40 lines
1.3 KiB
Plaintext
Executable File
40 lines
1.3 KiB
Plaintext
Executable File
server {
|
|
access_log /var/log/nginx/git.access.log combined;
|
|
|
|
server_name git.zzls.xyz;
|
|
# Security headers and general settings
|
|
include configs/securityheaders.conf;
|
|
include configs/general.conf;
|
|
|
|
location / {
|
|
proxy_pass http://unix:/run/gitea/gitea.socket;
|
|
include configs/proxyheaders.conf;
|
|
}
|
|
|
|
#add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
|
|
|
|
# QUIC
|
|
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
|
|
listen 443 http3;
|
|
listen 443 http2 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/git.zzls.xyz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/git.zzls.xyz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
}
|
|
server {
|
|
if ($host = git.zzls.xyz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
|
|
server_name git.zzls.xyz;
|
|
return 404; # managed by Certbot
|
|
|
|
|
|
}
|