mirror of https://gitgud.io/fatchan/jschan.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
360 lines
8.8 KiB
360 lines
8.8 KiB
upstream chan {
|
|
server localhost:7000;
|
|
}
|
|
|
|
server {
|
|
|
|
server_name domain.com www.domain.com;
|
|
client_max_body_size 0; #limit handled by upstream for better errors
|
|
server_tokens off;
|
|
|
|
add_header Cache-Control "public";
|
|
add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' ws://domain.com/";
|
|
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
|
|
add_header X-Frame-Options "sameorigin" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
error_page 404 /404.html;
|
|
error_page 500 /500.html;
|
|
error_page 502 /502.html;
|
|
error_page 503 /503.html;
|
|
error_page 504 /504.html;
|
|
location = /404.html {
|
|
root /path/to/jschan/static/html;
|
|
internal;
|
|
}
|
|
location = /500.html {
|
|
root /path/to/jschan/static/html;
|
|
internal;
|
|
}
|
|
location = /502.html {
|
|
root /path/to/jschan/static/html;
|
|
internal;
|
|
}
|
|
location = /503.html {
|
|
root /path/to/jschan/static/html;
|
|
internal;
|
|
}
|
|
location = /504.html {
|
|
root /path/to/jschan/static/html;
|
|
internal;
|
|
}
|
|
|
|
if ($request_uri ~ ^/(?!captcha|randombanner|forms|socket\.io)) {
|
|
rewrite ^([^.\?]*[^/])$ $1/ redirect;
|
|
rewrite ^(.+)/$ $1/index.html redirect;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
access_log off;
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow:\n";
|
|
}
|
|
|
|
location = /site.webmanifest {
|
|
access_log off;
|
|
expires max;
|
|
root /path/to/jschan/static/file;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location = /browserconfig.xml {
|
|
access_log off;
|
|
expires max;
|
|
root /path/to/jschan/static/file;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
access_log off;
|
|
expires max;
|
|
root /path/to/jschan/static/file;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location = / {
|
|
return 302 http://$host/index.html;
|
|
}
|
|
|
|
location /captcha {
|
|
access_log off;
|
|
root /path/to/jschan/static/captcha;
|
|
if ($cookie_captchaid) {
|
|
return 302 http://$host/captcha/$cookie_captchaid.jpg;
|
|
}
|
|
try_files /$cookie_captchaid.jpg @backend;
|
|
}
|
|
|
|
location / {
|
|
proxy_buffering off;
|
|
proxy_pass http://chan$request_uri;
|
|
proxy_http_version 1.1;
|
|
|
|
#websocket
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_cache_bypass $http_upgrade;
|
|
|
|
proxy_set_header X-Forwarded-Proto http;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Country-Code $geoip_country_code;
|
|
}
|
|
|
|
location @backend {
|
|
proxy_buffering off;
|
|
proxy_pass http://chan$request_uri;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-Proto http;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Country-Code $geoip_country_code;
|
|
proxy_set_header Connection '';
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
# HTML
|
|
location ~* \.html$ {
|
|
expires 0;
|
|
root /path/to/jschan/static/html;
|
|
try_files $uri @backend;
|
|
}
|
|
|
|
# JSON
|
|
location ~* \.json$ {
|
|
expires 0;
|
|
root /path/to/jschan/static/json;
|
|
try_files $uri @backend;
|
|
#some json files will build pages on-demand
|
|
}
|
|
|
|
# CSS
|
|
location ~* \.css$ {
|
|
access_log off;
|
|
expires 1d;
|
|
root /path/to/jschan/static;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# Scripts
|
|
location ~* \.js$ {
|
|
expires 1d;
|
|
access_log off;
|
|
root /path/to/jschan/static;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# Files (image, video, audio, other)
|
|
location ~* \.(png|jpg|jpeg|bmp|gif|apng|webp|pjpeg|jfif|mkv|mp4|webm|mov|svg|flac|mp3|ogg|wav|opus)$ {
|
|
access_log off;
|
|
expires max;
|
|
root /path/to/jschan/static;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# Favicon, safari icons, apple-touch icon, browserconfig, mstiles, etc.
|
|
location ~* \.(webmanifest|xml)$ {
|
|
access_log off;
|
|
expires max;
|
|
root /path/to/jschan/static/file;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# "Other" Files for custom type uploads, uses content-disposition to prevent rendering
|
|
# inline in browser and will present a "save" dialog box. make sure these file
|
|
# extensions match for mimes defined in global settings
|
|
# location ~* \.(txt)$ {
|
|
# access_log off;
|
|
# expires max;
|
|
# add_header Cache-Control "public";
|
|
# add_header X-Content-Type-Options "nosniff" always;
|
|
# add_header Content-Disposition "attachment";
|
|
# root /path/to/jschan/static;
|
|
# try_files $uri =404;
|
|
# }
|
|
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
}
|
|
|
|
##OPTIONAL, tor config
|
|
#server {
|
|
#
|
|
# server_name zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.onion;
|
|
# client_max_body_size 0; #limit handled by upstream for better errors
|
|
# server_tokens off;
|
|
#
|
|
# error_page 404 /404.html;
|
|
# error_page 500 /500.html;
|
|
# error_page 502 /502.html;
|
|
# error_page 503 /503.html;
|
|
# error_page 504 /504.html;
|
|
# location = /404.html {
|
|
# root /path/to/jschan/static/html;
|
|
# internal;
|
|
# }
|
|
# location = /500.html {
|
|
# root /path/to/jschan/static/html;
|
|
# internal;
|
|
# }
|
|
# location = /502.html {
|
|
# root /path/to/jschan/static/html;
|
|
# internal;
|
|
# }
|
|
# location = /503.html {
|
|
# root /path/to/jschan/static/html;
|
|
# internal;
|
|
# }
|
|
# location = /504.html {
|
|
# root /path/to/jschan/static/html;
|
|
# internal;
|
|
# }
|
|
#
|
|
# add_header Cache-Control "public";
|
|
# add_header Content-Security-Policy "default-src 'self'; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'";
|
|
# add_header Referrer-Policy "same-origin" always;
|
|
# add_header X-Frame-Options "sameorigin" always;
|
|
# add_header X-Content-Type-Options "nosniff" always;
|
|
# add_header X-XSS-Protection "1; mode=block" always;
|
|
#
|
|
# if ($request_uri ~ ^/(?!captcha|randombanner|forms|socket\.io)) {
|
|
# rewrite ^([^.\?]*[^/])$ $1/ redirect;
|
|
# rewrite ^(.+)/$ $1/index.html redirect;
|
|
# }
|
|
#
|
|
# location = /robots.txt {
|
|
# access_log off;
|
|
# add_header Content-Type text/plain;
|
|
# return 200 "User-agent: *\nDisallow:\n";
|
|
# }
|
|
#
|
|
# location = /site.webmanifest {
|
|
# access_log off;
|
|
# expires max;
|
|
# root /path/to/jschan/static/file;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# location = /browserconfig.xml {
|
|
# access_log off;
|
|
# expires max;
|
|
# root /path/to/jschan/static/file;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# location = /favicon.ico {
|
|
# access_log off;
|
|
# expires max;
|
|
# root /path/to/jschan/static/file;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# location = / {
|
|
# return 302 http://$host/index.html;
|
|
# }
|
|
#
|
|
# location /captcha {
|
|
# access_log off;
|
|
# root /path/to/jschan/static/captcha;
|
|
# if ($cookie_captchaid) {
|
|
# return 302 http://$host/captcha/$cookie_captchaid.jpg;
|
|
# }
|
|
# try_files /$cookie_captchaid.jpg @backend;
|
|
# }
|
|
#
|
|
# location / {
|
|
# proxy_buffering off;
|
|
# proxy_pass http://chan$request_uri;
|
|
# proxy_http_version 1.1;
|
|
#
|
|
# #websocket
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_cache_bypass $http_upgrade;
|
|
#
|
|
# proxy_set_header X-Forwarded-Proto http;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Country-Code 'TOR';
|
|
# }
|
|
#
|
|
# location @backend {
|
|
# proxy_buffering off;
|
|
# proxy_pass http://chan$request_uri;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header X-Forwarded-Proto http;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Country-Code 'TOR';
|
|
# proxy_set_header Connection '';
|
|
# proxy_set_header Host $host;
|
|
# }
|
|
#
|
|
# # HTML
|
|
# location ~* \.html$ {
|
|
# expires 0;
|
|
# root /path/to/jschan/static/html;
|
|
# try_files $uri @backend;
|
|
# }
|
|
#
|
|
# # JSON
|
|
# location ~* \.json$ {
|
|
# expires 0;
|
|
# root /path/to/jschan/static/json;
|
|
# try_files $uri @backend;
|
|
# #json doesnt hit backend if it doesnt exist yet.
|
|
# }
|
|
#
|
|
# # CSS
|
|
# location ~* \.css$ {
|
|
# access_log off;
|
|
# expires 1d;
|
|
# root /path/to/jschan/static;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# # Scripts
|
|
# location ~* \.js$ {
|
|
# expires 1d;
|
|
# access_log off;
|
|
# root /path/to/jschan/static;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# # Files (image, video, audio, other)
|
|
# location ~* \.(png|jpg|jpeg|bmp|gif|apng|webp|jfif|pjpeg|mkv|mp4|webm|mov|svg|mp3|ogg|wav|opus)$ {
|
|
# access_log off;
|
|
# expires max;
|
|
# root /path/to/jschan/static;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# # Favicon, safari icons, apple-touch icon, browserconfig, mstiles, etc.
|
|
# location ~* \.(webmanifest|xml)$ {
|
|
# access_log off;
|
|
# expires max;
|
|
# root /path/to/jschan/static/file;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# # "Other" Files for custom type uploads, uses content-disposition to prevent rendering
|
|
# # inline in browser and will present a "save" dialog box. make sure these file
|
|
# # extensions match for mimes defined in global settings
|
|
# location ~* \.(txt)$ {
|
|
# access_log off;
|
|
# expires max;
|
|
# add_header Cache-Control "public";
|
|
# add_header X-Content-Type-Options "nosniff" always;
|
|
# add_header Content-Disposition "attachment";
|
|
# root /path/to/jschan/static;
|
|
# try_files $uri =404;
|
|
# }
|
|
#
|
|
# listen 127.0.0.1:80;
|
|
# listen [::1]:80;
|
|
#
|
|
#}
|
|
|