Browse Source

feat: add nginx config

master
Inhji Y. 10 months ago
parent
commit
d1abbb11c6
  1. 66
      tomie.conf

66
tomie.conf

@ -0,0 +1,66 @@
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript 7d;
~image/ max;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# ---------- MAIN SITE ----------
server {
listen 80;
server_name inhji.de www.inhji.de;
return 301 https://$server_name$request_uri;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/inhji.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/inhji.de/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem; # openssl dhparam -out /etc/nginx/dhparams.pem 4096
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Referrer-Policy no-referrer-when-downgrade;
#add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self'; img-src 'self' data: cloud.inhji.de; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'self'";
#add_header X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self'; img-src 'self' data: cloud.inhji.de; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'self'";
#add_header X-WebKit-CSP "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self'; img-src 'self' data: cloud.inhji.de; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'self'";
server_name inhji.de;
client_max_body_size 10M;
expires $expires;
location /uploads {
alias /opt/tomie/uploads;
}
location / {
proxy_pass http://localhost:10000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-forwarded-host $host;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
}
}
Loading…
Cancel
Save