Skip to content

Instantly share code, notes, and snippets.

@SaphireLattice

SaphireLattice/saphire-vhost.nix Secret

Created October 28, 2022 21:10
Show Gist options
  • Save SaphireLattice/b24be3d37ea1daa67ef227ab459c09a2 to your computer and use it in GitHub Desktop.
Save SaphireLattice/b24be3d37ea1daa67ef227ab459c09a2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
saphire-vhost.nix
"saphi.re" = {
default = true;
http2 = true;
forceSSL = true;
enableACME = true;
root = "/srv/www/saphi.re/public";
locations."/index.html".extraConfig = ''
if ($http_accept ~* "application/(activity|ld|jrd)\+?json") {
rewrite ^/index.html /fediverse/person.json? last;
}
'';
locations."~* ^/(webfinger|fediverse)/.*\.json".extraConfig = ''
types { application/jrd+json json; }
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Content-Security-Policy "default-src 'none'" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control max-age=3600;
'';
locations."= /nodeinfo/2.0".extraConfig = ''
types { application/jrd+json json; }
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Content-Security-Policy "default-src 'none'" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control max-age=3600;
rewrite ^/nodeinfo/2.0 /fediverse/nodeinfo_2.0.json? last;
'';
locations."= /js/aluminum.js".extraConfig = ''
rewrite /js/aluminum.js /js/plausible.js break;
proxy_pass http://127.0.0.1:8512/js/plausible.js;
proxy_buffering on;
add_header X-Cache $upstream_cache_status;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Clacks-Overhead "GNU Terry Pratchett";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'";
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header Cache-Control max-age=3600;
'';
locations."= /api/event".extraConfig = ''
proxy_pass http://127.0.0.1:8512/api/event;
proxy_buffering on;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
'';
locations."= /twitter".extraConfig = ''
return 302 https://twitter.com/SaphireLattice;
'';
locations."= /fa".extraConfig = ''
return 302 https://www.furaffinity.net/user/saphirelattice/;
'';
extraConfig = ''
http2_push /main.css;
http2_push_preload on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Clacks-Overhead "GNU Terry Pratchett";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self' https://media.lunar.exchange https://i.imgur.com; connect-src 'self' https://media.lunar.exchange; object-src 'none'";
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header Cache-Control max-age=3600;
index index.html;
try_files $uri $uri/ $uri.html =404;
error_page 403 /403.html;
location = /403.html {
internal;
}
error_page 404 /404.html;
location = /404.html {
internal;
}
rewrite ^/freefall/[0-9]+/?$ /freefall/index.html last;
rewrite ^/\.well-known/webfinger /webfinger/$arg_resource.json? last;
rewrite ^/[eE][eE]+/?$ /ree.html last;
'';
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment