diff options
| author | seth <[email protected]> | 2023-05-14 13:47:33 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-14 13:47:33 -0400 |
| commit | 58e8d3946d4f5420d288f72508bd444b929df8bb (patch) | |
| tree | 49d58fcf71428019a0ecf2a3332e9eb5b8f58aab /hosts/p-body/nginx.nix | |
| parent | 7a85a11d9718739c35e898dbddb46241a4ba48e3 (diff) | |
p-body: start forgejo instance
Diffstat (limited to 'hosts/p-body/nginx.nix')
| -rw-r--r-- | hosts/p-body/nginx.nix | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix index 58b471c..775bd05 100644 --- a/hosts/p-body/nginx.nix +++ b/hosts/p-body/nginx.nix @@ -15,36 +15,14 @@ in { services.nginx = { enable = true; + additionalModules = [pkgs.nginxModules.fancyindex]; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - commonHttpConfig = '' - - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # Enable XSS protection of the browser. - # May be unnecessary when CSP is configured properly (see above) - add_header X-XSS-Protection "1; mode=block"; - ''; + statusPage = true; virtualHosts = let mkProxy = endpoint: port: { @@ -80,6 +58,13 @@ in { locations = mkProxy "/" "8080"; }; + + "git.${domain}" = { + enableACME = true; + serverAliases = ["www.git.${domain}"]; + + locations = mkProxy "/" "3000"; + }; }; }; } |