From 2fcd2ddc5766efb6b19112feadde27f54b6337f9 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Sun, 19 Feb 2017 13:11:10 +0100 Subject: [PATCH] Initial Signed-off-by: Knut Ahlers --- Dockerfile | 5 +++ nginx.conf | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 Dockerfile create mode 100644 nginx.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..da319d4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx + +ADD nginx.conf /src/nginx.conf + +ENTRYPOINT ["nginx", "-c", "/src/nginx.conf"] diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..ab1e8a8 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,92 @@ +user nginx; +worker_processes 1; +daemon off; + +error_log /dev/stderr warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 30; + gzip on; + gzip_vary on; + gzip_types text/plain text/css application/json application/x-javascript + text/xml application/xml application/xml+rss text/javascript + application/vnd.ms-fontobject application/x-font-ttf + font/opentype image/svg+xml image/x-icon application/javascript; + + proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=512m + inactive=60m use_temp_path=off; + + server { + listen 80; + root /opt/webroot; + + add_header Pragma public; + add_header Cache-Control "public"; + + # Recommendations from securityheaders.io + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src 'none';"; + + # Recommendations from hstspreload.org + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; + + # Recommendations from observatory.mozilla.org + add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; + + # Redirects for services + rewrite ^/\+$ https://google.com/+KnutAhlers redirect; + rewrite ^/500px$ http://500px.com/luziferus redirect; + rewrite ^/bitbucket$ https://bitbucket.org/luzifer redirect; + rewrite ^/blog$ https://blog.knut.me/ redirect; + rewrite ^/cv$ http://knut-ahlers.de/files/cv.pdf redirect; + rewrite ^/delicious$ http://delicious.com/luzifer redirect; + rewrite ^/doodle$ http://doodle.com/luzifer redirect; + rewrite ^/duolingo$ http://www.duolingo.com/Luziferus redirect; + rewrite ^/facebook$ https://www.facebook.com/knut.ahlers redirect; + rewrite ^/fitbit$ https://www.fitbit.com/user/289K54 redirect; + rewrite ^/flickr$ https://www.flickr.com/photos/knut-ahlers/ redirect; + rewrite ^/flinc$ https://www.flinc.org/users/41310 redirect; + rewrite ^/foursquare$ https://de.foursquare.com/luzifer redirect; + rewrite ^/geocaching$ http://www.geocaching.com/profile/?guid=620d30bc-8aa6-463e-8a8c-d1644917753f redirect; + rewrite ^/github$ http://github.com/luzifer redirect; + rewrite ^/goodreads$ http://www.goodreads.com/user/show/7413346-knut redirect; + rewrite ^/instagram$ http://instagram.com/luziferus redirect; + rewrite ^/lastfm$ http://www.lastfm.de/user/Luziferus redirect; + rewrite ^/linkedin$ http://de.linkedin.com/in/knutahlers redirect; + rewrite ^/picasa$ https://picasaweb.google.com/kahlers87 redirect; + rewrite ^/postcrossing$ http://www.postcrossing.com/user/luziferus redirect; + rewrite ^/steam$ http://steamcommunity.com/id/luziferus redirect; + rewrite ^/trakt$ http://trakt.tv/user/luzifer redirect; + rewrite ^/twitter$ http://www.twitter.com/luzifer redirect; + rewrite ^/twitch$ https://www.twitch.tv/luziferus redirect; + rewrite ^/wishlist$ http://www.amazon.de/gp/registry/A9MBI81ZSO7Q redirect; + rewrite ^/xing$ https://www.xing.com/profile/Knut_Ahlers redirect; + rewrite ^/yelp$ http://luzifer.yelp.de/ redirect; + rewrite ^/youtube$ http://www.youtube.com/user/knutahlers redirect; + + # Catch-all: Everything not (yet) defined goes to my own page + rewrite ^.*$ https://ahlers.me/ redirect; + } +} +