fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jschan - Anonymous imageboard software. Classic look, modern features and feel. Works without JavaScript and supports Tor, I2P, Lokinet, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
668 Commits
5 Branches
68 Tags
54 MiB
 
 
 
 
 
Tag: Branch: Tree: 9ce66a303d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9ce66a303d'
${ noResults }
jschan/configs/nginx.example

145 lines
3.5 KiB
Raw Blame History

upstream chan {
server localhost:7000;
}
server {
server_name domain.com www.domain.com;
server_tokens off;
error_page 404 = /path/to/jschan/static/html/404.html;
add_header Cache-Control "public";
add_header Content-Security-Policy "default-src 'self'; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'";
add_header Referrer-Policy "same-origin" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
if ($request_uri ~ ^/(?!captcha|randombanner|forms|logout|socket\.io)) {
rewrite ^([^.\?]*[^/])$ $1/ redirect;
rewrite ^(.+)/$ $1/index.html redirect;
}
location = /robots.txt {
access_log off;
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow:\n";
}
location = /favicon.ico {
access_log off;
expires max;
root /path/to/jschan/static/img;
try_files $uri =404;
}
location = / {
return 302 https://$host/index.html;
}
location /captcha {
access_log off;
root /path/to/jschan/static/captcha;
if ($cookie_captchaid) {
return 302 https://$host/captcha/$cookie_captchaid.jpg;
}
try_files /$cookie_captchaid.jpg @backend;
}
location / {
proxy_buffering off;
proxy_pass http://chan$request_uri;
proxy_http_version 1.1;
#websocket
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Country-Code $geoip_country_code;
proxy_set_header X-Country-Name $geoip_country_name;
}
location @backend {
proxy_buffering off;
proxy_pass http://chan$request_uri;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Country-Code $geoip_country_code;
proxy_set_header X-Country-Name $geoip_city_country_name;
proxy_set_header Connection '';
proxy_set_header Host $host;
}
# HTML
location ~* \.html$ {
expires 0;
root /path/to/jschan/static/html;
try_files $uri @backend;
}
# JSON
location ~* \.json$ {
expires 0;
root /path/to/jschan/static/json;
try_files $uri =404;
#json doesnt hit backend if it doesnt exist yet.
}
# CSS
location ~* \.css$ {
access_log off;
expires 1d;
root /path/to/jschan/static;
try_files $uri =404;
}
# Scripts
location ~* \.js$ {
expires 1d;
access_log off;
root /path/to/jschan/static;
try_files $uri =404;
}
# Images
location ~* \.(png|jpg|jpeg|gif|mp4|webm|mov|svg|mp3|ogg|wav|opus)$ {
access_log off;
expires max;
root /path/to/jschan/static;
try_files $uri =404;
}
listen 443 ssl http2; # managed by Certbot
listen [::]:443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name domain.com www.domain.com;
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
return 444; # managed by Certbot
}