This repository has been archived by the owner on Jun 10, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
nginx.conf
60 lines (51 loc) · 2.11 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
daemon off;
error_log stderr;
worker_processes 2;
env FORCE_HTTPS;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
types_hash_max_size 2048;
server {
location / {
# landing page redirects to london
rewrite ^(/|/index.html)?$ /london-2017/ permanent;
# generic code of conduct, newsletter redirects to berlin
rewrite ^/(code-of-conduct|newsletter)(/)?(index.html)?$ /london-2017/ permanent;
if ($http_x_forwarded_proto != "https") {
set_by_lua $force_https 'return os.getenv("FORCE_HTTPS")';
}
if ($force_https) {
rewrite ^(.*)$ https://$host$1 permanent;
}
root "/usr/share/nginx/html/";
autoindex on;
index index.html;
}
# service worker.js always needs to be fresh
location = worker\.js {
expires off;
}
location ~* \.(?:css|gif|ico|jpe?g|js|png|svg|ttf|woff2?)$ {
expires max;
add_header Cache-Control "public";
}
location ~* \.(woff2)$ {
types {font/woff2 woff2;}
}
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; form-action 'self' https://www.mozilla.org; connect-src 'self' https://www.mozilla.org https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://air.mozilla.org https://www.google.com/maps/; child-src 'self' https://air.mozilla.org https://www.google.com/maps/ ";
error_page 404 /404.html;
}
server {
server_name www.viewsourceconf.org;
rewrite ^(.*)$ https://viewsourceconf.org$1 permanent;
}
}