64 lines
2.0 KiB
Plaintext
64 lines
2.0 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name simplenotes.be;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name simplenotes.be;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/simplenotes.be/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/simplenotes.be/privkey.pem;
|
|
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 10240;
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
|
|
location ~* \.(css|js)$ {
|
|
root /usr/share/nginx/html;
|
|
expires 1d;
|
|
add_header Cache-Control "public, max-age=86400";
|
|
}
|
|
|
|
location / {
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
# FIXME disable inlines in webpack
|
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;";
|
|
|
|
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Referrer-Policy "origin" always;
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
location /api/ {
|
|
rewrite ^/api/(.*) /$1 break;
|
|
proxy_pass http://api:8081/;
|
|
}
|
|
|
|
}
|