colin
/
resume
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update docker/resume/nginx.conf
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
colin 2024-11-11 22:04:25 -05:00
parent a300d70565
commit e5d0e4774f
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docker/resume/nginx.conf
View File

@ -1,14 +1,12 @@
server { server {
listen 8080 http2; # HTTP/2 for efficient multiplexing listen 8080 http2;
listen 8080 quic reuseport; # HTTP/3 support listen 8080 quic reuseport;
http3_max_concurrent_streams 128; http3_max_concurrent_streams 128;
# Root directory for content
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.html; index index.html;
# Server name (adjust as needed) server_name colinknapp.com www.colinknapp.com;
server_name yourdomain.com www.yourdomain.com;
# Security headers # Security headers
add_header X-Frame-Options "DENY" always; add_header X-Frame-Options "DENY" always;
@ -16,10 +14,19 @@ server {
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
# Content Security Policy (CSP) for js, css, and html only # Content Security Policy (CSP) tailored for colinknapp.com without nonce
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://trusted.cdn.com https://metrics.nixc.us; style-src 'self' 'unsafe-inline' https://trusted.cdn.com; connect-src 'self' https://metrics.nixc.us; frame-src 'self';"; add_header Content-Security-Policy "
default-src 'self';
script-src 'self' https://matomo.nixc.us/js/tracker.js https://colinknapp.com/scripts/some-script.js;
style-src 'self' 'unsafe-inline' https://colinknapp.com/styles/main.css;
img-src 'self' https://colinknapp.com/icons data:;
connect-src 'self' https://matomo.nixc.us;
font-src 'self' fonts.gstatic.com;
base-uri 'self';
form-action 'self';
";
# Caching headers for JavaScript and CSS files # Enable long-term caching for JavaScript, CSS, and HTML files
location ~* \.(js|css|html)$ { location ~* \.(js|css|html)$ {
expires 1y; expires 1y;
add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, immutable";
@ -35,5 +42,5 @@ server {
} }
# HTTP/3 advertisement header # HTTP/3 advertisement header
add_header Alt-Svc 'h3-29=":8080"; ma=86400'; # Advertise HTTP/3 to clients add_header Alt-Svc 'h3-29=":8080"; ma=86400';
} }