
	root /etc/nginx/sites-available/custom_nginx_error_pages;
	internal;
	}

	location ~ \.php$ {
	# Kunal: After installation of php-fpm, check in /var/run/php/ for a fpm sock file like: /var/run/php/php7.4-fpm.sock
	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	fastcgi_index index.php;
	#fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}

	location ~ /\.(?!well-known).* {
	deny all;
	}

	# Kunal: From https://www.linode.com/docs/web-servers/nginx/nginx-installation-and-basic-setup/#static-content-compression
	# Note that gzip has security vulnerabilities and it used to be off by default in the base nginx.conf file (oddly it is set to on by default now)
	# Make sure that gzip is set / enabled only in server{} blocks for individual site configs, not globally in nginx.conf.
	# Though gzip directives can go in the http block if you want it to apply to all sites served by NGINX, it’s safer to use it only inside server blocks for individual sites and content types
	gzip on;
	gzip_types text/plain text/css image/* application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	#listen 443 ssl http2 ipv6only=on; # managed by Certbot (not sure if we support ipv6 yet), modified by Kunal to add http2
	listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

	#Install SSL certificates and configure https:// on a per-domain-basis by running:
	#sudo certbot --nginx
	#(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
	ssl_certificate /etc/letsencrypt/live/api.tinyadults.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/api.tinyadults.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
	server_name api.tinyadults.com;

	if ($host = api.tinyadults.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	listen 80;
	return 404; # managed by Certbot
	}
	In simple terms, this is what I have and this is what I want to happen:
	- I have nuxt.js (frontend) running on a specific port, let's say 4001 (this can be changed and does not matter).
	- Nuxt.js frontend communicates with my backend APIs running php / laravel, on port 8000 (this port can also be changed and does not matter).
	- I will host the frontend on domain: tinyadults.com, and apis on api.tinyadults.com (btw please dont go to these URLs, they're not configured yet).
	- Furthermore, users of my site (tinyadults.com) will be able to go to tinyadults.com, create an account, and in the settings, specify what subdomain and custom domain they want to use. Similar to this https://downloads.intercomcdn.com/i/o/173567706/0ef0f78954834279ddad732e/image.png as you can see here https://help.podia.com/en/articles/101242-setting-up-your-custom-domain-name
	- So, a user (say user1) should be able to the app (tinyadults.com), specify their own subdomain URL, like user1.tinyadults.com, user2.tinyadults.com etc. I probably need a nginx config with "wildcard subdomains" to do this, which I also haven't figured out how to do.
	- They can also specify a custom domain (that they own), like domain1.com in the admin settings. What should happen is if you go to domain1.com, it would show the contents of that user's subdomain, user1.tinyadults.com in this example.
	- All of this is exactly like what podia does here: https://help.podia.com/en/articles/101242-setting-up-your-custom-domain-name, but configuring this has been a huge issue for us. It probably requires nginx and some DNS / CNAME changes, and we haven't been able to figure out how to get it to work.
	server {
	index index.html index.htm;
	server_name tinyadults.com www.tinyadults.com;

	location / {
	# WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
	#proxy_pass https://localhost:4001;
	proxy_pass http://localhost:4001;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}

	# Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
	error_page 404 /custom_404.html;
	location = /custom_404.html {
	root /etc/nginx/sites-available/custom_nginx_error_pages;
	internal;
	}

	listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
	listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

	#Install SSL certificates and configure https:// on a per-domain-basis by running:
	#sudo certbot --nginx
	#(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
	ssl_certificate /etc/letsencrypt/live/tinyadults.com-0001/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/tinyadults.com-0001/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


	}

	server {
	server_name tinyadults.com;
	if ($host = tinyadults.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	#listen 80 default_server;
	#listen [::]:80 default_server;
	return 404; # managed by Certbot
	}
	server {
	index index.html index.htm;
	server_name ~^(?<subdomain>.+)\.tinyadults\.com$;
	root /home/domains/tinyadults.com/public/current;

	location / {
	# WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
	#proxy_pass https://localhost:4001;
	proxy_pass http://localhost:4001/school/$subdomain;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}

	# Kunal: create a custom 404 nginx page, from https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04
	error_page 404 /custom_404.html;
	location = /custom_404.html {
	root /etc/nginx/sites-available/custom_nginx_error_pages;
	internal;
	}

	listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
	listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

	#Install SSL certificates and configure https:// on a per-domain-basis by running:
	#sudo certbot --nginx
	#(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
	ssl_certificate /etc/letsencrypt/live/tinyadults.com-0002/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/tinyadults.com-0002/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
	server_name ~^(?<subdomain>.+)\.tinyadults\.com$;
	return 301 https://$host$request_uri;
	#if ($host = tinyadults.com) {
	# return 301 https://$server_name$request_uri;
	#} # managed by Certbot

	#listen 80;
	#listen [::]:80;
	return 404; # managed by Certbot
	}