diff --git a/services/etc/nginx/sites/admin.example.com.conf b/services/etc/nginx/sites/admin.example.com.conf
deleted file mode 100644
index e51fe50e8dcea179e4b7c308c9a3160336f28c8f..0000000000000000000000000000000000000000
--- a/services/etc/nginx/sites/admin.example.com.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-# www.example.com website
-server {
- listen 80;
- listen 443 ssl;
- server_name admin.example.com;
-
- # general vhost settings
- access_log /srv/logs/nginx/admin.example.com.access.log combined;
- error_log /srv/logs/nginx/admin.example.com.error.log error;
-
- # ssl keycert
- ssl_certificate /srv/data/secrets/letsencrypt/live/admin.example.com/fullchain.pem;
- ssl_certificate_key /srv/data/secrets/letsencrypt/live/admin.example.com/privkey.pem;
-
- # TLS settings
- add_header Strict-Transport-Security "max-age=31536000";
-
- # basic proxy params
- import snippets/proxy_headers_general.conf;
-
- # tls letsencrypt stateless acme config
- # no need for webroot and stuff
- #
- # this is described for acme.sh,
- # but should work with any LE client
- # https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode
- location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
- default_type text/plain;
- return 200 "$1.<ACME_THUMBPRINT>";
- }
-
- # set proxy zone to off
- # we want no caching of the admin interface
- proxy_cache off;
-
- # reverse proxy to upstream
- location / {
- # debugging
- add_header X-Proxy-Cache $upstream_cache_status;
- #include snippets/security.conf;
- proxy_pass http://127.0.0.1:10080;
- }
-
-}
diff --git a/services/etc/nginx/sites/example.com_fpm.conf b/services/etc/nginx/sites/example.com_fpm.conf
deleted file mode 100644
index d8970be702d4d8f5bfb9c5df02b1ed5d4c3912d8..0000000000000000000000000000000000000000
--- a/services/etc/nginx/sites/example.com_fpm.conf
+++ /dev/null
@@ -1,219 +0,0 @@
-### THIS IS INCOMPLETE/WORK IN PROGRESS
-
-# www.example.com website
-server {
- listen 80;
- listen 443 ssl;
- server_name www.example.com example.com;
-
- # general vhost settings
- access_log /srv/logs/nginx/example.com.access.log combined;
- error_log /srv/logs/nginx/example.com.error.log error;
-
- # ssl keycert
- ssl_certificate /srv/data/secrets/letsencrypt/live/example.com/fullchain.pem;
- ssl_certificate_key /srv/data/secrets/letsencrypt/live/example.com/privkey.pem;
-
- # TLS settings
- # can't set headers in an if that is *not* in a location,
- # so we need to work around this
- add_header Strict-Transport-Security "max-age=31536000";
-
- # general vhost settings
- root /srv/www/;
-
- # fastcgi defaults
- include snippets/fastcgi.conf;
- index index.html index.htm index.php;
-
- # no php is touched for static content.
- # include the "?$args" part so non-default permalinks don't break
- # when using query string
- try_files $uri $uri/ /index.php?$args;
-
- # common blocks
- include snippets/common-blocks.conf;
-
- # XML-RPC blocked
- # https://www.hostinger.com/tutorials/xmlrpc-wordpress
- location = /xmlrpc.php {
- return 404;
- }
-
- # TLS letsencrypt stateless acme config
- # no need for webroot and stuff
- #
- # this is described for acme.sh,
- # but should work with any LE client
- # https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode
- location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
- default_type text/plain;
- return 200 "$1.<ACME_THUMBPRINT>";
- }
-
- # we simply might not have a favicon, robots.txt, et al -- if we do, serve these, if not, 204 NO CONTENT
- # and ignore logging either way
- location ~* .*/(robots\.txt|favicon\.ico|apple-touch-icon\.png|apple-touch-icon-precomposed\.png)$ {
- try_files $uri =204;
- log_not_found off;
- access_log off;
- }
-
- # retina bullshit
- location ~* ^(.*)@[0-9]x\.(js|css|png|jpg|jpeg|gif|ico|svg|pdf|json|woff|ttf|otf|flv|swf|avi|webm|webp)$ {
- try_files $uri $1.$2 =404;
- expires max;
- log_not_found off;
- add_header X-Cache-Config "STATIC RETINA" always;
- }
-
- location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|pdf|json|woff|ttf|otf|flv|swf|avi|webm|webp)$ {
- try_files $uri =404;
- expires max;
- #log_not_found off; # we need this on for the time being
- add_header X-Cache-Config "STATIC" always;
- }
-
- # basic proxy params
- import snippets/proxy_headers_general.conf;
-
- # proxy zone
- proxy_cache fasada;
