73 lines
2.4 KiB
Nginx Configuration File
73 lines
2.4 KiB
Nginx Configuration File
server {
|
|
listen 443 ssl http2;
|
|
listen 8090; # Tor
|
|
listen 127.0.0.1:8111; # I2P
|
|
|
|
server_name radio.arav.top radio.arav.i2p mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion;
|
|
access_log /var/log/nginx/dwelling/radio.log main if=$nolog;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/arav.top/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/arav.top/privkey.pem;
|
|
|
|
|
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
|
|
add_header X-Frame-Options "DENY";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
|
add_header Onion-Location "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion$request_uri";
|
|
|
|
|
|
location / {
|
|
proxy_pass http://unix:/tmp/dwelling-radio.sock/;
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header X-Client-Timezone $gi2_location_tz;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Schema $scheme;
|
|
}
|
|
|
|
|
|
location =/filelist {
|
|
add_header Content-Type "text/html";
|
|
alias $dwelling_root/radio/static/radio_filelist.html;
|
|
}
|
|
|
|
|
|
location /live/ {
|
|
proxy_pass http://127.0.0.1:8000/;
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
}
|
|
|
|
location /live/admin/ {
|
|
deny all;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 8000;
|
|
|
|
server_name radio.arav.top;
|
|
access_log /var/log/nginx/dwelling/radio.http.log main if=$nolog;
|
|
|
|
|
|
add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
|
|
add_header X-Frame-Options "DENY";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Onion-Location "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion/live$request_uri";
|
|
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000/;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
|
|
location /admin/ {
|
|
deny all;
|
|
}
|
|
}
|