feat: add proxy routing for garage (S3)

proxy/nginx/conf.d/s3.conf

@@ -0,0 +1,42 @@
+# HTTP configuration
+# -- Redirect all HTTP requests to HTTPS port
+server {
+	listen 80; # HTTP port
+	server_name s3.systemsobscure.net;
+	location / {
+		return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name
+	}
+}
+
+# HTTPS configuration 
+
+server {
+	listen 443 ssl;
+	server_name s3.systemsobscure.net;
+
+	# SSL configuration
+	ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;
+
+	# Security headers
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    
+	# Proxy Configuration
+  location / {
+		proxy_pass http://127.0.0.1:3900;
+		proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+		# CORS headers for web access
+    add_header Access-Control-Allow-Origin *;
+		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+    add_header Access-Control-Allow-Headers "Authorization, Content-Type";
+        
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+			return 204;
+    }
+  }
+}

scripts/regenerate_certificates.sh

@@ -21,7 +21,9 @@ sudo certbot certonly --standalone \
 	-d linkding.systemsobscure.net \
 	-d miniflux.systemsobscure.net \
 	-d systemsobscure.blog \
-	-d www.systemsobscure.blog
+	-d www.systemsobscure.blog \
+	-d s3.systemsobscure.net
+
 echo "INFO Confirming certificate creation..."
 
 sudo certbot certificates