edwin
/
nginxconfig
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Nginx Configuration
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
1 Branch
0 Tags
328 KiB
 
Tag: Branch: Tree: 58aa096c5e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '58aa096c5e'
${ noResults }
nginxconfig/sites-enabled/default

120 lines
4.4 KiB
Raw Blame History

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /dev/null;
location ~ /\.(?!well-known) {
deny all;
}
location / {
return 301 https://$host$request_uri;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "upgrade-insecure-requests";
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.thelyoncompany.com;
ssl_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thelyoncompany.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/chain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
return 301 https://thelyoncompany.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name thelyoncompany.com;
root /var/www/html/public;
index index.html;
ssl_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thelyoncompany.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
#ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;
#ssl_verify_client optional;
add_header X-Download-Options noopen always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "upgrade-insecure-requests";
add_header Permissions-Policy "interest-cohort=();geolocation=(self);midi=();notifications=();push=(self);sync-xhr=(self);microphone=();camera=();magnetometer=();gyroscope=();speaker=();vibrate=();fullscreen=(self);payment=()";
charset utf-8;
charset_types text/css text/plain text/vnd.wap.wml text/javascript text/markdown text/calendar text/x-component text/vcard text/cache-manifest text/vtt application/json application/manifest+json;
error_page 404 /404.html;
location / {
try_files $uri $uri/ /index.html =404;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
add_header Timing-Allow-Origin "*";
expires 7d;
access_log off;
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
access_log off;
}
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
access_log off;
add_header Cache-Control "max-age=2592000";
}
location ~* \.(?:css|js)$ {
access_log off;
add_header Cache-Control "max-age=31536000";
}
location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
deny all;
}
}