add https config for nitter.ca

This commit is contained in:
staticsafe 2021-09-07 17:20:06 -04:00
parent d650f545b7
commit f5e67ae71d
1 changed files with 20 additions and 0 deletions

View File

@ -15,6 +15,26 @@
- listen [::]:80
- server_name nitter.ca
- return 301 "https://$host$request_uri"
nitter.ca.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name nitter.ca
- ssl_certificate "/etc/ssl/letsencrypt/nitter.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/nitter.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options DENY;
- add_header X-XSS-Protection "1; mode=block"
- location / {
proxy_pass http://127.0.0.1:8080;
}
- location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
nginx_configs:
gzip:
- gzip on