microformat2 nginx configuration.

conf.d-gzip.conf

# vim: set ft=nginx :
# Enable compression.
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types image/* text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

nginx.conf

daemon on;
user www-data;
pid /var/run/nginx.pid;
worker_processes auto;

events {
  worker_connections  1024;
}

http {
  # Don't tell people what version of nginx I'm using.
  server_tokens off;

  sendfile            on;
  tcp_nopush          on;
  tcp_nodelay         on;
  keepalive_timeout   65;
  types_hash_max_size 2048;

  upstream php {
    server unix:/var/run/php/php7.3-fpm.sock;
  }

  index index.php index.html index.htm;

  server {
    listen 80 default_server;
    listen [::]:80 default_server;

    error_log  /var/log/nginx/error.log info;
    access_log /var/log/nginx/access.log combined;

    server_name _;
    root /var/www;

    port_in_redirect off;
    client_max_body_size 5m;
    client_body_timeout 60;

#     listen 443 ssl http2;
#     ssl_certificate /etc/letsencrypt/live/microformats.org/fullchain.pem; # managed by Certbot
#     ssl_certificate_key /etc/letsencrypt/live/microformats.org/privkey.pem; # managed by Certbot

#     if ($scheme != "https") {
#         return 301 https://$host$request_uri;
#     }

    # include /etc/letsencrypt/options-ssl-nginx.conf;

    location ~* \.(?:css|js|woff|svg|gif|jpeg|png|otf|ico|ttf)$ {
      access_log off;
      add_header Cache-Control "public, max-age=7200";
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
      try_files $uri $uri$is_args$args =404;
    }

    # MediaWiki {{{
    # The root URL for it is $SERVER_HOST/wiki
    location /wiki {
        try_files $uri $uri/ @rewrite;
    }

    location @rewrite {
        rewrite ^/wiki/(.*)$ /wiki/index.php?title=$1&$args;
    }

    location ^~ /maintenance/ {
        return 403;
    }

    location ~ /wiki/(.*)\.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~* /wiki/\.(js|css|png|jpg|jpeg|gif|ico)$ {
        try_files $uri /index.php;
        expires max;
        log_not_found off;
    }

    location = /wiki/_.gif {
        expires max;
        empty_gif;
    }

    location ^~ /wiki/cache/ {
        deny all;
    }

    location /wiki/dumps {
        root /var/www/wiki/local;
        autoindex on;
    }
    # }}}

    # Wordpress {{{
    location = /favicon.ico {
      log_not_found off;
      access_log off;
    }

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
    }

    location / {
      try_files $uri $uri /index.php?$args;
    }

    location ~* \.php$ {
      root /var/www/blog;
      #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
      include fastcgi_params;
      fastcgi_pass php;
      fastcgi_intercept_errors on;
      fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
    # }}}

    # Munin {{{
    # The root URL for it is $SERVER_HOST/munin
    # }}}

    add_header Referrer-Policy "no-referrer-when-downgrade" always;
  }

  include /etc/nginx/conf.d/*.conf;
}