Datura-Network/1-Privacy-Front-Ends/binternet/nginx.conf
2024-02-26 11:04:02 +01:00

41 lines
1.7 KiB
Nginx Configuration File

server {
listen 80;
listen [::]:80;
server_name binternet.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name binternet.datura.network;
ssl_certificate /root/.acme.sh/binternet.datura.network/binternet.datura.network.cer;
ssl_certificate_key /root/.acme.sh/binternet.datura.network/binternet.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name binternet.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://binternet.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
#add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8861;
}
}