server { listen 80; listen [::]:80; server_name search.datura.network; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name search.datura.network; ssl_certificate /root/.acme.sh/search.datura.network/fullchain.cer; ssl_certificate_key /root/.acme.sh/search.datura.network/search.datura.network.key; ssl_dhparam /root/.acme.sh/dhparam.pem; ######## TOR CHANGES ######## listen 4443; listen [::]:4443; server_name search.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion; add_header Onion-Location "http://search.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always; ######## TOR CHANGES ######## # SSL Settings ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_ecdh_curve auto; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /root/.acme.sh/search.datura.network/fullchain.cer; resolver 1.1.1.1 208.67.222.222; add_header Strict-Transport-Security "max-age=63072000" always; add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "default-src 'self';"; location / { proxy_pass http://localhost:8877; } }