diff options
Diffstat (limited to 'nginx.conf')
-rw-r--r-- | nginx.conf | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..ff71ccc --- /dev/null +++ b/nginx.conf @@ -0,0 +1,58 @@ +server { + listen 0.0.0.0:80; + listen [::]:80; + server_name .teletekst.xn--jha.ga; + return 301 https://teletekst.xn--jha.ga$request_uri; + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/teletekst.xn--jha.ga/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/teletekst.xn--jha.ga/privkey.pem; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=604800"; + index index.html; + server_name .teletekst.xn--jha.ga; + root /var/www/teletekst.xn--jha.ga; + location / { + set $cors ''; + set $both_conditions ""; + add_header "x-debug-location-gse" "triggered"; + if ($http_origin ~ \.?xn--jha\.ga$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + set $both_conditions "${both_conditions}D"; + } + if ($both_conditions = PD) { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Max-Age' -1; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + try_files $uri $uri/ @backend; + } + location @backend { + proxy_pass https://localhost:27443; + proxy_set_header Host teletext.rtvslo.si; + proxy_set_header Referer https://teletext.rtvslo.si/; + proxy_set_header X-Forwarded-For $remote_addr; + } +} |