joby/webserver-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

config fix

Browse source
This commit is contained in:
Joby 2024-10-23 21:27:12 -06:00
parent 66f88acae1
commit 586d3658b7
1 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
site-config.conf
View file

@ -29,6 +29,21 @@ server {
return 403 "403 Forbidden (IP temporarily banned)\n";
}
# Apply general rate limit
limit_req zone=general burst=100 nodelay;
# Content Security Policy (needs to be per-domain)
add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;
# Subdomain handling
set $subdomain '';
set $site_root "/var/www/$DOMAIN/_main";
if ($host ~* ^([^.]+)\.$DOMAIN$) {
set $subdomain $1;
set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";
}
root "$site_root/www";
# Site-specific error pages
error_page 403 /site-error-page/403.html;
error_page 404 /site-error-page/404.html;
@ -52,21 +67,6 @@ server {
# Default error page config
include snippets/error-pages.conf;
# Apply general rate limit
limit_req zone=general burst=100 nodelay;
# Content Security Policy (needs to be per-domain)
add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;
# Subdomain handling
set $subdomain '';
set $site_root "/var/www/$DOMAIN/_main";
if ($host ~* ^([^.]+)\.$DOMAIN$) {
set $subdomain $1;
set $site_root "/var/www/$DOMAIN/subdomains/$subdomain";
}
root "$site_root/www";
# Basic settings
index index.html index.htm index.php;
client_max_body_size 20M;