parent
0366a5b380
commit
10a1a00696
1 changed files with 101 additions and 0 deletions
@ -0,0 +1,101 @@ |
||||
server { |
||||
listen 443 ssl http2; |
||||
listen [::]:443 ssl http2; |
||||
server_name element.thelyoncompany.com; |
||||
|
||||
root /var/www/html/element; |
||||
index index.html; |
||||
|
||||
ssl_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem; |
||||
ssl_certificate_key /etc/letsencrypt/live/thelyoncompany.com/privkey.pem; |
||||
ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem; |
||||
ssl_dhparam /etc/nginx/dhparam.pem; |
||||
|
||||
#ssl_client_certificate /etc/nginx/ssl/cloudflare.crt; |
||||
#ssl_verify_client optional; |
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN"; |
||||
add_header X-XSS-Protection "1; mode=block"; |
||||
add_header X-Content-Type-Options "nosniff"; |
||||
add_header Cache-Control "no-transform"; |
||||
add_header X-UA-Compatible "IE=Edge"; |
||||
add_header Referrer-Policy "no-referrer-when-downgrade"; |
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; |
||||
add_header Content-Security-Policy "upgrade-insecure-requests"; |
||||
add_header Permissions-Policy "geolocation=(self);midi=();notifications=(self);push=(self);sync-xhr=(self);microphone=(self);camera=(self);magnetometer=();gyroscope=(self);speaker=(self);vibrate=(self);fullscreen=(self);payment=()"; |
||||
|
||||
charset utf-8; |
||||
charset_types text/css text/plain text/vnd.wap.wml text/javascript text/markdown text/calendar text/x-component text/vcard text/cache-manifest text/vtt application/json application/manifest+json; |
||||
|
||||
location = /index.html { |
||||
add_header Cache-Control "no-cache"; |
||||
} |
||||
|
||||
location = /version { |
||||
add_header Cache-Control "no-cache"; |
||||
} |
||||
|
||||
# covers config.json and config.hostname.json requests as it is prefix. |
||||
location /config { |
||||
add_header Cache-Control "no-cache"; |
||||
} |
||||
|
||||
# redirect server error pages to the static page /50x.html |
||||
# |
||||
error_page 500 502 503 504 /50x.html; |
||||
|
||||
|
||||
if ($http_referer ~ "semalt\.com|badsite\.net|example\.com") { |
||||
return 444; |
||||
} |
||||
|
||||
location / { |
||||
try_files $uri $uri/index.html =404; |
||||
} |
||||
|
||||
location = /favicon.ico { |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
|
||||
location = /robots.txt { |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
|
||||
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { |
||||
expires 7d; |
||||
access_log off; |
||||
} |
||||
|
||||
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { |
||||
add_header Access-Control-Allow-Origin "*"; |
||||
add_header Timing-Allow-Origin "*"; |
||||
expires 7d; |
||||
access_log off; |
||||
} |
||||
|
||||
location ~* .(zip|gz|gzip|bz2|csv|xml|json|html)$ { |
||||
expires off; |
||||
add_header X-Frame-Options "SAMEORIGIN"; |
||||
add_header Cache-Control "no-store"; |
||||
} |
||||
|
||||
location ^~ /static/ { |
||||
expires 1M; |
||||
add_header X-Frame-Options "SAMEORIGIN"; |
||||
add_header Cache-Control "public"; |
||||
} |
||||
|
||||
location ^~ /media/ { |
||||
expires 1M; |
||||
add_header X-Frame-Options "SAMEORIGIN"; |
||||
add_header Cache-Control "public"; |
||||
} |
||||
|
||||
location ^~ /i18n/ { |
||||
expires off; |
||||
add_header X-Frame-Options "SAMEORIGIN"; |
||||
add_header Cache-Control "no-store"; |
||||
} |
||||
} |
||||
Loading…
Reference in new issue