server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate $JC_CERT/fullchain.pem; ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; root $HTTP_DIR/public; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; #add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options SAMEORIGIN always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; location / { index index.html; try_files $uri $uri/ =404; } location /manager { return 301 $scheme://mux.$JC_SERVICE/manager; } }