# Inferencium - xb000-0 # Nginx - Configuration - Website # Copyright 2022-2023 Jake Winters # SPDX-License-Identifier: BSD-3-Clause-Clear # Version: 3.0.0.2 # Server (unencrypted) server { # General server_name inferencium.net; listen 80; listen [::]:80; # Location. location / { return 301 https://$server_name$request_uri; } } # Server (TLS) server { # General. server_name inferencium.net; listen 443 ssl http2; listen [::]:443 ssl http2; # Location. location / { root /srv/www/inferencium; index index.html; try_files $uri.html $uri $uri/ =404; rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; rewrite ^/(.*)/$ /$1 permanent; } # Security. ssl_trusted_certificate /etc/letsencrypt/live/inferencium.net/chain.pem; ssl_certificate /etc/letsencrypt/live/inferencium.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/inferencium.net/privkey.pem; ssl_protocols TLSv1.3; ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"; ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"; ssl_conf_command Options PrioritizeChaCha; ssl_prefer_server_ciphers on; # ssl_ecdh_curve secp256k1; ssl_stapling on; ssl_stapling_verify on; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_cache shared:ssl_session_cache:10m; ssl_session_tickets off; # add_header Strict-Transport-Security "max-age=157680000; includeSubDomains; preload" always; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; # add_header Content-Security-Policy "default-src 'self'"; add_header Referrer-Policy same-origin; client_max_body_size 16m; ignore_invalid_headers off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }