-
Notifications
You must be signed in to change notification settings - Fork 2
/
nginx.conf
75 lines (57 loc) · 3.12 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
server {
# This webserver is designed to run behind a reverse proxy, or more specifically
# a k8s traefik ingress-controller. The following configuration block tells nginx
# to use the proxy protocol headers as a trusted source for the real client ip.
real_ip_header X-Forwarded-For;
set_real_ip_from 10.0.0.0/8;
# Always set the root path inside the server directive to avoid exposing sensitive data
root /usr/share/nginx/html;
# To avoid this annoying bug
#https://stackoverflow.com/questions/15555428/nginx-causes-301-redirect-if-theres-no-trailing-slash
absolute_redirect off;
#enable gzip
gzip on;
gzip_types text/plain text/css text/javascript application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss image/svg+xml;
gzip_vary on;
# Serve the static website that has been generated from the vite build. Indexing in Apache style.
location / {
index index.html index.htm;
try_files $uri $uri/ =404;
expires 1h;
add_header Cache-Control "public";
# Security headers. Edit the content-security-policy if you want to allow extra resources
#add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Cross-Origin-Resource-Policy "same-site" always;
#add_header Content-Security-Policy "block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-yhC4zsbah/ChL0O2k5JJkylbB6xpUBBjvvnjyA5RCQ0=' 'sha256-+K3jfe9nmPID/tnDjAPUo/3d0sflFC9VWT7cFFXfzQ4=' analytics.halb.it; connect-src 'self'; style-src 'unsafe-inline' 'self'; img-src https://analytics.halb.it/count 'self' data:; script-src-attr 'none'; style-src-attr 'unsafe-inline'; base-uri 'none'; form-action 'self'; media-src drive.google.com *.googleusercontent.com;" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' analytics.halb.it; connect-src 'self'; style-src 'unsafe-inline' 'self'; img-src https://analytics.halb.it/count 'self' data:; script-src-attr 'none'; style-src-attr 'unsafe-inline'; base-uri 'none'; form-action 'self'; media-src drive.google.com *.googleusercontent.com;" always;
add_header Strict-Transport-Security "max-age=15768000";
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "interest-cohort=()" always;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
#static assets
location ~* \.(?:js|css|woff|woff2|jpg|jpeg|png|webp|avif|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# custom error page
error_page 404 /404.html;
location = /custom_404.html {
root /usr/share/nginx/html;
internal;
}
# Legacy morsecode app
location /morsecode {
return 301 "https://morse.halb.it/";
}
# blog url changes
location /posts/moving-data-x64 {
return 301 "/posts/x64-moving-data";
}
}