Stackio/nginx.conf at master · ShadowArcanist/Stackio · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
server {
    listen 8080;
    server_name stackio.shadowarcanist.com;

    # Disable server tokens to hide Nginx version information
    server_tokens off;

    # Add security headers
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Permissions-Policy "geolocation=(), microphone=()" always;

    # Disable directory listing globally
    autoindex off;

    # Block all dot paths with 404
    location ^~ /. {
        return 404;
    }

    location / {
        root /usr/share/nginx/html;
        index index.html;
        try_files $uri $uri/ /index.html;

        # Enable ETag for caching
        etag on;
    }

    # Custom error page
    error_page 404 /404/index.html;

    location = /404/index.html {
        root /usr/share/nginx/html;
        internal;
    }


    # Deny all HTTP methods except GET and HEAD
    if ($request_method !~ ^(GET|HEAD)$) {
        return 405;
    }
}