From 08534cff0d5810e4937521c3c5a31219a4d821c8 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sun, 29 Jun 2025 16:30:45 +0000
Subject: [PATCH] add(nginx): file "website-beta"

---
 xb-00-01/nginx/website-beta.conf | 74 ++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 xb-00-01/nginx/website-beta.conf

diff --git a/xb-00-01/nginx/website-beta.conf b/xb-00-01/nginx/website-beta.conf
new file mode 100644
index 0000000..c58ae5e
--- /dev/null
+++ b/xb-00-01/nginx/website-beta.conf
@@ -0,0 +1,74 @@
+# Inferencium - xb-00-01
+# Nginx - Configuration - Website - Beta
+# Version: 1.0.0-beta.1
+
+# Copyright 2025 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+# Server (unencrypted)
+## Redirect from this server block to an encrypted server block if TLS is required
+server {
+		# General
+		server_name								beta.inferencium.net www.beta.inferencium.net;
+		## IPv4
+		listen									80;
+		## IPv6
+		listen									[::]:80;
+
+		# Location
+		location / {
+				return							301 https://$server_name$request_uri;
+		}
+}
+
+
+# Server (TLS)
+server {
+		# General
+		server_name								beta.inferencium.net;
+		http2									on;
+		## IPv4
+		listen									443 ssl;
+		## IPv6
+		listen									[::]:443 ssl;
+
+		# Location
+		location / {
+				root							/srv/www/inferencium-beta;
+				index							index.xhtml;
+				try_files						$uri.xhtml $uri $uri/ =404;
+				rewrite							^(/.*)\.xhtml(\?.*)?$ $1$2 permanent;
+				rewrite							^/(.*)/$ /$1 permanent;
+		}
+
+		# Security
+		ssl_trusted_certificate					/etc/letsencrypt/live/inferencium.net/chain.pem;
+		ssl_certificate							/etc/letsencrypt/live/inferencium.net/fullchain.pem;
+		ssl_certificate_key						/etc/letsencrypt/live/inferencium.net/privkey.pem;
+		ssl_protocols							TLSv1.3;
+		ssl_ciphers								"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+		ssl_conf_command Ciphersuites			"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+		ssl_conf_command Options				PrioritizeChaCha;
+		ssl_prefer_server_ciphers				on;
+		ssl_ecdh_curve							X25519:secp256r1;
+		ssl_stapling							on;
+		ssl_stapling_verify						on;
+		ssl_session_timeout						1d;
+		ssl_session_cache						shared:MozSSL:10m;
+		ssl_session_cache						shared:ssl_session_cache:10m;
+		ssl_session_tickets						off;
+
+		## Headers
+		include									/etc/nginx/include/header-security.conf;
+
+		client_max_body_size					16m;
+		ignore_invalid_headers					off;
+
+		proxy_http_version						1.1;
+		proxy_set_header Upgrade				$http_upgrade;
+		proxy_set_header Connection				"upgrade";
+		proxy_set_header Host					$http_host;
+		proxy_set_header X-Forwarded-For		$proxy_add_x_forwarded_for;
+}
+