knut.in/nginx.conf

user  nginx;
worker_processes  1;
daemon off;

error_log  /dev/stderr warn;
pid        /var/run/nginx.pid;


events {
  worker_connections  1024;
}


http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /dev/stdout main;

  sendfile        on;
  #tcp_nopush     on;

  keepalive_timeout  30;
  gzip      on;
  gzip_vary on;
  gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript
                    application/vnd.ms-fontobject application/x-font-ttf 
                    font/opentype image/svg+xml image/x-icon application/javascript;

  proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=512m
                    inactive=60m use_temp_path=off;

  server {
    listen 80;
    root /opt/webroot;

    add_header Pragma public;
    add_header Cache-Control "public";

    # Recommendations from securityheaders.io
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header Content-Security-Policy "default-src 'none';";

    # Recommendations from hstspreload.org
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

    # Recommendations from observatory.mozilla.org
    add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";

    # Redirects for services
    rewrite  ^/bitbucket$     https://bitbucket.org/luzifer                                                   redirect;
    rewrite  ^/blog$          https://ahlers.me/blog/                                                         redirect;
    rewrite  ^/discord$       https://discord.gg/umkmbGT                                                      redirect;
    rewrite  ^/doodle$        https://doodle.com/knut-ahlers                                                  redirect;
    rewrite  ^/duolingo$      https://www.duolingo.com/Luziferus                                              redirect;
    rewrite  ^/fitbit$        https://www.fitbit.com/user/289K54                                              redirect;
    rewrite  ^/foursquare$    https://foursquare.com/user/14115115                                            redirect;
    rewrite  ^/geocaching$    https://www.geocaching.com/profile/?guid=620d30bc-8aa6-463e-8a8c-d1644917753f   redirect;
    rewrite  ^/github$        https://github.com/luzifer                                                      redirect;
    rewrite  ^/instagram$     https://www.instagram.com/luziferus/                                            redirect;
    rewrite  ^/lastfm$        https://www.last.fm/de/user/Luziferus                                           redirect;
    rewrite  ^/linkedin$      https://www.linkedin.com/in/knutahlers                                          redirect;
    rewrite  ^/mastodon$      https://chaos.social/@luzifer                                                   redirect;
    rewrite  ^/postcrossing$  https://www.postcrossing.com/user/luziferus                                     redirect;
    rewrite  ^/spotify$       https://open.spotify.com/user/knutahlers                                        redirect;
    rewrite  ^/steam$         https://steamcommunity.com/id/luziferus                                         redirect;
    rewrite  ^/trakt$         https://trakt.tv/users/luzifer                                                  redirect;
    rewrite  ^/twitch$        https://www.twitch.tv/luziferus                                                 redirect;
    rewrite  ^/twitter$       https://www.twitter.com/luzifer                                                 redirect;
    rewrite  ^/wishlist$      https://www.amazon.de/gp/registry/A9MBI81ZSO7Q                                  redirect;
    rewrite  ^/youtube$       https://www.youtube.com/user/knutahlers                                         redirect;

    # Catch-all: Everything not (yet) defined goes to my own page
    rewrite ^.*$ https://ahlers.me/ redirect;
  }
}
Initial Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-02-19 12:11:10 +00:00			`user nginx;`
			`worker_processes 1;`
			`daemon off;`

			`error_log /dev/stderr warn;`
			`pid /var/run/nginx.pid;`


			`events {`
			`worker_connections 1024;`
			`}`


			`http {`
			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

			`log_format main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for"';`

			`access_log /dev/stdout main;`

			`sendfile on;`
			`#tcp_nopush on;`

			`keepalive_timeout 30;`
			`gzip on;`
			`gzip_vary on;`
			`gzip_types text/plain text/css application/json application/x-javascript`
			`text/xml application/xml application/xml+rss text/javascript`
			`application/vnd.ms-fontobject application/x-font-ttf`
			`font/opentype image/svg+xml image/x-icon application/javascript;`

			`proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=512m`
			`inactive=60m use_temp_path=off;`

			`server {`
			`listen 80;`
			`root /opt/webroot;`

			`add_header Pragma public;`
			`add_header Cache-Control "public";`

			`# Recommendations from securityheaders.io`
			`add_header X-Frame-Options "SAMEORIGIN";`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Content-Type-Options "nosniff";`
			`add_header Content-Security-Policy "default-src 'none';";`

			`# Recommendations from hstspreload.org`
			`add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";`

			`# Recommendations from observatory.mozilla.org`
			`add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";`

			`# Redirects for services`
Remove calendar, nobody cares Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-07-15 21:03:01 +00:00			`rewrite ^/bitbucket$ https://bitbucket.org/luzifer redirect;`
			`rewrite ^/blog$ https://ahlers.me/blog/ redirect;`
			`rewrite ^/discord$ https://discord.gg/umkmbGT redirect;`
			`rewrite ^/doodle$ https://doodle.com/knut-ahlers redirect;`
			`rewrite ^/duolingo$ https://www.duolingo.com/Luziferus redirect;`
			`rewrite ^/fitbit$ https://www.fitbit.com/user/289K54 redirect;`
			`rewrite ^/foursquare$ https://foursquare.com/user/14115115 redirect;`
			`rewrite ^/geocaching$ https://www.geocaching.com/profile/?guid=620d30bc-8aa6-463e-8a8c-d1644917753f redirect;`
			`rewrite ^/github$ https://github.com/luzifer redirect;`
			`rewrite ^/instagram$ https://www.instagram.com/luziferus/ redirect;`
			`rewrite ^/lastfm$ https://www.last.fm/de/user/Luziferus redirect;`
			`rewrite ^/linkedin$ https://www.linkedin.com/in/knutahlers redirect;`
			`rewrite ^/mastodon$ https://chaos.social/@luzifer redirect;`
			`rewrite ^/postcrossing$ https://www.postcrossing.com/user/luziferus redirect;`
			`rewrite ^/spotify$ https://open.spotify.com/user/knutahlers redirect;`
			`rewrite ^/steam$ https://steamcommunity.com/id/luziferus redirect;`
			`rewrite ^/trakt$ https://trakt.tv/users/luzifer redirect;`
			`rewrite ^/twitch$ https://www.twitch.tv/luziferus redirect;`
			`rewrite ^/twitter$ https://www.twitter.com/luzifer redirect;`
			`rewrite ^/wishlist$ https://www.amazon.de/gp/registry/A9MBI81ZSO7Q redirect;`
			`rewrite ^/youtube$ https://www.youtube.com/user/knutahlers redirect;`
Initial Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-02-19 12:11:10 +00:00
			`# Catch-all: Everything not (yet) defined goes to my own page`
			`rewrite ^.*$ https://ahlers.me/ redirect;`
			`}`
			`}`