add https config for nitter.ca
This commit is contained in:
parent
d650f545b7
commit
f5e67ae71d
|
@ -15,6 +15,26 @@
|
|||
- listen [::]:80
|
||||
- server_name nitter.ca
|
||||
- return 301 "https://$host$request_uri"
|
||||
nitter.ca.https:
|
||||
- listen *:443 ssl http2
|
||||
- listen [::]:443 ssl http2
|
||||
- server_name nitter.ca
|
||||
- ssl_certificate "/etc/ssl/letsencrypt/nitter.ca.crt"
|
||||
- ssl_certificate_key "/etc/ssl/letsencrypt/nitter.ca.pem"
|
||||
- ssl_stapling on
|
||||
- resolver [::1] valid=300s
|
||||
- add_header Strict-Transport-Security max-age=31536000
|
||||
- add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
|
||||
- add_header X-Content-Type-Options nosniff;
|
||||
- add_header X-Frame-Options DENY;
|
||||
- add_header X-XSS-Protection "1; mode=block"
|
||||
- location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
}
|
||||
- location = /robots.txt {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "User-agent: *\nDisallow: /\n";
|
||||
}
|
||||
nginx_configs:
|
||||
gzip:
|
||||
- gzip on
|
||||
|
|
Loading…
Reference in New Issue