46 lines
1.5 KiB
Plaintext
Executable File
46 lines
1.5 KiB
Plaintext
Executable File
server {
|
|
access_log /var/log/nginx/yt.access.log combined;
|
|
|
|
server_name yt.zzls.xyz;
|
|
|
|
location / {
|
|
proxy_pass http://localhost:40003;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host; # so Invidious knows domain
|
|
proxy_http_version 1.1; # to keep alive
|
|
proxy_set_header Connection ""; # to keep alive
|
|
}
|
|
|
|
# security headers
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
#add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'";
|
|
add_header Permissions-Policy "interest-cohort=()" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
# QUIC
|
|
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
|
|
|
|
listen 443 http3;
|
|
listen 443 http2 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/yt.zzls.xyz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/yt.zzls.xyz/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
}
|
|
server {
|
|
if ($host = yt.zzls.xyz) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
|
|
server_name yt.zzls.xyz;
|
|
return 404; # managed by Certbot
|
|
|
|
|
|
}
|