#DO NOT CHANGE THIS FILE #Use as template and copy to /etc/nginx/vhosts.d/servername.conf #Reverse Proxy #See /etc/nginx/conf.d/default.conf for proxy servers server { server_name REPLACE_ONION_SITE; listen REPLACE_ONION_PORT; keepalive_timeout 75 75; access_log /data/logs/nginx/access.REPLACE_ONION_SITE.log; error_log /data/logs/nginx/error.REPLACE_ONION_SITE.log info; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; root REPLACE_ONION_WWW_DIR; index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; location / { root REPLACE_ONION_WWW_DIR; } location ^~ /favicon.ico { alias REPLACE_SERVER_WWW_DIR/favicon.ico; allow all; access_log off; log_not_found off; } location ^~ /robots.txt { default_type "text/plain"; alias REPLACE_SERVER_WWW_DIR/robots.txt; allow all; access_log off; log_not_found off; } location ^~ /.well-known { default_type "text/plain"; alias REPLACE_SERVER_WWW_DIR/.well-known; allow all; access_log off; log_not_found on; } location ^~ /.well-known/security.txt { default_type "text/plain"; alias REPLACE_SERVER_WWW_DIR/security.txt; allow all; access_log off; log_not_found off; } location ^~ /health { default_type "text/plain"; allow all; access_log off; return 200 'ok'; } location ^~ /health/txt { default_type "text/plain"; allow all; access_log off; return 200 'ok'; } location ^~ /health/json { default_type "application/json"; allow all; access_log off; return 200 '{"status":"OK"}'; } }