Mercurial Mercurial > ansible-roles / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pleroma-otp/templates/pleroma.cloudflare.nginx.conf.j2
changeset 95 35b63b150a51
parent 94 7082ab4828c5
child 96 290c18c27521
equal deleted inserted replaced
94:7082ab4828c5 95:35b63b150a51 
    24     # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
 
    24     # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
 
    25     server_name {{nginx_server_name}};
 
    25     server_name {{nginx_server_name}};
 
    26 
    26 
    27     ssl_certificate {{nginx_ssl_cert}};
 
    27     ssl_certificate {{nginx_ssl_cert}};
 
    28     ssl_certificate_key {{nginx_ssl_privkey}};
 
    28     ssl_certificate_key {{nginx_ssl_privkey}};
 
    29     # include /etc/letsencrypt/options-ssl-nginx.conf;
 
       
    30     # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
       
    31 
       
    32     ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
 
    29     ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
 
    33     ssl_stapling on;
 
       
    34     ssl_stapling_verify on;
 
       
    35 
    30 
    36     add_header Strict-Transport-Security "max-age=31536000" always;
 
    31     add_header Strict-Transport-Security "max-age=31536000" always;
 
    37 
    32 
    38     gzip_vary on;
 
    33     gzip_vary on;
 
    39     gzip_proxied any;
 
    34     gzip_proxied any;
 
    43     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
 
    38     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
 
    44 
    39 
    45     # the nginx default is 1m, not enough for large media uploads
 
    40     # the nginx default is 1m, not enough for large media uploads
 
    46     client_max_body_size 16m;
 
    41     client_max_body_size 16m;
 
    47 
    42 
       
    43     root {{nginx_html_root}};
 
       
    44 
       
    45     location = / {
 
       
    46         index index.html;
 
       
    47     }
 
       
    48 
    48     location / {
 
    49     location / {
 
       
    50         try_files $uri @pleroma;
 
       
    51     }
 
       
    52 
       
    53     location @pleroma {
 
    49         add_header X-XSS-Protection "1; mode=block";
 
    54         add_header X-XSS-Protection "1; mode=block";
 
    50         add_header X-Permitted-Cross-Domain-Policies none;
 
    55         add_header X-Permitted-Cross-Domain-Policies none;
 
    51         add_header X-Frame-Options DENY;
 
    56         add_header X-Frame-Options DENY;
 
    52         add_header X-Content-Type-Options nosniff;
 
    57         add_header X-Content-Type-Options nosniff;
 
    53         add_header Referrer-Policy same-origin;
 
    58         add_header Referrer-Policy same-origin;
ansible-roles