76 lines
1.6 KiB
Nginx Configuration File
76 lines
1.6 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
root /srv;
|
|
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr;
|
|
|
|
keepalive_timeout 65;
|
|
sendfile_max_chunk 1m;
|
|
|
|
gzip_static off;
|
|
gzip on;
|
|
gzip_types *;
|
|
|
|
# brotli
|
|
brotli on;
|
|
brotli_static on;
|
|
|
|
# IP detection
|
|
set_real_ip_from 0.0.0.0/0;
|
|
real_ip_header X-Forwarded-For;
|
|
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
|
|
error_page 403 =404 /404.html;
|
|
|
|
# Kick malicious clients sooner
|
|
client_header_timeout 10s;
|
|
client_body_timeout 10s;
|
|
client_max_body_size 128k;
|
|
reset_timedout_connection on;
|
|
|
|
location = / {
|
|
return 302 https://theorangeone.net;
|
|
}
|
|
|
|
# Inject plausible
|
|
sub_filter "</body>" "<script defer data-domain='$host' src='https://elbisualp.theorangeone.net/js/script.js'></script></body>";
|
|
sub_filter_once on;
|
|
sub_filter_last_modified on;
|
|
|
|
# Set sensible headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content" always;
|
|
|
|
# Expose WebDAV on a sub-path
|
|
location /.dav/ {
|
|
alias /srv/;
|
|
|
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
|
auth_basic "Restricted";
|
|
|
|
dav_methods PUT DELETE MKCOL COPY MOVE;
|
|
dav_ext_methods PROPFIND OPTIONS;
|
|
min_delete_depth 1;
|
|
|
|
client_max_body_size 15m;
|
|
client_body_temp_path /tmp;
|
|
create_full_put_path on;
|
|
}
|
|
|
|
# Healthcheck endpoint
|
|
location /.ping {
|
|
access_log off;
|
|
return 200;
|
|
}
|
|
|
|
js_import slides.js;
|
|
location = /sitemap.xml {
|
|
js_content slides.sitemap;
|
|
}
|
|
}
|