1
0
dwelling-radio/configs/nginx.conf

62 lines
2.2 KiB
Nginx Configuration File

server {
listen 443 ssl http2;
listen 8091; # Tor I2P
listen [300:a98d:d6d0:8a08::e]:80; # Yggdrasil
server_name radio.arav.su radio.arav.i2p plkybcgxt4cdanot75cy3pbnqlbqcsrib2fmrpsnug4bqphqvfda.b32.i2p mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion;
access_log /var/log/nginx/dwelling/radio.log main if=$nolog;
ssl_certificate /etc/letsencrypt/live/arav.su/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/arav.su/privkey.pem;
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Onion-Location "http://wsmkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion$request_uri";
location / {
proxy_pass http://unix:/var/run/dwelling-radio/sock;
proxy_buffering off;
proxy_set_header X-Client-Timezone $gi2_location_tz;
proxy_set_header Host $host;
}
location /live/ {
proxy_pass http://127.0.0.1:8000/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
}
location /live/admin/ {
deny all;
}
}
server {
listen 8000;
server_name radio.arav.su;
access_log /var/log/nginx/dwelling/radio.http.log main if=$nolog;
add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Onion-Location "http://wsmkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion/live$request_uri";
location / {
proxy_pass http://127.0.0.1:8001/;
proxy_buffering off;
}
location /admin/ {
deny all;
}
}