From 94a4fe16a19134b85adc2167d259ba35e90e3e32 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sun, 7 Apr 2024 19:44:49 +0000
Subject: [PATCH] Add system "xa000-1" configuration file "Nginx - Inferencium
 - Internal - Source" version "1.0.0-beta.1"

This configuration file is related to Inferencium's internal source code
server.
---
 xa000-1/nginx/inf-int-src.conf | 63 ++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 xa000-1/nginx/inf-int-src.conf

diff --git a/xa000-1/nginx/inf-int-src.conf b/xa000-1/nginx/inf-int-src.conf
new file mode 100644
index 0000000..44cbc2a
--- /dev/null
+++ b/xa000-1/nginx/inf-int-src.conf
@@ -0,0 +1,63 @@
+# Inferencium - xa000-1
+# Nginx - Configuration - Inferencium - Internal - Source
+# Version: 1.0.0-beta.1
+
+# Copyright 2023 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+# Redirect (unencrypted)
+server {
+
+	## General
+	server_name						src.int.inferencium.net;
+	listen							80;
+#	listen							[::]:80;
+
+	## Location
+	location / {
+		return						301 https://$host$request_uri;
+	}
+
+}
+
+
+# Server (TLS)
+server {
+
+	## General
+	server_name						src.int.inferencium.net;
+	listen							443 ssl;
+#	listen							[::]:443 ssl;
+	http2							on;
+
+	## Location
+	location / {
+		proxy_pass					http://unix:/run/gitea/gitea.sock;
+		proxy_set_header			Host $host;
+		proxy_set_header			X-Real-IP $remote_addr;
+		proxy_set_header			X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header			X-Forwarded-Proto $scheme;
+	}
+
+	## Security
+	ssl_certificate					/etc/ssl/nginx/inferencium-int/fullchain.pem;
+	ssl_certificate_key				/etc/ssl/nginx/inferencium-int/privkey.pem;
+	ssl_protocols					TLSv1.3;
+	ssl_early_data					off;
+	ssl_ciphers						"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+	ssl_conf_command				Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+	ssl_conf_command				Options PrioritizeChaCha;
+	ssl_prefer_server_ciphers		on;
+	ssl_ecdh_curve					x25519:secp256r1;
+	ssl_stapling					on;
+	ssl_stapling_verify				on;
+#	add_header						Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+	add_header						Referrer-Policy no-referrer;
+	add_header						Strict-Transport-Security "max-age=126200000; always";
+	add_header						X-Content-Type-Options nosniff;
+	add_header						X-Frame-Options "DENY";
+	add_header						Set-Cookie "Path=/;Secure;HttpOnly";
+	ignore_invalid_headers			on;
+
+}