mirror of https://gitgud.io/fatchan/jschan.git
merge-requests/208/head
parent
2f9242bf89
commit
a04d62d29e
5 changed files with 190 additions and 17 deletions
@ -0,0 +1,3 @@ |
|||||||
|
`nginx.example` - Example nginx config with letsencrypt. You need to update with the path of installation, certificate paths, domain names, etc. |
||||||
|
`nginx_no_https.example` - Same thing, without https. Can be used for testing and development. |
||||||
|
`nginx_advanced.example` - An advanced example with both clearnet and tor, with snippets to reduce repitition for a cleaner config |
@ -0,0 +1,56 @@ |
|||||||
|
upstream chan { |
||||||
|
server 127.0.0.1:7000; |
||||||
|
} |
||||||
|
|
||||||
|
server { |
||||||
|
|
||||||
|
server_name www.xxxxxxxx.onion xxxxxxxx.onion; |
||||||
|
|
||||||
|
client_max_body_size 0; |
||||||
|
listen unix:/var/run/nginx-tor.sock; |
||||||
|
allow "unix:"; |
||||||
|
deny all; |
||||||
|
|
||||||
|
include /etc/nginx/snippets/security_headers.conf; |
||||||
|
include /etc/nginx/snippets/error_pages.conf; |
||||||
|
include /etc/nginx/snippets/jschan_routes_tor.conf; |
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
server { |
||||||
|
|
||||||
|
server_name www.example.com example.com; |
||||||
|
|
||||||
|
client_max_body_size 0; |
||||||
|
#header will tell tor users accessing clearnet endpoint to use onion service |
||||||
|
add_header onion-location 'http://xxxxxxxxxxx.onion'; |
||||||
|
|
||||||
|
include /etc/nginx/snippets/security_headers.conf; |
||||||
|
include /etc/nginx/snippets/error_pages.conf; |
||||||
|
include /etc/nginx/snippets/jschan_routes.conf; |
||||||
|
|
||||||
|
listen [::]:443 ssl ipv6only=on; # managed by Certbot |
||||||
|
listen 443 ssl; # managed by Certbot |
||||||
|
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot |
||||||
|
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot |
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot |
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot |
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
server { |
||||||
|
if ($host = www.example.com) { |
||||||
|
return 301 https://$host$request_uri; |
||||||
|
} # managed by Certbot |
||||||
|
|
||||||
|
if ($host = example.com) { |
||||||
|
return 301 https://$host$request_uri; |
||||||
|
} # managed by Certbot |
||||||
|
|
||||||
|
server_name www.example.com example.com; |
||||||
|
|
||||||
|
listen 80; |
||||||
|
listen [::]:80; |
||||||
|
return 444; # managed by Certbot |
||||||
|
|
||||||
|
} |
@ -0,0 +1,122 @@ |
|||||||
|
if ($request_uri ~ ^/(?!captcha|randombanner|forms|logout|socket\.io)) { |
||||||
|
rewrite ^([^.\?]*[^/])$ $1/ redirect; |
||||||
|
rewrite ^(.+)/$ $1/index.html redirect; |
||||||
|
} |
||||||
|
|
||||||
|
location = /robots.txt { |
||||||
|
access_log off; |
||||||
|
add_header Content-Type text/plain; |
||||||
|
return 200 "User-agent: *\nDisallow:\n"; |
||||||
|
} |
||||||
|
|
||||||
|
location = /site.webmanifest { |
||||||
|
access_log off; |
||||||
|
expires max; |
||||||
|
root /path/to/jschan/static/file; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
location = /browserconfig.xml { |
||||||
|
access_log off; |
||||||
|
expires max; |
||||||
|
root /path/to/jschan/static/file; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
location = /favicon.ico { |
||||||
|
access_log off; |
||||||
|
expires max; |
||||||
|
root /path/to/jschan/static/file; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
location = / { |
||||||
|
return 302 http://$host/index.html; |
||||||
|
} |
||||||
|
|
||||||
|
location /captcha { |
||||||
|
root /path/to/jschan/static/captcha; |
||||||
|
if ($cookie_captchaid) { |
||||||
|
return 302 http://$host/captcha/$cookie_captchaid.jpg; |
||||||
|
} |
||||||
|
try_files /$cookie_captchaid.jpg @backend; |
||||||
|
} |
||||||
|
|
||||||
|
location / { |
||||||
|
proxy_buffering off; |
||||||
|
proxy_pass http://chan$request_uri; |
||||||
|
proxy_http_version 1.1; |
||||||
|
|
||||||
|
proxy_set_header Host $host; |
||||||
|
proxy_set_header Upgrade $http_upgrade; |
||||||
|
proxy_set_header Connection 'upgrade'; |
||||||
|
proxy_cache_bypass $http_upgrade; |
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Proto http; |
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||||
|
proxy_set_header X-Real-IP $remote_addr; |
||||||
|
proxy_set_header X-Country-Code 'TOR'; |
||||||
|
} |
||||||
|
|
||||||
|
location @backend { |
||||||
|
proxy_buffering off; |
||||||
|
proxy_pass http://chan$request_uri; |
||||||
|
proxy_http_version 1.1; |
||||||
|
proxy_set_header X-Forwarded-Proto http; |
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||||
|
proxy_set_header X-Real-IP $remote_addr; |
||||||
|
proxy_set_header X-Country-Code 'TOR'; |
||||||
|
proxy_set_header Connection ''; |
||||||
|
proxy_set_header Host $host; |
||||||
|
} |
||||||
|
|
||||||
|
# HTML |
||||||
|
location ~* \.html$ { |
||||||
|
expires 0; |
||||||
|
default_type text/html; #needed for cache control private in backend |
||||||
|
root /path/to/jschan/static/html; |
||||||
|
try_files $uri @backend; |
||||||
|
} |
||||||
|
|
||||||
|
# JSON |
||||||
|
location ~* \.json$ { |
||||||
|
expires 0; |
||||||
|
root /path/to/jschan/static/json; |
||||||
|
try_files $uri @backend; |
||||||
|
#json doesnt hit backend if it doesnt exist yet. |
||||||
|
} |
||||||
|
|
||||||
|
# CSS |
||||||
|
location ~* \.css$ { |
||||||
|
access_log off; |
||||||
|
expires 1w; |
||||||
|
root /path/to/jschan/static; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
# Scripts |
||||||
|
location ~* \.js$ { |
||||||
|
expires 1w; |
||||||
|
access_log off; |
||||||
|
root /path/to/jschan/static; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
# Files (image, video, audio, other) |
||||||
|
location ~* \.(png|jpg|jpeg|webmanifest|apng|bmp|webp|pjpeg|jfif|gif|mp4|webm|mov|mkv|svg|mp3|ogg|wav|opus)$ { |
||||||
|
access_log off; |
||||||
|
expires max; |
||||||
|
root /path/to/jschan/static; |
||||||
|
try_files $uri =404; |
||||||
|
} |
||||||
|
|
||||||
|
# inline in browser so even HTML filetypes can be offered and will present a "save" dialog box |
||||||
|
location ~* \.(txt|bin)$ { |
||||||
|
access_log off; |
||||||
|
expires max; |
||||||
|
add_header Cache-Control "public"; |
||||||
|
add_header X-Content-Type-Options "nosniff" always; |
||||||
|
add_header Content-Disposition "attachment"; |
||||||
|
root /path/to/jschan/static; |
||||||
|
try_files $uri =404; |
||||||
|
} |
Loading…
Reference in new issue