Last active
March 3, 2022 03:59
-
-
Save glenn-sorrentino/6e9649287fc6886127c20420ef32b1a2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# If you're using Nginx you can find your server settings here: /etc/nginx/sites-enabled/default | |
# Thanks to @_mig5 for your help! | |
server { | |
root /var/www/html/website; # ADD YOUR SITE'S FOLDER LOCATION | |
server_name website.com www.website.com; # YOUR URLS | |
# THIS IS ALL MANAGED BY CERTBOT | |
listen [::]:443 ssl; # managed by Certbot | |
listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
# ADD THESE HEADERS FOR YOUR PUBLIC SITE | |
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; | |
add_header X-Frame-Options DENY; | |
add_header X-Content-Type-Options nosniff; | |
add_header Onion-Location http://YourOnionSite.onion$request_uri; # REPLACE WITH YOUR ONION ADDRESS | |
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'none'; form-action 'none'"; | |
add_header Permissions-Policy "geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=(), interest-cohort=()"; | |
add_header Referrer-Policy "no-referrer"; | |
add_header X-XSS-Protection "1; mode=block"; | |
} | |
server { | |
server_name YourOnionSite.onion; # REPLACE WITH YOUR ONION ADDRESS | |
access_log /var/log/nginx/hs-my-website.log; | |
index index.html; | |
root /var/www/html/website; # ADD YOUR SITE'S FOLDER LOCATION | |
# ADD THESE FOR YOUR ONION SITE | |
add_header X-Frame-Options DENY; | |
add_header X-Content-Type-Options nosniff; | |
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'none'; form-action 'none'"; | |
add_header Permissions-Policy "geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=(), interest-cohort=()"; | |
add_header Referrer-Policy "no-referrer"; | |
add_header X-XSS-Protection "1; mode=block"; | |
} | |
server { | |
listen 80; | |
server_name website.com www.website.com; # YOUR URLS | |
return 301 https://website.com$request_uri; # YOUR HTTPS REDIRECT | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment