transfer.sh/contrib/nginx/file.unsha.re.conf

server {
	listen 167.235.228.186:80;
	listen [2a01:4f8:c012:c7da::2]:80;
	server_name file.unsha.re;

	root /srv/http/virtual/unsha.re/htdocs/root;
	log_not_found off;
	access_log off;

	location /.well-known {
		alias /srv/http/virtual/unsha.re/htdocs/.well-known;
		try_files $uri =404;
	}

	location / {
		return 301 https://$host$request_uri;
	}
}

server {
	listen 167.235.228.186:443 ssl http2;
	listen [2a01:4f8:c012:c7da::2]:443 ssl http2;
	server_name file.unsha.re;

	ssl_certificate /etc/letsencrypt/live/unsha.re/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/unsha.re/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/unsha.re/chain.pem;

	log_not_found off;

	error_log stderr notice;
	rewrite_log off;

	access_log /srv/http/virtual/unsha.re/logs/nginx/access.log;
	root /usr/local/share/transfer/dist;

	index index.html;
	include globals/robots.conf;
	include globals/noindex.conf;
	include globals/floc.conf;

	add_header Cross-Origin-Opener-Policy "same-origin" always;
	add_header Cross-Origin-Embedder-Policy "require-corp" always;

	add_header Expect-CT "enforce, max-age=63072000" always;
	add_header X-XSS-Protection "1; mode=block" always;
	add_header X-Content-Type-Options "nosniff" always;

	location /.well-known {
		default_type "text/plain";
		alias /srv/http/virtual/unsha.re/htdocs/.well-known;
		try_files $uri =404;
	}

	location / {
		try_files $uri @proxy;
    # allow PUT on static files
		error_page 405 =200 @proxy;

		expires 1w;
		add_header Access-Control-Allow-Origin "https://file.unsha.re";
		add_header Cache-Control "public, immutable, no-transform";
		add_header Content-Security-Policy "default-src 'self'; font-src 'self' data:; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
		add_header Referrer-Policy "strict-origin-when-cross-origin";
		add_header Vary "Origin";
		add_header X-Content-Type-Options "nosniff";
		add_header X-Frame-Options "DENY";
		add_header X-Powered-By "nginx";
		add_header X-Xss-Protection "1; mode=block";
	}

	location @proxy {
		proxy_pass http://transfer;
	}

	include globals/error_pages.conf;
}