security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

set baseline nginx root directory in http block

Browse Source
This commit is contained in:
Daniel Micay 2023-02-19 11:45:23 -05:00
parent 3ab9e97549
commit c137947453
1 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx/nginx.conf
View File

@ -12,6 +12,8 @@ events {
}
http {
root /var/empty;
include mime.types;
default_type application/octet-stream;
@ -111,8 +113,6 @@ http {
listen [::]:80;
server_name grapheneos.org mta-sts.grapheneos.org www.grapheneos.org grapheneos.app mta-sts.grapheneos.app www.grapheneos.app grapheneos.ca mta-sts.grapheneos.ca www.grapheneos.ca grapheneos.com mta-sts.grapheneos.com www.grapheneos.com grapheneos.dev mta-sts.grapheneos.dev www.grapheneos.dev grapheneos.info mta-sts.grapheneos.info www.grapheneos.info grapheneos.net mta-sts.grapheneos.net www.grapheneos.net grapheneos.ovh mta-sts.grapheneos.ovh www.grapheneos.ovh grapheneos.page mta-sts.grapheneos.page www.grapheneos.page vanadium.app mta-sts.vanadium.app www.vanadium.app mta-sts.mail.grapheneos.org;
root /var/empty;
location /.well-known/acme-challenge/ {
return 301 http://0.grapheneos.org$request_uri;
}
@ -127,8 +127,6 @@ http {
listen [::]:80;
server_name 0.grapheneos.org;
root /var/empty;
location /.well-known/acme-challenge/ {
root /srv/certbot;
}
@ -149,8 +147,6 @@ http {
listen [::]:443 ssl http2;
server_name www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page;
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -164,8 +160,6 @@ http {
listen [::]:443 ssl http2;
server_name vanadium.app www.vanadium.app;
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -446,8 +440,6 @@ http {
server {
listen unix:/run/nginx/status.sock;
root /var/empty;
access_log off;
location = / {