From 0bebcae2ae4f7deb84ab5b39e3a93674c8bb2491 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sun, 7 Apr 2024 17:34:26 +0000
Subject: [PATCH] Add "Nginx" configuration file "Internal - BINHOST"

This configuration file is related to Inferencium's internal Gentoo
BINHOST server.
---
 nginx/inf-int-bin.conf | 55 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 nginx/inf-int-bin.conf

diff --git a/nginx/inf-int-bin.conf b/nginx/inf-int-bin.conf
new file mode 100644
index 0000000..1abcf76
--- /dev/null
+++ b/nginx/inf-int-bin.conf
@@ -0,0 +1,55 @@
+# Inferencium - xa000-1
+# Nginx - Configuration - Inferencium - Internal - BINHOST
+# Version: 0.1.0
+
+# Copyright 2024 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+# Redirect (unencrypted)
+server {
+		## General
+        server_name						bin.int.inferencium.net;
+        listen							80;
+#       listen							[::]:80;
+
+		## Location
+        location / {
+				return					301 https://$host$request_uri;
+		}
+}
+
+
+# Server (TLS)
+server {
+		## General
+		server_name						bin.int.inferencium.net;
+		listen							443 ssl;
+#    	listen							[::]:443 ssl;
+		http2							on;
+	
+		## Location
+		location / {
+				root /srv/www/bin;
+		}
+
+		# Security
+		ssl_certificate					/etc/ssl/nginx/inferencium-int/fullchain.pem;
+		ssl_certificate_key				/etc/ssl/nginx/inferencium-int/privkey.pem;
+		ssl_protocols					TLSv1.3;
+		ssl_early_data					off;
+		ssl_ciphers						"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+		ssl_conf_command				Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+		ssl_conf_command				Options PrioritizeChaCha;
+		ssl_prefer_server_ciphers		on;
+		ssl_ecdh_curve					x25519:secp256r1;
+		ssl_stapling					on;
+		ssl_stapling_verify				on;
+#       add_header						Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+        add_header						Referrer-Policy no-referrer;
+        add_header						Strict-Transport-Security "max-age=126200000; always";
+        add_header						X-Content-Type-Options nosniff;
+        add_header						X-Frame-Options "DENY";
+		add_header						Set-Cookie "Path=/;Secure;HttpOnly";
+		ignore_invalid_headers			on;
+}