43 lines
1.4 KiB
Plaintext
Executable File
43 lines
1.4 KiB
Plaintext
Executable File
server {
|
|
access_log /var/log/nginx/selfhost.log combined;
|
|
root /var/www/html;
|
|
index index.html index.htm index.nginx-debian.html;
|
|
|
|
server_name selfhost.zzls.xyz;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# security headers
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
|
|
add_header Permissions-Policy "interest-cohort=()" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
# QUIC
|
|
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
|
|
listen 443 ssl http2;
|
|
listen 443 http3; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/selfhost.zzls.xyz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/selfhost.zzls.xyz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
}
|
|
server {
|
|
if ($host = selfhost.zzls.xyz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
|
|
server_name selfhost.zzls.xyz;
|
|
return 404; # managed by Certbot
|
|
|
|
|
|
}
|