fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jschan - Anonymous imageboard software. Classic look, modern features and feel. Works without JavaScript and supports Tor, I2P, Lokinet, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1958 Commits
5 Branches
69 Tags
55 MiB
 
 
 
 
 
Tag: Branch: Tree: e909cde541
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e909cde541'
${ noResults }
jschan/configs/nginx/nginx_no_https.example

407 lines
11 KiB
Raw Blame History

upstream chan {
server localhost:7000;
}
server {
server_name domain.com www.domain.com;
client_max_body_size 0; #limit handled by upstream for better errors
server_tokens off;
add_header Cache-Control "public";
add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' ws://domain.com/" always;
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
location = /404.html {
root /path/to/jschan/static/html;
internal;
}
location = /500.html {
root /path/to/jschan/static/html;
internal;
}
location = /502.html {
root /path/to/jschan/static/html;
internal;
}
location = /503.html {
root /path/to/jschan/static/html;
internal;
}
location = /504.html {
root /path/to/jschan/static/html;
internal;
}
if ($request_uri ~ ^/(?!captcha|randombanner|forms|socket\.io)) {
rewrite ^([^.\?]*[^/])$ $1/ redirect;
rewrite ^(.+)/$ $1/index.html redirect;
}
location = /robots.txt {
access_log off;
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow:\n";
}
location = /site.webmanifest {
access_log off;
expires max;
root /path/to/jschan/static/file;
try_files $uri =404;
}
location = /browserconfig.xml {
access_log off;
expires max;
root /path/to/jschan/static/file;
try_files $uri =404;
}
location = /favicon.ico {
access_log off;
expires max;
root /path/to/jschan/static/file;
try_files $uri =404;
}
location = / {
return 302 http://$host/index.html;
}
location /captcha {
access_log off;
root /path/to/jschan/static/captcha;
if ($cookie_captchaid) {
return 302 http://$host/captcha/$cookie_captchaid.jpg;
}
try_files /$cookie_captchaid.jpg @backend;
}
location / {
proxy_buffering off;
proxy_pass http://chan$request_uri;
proxy_http_version 1.1;
#websocket
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Country-Code $geoip_country_code;
}
location @backend {
proxy_buffering off;
proxy_pass http://chan$request_uri;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Country-Code $geoip_country_code;
proxy_set_header Connection '';
proxy_set_header Host $host;
}
location @backend-private {
#no cache control public
add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://domain.com/" always;
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
add_header X-Frame-Options "sameorigin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
proxy_buffering off;
proxy_pass http://chan$request_uri;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Country-Code $geoip_country_code;
proxy_set_header Connection '';
proxy_set_header Host $host;
}
# authed, no cache pages
location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create)\.(html|json)$ {
expires 0;
try_files /dev/null @backend-private;
}
# public html
location ~* \.html$ {
expires 0;
root /path/to/jschan/static/html;
try_files $uri @backend;
}
# public json
location ~* \.json$ {
expires 0;
root /path/to/jschan/static/json;
try_files $uri @backend;
}
# CSS
location ~* \.css$ {
access_log off;
expires 1d;
root /path/to/jschan/static;
try_files $uri =404;
}
# Scripts
location ~* \.js$ {
expires 1d;
access_log off;
root /path/to/jschan/static;
try_files $uri =404;
}
# Files (image, video, audio, other)
location ~* \.(png|jpg|jpeg|bmp|gif|apng|webp|pjpeg|jfif|mkv|mp4|webm|mov|svg|flac|mp3|ogg|wav|opus)$ {
access_log off;
expires max;
root /path/to/jschan/static;
try_files $uri =404;
}
# Favicon, safari icons, apple-touch icon, browserconfig, mstiles, etc.
location ~* \.(webmanifest|xml)$ {
access_log off;
expires max;
root /path/to/jschan/static/file;
try_files $uri =404;
}
# "Other" Files for custom type uploads, uses content-disposition to prevent rendering
# inline in browser and will present a "save" dialog box. make sure these file
# extensions match for mimes defined in global settings
# location ~* \.(txt)$ {
# access_log off;
# expires max;
# add_header Cache-Control "public";
# add_header X-Content-Type-Options "nosniff" always;
# add_header Content-Disposition "attachment";
# root /path/to/jschan/static;
# try_files $uri =404;
# }
listen 80;
listen [::]:80;
}
##OPTIONAL, tor config
#server {
