server { listen 443 ssl http2; listen 8090; # Tor listen 127.0.0.1:8111; # I2P server_name radio.arav.top radio.arav.i2p mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion; access_log /var/log/nginx/dwelling/radio.log main if=$nolog; ssl_certificate /etc/letsencrypt/live/arav.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/arav.top/privkey.pem; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Onion-Location "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion$request_uri"; location / { proxy_pass http://unix:/var/run/dwelling-radio/r.sock/; proxy_buffering off; proxy_set_header X-Client-Timezone $gi2_location_tz; proxy_set_header Host $host; proxy_set_header Scheme $scheme; } location =/filelist { alias $http_root/shared/radio_filelist.html; default_type text/html; } location =/robots.txt { alias $http_root/shared/files/radio.robots.txt; default_type text/html; } location /live/ { proxy_pass http://127.0.0.1:8000/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } location /live/admin/ { deny all; } } server { listen 8000; server_name radio.arav.top; access_log /var/log/nginx/dwelling/radio.http.log main if=$nolog; add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Onion-Location "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion/live$request_uri"; location / { proxy_pass http://127.0.0.1:8000/; proxy_buffering off; } location /admin/ { deny all; } }