diff --git a/nginx/default.conf b/nginx/default.conf index 51468f3..ffcc557 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -1,11 +1,64 @@ +include mime.types + +types { + text/markdown md; +} + + +map $http_accept $file_suffix { + default "html"; + ~*pdf "pdf"; + ~*md "md"; + ~*markdown "md"; + ~*html "html"; + ~*gemini "gmi"; +} + server { listen 80; server_name localhost; - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; + + add_header X-Content-Type-Options "nosniff" always; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self' https://commento.jonathanh.co.uk; script-src https://commento.jonathanh.co.uk; connect-src ws://commento.jonathanh.co.uk https://commento.jonathanh.co.uk;" always; + add_header Referrer-Policy "no-referrer" always; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=(), interest-cohort=()" always; + add_header x-card "curl -L jn.hn/card" always; + server_tokens off; location / { + # Result of change from .html to / + rewrite ^/tag/zsh.html$ /tag/zsh/ permanent; + rewrite ^/tag/fzf.html$ /tag/fzf/ permanent; + rewrite ^/tag/mutt.html$ /tag/mutt/ permanent; + rewrite ^/tag/security.html$ /tag/security/ permanent; + rewrite ^/tag/firefox.html$ /tag/firefox/ permanent; + rewrite ^/tag/security_advice.html$ /tag/security/ permanent; + rewrite ^/tag/linux.html$ /tag/linux/ permanent; + rewrite ^/tag/websites.html$ /tag/websites/ permanent; + rewrite ^/tag/pentesting.html$ /tag/pentesting/ permanent; + rewrite ^/tag/vim.html$ /tag/vim/ permanent; + rewrite ^/tag/home_assistant.html$ /tag/home_assistant/ permanent; + rewrite ^/blog/freelance-business-security.html$ /blog/freelance-business-security/ permanent; + rewrite ^/blog/wordpress-username-enumeration.html$ /blog/wordpress-username-enumeration/ permanent; + rewrite ^/blog/mutt-setup.html$ /blog/mutt-setup/ permanent; + rewrite ^/blog/building-a-zsh-prompt.html$ /blog/building-a-zsh-prompt/ permanent; + rewrite ^/blog/exchange-mutt.html$ /blog/exchange-mutt/ permanent; + rewrite ^/blog/fuzzy-search-hashcat-modes.html$ /blog/fuzzy-search-hashcat-modes/ permanent; + rewrite ^/blog/tools-that-make-my-life-easier.html$ /blog/tools-that-make-my-life-easier/ permanent; + rewrite ^/blog/outlook-mutt.html$ /blog/outlook-mutt/ permanent; + rewrite ^/blog/upgrading-reverse-shells.html$ /blog/upgrading-reverse-shells/ permanent; + rewrite ^/blog/current-word-completion.html$ /blog/current-word-completion/ permanent; + rewrite ^/blog/keyboard-driven-firefox.html$ /blog/keyboard-driven-firefox/ permanent; + rewrite ^/blog/why-i-made-the-switch-to-zsh.html$ /blog/why-i-made-the-switch-to-zsh/ permanent; + rewrite ^/blog/starting-out-with-homeassistant.html$ /blog/starting-out-with-homeassistant/ permanent; + rewrite ^/blog/the-switch-to-zsh.html$ /blog/the-switch-to-zsh/ permanent; + rewrite ^/blog/xss-through-referer-header.html$ /blog/xss-through-referer-header/ permanent; + rewrite ^/blog/my-setup-jan-2021.html$ /blog/my-setup-jan-2021/ permanent; + rewrite ^/blog/writing-prose-in-vim.html$ /blog/writing-prose-in-vim/ permanent; + + rewrite ^/tag/security_advice/?$ /tag/security/ permanent; + root /usr/share/nginx/html; index index.html index.htm; }