Nixius
/
lucky-ddg
forked from colin/resume
2
0
Fork 0
Code Pull Requests Activity

Update docker/resume/nginx.conf

This commit is contained in:
colin 2024-11-11 22:11:42 -05:00
parent 0d96f47c2e
commit 6a6b69ae3e
1 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docker/resume/nginx.conf
View File

@ -1,5 +1,11 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http { http {
# Rate limiting zone defined at the top-level 'http' block
limit_req_zone $binary_remote_addr zone=default:10m rate=20r/s; limit_req_zone $binary_remote_addr zone=default:10m rate=20r/s;
server { server {
@ -14,38 +20,24 @@ http {
server_name colinknapp.com www.colinknapp.com; server_name colinknapp.com www.colinknapp.com;
# Security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
# Content Security Policy (CSP) add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://matomo.nixc.us/js/tracker.js https://colinknapp.com/scripts/some-script.js; style-src 'self' 'unsafe-inline' https://colinknapp.com/styles/main.css; img-src 'self' https://colinknapp.com/icons data:; connect-src 'self' https://matomo.nixc.us; font-src 'self' fonts.gstatic.com; base-uri 'self'; form-action 'self';" always;
add_header Content-Security-Policy "
default-src 'self';
script-src 'self' https://matomo.nixc.us/js/tracker.js https://colinknapp.com/scripts/some-script.js;
style-src 'self' 'unsafe-inline' https://colinknapp.com/styles/main.css;
img-src 'self' https://colinknapp.com/icons data:;
connect-src 'self' https://matomo.nixc.us;
font-src 'self' fonts.gstatic.com;
base-uri 'self';
form-action 'self';
" always;
# Enable long-term caching for JavaScript, CSS, and HTML files
location ~* \.(js|css|html)$ { location ~* \.(js|css|html)$ {
expires 1y; expires 1y;
add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, immutable";
} }
# Apply rate limiting within the server block
location / { location / {
limit_req zone=default burst=30; limit_req zone=default burst=30;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
# HTTP/3 advertisement header
add_header Alt-Svc 'h3-29=":8080"; ma=86400'; add_header Alt-Svc 'h3-29=":8080"; ma=86400';
} }
} }