From f5e67ae71d83a16e185edc46b106a15c89f4e8f9 Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Tue, 7 Sep 2021 17:20:06 -0400
Subject: [PATCH] add https config for nitter.ca

---
 ubuntu/elaine.asininetech.net.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ubuntu/elaine.asininetech.net.yml b/ubuntu/elaine.asininetech.net.yml
index 699f63f..fe5bb93 100644
--- a/ubuntu/elaine.asininetech.net.yml
+++ b/ubuntu/elaine.asininetech.net.yml
@@ -15,6 +15,26 @@
         - listen [::]:80
         - server_name nitter.ca
         - return 301 "https://$host$request_uri"
+      nitter.ca.https:
+        - listen *:443 ssl http2
+        - listen [::]:443 ssl http2
+        - server_name nitter.ca
+        - ssl_certificate "/etc/ssl/letsencrypt/nitter.ca.crt"
+        - ssl_certificate_key "/etc/ssl/letsencrypt/nitter.ca.pem"
+        - ssl_stapling on
+        - resolver [::1] valid=300s
+        - add_header Strict-Transport-Security max-age=31536000
+        - add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
+        - add_header X-Content-Type-Options nosniff;
+        - add_header X-Frame-Options DENY;
+        - add_header X-XSS-Protection "1; mode=block"
+        - location / {
+            proxy_pass http://127.0.0.1:8080;
+          }
+        - location = /robots.txt {
+            add_header Content-Type text/plain;
+            return 200 "User-agent: *\nDisallow: /\n";
+          }
     nginx_configs:
       gzip:
         - gzip on