2024-06-14 07:14:42 +00:00
|
|
|
# Security
|
|
|
|
|
server_tokens off;
|
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
|
add_header Referrer-Policy "no-referrer" always;
|
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
|
|
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
|
|
|
|
# CSP breaks some webapps
|
|
|
|
|
# add_header Content-Security-Policy "default-src 'self';" always;
|
|
|
|
|
|
|
|
|
|
# http2
|
|
|
|
|
http2 on;
|
|
|
|
|
|
|
|
|
|
# http3
|
|
|
|
|
# Open port 443/udp to use http3
|
|
|
|
|
# Add reuseport to ONLY ONE virtual host: listen 443 quic reuseport;
|
2025-01-09 14:29:34 +00:00
|
|
|
# listen 443 quic;
|
2024-06-14 07:14:42 +00:00
|
|
|
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
|
|
|
quic_retry on;
|
2025-01-09 14:29:34 +00:00
|
|
|
quic_gso on;
|
|
|
|
|
# quic_bpf on;
|
|
|
|
|
http3_stream_buffer_size 512k;
|
2024-06-14 07:14:42 +00:00
|
|
|
http3 on;
|
|
|
|
|
|
|
|
|
|
# Certbot defaults
|
2025-01-09 14:29:34 +00:00
|
|
|
# listen 443 ssl;
|
|
|
|
|
# include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
|
|
|
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
