lemmy le ded
This commit is contained in:
root
parent
391b2a50ea
commit
aad125a1c2
|
|
@ -1,55 +0,0 @@
|
|||
add_header Onion-Location http://lm.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
|
||||
add_header X-I2P-Location http://vernyxzw3aktrg3v5qpkj4eyiwc4iucdw3czwesop6f466joq6wa.b32.i2p$request_uri;
|
||||
|
||||
subs_filter "lm.vern.cc" "$host";
|
||||
|
||||
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
|
||||
# It might be nice to compress JSON, but leaving that out to protect against potential
|
||||
# compression+encryption information leak attacks like BREACH.
|
||||
gzip on;
|
||||
gzip_types text/css application/javascript image/svg+xml;
|
||||
gzip_vary on;
|
||||
# Various content security headers
|
||||
add_header Referrer-Policy "same-origin";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
client_max_body_size 20M;
|
||||
# frontend
|
||||
location / {
|
||||
# The default ports:
|
||||
# lemmy_ui_port: 1235
|
||||
# lemmy_port: 8536
|
||||
|
||||
set $proxpass "http://0.0.0.0:1235";
|
||||
if ($http_accept ~ "^application/.*$") {
|
||||
set $proxpass "http://0.0.0.0:8536";
|
||||
}
|
||||
if ($request_method = POST) {
|
||||
set $proxpass "http://0.0.0.0:8536";
|
||||
}
|
||||
proxy_pass $proxpass;
|
||||
|
||||
rewrite ^(.+)/+$ $1 permanent;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# backend
|
||||
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
|
||||
proxy_pass http://0.0.0.0:8536;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
|
||||
# Redirect pictshare images to pictrs
|
||||
location ~ /pictshare/(.*)$ {
|
||||
return 301 /pictrs/image/$1;
|
||||
}
|
||||
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name lm.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion lemmy.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
|
||||
|
||||
include common/lemmy.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 11028;
|
||||
listen [::]:11028;
|
||||
|
||||
server_name vernyxzw3aktrg3v5qpkj4eyiwc4iucdw3czwesop6f466joq6wa.b32.i2p;
|
||||
|
||||
include common/lemmy.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name lm.vern.cc lemmy.vern.cc;
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name lm.vern.cc lemmy.vern.cc;
|
||||
|
||||
include snippets/lets-encrypt.conf;
|
||||
|
||||
# Various TLS hardening settings
|
||||
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_tickets on;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
add_header Strict-Transport-Security "max-age=63072000";
|
||||
include common/lemmy.conf;
|
||||
}
|
||||
Loading…
Reference in New Issue