diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 74c8ba2..0000000 --- a/nginx.conf +++ /dev/null @@ -1,17 +0,0 @@ -events {} -http { - include mime.types; - - server { - listen 80; - access_log off; - error_log off; - - - location / { - root /app; - index index.html; - try_files $uri $uri/ /index.html; - } - } -} \ No newline at end of file diff --git a/stream-nginx.conf b/stream-nginx.conf new file mode 100644 index 0000000..a173dc2 --- /dev/null +++ b/stream-nginx.conf @@ -0,0 +1,42 @@ +server { + server_name changethis; + + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + add_header strict_sni on; + add_header strict_sni_header on; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy upgrade-insecure-requests; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "DENY"; + add_header Clear-Site-Data "cookies"; + add_header Referrer-Policy "no-referrer"; + add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; + resolver 1.1.1.1; + + ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem; + ssl_stapling on; + ssl_stapling_verify on; + + access_log /dev/null; + error_log /dev/null; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://localhost:8280; + } +} + +server { + listen 80; + listen [::]:80; + server_name changethis; + return 301 https://changethis$request_uri; + }