188 lines
5.2 KiB
Nginx Configuration File
188 lines
5.2 KiB
Nginx Configuration File
# vi: set ft=nginx ts=2 sw=2 sts=-1 sr noet si tw=0 fdm=manual:
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
# Copyright © 2022 Thorsten Schubert <tschubert@bafh.org>
|
|
|
|
worker_processes 1;
|
|
|
|
error_log stderr warn;
|
|
pid /tmp/nginx.pid;
|
|
|
|
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
proxy_temp_path /tmp/proxy_temp;
|
|
client_body_temp_path /tmp/client_temp;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log off;
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
reset_timedout_connection on;
|
|
keepalive_timeout 65;
|
|
|
|
open_file_cache max=1024 inactive=10s;
|
|
open_file_cache_valid 120s;
|
|
open_file_cache_min_uses 2;
|
|
open_file_cache_errors on;
|
|
|
|
#gzip on;
|
|
|
|
server_tokens off;
|
|
more_clear_headers 'Server';
|
|
|
|
# download request?
|
|
map "$path_fragment:$dl_fragment" $map_dl_fragment {
|
|
default 0;
|
|
"~^dl:[\S]+$" 1;
|
|
}
|
|
|
|
# custom filename?
|
|
map "$path_fragment:$dl_fragment" $file_name {
|
|
"~^dl:$" "$file_fragment";
|
|
"~^dl:[\S]+$" "$dl_fragment";
|
|
}
|
|
|
|
map "$path_fragment" $map_mime {
|
|
default 0;
|
|
"~^(txt|log|patch|raw|diff|awk|sh)$" 'text/plain';
|
|
"~^(bin|dat)$" 'application/octet-stream';
|
|
"~^(ogg|opus)$" 'audio/vorbis';
|
|
"~^avif$" 'image/avif';
|
|
"~^jpg$" 'image/jpg';
|
|
"~^gif$" 'image/gif';
|
|
"~^png$" 'image/png';
|
|
"~^pdf$" 'application/pdf';
|
|
"~^webp$" 'image/webp';
|
|
"~^svgz?$" 'image/svg+xml';
|
|
"~^json$" 'application/json';
|
|
"~^html?$" 'text/html';
|
|
"~^mp3$" 'audio/mpeg';
|
|
"~^aac$" 'audio/aac';
|
|
"~^mp4$" 'video/mp4';
|
|
"~^avi$" 'video/x-msvideo';
|
|
"~^mkv$" 'video/x-matroska';
|
|
"~^wav$" 'audio/x-wav';
|
|
"~^webm$" 'video/webm';
|
|
}
|
|
|
|
server {
|
|
listen 8080 default_server;
|
|
server_name _;
|
|
|
|
log_not_found off;
|
|
error_log stderr notice;
|
|
rewrite_log off;
|
|
|
|
access_log off;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
add_header Content-Security-Policy "default-src 'none'; img-src 'self'; frame-ancestors 'none'; block-all-mixed-content" always;
|
|
add_header Permissions-Policy interest-cohort=();
|
|
add_header Cross-Origin-Opener-Policy "same-origin" always;
|
|
add_header Cross-Origin-Embedder-Policy "require-corp" always;
|
|
add_header Expect-CT "enforce, max-age=63072000" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
error_page 403 /403.html;
|
|
error_page 404 /404.html;
|
|
|
|
if ($http_user_agent ~* (google|archive|bing|yahoo|yandex|teoma|trident|baidu) ) {
|
|
return 403;
|
|
}
|
|
|
|
set $path_fragment '';
|
|
set $dl_fragment '';
|
|
|
|
# $request_uri is url encoded
|
|
if ($uri ~* "^\/([\w\d\-_.]{1,16}\.?)\/([\w\d\.]{1,16})(?:\/([^\/&?#]+))?\/?$)" {
|
|
set $file_fragment $1;
|
|
set $path_fragment $2;
|
|
set $dl_fragment $3;
|
|
rewrite "^/([^\/]*)/([^\/]{1,16})(?:/.*)?$" /$1 last;
|
|
}
|
|
|
|
location ~ "^/40(3|4).html$" {
|
|
internal;
|
|
root /usr/share/nginx/error_pages;
|
|
add_header Content-Security-Policy "default-src 'none'; style-src-elem 'unsafe-inline'; img-src 'self'; frame-ancestors 'none'; block-all-mixed-content" always;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|
}
|
|
|
|
location /stub_status {
|
|
stub_status on;
|
|
allow 127.0.0.0/8;
|
|
allow ::1/128;
|
|
allow fe80::/10;
|
|
deny all;
|
|
}
|
|
|
|
location = / {}
|
|
|
|
location = /index.html {}
|
|
|
|
location ~ ^/.var/.*$ {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
root /var/lib/pasted;
|
|
|
|
etag off;
|
|
expires 1h;
|
|
disable_symlinks on;
|
|
autoindex off;
|
|
|
|
default_type 'text/plain';
|
|
|
|
include /etc/nginx/mime.types;
|
|
types {
|
|
text/plain md markdown;
|
|
text/plain css js xml;
|
|
text/plain sh bash zsh fish;
|
|
text/plain awk sed;
|
|
text/plain yaml yml;
|
|
text/plain pl py lua rb;
|
|
text/plain nim hs;
|
|
text/plain java kt;
|
|
text/plain c cpp cxx h hpp hxx;
|
|
text/plain go mod sum;
|
|
text/plain patch txt;
|
|
}
|
|
|
|
set $mtype $map_mime;
|
|
if ($mtype) {
|
|
more_set_headers "Content-Type: $mtype";
|
|
}
|
|
|
|
if ($path_fragment ~ '^(bin|dat)$') {
|
|
add_header Content-Disposition "attachment; filename=$file_fragment";
|
|
}
|
|
|
|
if ($map_dl_fragment) {
|
|
more_set_headers "Content-Type: application/octet-stream";
|
|
add_header Content-Disposition "attachment; filename=$file_name";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|