-
-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathnginx.conf
161 lines (133 loc) · 4.9 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#
# Configuration for feross.org
#
# Redirect http://feross.org and http://www.feross.org to canonical
server {
listen 50.116.11.184:80;
server_name feross.org www.feross.org;
rewrite ^ https://feross.org$request_uri permanent;
include /home/feross/config/nginx/_server.include;
}
# Redirect alternate domain names to canonical
server {
listen 50.116.11.184:80;
server_name feross.io www.feross.io feross.co www.feross.co feross.me www.feross.me feross.us www.feross.us aboukhadijeh.com www.aboukhadijeh.com ferossaboukhadijeh.com www.ferossaboukhadijeh.com;
rewrite ^ https://feross.org$request_uri permanent;
include /home/feross/config/nginx/_server.include;
}
# Redirect https://www.feross.org to canonical
server {
listen 50.116.11.184:443 http2 ssl;
server_name www.feross.org;
rewrite ^ https://feross.org$request_uri permanent;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/feross.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/feross.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/feross.org/chain.pem;
include /home/feross/config/nginx/_server.include;
}
# Canonical URL: https://feross.org
server {
listen 50.116.11.184:443 http2 ssl;
server_name feross.org;
root /home/feross/www/feross.org/_site;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/feross.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/feross.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/feross.org/chain.pem;
error_page 404 /404/;
# Disable browser mime-type sniffing. Reduces exposure to drive-by download attacks when
# serving user uploaded content.
add_header X-Content-Type-Options nosniff;
# Prevent framing
add_header X-Frame-Options SAMEORIGIN;
# Enable browser XSS filtering. Usually enabled by default, but this header re-enables it
# if it was disabled by the user, and asks the the browser to prevent rendering of the
# page if an attack is detected.
add_header X-XSS-Protection '1; mode=block';
# Use HTTP Strict Transport Security
# Lasts 2 years, incl. subdomains, allow browser preload list
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
# For emails where an extra period might be added to the end of url
rewrite ^/resume(\.|/\.)$ /resume/ permanent;
rewrite ^/cal(\.|/\.)$ /cal/ permanent;
rewrite ^/call(\.|/\.)$ /call/ permanent;
rewrite ^/call2(\.|/\.)$ /call2/ permanent;
rewrite ^/meet(\.|/\.)$ /meet/ permanent;
rewrite ^/meet2(\.|/\.)$ /meet2/ permanent;
rewrite ^/meeting(\.|/\.)$ /meeting/ permanent;
rewrite ^/meeting2(\.|/\.)$ /meeting2/ permanent;
rewrite ^/consult(\.|/\.)$ /consult/ permanent;
rewrite ^/opensource/?$ /thanks/ permanent;
# Pass requests through to view server
location /views {
proxy_pass http://127.0.0.1:7020;
include /home/feross/config/nginx/_proxy.include;
}
# Show index page in /hacks
location /hacks {
autoindex on;
}
# Redirect to PeerCDN website archive
location ~ ^/peercdn/?$ {
rewrite ^ https://web.archive.org/web/20150810065820/https://peercdn.com/ permanent;
}
# Redirect to calendar schedule page
location ~ ^/cal/?$ {
rewrite ^ https://calendly.com/ferossity permanent;
}
location ~ ^/call/?$ {
rewrite ^ https://calendly.com/ferossity/call permanent;
}
location ~ ^/call2/?$ {
rewrite ^ https://calendly.com/ferossity/call2 permanent;
}
location ~ ^/meet/?$ {
rewrite ^ https://calendly.com/ferossity/meet permanent;
}
location ~ ^/meet2/?$ {
rewrite ^ https://calendly.com/ferossity/meet2 permanent;
}
location ~ ^/meeting/?$ {
rewrite ^ https://calendly.com/ferossity/meeting permanent;
}
location ~ ^/meeting2/?$ {
rewrite ^ https://calendly.com/ferossity/meeting2 permanent;
}
location ~ ^/work/?$ {
rewrite ^ https://calendly.com/ferossity/work permanent;
}
location ~ ^/work2/?$ {
rewrite ^ https://calendly.com/ferossity/work2 permanent;
}
# Try to serve static files
try_files $uri $uri/ =404;
include /home/feross/config/nginx/_server.include;
}
#
# Configuration for feross.feross.org
# For https://feross.org/how-many-ferosss-can-fit-in-one-url/
#
# Redirect http://feross.feross.org to canonical
server {
listen 50.116.11.184:80;
server_name feross.feross.org;
rewrite ^ https://feross.feross.org$request_uri permanent;
}
# Canonical URL: https://feross.feross.org
server {
listen 50.116.11.184:443 http2 ssl;
server_name feross.feross.org;
root /home/feross/www/feross.org/_site/hacks/feross.feross.org;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/feross.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/feross.org/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/feross.org/chain.pem;
types {
text/html feross htm html shtml;
}
# Try to serve static files
try_files $uri $uri/ =404;
}