93 lines
7.6 KiB
Plaintext
93 lines
7.6 KiB
Plaintext
server {
|
|
add_header Content-Security-Policy "base-uri 'self'; style-src 'self' 'unsafe-inline'; default-src 'none'; frame-ancestors 'self'; form-action 'self'; require-trusted-types-for 'script'" always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-Xss-Protection "0" always;
|
|
add_header Referrer-Policy no-referrer always;
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
|
add_header Cross-Origin-Resource-Policy same-origin always;
|
|
listen unix:/var/run/nginx.sock default_server;
|
|
root /var/www/html;
|
|
index index.php;
|
|
server_name danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion;
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location ~ ^/mail/squirrelmail/.git {
|
|
return 403;
|
|
}
|
|
rewrite /.well-known/openpgpkey/hu /mail/openpgpkey_wkd.php last;
|
|
location ~ ^/mail/squirrelmail/.*\.php$ {
|
|
add_header Content-Security-Policy "base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; default-src 'none'; img-src 'self' data: https://*; frame-ancestors 'self'; form-action 'self'; require-trusted-types-for 'script'" always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-Xss-Protection "0" always;
|
|
add_header Referrer-Policy no-referrer always;
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
|
add_header Cross-Origin-Resource-Policy same-origin always;
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
|
expires off;
|
|
}
|
|
location ~ \.php$ {
|
|
add_header Referrer-Policy no-referrer always;
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
|
expires off;
|
|
}
|
|
}
|
|
server {
|
|
add_header Content-Security-Policy "base-uri 'self'; style-src 'self' 'unsafe-inline'; default-src 'none'; frame-ancestors 'self'; form-action 'self'; require-trusted-types-for 'script'" always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-Xss-Protection "0" always;
|
|
add_header Referrer-Policy no-referrer always;
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
|
add_header Expect-CT "max-age=86400, enforce" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
|
add_header Cross-Origin-Resource-Policy same-origin always;
|
|
listen [::]:443 ssl proxy_protocol http2;
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
|
root /var/www/html;
|
|
index index.php;
|
|
server_name danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion danwin1210.de;
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location ~ ^/mail/squirrelmail/.git {
|
|
return 403;
|
|
}
|
|
rewrite /.well-known/openpgpkey/hu /mail/openpgpkey_wkd.php last;
|
|
location ~ ^/mail/squirrelmail/.*\.php$ {
|
|
add_header Content-Security-Policy "base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; default-src 'none'; img-src 'self' data: https://*; frame-ancestors 'self'; form-action 'self'; require-trusted-types-for 'script'" always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-Xss-Protection "0" always;
|
|
add_header Referrer-Policy no-referrer always;
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
|
add_header Expect-CT "max-age=86400, enforce" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
|
add_header Cross-Origin-Resource-Policy same-origin always;
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
|
expires off;
|
|
}
|
|
location ~ \.php$ {
|
|
add_header Referrer-Policy no-referrer always;
|
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
|
add_header Expect-CT "max-age=86400, enforce" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
|
expires off;
|
|
}
|
|
}
|
|
|