include mime.types

types {
    text/markdown   md;
}


map $http_accept $file_suffix {
    default   "html";
    ~*pdf  "pdf";
    ~*md  "md";
    ~*markdown  "md";
    ~*html  "html";
    ~*gemini "gmi";
}

server {
    listen       80;
    server_name  localhost;


    add_header X-Content-Type-Options "nosniff" always;
    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self' https://commento.jonathanh.co.uk; script-src https://commento.jonathanh.co.uk; connect-src ws://commento.jonathanh.co.uk https://commento.jonathanh.co.uk;" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=(), interest-cohort=()" always;
    add_header x-card "curl -L jn.hn/card" always;
    server_tokens off;

    location / {
		# Result of change from .html to /
        rewrite ^/tag/zsh.html$ /tag/zsh/ permanent;
        rewrite ^/tag/fzf.html$ /tag/fzf/ permanent;
        rewrite ^/tag/mutt.html$ /tag/mutt/ permanent;
        rewrite ^/tag/security.html$ /tag/security/ permanent;
        rewrite ^/tag/firefox.html$ /tag/firefox/ permanent;
        rewrite ^/tag/security_advice.html$ /tag/security/ permanent;
        rewrite ^/tag/linux.html$ /tag/linux/ permanent;
        rewrite ^/tag/websites.html$ /tag/websites/ permanent;
        rewrite ^/tag/pentesting.html$ /tag/pentesting/ permanent;
        rewrite ^/tag/vim.html$ /tag/vim/ permanent;
        rewrite ^/tag/home_assistant.html$ /tag/home_assistant/ permanent;
        rewrite ^/blog/freelance-business-security.html$ /blog/freelance-business-security/ permanent;
        rewrite ^/blog/wordpress-username-enumeration.html$ /blog/wordpress-username-enumeration/ permanent;
        rewrite ^/blog/mutt-setup.html$ /blog/mutt-setup/ permanent;
        rewrite ^/blog/building-a-zsh-prompt.html$ /blog/building-a-zsh-prompt/ permanent;
        rewrite ^/blog/exchange-mutt.html$ /blog/exchange-mutt/ permanent;
        rewrite ^/blog/fuzzy-search-hashcat-modes.html$ /blog/fuzzy-search-hashcat-modes/ permanent;
        rewrite ^/blog/tools-that-make-my-life-easier.html$ /blog/tools-that-make-my-life-easier/ permanent;
        rewrite ^/blog/outlook-mutt.html$ /blog/outlook-mutt/ permanent;
        rewrite ^/blog/upgrading-reverse-shells.html$ /blog/upgrading-reverse-shells/ permanent;
        rewrite ^/blog/current-word-completion.html$ /blog/current-word-completion/ permanent;
        rewrite ^/blog/keyboard-driven-firefox.html$ /blog/keyboard-driven-firefox/ permanent;
        rewrite ^/blog/why-i-made-the-switch-to-zsh.html$ /blog/why-i-made-the-switch-to-zsh/ permanent;
        rewrite ^/blog/starting-out-with-homeassistant.html$ /blog/starting-out-with-homeassistant/ permanent;
        rewrite ^/blog/the-switch-to-zsh.html$ /blog/the-switch-to-zsh/ permanent;
        rewrite ^/blog/xss-through-referer-header.html$ /blog/xss-through-referer-header/ permanent;
        rewrite ^/blog/my-setup-jan-2021.html$ /blog/my-setup-jan-2021/ permanent;
        rewrite ^/blog/writing-prose-in-vim.html$ /blog/writing-prose-in-vim/ permanent;

        rewrite ^/tag/security_advice/?$ /tag/security/ permanent;

        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /assets {
        alias  /usr/share/nginx/assets;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}