47 lines
1.9 KiB
Plaintext
47 lines
1.9 KiB
Plaintext
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name ~^annonce ~^corbo;
|
|
|
|
include snippets/publik-ssl.conf;
|
|
|
|
access_log /var/log/nginx/corbo-access.log combined_full;
|
|
error_log /var/log/nginx/corbo-error.log;
|
|
|
|
location ~ ^/static/(.+)$ {
|
|
root /;
|
|
try_files /var/lib/corbo/tenants/$host/static/$1
|
|
/var/lib/corbo/tenants/$host/theme/static/$1
|
|
/var/lib/corbo/collectstatic/$1
|
|
=404;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
include snippets/gzip-statics.conf;
|
|
}
|
|
|
|
location ~ ^/media/(.+)$ {
|
|
alias /var/lib/corbo/tenants/$host/media/$1;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
|
}
|
|
|
|
location /robots.txt {
|
|
alias /var/lib/corbo/www/robots.txt;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://unix:/var/run/corbo/corbo.sock;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-SSL on;
|
|
proxy_set_header X-Forwarded-Protocol ssl;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
}
|
|
}
|