Add 'sites-enabled/default'

3 years ago · 3eb51cfb9e
parent e0206b266a
commit 3eb51cfb9e
1 changed files with 120 additions and 0 deletions
--- a/sites-enabled/default
+++ b/sites-enabled/default
@ -0,0 +1,120 @@
+server {
+     listen 80 default_server;
+     listen [::]:80 default_server;
+     server_name _;
+     root /dev/null;
+
+     location ~ /\.(?!well-known) {
+         deny all;
+     }
+
+     location / {
+         return 301 https://$host$request_uri;
+         add_header X-Content-Type-Options nosniff;
+         add_header X-XSS-Protection "1; mode=block";
+         add_header Referrer-Policy "no-referrer-when-downgrade";
+         add_header Content-Security-Policy "upgrade-insecure-requests";
+     }
+}
+
+server {
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             www.thelyoncompany.com;
+    
+    ssl_certificate         /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/thelyoncompany.com/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/chain.pem;
+    ssl_dhparam             /etc/nginx/dhparam.pem;
+
+    return                  301 https://thelyoncompany.com$request_uri;                     
+}
+
+server {
+        listen 443 ssl http2 default_server;
+        listen [::]:443 ssl http2 default_server;
+         
+        server_name thelyoncompany.com;
+    
+        root /var/www/html/public;
+        index index.html;
+
+        ssl_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/thelyoncompany.com/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
+        ssl_dhparam /etc/nginx/dhparam.pem;
+
+        #ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;
+        #ssl_verify_client optional;
+        
+        add_header X-Download-Options noopen always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-referrer-when-downgrade" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+        add_header Content-Security-Policy "upgrade-insecure-requests";
+        add_header Permissions-Policy "interest-cohort=();geolocation=(self);midi=();notifications=();push=(self);sync-xhr=(self);microphone=();camera=();magnetometer=();gyroscope=();speaker=();vibrate=();fullscreen=(self);payment=()";       
+
+        charset utf-8;
+        charset_types text/css text/plain text/vnd.wap.wml text/javascript text/markdown text/calendar text/x-component text/vcard text/cache-manifest text/vtt application/json application/manifest+json;
+
+        error_page 404 /404.html;
+
+        location / {
+                try_files $uri $uri/ /index.html =404;
+        }
+
+        # favicon.ico
+        location = /favicon.ico {
+                log_not_found off;
+                access_log    off;
+        }
+
+        # robots.txt
+        location = /robots.txt {
+                log_not_found off;
+                access_log    off;
+        }
+
+        # assets, media
+        location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+                add_header Cache-Control "public";
+                add_header X-Frame-Options "SAMEORIGIN";
+                expires    7d;
+                access_log off;
+        }
+
+        # svg, fonts
+        location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+                add_header Access-Control-Allow-Origin "*";
+                add_header Timing-Allow-Origin "*";
+                expires    7d;
+                access_log off;
+        } 
+
+        location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+                 expires -1;
+                 access_log off;
+        }
+
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+                 add_header Cache-Control "no-store";
+                 add_header X-Frame-Options "SAMEORIGIN";
+                 expires    off;
+        }
+       
+        location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
+                 access_log off;
+                 add_header Cache-Control "max-age=2592000";
+        }
+
+        location ~* \.(?:css|js)$ {
+                 access_log off;
+                 add_header Cache-Control "max-age=31536000";       
+        }
+
+        location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
+                 deny all;
+        }
+}