Created
December 27, 2024 00:45
-
-
Save Nooshu/c42671296ee58413147a0299b1eab604 to your computer and use it in GitHub Desktop.
A complete nginx.conf file for use on DigitalOcean.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # Security headers | |
| map $sent_http_content_type $x_content_type_options { | |
| default "nosniff"; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name your-domain.com; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name your-domain.com; | |
| # SSL configuration | |
| ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; | |
| # Root directory and index files | |
| root /var/www/html; | |
| index index.html index.htm; | |
| # Security headers | |
| add_header Access-Control-Allow-Origin "https://nooshu.com" always; | |
| add_header Cache-Control "public, s-maxage=31536000, max-age=31536000" always; | |
| add_header Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" always; | |
| add_header Cross-Origin-Opener-Policy "same-origin" always; | |
| add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),navigation-override=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(),usb=(),web-share=(),xr-spatial-tracking=()" always; | |
| add_header Referrer-Policy "strict-origin-when-cross-origin" always; | |
| add_header Cross-Origin-Resource-Policy "cross-origin" always; | |
| add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-DNS-Prefetch-Control "off" always; | |
| add_header X-Frame-Options "DENY" always; | |
| add_header X-Permitted-Cross-Domain-Policies "none" always; | |
| add_header Origin-Agent-Cluster "?1" always; | |
| # Basic security settings | |
| server_tokens off; | |
| # Gzip compression | |
| gzip on; | |
| gzip_vary on; | |
| gzip_min_length 1024; | |
| gzip_proxied expired no-cache no-store private auth; | |
| gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml; | |
| gzip_disable "MSIE [1-6]\."; | |
| # Handle 404 errors | |
| error_page 404 /404.html; | |
| location / { | |
| try_files $uri $uri/ =404; | |
| } | |
| # Deny access to hidden files | |
| location ~ /\. { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| } | |
| } | |
| # Basic events configuration | |
| events { | |
| worker_connections 1024; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment