nginx.conf/conf.d/blog-ari-lt.conf

server {
    server_name blog.ari.lt;

    http2 on;
    listen 80;
    listen [::]:80;

    limit_req zone=all burst=5 delay=5;
    limit_req zone=allm burst=5 delay=5;

    include /etc/nginx/snippets.d/paranoia-headers.conf;

    add_header Onion-Location "http://blog.arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion$request_uri" always;

    return 301 https://$server_name$request_uri;
}

server {
    server_name blog.ari.lt;

    http2 on;
    listen 443 ssl;
    listen [::]:443 ssl;

    limit_req zone=all burst=15 delay=5;
    limit_req zone=allm burst=15 delay=5;

    # access_log on;

    ssl_certificate /etc/letsencrypt/live/ari.lt-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ari.lt-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/ari.lt-0001/chain.pem;
    include /etc/nginx/snippets.d/ssl.conf;

    add_header Onion-Location "http://blog.arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion$request_uri" always;

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Frame-Options "deny" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Content-Security-Policy "upgrade-insecure-requests" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;

    include /etc/nginx/snippets.d/gzip.conf;

    rewrite ^/git$ https://ari.lt/lh/blog.ari.lt/ permanent;
    rewrite ^/git/(.*)$ https://ari.lt/lh/blog.ari.lt/$1 permanent;

    location = /netlify.toml {
        return 404 https://ari.lt/404.blog.xyz;
    }

    location = /yandex_ec8b6057b83317cd.html {
        alias /var/www/ari-web/yandex_ec8b6057b83317cd.html;
    }

    rewrite ^/visit$ https://ari.lt/counter.svg permanent;

    error_page 404 https://ari.lt/404.blog.xyz;

    location = /favicon.ico {
        return 301 https://ari.lt/favicon.ico;
    }
    location = /rss.xml {
        types {}
        default_type application/rss+xml;
        root /var/www/ari-web/blog.ari.lt;
        try_files $uri =404;
    }

    location = /blog.json {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /blog_json_hash.txt {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /recents_json_hash.txt {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /recents.json {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location / {
        root /var/www/ari-web/blog.ari.lt;
        index index.html;
        try_files $uri $uri/ =404;
    }
}

server {
    server_name blog.arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion;

    http2 on;
    listen 80;

    limit_req zone=all burst=15 delay=5;
    limit_req zone=allm burst=15 delay=5;

    add_header X-Frame-Options "deny" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;

    include /etc/nginx/snippets.d/gzip.conf;

    rewrite ^/git$ http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/lh/blog.ari.lt/ permanent;
    rewrite ^/git/(.*)$ http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/lh/blog.ari.lt/$1 permanent;

    location = /netlify.toml {
        return 404 http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/404.blog.xyz;
    }

    location = /yandex_ec8b6057b83317cd.html {
        include /etc/nginx/snippets.d/paranoia-headers.conf;
        alias /var/www/ari-web/yandex_ec8b6057b83317cd.html;
    }

    rewrite ^/visit$ http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/counter.svg permanent;

    error_page 404 http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/404.blog.xyz;

    location = /favicon.ico {
        return 301 http://arija664fy4c6zhfbsytbqcbz5gcc3qjuwaz4ue6cium5c5fo2fgakyd.onion/favicon.ico;
    }

    location = /rss.xml {
        types {}
        default_type application/rss+xml;
        root /var/www/ari-web/blog.ari.lt;
        try_files $uri =404;
    }

    location = /blog.json {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /blog_json_hash.txt {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /recents_json_hash.txt {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location = /recents.json {
        root /var/www/ari-web/blog.ari.lt;
        include /etc/nginx/snippets.d/global-resource.conf;
        try_files $uri =404;
    }

    location / {
        root /var/www/ari-web/blog.ari.lt;
        index index.html;
        try_files $uri $uri/ =404;
    }
}