Created
April 28, 2019 16:29
-
-
Save bajpangosh/d18af6672ddea85e9d84d1d2df3b40cc to your computer and use it in GitHub Desktop.
Revisions
-
bajpangosh created this gist
Apr 28, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,81 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.verifiedbyme.xyz; # SSL ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; # reverse proxy location / { proxy_pass http://127.0.0.1:2368; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } # security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # . files location ~ /\.(?!well-known) { deny all; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; } # non-www, subdomains redirect server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name .verifiedbyme.xyz; # SSL ssl_certificate /etc/nginx/ssl/verifiedbyme.xyz.crt; ssl_certificate_key /etc/nginx/ssl/verifiedbyme.xyz.key; return 301 https://www.verifiedbyme.xyz$request_uri; } # HTTP redirect server { listen 80; listen [::]:80; server_name .verifiedbyme.xyz; return 301 https://www.verifiedbyme.xyz$request_uri; }