43 lines
1.8 KiB
Nginx Configuration File
43 lines
1.8 KiB
Nginx Configuration File
server {
|
|
listen 443 ssl;
|
|
server_name cringe.datura.network;
|
|
|
|
ssl_certificate /root/.acme.sh/cringe.datura.network/cringe.datura.network.cer;
|
|
ssl_certificate_key /root/.acme.sh/cringe.datura.network/cringe.datura.network.key;
|
|
|
|
######## TOR CHANGES ########
|
|
listen 4443;
|
|
listen [::]:4443;
|
|
server_name cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
|
|
add_header Onion-Location "http://cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
|
|
######## TOR CHANGES ########
|
|
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
|
ssl_ecdh_curve secp384r1;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off;
|
|
#ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
# Security Headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob: video.twimg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8083;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|
}
|
|
}
|
|
|