47 lines
1.8 KiB
Plaintext
47 lines
1.8 KiB
Plaintext
server {
|
|
listen 443 http2;
|
|
listen [::]:443 http2;
|
|
server_name ~^demarche ~^form;
|
|
|
|
include snippets/publik-ssl.conf;
|
|
|
|
access_log /var/log/nginx/wcs-access.log combined_full;
|
|
error_log /var/log/nginx/wcs-error.log;
|
|
|
|
location ~ ^/static/(.+)$ {
|
|
root /;
|
|
try_files /var/lib/wcs/$host/static/$1
|
|
/var/lib/wcs/$host/theme/static/$1
|
|
/var/lib/wcs/collectstatic/$1
|
|
=404;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
include snippets/gzip-statics.conf;
|
|
}
|
|
|
|
location ~ ^/media/(.+)$ {
|
|
alias /var/lib/wcs/$host/media/$1;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
|
}
|
|
|
|
location /robots.txt {
|
|
alias /var/lib/wcs/www/robots.txt;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-SSL on;
|
|
proxy_set_header X-Forwarded-Protocol ssl;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
add_header 'X-Content-Type-Options' 'nosniff';
|
|
add_header 'X-XSS-Protection' '1; mode=block';
|
|
}
|
|
}
|