Update some shits
This commit is contained in:
parent
f17dbb5411
commit
b7e6599c99
|
@ -4,6 +4,7 @@ add_header X-Content-Type-Options "nosniff" always;
|
|||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
|
||||
add_header Permissions-Policy "interest-cohort=()" always;
|
||||
add_header X-Frame-Options "sameorigin" always;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# . files
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
server {
|
||||
|
||||
access_log /var/log/nginx/files.access.log combined;
|
||||
error_log /var/log/nginx/files.error.log;
|
||||
|
||||
server_name files2.zzls.xyz;
|
||||
include configs/general.conf;
|
||||
include configs/securityheaders.conf;
|
||||
#root /var/www/files;
|
||||
#index index.php /_h5ai/public/index.php;
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
deny 131.108.229.119;
|
||||
|
||||
location / {
|
||||
if ($http_user_agent ~* (google) ) {
|
||||
return 404;
|
||||
limit_rate 5000k;
|
||||
}
|
||||
|
||||
root /mnt/storage/files2.zzls.xyz;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
include fastcgi_params;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location /_h5ai/private {
|
||||
return 403;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
listen 443 http3;
|
||||
ssl_certificate /etc/letsencrypt/live/files2.zzls.xyz/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/files2.zzls.xyz/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
}
|
|
@ -7,7 +7,7 @@ server {
|
|||
include configs/general.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/run/gitea/gitea.socket;
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.socket;
|
||||
include configs/proxyheaders.conf;
|
||||
}
|
||||
|
||||
|
|
|
@ -10,9 +10,9 @@ server {
|
|||
include configs/proxyheaders.conf;
|
||||
}
|
||||
|
||||
# security headers
|
||||
include configs/securityheaders.conf;
|
||||
#add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
|
||||
# Security headers
|
||||
# Invidious uses their own security headers
|
||||
# include configs/securityheaders.conf;
|
||||
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
|
|
@ -9,7 +9,7 @@ server {
|
|||
include configs/proxyheaders.conf;
|
||||
}
|
||||
|
||||
#include configs/securityheaders.conf;
|
||||
include configs/securityheaders.conf;
|
||||
# QUIC
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../sites-available/files2.zzls.xyz.conf
|
Loading…
Reference in New Issue