user nginx; worker_processes 1; daemon off; error_log /dev/stderr warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /dev/stdout main; sendfile on; #tcp_nopush on; keepalive_timeout 30; gzip on; gzip_vary on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript; proxy_cache_path /tmp/cache levels=1:2 keys_zone=s3_cache:10m max_size=512m inactive=60m use_temp_path=off; server { listen 80; root /opt/webroot; add_header Pragma public; add_header Cache-Control "public"; # Recommendations from securityheaders.io add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "default-src 'none';"; # Recommendations from hstspreload.org add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; # Recommendations from observatory.mozilla.org add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; # Redirects for services rewrite ^/\+$ https://google.com/+KnutAhlers redirect; rewrite ^/500px$ https://500px.com/luziferus redirect; rewrite ^/bitbucket$ https://bitbucket.org/luzifer redirect; rewrite ^/blog$ https://ahlers.me/blog/ redirect; rewrite ^/cv$ https://ahlers.me/static/cv.pdf redirect; rewrite ^/delicious$ https://del.icio.us/luzifer redirect; rewrite ^/doodle$ https://doodle.com/knut-ahlers redirect; rewrite ^/duolingo$ https://www.duolingo.com/Luziferus redirect; rewrite ^/facebook$ https://www.facebook.com/knut.ahlers redirect; rewrite ^/fitbit$ https://www.fitbit.com/user/289K54 redirect; rewrite ^/flickr$ https://www.flickr.com/photos/knut-ahlers/ redirect; rewrite ^/flinc$ https://www.flinc.org/users/41310 redirect; rewrite ^/foursquare$ https://de.foursquare.com/luzifer redirect; rewrite ^/geocaching$ https://www.geocaching.com/profile/?guid=620d30bc-8aa6-463e-8a8c-d1644917753f redirect; rewrite ^/github$ https://github.com/luzifer redirect; rewrite ^/goodreads$ https://www.goodreads.com/user/show/7413346-knut redirect; rewrite ^/instagram$ https://www.instagram.com/luziferus/ redirect; rewrite ^/lastfm$ https://www.last.fm/de/user/Luziferus redirect; rewrite ^/linkedin$ https://www.linkedin.com/in/knutahlers redirect; rewrite ^/postcrossing$ https://www.postcrossing.com/user/luziferus redirect; rewrite ^/steam$ https://steamcommunity.com/id/luziferus redirect; rewrite ^/trakt$ https://trakt.tv/users/luzifer redirect; rewrite ^/twitter$ https://www.twitter.com/luzifer redirect; rewrite ^/twitch$ https://www.twitch.tv/luziferus redirect; rewrite ^/wishlist$ https://www.amazon.de/gp/registry/A9MBI81ZSO7Q redirect; rewrite ^/yelp$ https://luzifer.yelp.de/ redirect; rewrite ^/youtube$ https://www.youtube.com/user/knutahlers redirect; # Catch-all: Everything not (yet) defined goes to my own page rewrite ^.*$ https://ahlers.me/ redirect; } }