user nginx; worker_processes 1; daemon off; error_log /dev/stderr warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /dev/stdout main; sendfile on; #tcp_nopush on; keepalive_timeout 30; gzip on; gzip_vary on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript; proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=512m inactive=60m use_temp_path=off; server { listen 80; root /opt/webroot; add_header Pragma public; add_header Cache-Control "public"; # Recommendations from securityheaders.io add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "default-src 'none';"; # Recommendations from hstspreload.org add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; # Recommendations from observatory.mozilla.org add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; # Redirects for services rewrite ^/bitbucket$ https://bitbucket.org/luzifer redirect; rewrite ^/blog$ https://ahlers.me/blog/ redirect; rewrite ^/calendar$ https://calendar.google.com/calendar/embed?src=knut@ahlers.me&ctz=Europe/Berlin&mode=WEEK&wkst=2 redirect; rewrite ^/discord$ https://discord.gg/umkmbGT redirect; rewrite ^/doodle$ https://doodle.com/knut-ahlers redirect; rewrite ^/duolingo$ https://www.duolingo.com/Luziferus redirect; rewrite ^/fitbit$ https://www.fitbit.com/user/289K54 redirect; rewrite ^/foursquare$ https://foursquare.com/user/14115115 redirect; rewrite ^/geocaching$ https://www.geocaching.com/profile/?guid=620d30bc-8aa6-463e-8a8c-d1644917753f redirect; rewrite ^/github$ https://github.com/luzifer redirect; rewrite ^/instagram$ https://www.instagram.com/luziferus/ redirect; rewrite ^/lastfm$ https://www.last.fm/de/user/Luziferus redirect; rewrite ^/linkedin$ https://www.linkedin.com/in/knutahlers redirect; rewrite ^/mastodon$ https://chaos.social/@luzifer redirect; rewrite ^/postcrossing$ https://www.postcrossing.com/user/luziferus redirect; rewrite ^/spotify$ https://open.spotify.com/user/knutahlers redirect; rewrite ^/steam$ https://steamcommunity.com/id/luziferus redirect; rewrite ^/trakt$ https://trakt.tv/users/luzifer redirect; rewrite ^/twitch$ https://www.twitch.tv/luziferus redirect; rewrite ^/twitter$ https://www.twitter.com/luzifer redirect; rewrite ^/wishlist$ https://www.amazon.de/gp/registry/A9MBI81ZSO7Q redirect; rewrite ^/youtube$ https://www.youtube.com/user/knutahlers redirect; # Catch-all: Everything not (yet) defined goes to my own page rewrite ^.*$ https://ahlers.me/ redirect; } }