server { listen 443 ssl http2; listen 8091; # Tor I2P listen [300:a98d:d6d0:8a08::e]:80; # Yggdrasil server_name radio.arav.su radio.arav.i2p plkybcgxt4cdanot75cy3pbnqlbqcsrib2fmrpsnug4bqphqvfda.b32.i2p mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion; access_log /var/log/nginx/dwelling/radio.log main if=$nolog; ssl_certificate /etc/letsencrypt/live/arav.su/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/arav.su/privkey.pem; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Onion-Location "http://wsmkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion$request_uri"; location / { proxy_pass http://unix:/var/run/dwelling-radio/sock; proxy_buffering off; proxy_set_header X-Client-Timezone $gi2_location_tz; proxy_set_header Host $host; } location /live/ { proxy_pass http://127.0.0.1:8001/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } location /live/admin/ { deny all; } location /api/listener { allow 192.168.144.2; deny all; } location /api/playlist { allow 192.168.144.2; deny all; } } server { listen 8000; server_name radio.arav.su; access_log /var/log/nginx/dwelling/radio.http.log main if=$nolog; add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Onion-Location "http://wsmkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion/live$request_uri"; location / { proxy_pass http://127.0.0.1:8001/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } location /admin/ { deny all; } }