2023-07-18 18:29:43 +02:00
|
|
|
worker_processes 1;
|
|
|
|
|
|
|
|
|
|
events {
|
|
|
|
|
worker_connections 1024;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http {
|
2025-08-12 14:35:55 +02:00
|
|
|
# Security headers
|
2025-08-12 14:45:07 +02:00
|
|
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-U0WpsmVuEv6JLpvNc218U7NDQFOhmT0SoynEzwNuH2k=' 'sha256-wKQx33OMOj4svpJjCKMJBzqx4TLqRnSERHrGGRq1r0g=' 'sha256-H8banCcLFAzpThob4LupxIv2ab+Nqep1HLg5Gmq6ug8=' https://umami.nzambello.dev; style-src 'self' 'unsafe-inline' https://unpkg.com; img-src 'self' https:; font-src 'self' https://unpkg.com; connect-src 'self' https://umami.nzambello.dev; media-src 'self'; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests" always;
|
2025-08-12 14:35:55 +02:00
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
|
add_header X-Frame-Options "DENY" always;
|
|
|
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()" always;
|
|
|
|
|
|
|
|
|
|
# Remove server information
|
|
|
|
|
server_tokens off;
|
|
|
|
|
|
2023-07-18 18:29:43 +02:00
|
|
|
server {
|
|
|
|
|
listen 8080;
|
|
|
|
|
server_name _;
|
|
|
|
|
|
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
|
index index.html index.htm;
|
|
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
|
gzip_min_length 1000;
|
|
|
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
|
|
|
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
try_files $uri $uri/index.html $uri.html;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
