Not sure this nginx config is right, will check later.

2022-06-27 23:37:40 +04:00 · 2022-06-27 23:37:40 +04:00 · fa7e38a1ff
commit fa7e38a1ff
parent ef920126c3
1 changed files with 43 additions and 0 deletions
--- a/configs/nginx.conf
+++ b/configs/nginx.conf
@ -0,0 +1,43 @@
+server {
+    listen  443  ssl  http2;
+    listen  8092; # Tor
+    listen  127.0.0.1:8112; # I2P
+
+
+    server_name  files.arav.top files.arav.i2p qf5e43nlhvnrutmikuvbdfj3cmtthokpbaxtkm6mjlslttzvtgm4fxid.onion;
+
+
+    access_log  /var/log/nginx/dwelling/files.log  main  if=$nolog;
+
+    ssl_certificate      /etc/letsencrypt/live/arav.top/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/arav.top/privkey.pem;
+
+
+    add_header  Content-Security-Policy    "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'self'";
+    add_header  X-Frame-Options            "DENY";
+    add_header  X-Content-Type-Options     "nosniff";
+    add_header  X-XSS-Protection           "1; mode=block";
+    add_header  Strict-Transport-Security  "max-age=31536000; includeSubDomains; preload";
+    add_header  Onion-Location             "http://qf5e43nlhvnrutmikuvbdfj3cmtthokpbaxtkm6mjlslttzvtgm4fxid.onion$request_uri";
+
+
+    location / {
+        proxy_pass  http://unix:/var/run/dwelling-files/f.sock/index/;
+
+        proxy_set_header  X-Client-Timezone  "$gi2_location_tz";
+        proxy_set_header  Host  $host;
+        proxy_set_header  Schema  "https";
+        proxy_set_header  X-Real-IP  $remote_addr;
+    }
+
+    location /assets/ {
+        proxy_pass  http://unix:/var/run/dwelling-files/f.sock/assets/;
+
+    }
+
+    location /file/ {
+        alias  /srv/ftp/;
+
+        autoindex  on;
+    }
+}