#
# server_name zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.onion;
# client_max_body_size 0; #limit handled by upstream for better errors
# server_tokens off;
#
# error_page 404 /404.html;
# error_page 500 /500.html;
# error_page 502 /502.html;
# error_page 503 /503.html;
# error_page 504 /504.html;
# location = /404.html {
# root /path/to/jschan/static/html;
# internal;
# }
# location = /500.html {
# root /path/to/jschan/static/html;
# internal;
# }
# location = /502.html {
# root /path/to/jschan/static/html;
# internal;
# }
# location = /503.html {
# root /path/to/jschan/static/html;
# internal;
# }
# location = /504.html {
# root /path/to/jschan/static/html;
# internal;
# }
#
# add_header Cache-Control "public";
# add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'" always;
# add_header Referrer-Policy "same-origin" always;
# add_header X-Frame-Options "sameorigin" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-XSS-Protection "1; mode=block" always;
#
# if ($request_uri ~ ^/(?!captcha|randombanner|forms|socket\.io)) {
# rewrite ^([^.\?]*[^/])$ $1/ redirect;
# rewrite ^(.+)/$ $1/index.html redirect;
# }
#
# location = /robots.txt {
# access_log off;
# add_header Content-Type text/plain;
# return 200 "User-agent: *\nDisallow:\n";
# }
#
# location = /site.webmanifest {
# access_log off;
# expires max;
# root /path/to/jschan/static/file;
# try_files $uri =404;
# }
#
# location = /browserconfig.xml {
# access_log off;
# expires max;
# root /path/to/jschan/static/file;
# try_files $uri =404;
# }
#
# location = /favicon.ico {
# access_log off;
# expires max;
# root /path/to/jschan/static/file;
# try_files $uri =404;
# }
#
# location = / {
# return 302 http://$host/index.html;
# }
#
# location /captcha {
# access_log off;
# root /path/to/jschan/static/captcha;
# if ($cookie_captchaid) {
# return 302 http://$host/captcha/$cookie_captchaid.jpg;
# }
# try_files /$cookie_captchaid.jpg @backend;
# }
#
# location / {
# proxy_buffering off;
# proxy_pass http://chan$request_uri;
# proxy_http_version 1.1;
#
# #websocket
# proxy_set_header Host $host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_cache_bypass $http_upgrade;
#
# proxy_set_header X-Forwarded-Proto http;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Country-Code 'TOR';
# }
#
# location @backend {
# proxy_buffering off;
# proxy_pass http://chan$request_uri;
# proxy_http_version 1.1;
# proxy_set_header X-Forwarded-Proto http;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Country-Code 'TOR';
# proxy_set_header Connection '';
# proxy_set_header Host $host;
# }
#
# location @backend-private {
# #no cache control public
# add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://domain.com/" always;
# add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
# add_header X-Frame-Options "sameorigin" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-XSS-Protection "1; mode=block" always;
# proxy_buffering off;
# proxy_pass http://chan$request_uri;
# proxy_http_version 1.1;
# proxy_set_header X-Forwarded-Proto http;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Country-Code 'TOR';
# proxy_set_header Connection '';
# proxy_set_header Host $host;
# }
#
# # authed, no cache pages
# location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create)\.(html|json)$ {
# expires 0;
# try_files /dev/null @backend-private;
# }
#
# # HTML
# location ~* \.html$ {
# expires 0;
# root /path/to/jschan/static/html;
# try_files $uri @backend;
# }
#
# # JSON
# location ~* \.json$ {
# expires 0;
# root /path/to/jschan/static/json;
# try_files $uri @backend;
# #json doesnt hit backend if it doesnt exist yet.
# }
#
# # CSS
# location ~* \.css$ {
# access_log off;
# expires 1d;
# root /path/to/jschan/static;
# try_files $uri =404;
# }
#
# # Scripts
# location ~* \.js$ {
# expires 1d;
# access_log off;
# root /path/to/jschan/static;
# try_files $uri =404;
# }
#
# # Files (image, video, audio, other)
# location ~* \.(png|jpg|jpeg|bmp|gif|apng|webp|jfif|pjpeg|mkv|mp4|webm|mov|svg|mp3|ogg|wav|opus)$ {
# access_log off;
# expires max;
# root /path/to/jschan/static;
# try_files $uri =404;
# }
#
# # Favicon, safari icons, apple-touch icon, browserconfig, mstiles, etc.
# location ~* \.(webmanifest|xml)$ {
# access_log off;
# expires max;
# root /path/to/jschan/static/file;
# try_files $uri =404;
# }
#
# # "Other" Files for custom type uploads, uses content-disposition to prevent rendering
# # inline in browser and will present a "save" dialog box. make sure these file
# # extensions match for mimes defined in global settings
# location ~* \.(txt)$ {
# access_log off;
# expires max;
# add_header Cache-Control "public";
# add_header X-Content-Type-Options "nosniff" always;
# add_header Content-Disposition "attachment";
# root /path/to/jschan/static;
# try_files $uri =404;
# }
#
# listen 127.0.0.1:80;
# listen [::1]:80;
#
#}