1
slides/nginx.conf

82 lines
1.7 KiB
Nginx Configuration File

server {
listen 80;
root /srv;
access_log /dev/stdout;
error_log /dev/stderr;
keepalive_timeout 65;
sendfile_max_chunk 1m;
gzip_static off;
gzip on;
gzip_types *;
# brotli
brotli on;
brotli_static on;
# IP detection
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
index index.html;
try_files $uri $uri/ =404;
# Show 403 as 404
error_page 403 =404;
# Kick malicious clients sooner
client_header_timeout 10s;
client_body_timeout 10s;
client_max_body_size 128k;
reset_timedout_connection on;
location = / {
return 302 https://theorangeone.net;
}
location ~ ^/(.*?)/.* {
# Custom 404 for each presentation
error_page 403 404 =404 /$1/404.html;
}
# Inject plausible
sub_filter "</body>" "<script defer data-domain='$host' src='https://elbisualp.theorangeone.net/js/script.js'></script></body>";
sub_filter_once on;
sub_filter_last_modified on;
# Set sensible headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content" always;
# Expose WebDAV on a sub-path
location /.dav/ {
alias /srv/;
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Restricted";
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
min_delete_depth 1;
client_max_body_size 50m;
client_body_temp_path /tmp;
create_full_put_path on;
}
# Healthcheck endpoint
location /.ping {
access_log off;
return 200;
}
js_import slides.js;
location = /sitemap.xml {
js_content slides.sitemap;
}
}