update: file "website" "9.0.0.11" > "10.0.0-beta.1"

2025-06-29 02:01:00 +00:00 · 2025-06-29 02:01:00 +00:00 · ee99648216
commit ee99648216
parent dffbc47141
1 changed files with 47 additions and 53 deletions
--- a/xb-00-01/nginx/website.conf
+++ b/xb-00-01/nginx/website.conf
@ -1,17 +1,19 @@
-# Inferencium - xb000-0
+# Inferencium - xb-00-01
 # Nginx - Configuration - Website
+# Version: 10.0.0-beta.1

 # Copyright 2022 Jake Winters
 # SPDX-License-Identifier: BSD-3-Clause

-# Version: 9.0.0.11
-

 # Server (unencrypted)
+## Redirect from this server block to an encrypted server block if TLS is required
 server {
 		# General
-		server_name    inferencium.net;
+		server_name								inferencium.net www.inferencium.net;
+		## IPv4
 		listen									80;
+		## IPv6
 		listen									[::]:80;

 		# Location
@ -20,19 +22,22 @@ server {
 		}
 }

+
 # Server (TLS)
 server {
 		# General
 		server_name								inferencium.net;
+		## IPv4
 		listen									443 ssl http2;
+		## IPv6
 		listen									[::]:443 ssl http2;

 		# Location
 		location / {
 				root							/srv/www/inferencium;
-				index index.html;
-				try_files $uri.html $uri $uri/ =404;
-				rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
+				index							index.xhtml;
+				try_files						$uri.xhtml $uri $uri/ =404;
+				rewrite							^(/.*)\.xhtml(\?.*)?$ $1$2 permanent;
 				rewrite							^/(.*)/$ /$1 permanent;
 		}

@ -45,18 +50,16 @@ server {
 		ssl_conf_command Ciphersuites			"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
 		ssl_conf_command Options				PrioritizeChaCha;
 		ssl_prefer_server_ciphers				on;
-        ssl_ecdh_curve X25519;
+		ssl_ecdh_curve							X25519:secp256r1;
 		ssl_stapling							on;
 		ssl_stapling_verify						on;
 		ssl_session_timeout						1d;
 		ssl_session_cache						shared:MozSSL:10m;
 		ssl_session_cache						shared:ssl_session_cache:10m;
 		ssl_session_tickets						off;
-        add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
-        add_header X-Frame-Options "DENY";
-        add_header X-Content-Type-Options nosniff;
-        add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
-        add_header Referrer-Policy no-referrer;
+
+		## Headers
+		include									/etc/nginx/include/header-security.conf;

 		client_max_body_size					16m;
 		ignore_invalid_headers					off;
@ -68,12 +71,3 @@ server {
 		proxy_set_header X-Forwarded-For		$proxy_add_x_forwarded_for;
 }

-# MIME types
-types {
-		text/html					html;
-		text/css					css;
-		text/xml					xml;
-		text/plain					txt;
-		image/png					png;
-		image/jpeg					jpg;
-}