server { # Server name, root and index server_name shoebottom.ca; # managed by Certbot root /home/isaac/www/shoebottom.ca; index index.html; # Listen on https listen [::]:443 ssl http2 ipv6only=on default_server; # managed by Certbot listen 443 ssl http2 default_server; # managed by Certbot # Listen for matrix port listen 8448 ssl http2; listen [::]:8448 ssl http2; # SSL configuration ssl_certificate /etc/letsencrypt/live/shoebottom.ca/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/shoebottom.ca/privkey.pem; # managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/shoebottom.ca/chain.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; # managed by Certbot ssl_stapling_verify on; # managed by Certbot # Security / HSTS Headers add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot # Security / XSS Mitigation Headers add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1"; add_header X-Content-Type-Options "nosniff"; # Disabled header for content security policy, because I want to load images and content from other sites # add_header Content-Security-Policy "default-src 'self' https://i.imgur.com;" always; # Disable merge slashes, non-standard and needed for matrix merge_slashes off; # Nginx defaults to only allow 1MB uploads client_max_body_size 20M; # Matrix subdirectory location /_matrix/ { proxy_pass http://127.0.0.1:6167$request_uri; proxy_set_header Host $http_host; proxy_buffering off; } # Music subdirectory location /music { autoindex on; sendfile on; alias /home/isaac/Media/Music; } # Movies subdirectory location /movies { autoindex on; sendfile on; alias /home/isaac/Media/Movies; } # TV subdirectory location /tv { autoindex on; sendfile on; alias /home/isaac/Media/TV; } # Anime subdirectory location /anime { autoindex on; sendfile on; alias /home/isaac/Media/Anime; } # File hosting subdirectory location /host { autoindex off; sendfile on; alias /home/isaac/Media/Host; } } server { # Redirect http to https if ($host = shoebottom.ca) { return 301 https://$host$request_uri; } # managed by Certbot # Listen on http, no ssl. Needed for certbot listen 80 default_server; listen [::]:80 default_server; server_name shoebottom.ca; # managed by Certbot root /home/isaac/www/shoebottom.ca; index index.html; }