34 lines
1.5 KiB
Plaintext
Executable File
34 lines
1.5 KiB
Plaintext
Executable File
server {
|
||
listen 443 ssl http2;
|
||
listen [::]:443 ssl http2;
|
||
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem;
|
||
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
|
||
root /data/jean-cloud.net/public;
|
||
|
||
# Security headers
|
||
# We can create a file with the base security headers and include it.
|
||
# Will it be possible to overload them then ?
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' https://unpkg.jean-cloud.net; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' https://unpkg.jean-cloud.net; base-uri 'self'; form-action 'self' 'https://mailer.jean-cloud.net';" always;
|
||
add_header X-Content-Type-Options "nosniff";
|
||
add_header X-Frame-Options SAMEORIGIN always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||
|
||
location / {
|
||
index index.html;
|
||
try_files $uri $uri/ =404;
|
||
}
|
||
|
||
error_page 503 /503.html;
|
||
location = /503.html {
|
||
internal;
|
||
}
|
||
|
||
location = /503 {
|
||
return 503;
|
||
}
|
||
}
|