1
Fork 0
slides/nginx.conf

82 lines
1.7 KiB
Nginx Configuration File
Raw Normal View History

2024-03-03 17:45:52 +00:00
server {
listen 80;
root /srv;
access_log /dev/stdout;
error_log /dev/stderr;
keepalive_timeout 65;
sendfile_max_chunk 1m;
gzip_static off;
gzip on;
gzip_types *;
# brotli
brotli on;
brotli_static on;
# IP detection
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
index index.html;
try_files $uri $uri/ =404;
2024-06-08 14:20:59 +01:00
# Show 403 as 404
error_page 403 =404;
2024-03-03 17:45:52 +00:00
# Kick malicious clients sooner
client_header_timeout 10s;
client_body_timeout 10s;
client_max_body_size 128k;
reset_timedout_connection on;
2024-03-03 18:35:20 +00:00
location = / {
return 302 https://theorangeone.net;
}
location ~ ^/([0-9a-z]+)/.* {
# Custom 404 for each presentation
error_page 403 404 =404 /$1/404.html;
}
2024-03-03 21:18:46 +00:00
# Inject plausible
sub_filter "</body>" "<script defer data-domain='$host' src='https://elbisualp.theorangeone.net/js/script.js'></script></body>";
sub_filter_once on;
sub_filter_last_modified on;
2024-03-03 21:25:07 +00:00
# Set sensible headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content" always;
2024-03-03 17:45:52 +00:00
# Expose WebDAV on a sub-path
location /.dav/ {
alias /srv/;
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Restricted";
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
min_delete_depth 1;
2024-06-08 13:41:06 +01:00
client_max_body_size 50m;
2024-03-03 17:45:52 +00:00
client_body_temp_path /tmp;
create_full_put_path on;
}
# Healthcheck endpoint
location /.ping {
access_log off;
return 200;
}
js_import slides.js;
location = /sitemap.xml {
js_content slides.sitemap;
}
}