- # use stale cached resources in case upstream is not available for some reason
- proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
- proxy_cache_background_update on;
- proxy_cache_revalidate on;
- proxy_cache_lock on;
-
- # reasonable default
- proxy_cache_valid 200 10s;
-
-
- # admin area *has to* be uncached; blocking here,
- # should be made available on admin.domain.tld
- location ~* ^/(wp-admin|admin|login|wp-login|signin).* {
- add_header X-Proxy-Cache $upstream_cache_status;
- proxy_cache off;
- proxy_pass http://127.0.0.1:10080;
- }
-
- # WordPress themes
- location ~* ^/wp-content/themes/.* {
-
- # forced cache
- include snippets/proxy_headers_caching.conf;
- # generic settings we need to re-include due to the above using `proxy_set_header`
- # and thus invalidating the parent block-level use of it
- include snippets/proxy_headers_general.conf;
-
- # settings for this location block
- add_header Cache-Control "public";
- proxy_cache_valid 200 301 302 303 307 308 30m;
- proxy_cache_valid 404 30s;
- expires 30m;
-
- # no need for access log for these
- access_log off;
- proxy_pass http://127.0.0.1:10080;
-
- }
-
- # robots.txt, favicons, apple icons, etc
- location ~* .*/(robots\.txt|favicon\.ico|apple-touch-icon\.png|apple-touch-icon-precomposed\.png)$ {
-
- # forced cache
- include snippets/proxy_headers_caching.conf;
- # generic settings we need to re-include due to the above using `proxy_set_header`
- # and thus invalidating the parent block-level use of it
- include snippets/proxy_headers_general.conf;
-
- # settings for this location block
- add_header Cache-Control "public";
- proxy_cache_valid 200 301 302 303 307 308 5h;
- proxy_cache_valid 404 30s;
- expires 5h;
-
- # no need for access log for these
- access_log off;
- proxy_pass http://127.0.0.1:10080;
- }
-
- # images and other static resources
- location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|json|woff|woff2|ttf|otf|bmp|cur|gz|svgz|mp4|ogg|ogv|webm|htc|mp4|mpeg|mp3|txt|pdf)$ {
-
- # forced cache
- include snippets/proxy_headers_caching.conf;
- # generic settings we need to re-include due to the above using `proxy_set_header`
- # and thus invalidating the parent block-level use of it
- include snippets/proxy_headers_general.conf;
-
- # settings for this location block
- add_header Cache-Control "public";
- proxy_cache_valid 200 301 302 303 307 308 15m;
- proxy_cache_valid 404 30s;
- expires 15m;
-
- proxy_pass http://127.0.0.1:10080;
- }
-
- # reverse proxy to upstream, for *everything else*
- # caching for 1 minute
- location / {
-
- # if redirect_fbclid map is active, do 301 to the new url
- if ( $redirect_fbclid ) {
- return 301 $redirect_fbclid;
- }
-
- # if we have the wordpress admin cookie set, no caching please
- #
- # this makes previews work and fixes the admin interface
- # (by allowing /wp-json/ requests to be uncached and have cookies on them)
- #
- # using an error page hack because nginx config is lacking in this area
- # ref:
- # - https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- # - https://serverfault.com/a/811981
- # - https://wordpress.stackexchange.com/questions/218588/post-preview-mechanism-architecture
- error_page 418 = @uncached;
- if ( $http_cookie ~* ".*wordpress_logged_in_.+" ) {
- return 418;
- }
-
- # forced cache
- include snippets/proxy_headers_caching.conf;
- # generic settings we need to re-include due to the above using `proxy_set_header`
- # and thus invalidating the parent block-level use of it
- include snippets/proxy_headers_general.conf;
-
- # settings for this location block
- add_header Cache-Control "no-store";
- proxy_cache_valid 200 301 302 303 307 308 20s;
- proxy_cache_valid 404 20s;
-
- # some basic security headers
- add_header Content-Security-Policy "frame-ancestors 'self'";
- add_header X-Frame-Options SAMEORIGIN;
-
- proxy_pass http://127.0.0.1:10080;
- }
-
- # the php fpm proxy
- location ~ \.php$ {
- # this controls the read-only mode (basically, limits HTTP methods to GET only)
- include snippets/read-only-mode.conf;
- #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
- fastcgi_next_upstream error timeout invalid_header http_500;
- fastcgi_connect_timeout 2;
-
- fastcgi_pass phpfpm;
- }
-
-}
-
-# explicitly uncached
-location @uncached {
- add_header X-Proxy-Cache-Status $upstream_cache_status;
- proxy_cache off;
- proxy_pass http://127.0.0.1:10080;
-}