From ee9964821618584c70fc1f53ae4f720974fd59ce Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sun, 29 Jun 2025 02:01:00 +0000
Subject: [PATCH] update: file "website" "9.0.0.11" > "10.0.0-beta.1"

---
 xb-00-01/nginx/website.conf | 100 +++++++++++++++++-------------------
 1 file changed, 47 insertions(+), 53 deletions(-)

diff --git a/xb-00-01/nginx/website.conf b/xb-00-01/nginx/website.conf
index 30174d8..cf8ec0a 100644
--- a/xb-00-01/nginx/website.conf
+++ b/xb-00-01/nginx/website.conf
@@ -1,79 +1,73 @@
-# Inferencium - xb000-0
+# Inferencium - xb-00-01
 # Nginx - Configuration - Website
+# Version: 10.0.0-beta.1
 
 # Copyright 2022 Jake Winters
 # SPDX-License-Identifier: BSD-3-Clause
 
-# Version: 9.0.0.11
-
 
 # Server (unencrypted)
+## Redirect from this server block to an encrypted server block if TLS is required
 server {
 		# General
-		server_name    inferencium.net;
-		listen         80;
-		listen         [::]:80;
+		server_name								inferencium.net www.inferencium.net;
+		## IPv4
+		listen									80;
+		## IPv6
+		listen									[::]:80;
 
 		# Location
 		location / {
-                    return	301 https://$server_name$request_uri;
+				return							301 https://$server_name$request_uri;
 		}
 }
 
+
 # Server (TLS)
 server {
-        # General
-        server_name inferencium.net;
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
+		# General
+		server_name								inferencium.net;
+		## IPv4
+		listen									443 ssl http2;
+		## IPv6
+		listen									[::]:443 ssl http2;
 
 		# Location
 		location / {
-				root /srv/www/inferencium;
-				index index.html;
-				try_files $uri.html $uri $uri/ =404;
-				rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-				rewrite ^/(.*)/$ /$1 permanent;
+				root							/srv/www/inferencium;
+				index							index.xhtml;
+				try_files						$uri.xhtml $uri $uri/ =404;
+				rewrite							^(/.*)\.xhtml(\?.*)?$ $1$2 permanent;
+				rewrite							^/(.*)/$ /$1 permanent;
 		}
 
-        # Security
-        ssl_trusted_certificate   /etc/letsencrypt/live/inferencium.net/chain.pem;
-        ssl_certificate           /etc/letsencrypt/live/inferencium.net/fullchain.pem;
-        ssl_certificate_key       /etc/letsencrypt/live/inferencium.net/privkey.pem;
-        ssl_protocols TLSv1.3;
-        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
-        ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
-		ssl_conf_command Options PrioritizeChaCha;
-        ssl_prefer_server_ciphers on;
-        ssl_ecdh_curve X25519;
-        ssl_stapling on;
-        ssl_stapling_verify on;
-		ssl_session_timeout 1d;
-        ssl_session_cache shared:MozSSL:10m;
-        ssl_session_cache shared:ssl_session_cache:10m;
-        ssl_session_tickets off;
-        add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
-        add_header X-Frame-Options "DENY";
-        add_header X-Content-Type-Options nosniff;
-        add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
-        add_header Referrer-Policy no-referrer;
+		# Security
+		ssl_trusted_certificate					/etc/letsencrypt/live/inferencium.net/chain.pem;
+		ssl_certificate							/etc/letsencrypt/live/inferencium.net/fullchain.pem;
+		ssl_certificate_key						/etc/letsencrypt/live/inferencium.net/privkey.pem;
+		ssl_protocols							TLSv1.3;
+		ssl_ciphers								"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+		ssl_conf_command Ciphersuites			"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+		ssl_conf_command Options				PrioritizeChaCha;
+		ssl_prefer_server_ciphers				on;
+		ssl_ecdh_curve							X25519:secp256r1;
+		ssl_stapling							on;
+		ssl_stapling_verify						on;
+		ssl_session_timeout						1d;
+		ssl_session_cache						shared:MozSSL:10m;
+		ssl_session_cache						shared:ssl_session_cache:10m;
+		ssl_session_tickets						off;
 
-        client_max_body_size 16m;
-        ignore_invalid_headers off;
+		## Headers
+		include									/etc/nginx/include/header-security.conf;
 
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		client_max_body_size					16m;
+		ignore_invalid_headers					off;
+
+		proxy_http_version						1.1;
+		proxy_set_header Upgrade				$http_upgrade;
+		proxy_set_header Connection				"upgrade";
+		proxy_set_header Host					$http_host;
+		proxy_set_header X-Forwarded-For		$proxy_add_x_forwarded_for;
 }
 
-# MIME types
-types {
-		text/html					html;
-		text/css					css;
-		text/xml					xml;
-		text/plain					txt;
-		image/png					png;
-		image/jpeg					jpg;
-}