diff --git a/docker-compose.yml b/docker-compose.yml index 7d8da39ca..01d57301e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: - "./:/rDrama" - "./nginx.conf:/etc/nginx/sites-enabled/1" - "./nginx-serve-static.conf:/etc/nginx/includes/serve-static" + - "./nginx-headers.conf:/etc/nginx/includes/headers" links: - "redis" - "postgres" diff --git a/nginx-headers.conf b/nginx-headers.conf new file mode 100644 index 000000000..d69a5f5ce --- /dev/null +++ b/nginx-headers.conf @@ -0,0 +1,5 @@ +add_header Referrer-Policy "same-origin"; +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; +add_header X-Frame-Options "deny"; +add_header X-Content-Type-Options "nosniff"; +add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com rdrama.net; connect-src 'self' tls-use1.fpapi.io api.fpjs.io; object-src 'none';"; diff --git a/nginx-serve-static.conf b/nginx-serve-static.conf index c0da036a6..5d690b13c 100644 --- a/nginx-serve-static.conf +++ b/nginx-serve-static.conf @@ -1,12 +1,4 @@ -root /; -try_files $uri =404; -add_header 'Cache-Control' "public, max-age=3153600"; -add_header Referrer-Policy "same-origin"; -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; -add_header X-Frame-Options "deny"; -add_header X-Content-Type-Options "nosniff"; -add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io; object-src 'none';"; - +include includes/headers; sendfile on; sendfile_max_chunk 1m; tcp_nopush on; diff --git a/nginx.conf b/nginx.conf index 72fede1ad..26f21ee4e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,14 +1,10 @@ server { - server_name rdrama.net; + server_name localhost; client_max_body_size 100m; listen 80; listen [::]:80; proxy_set_header Host $http_host; - add_header Referrer-Policy "same-origin"; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - add_header X-Frame-Options "deny"; - add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com rdrama.net; connect-src 'self' tls-use1.fpapi.io api.fpjs.io; object-src 'none';"; + include includes/headers; location / { proxy_pass http://localhost:5000/; @@ -26,44 +22,50 @@ server { } location /images/ { + alias /images/; include includes/serve-static; } location /videos/ { + alias /videos/; include includes/serve-static; } location /audio/ { + alias /audio/; include includes/serve-static; } location /songs/ { + alias /songs/; include includes/serve-static; } location /asset_submissions/ { + alias /asset_submissions/; include includes/serve-static; } location /archives/ { + alias /archives/; include includes/serve-static; } location /assets/ { alias /rDrama/files/assets/; - add_header 'Cache-Control' "public, max-age=3153600"; + include includes/serve-static; } location /i/ { alias /rDrama/files/assets/images/; - add_header 'Cache-Control' "public, max-age=3153600"; + include includes/serve-static; } location /e/ { alias /rDrama/files/assets/images/emojis/; - add_header 'Cache-Control' "public, max-age=3153600"; + include includes/serve-static; } location =/robots.txt { alias /rDrama/files/assets/robots.txt; - add_header 'Cache-Control' "public, max-age=3153600"; + include includes/serve-static; } location =/icon.webp { alias /rDrama/files/assets/images/rDrama/icon.webp; - add_header 'Cache-Control' "public, max-age=3153600"; + include includes/serve-static; } error_page 502 = /502.html; diff --git a/ubuntu_setup.sh b/ubuntu_setup.sh index 55ebb8d8e..90dead8d7 100644 --- a/ubuntu_setup.sh +++ b/ubuntu_setup.sh @@ -27,6 +27,7 @@ rm /etc/nginx/sites-enabled/default mkdir /etc/nginx/includes cp nginx.conf /etc/nginx/sites-enabled/1 cp nginx-serve-static.conf /etc/nginx/includes/serve-static +cp nginx-headers.conf /etc/nginx/includes/headers /etc/init.d/nginx reload psql -U postgres -f schema.sql postgres