diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2024-10-19 23:54:16 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2024-10-20 02:11:03 +0200 |
commit | 10a3dd78d1bdefa063b349f1972b93bd7430db0d (patch) | |
tree | 8f0985c57b1d73116d426a7371f5bcbac1497055 /files/etc/nginx | |
parent | cb31aed3f469987b7993033228641761fad2e0f9 (diff) |
Adjust nginx config to serve compressed tiles.
Diffstat (limited to 'files/etc/nginx')
-rw-r--r-- | files/etc/nginx/sites-available/webmap | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/files/etc/nginx/sites-available/webmap b/files/etc/nginx/sites-available/webmap index 92809e2..6921c2c 100644 --- a/files/etc/nginx/sites-available/webmap +++ b/files/etc/nginx/sites-available/webmap @@ -45,36 +45,50 @@ server { ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key; include snippets/ssl.conf; + root /var/www/webmap; + index index.html; + add_header Referrer-Policy "no-referrer"; - add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; - add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'"; - - root /var/www/webmap; - index index.html; + add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'self'"; + #add_header Access-Control-Allow-Origin "*" always; location ^~ /assets/ { expires 7d; - gzip_static on; + brotli_static on; try_files $uri =404; } location ^~ /tiles/ { - expires 1d; + expires 8h; brotli_static on; try_files $uri =404; error_page 404 /_.txt; } + location = /tiles/metadata.json { + expires epoch; + brotli_static on; + try_files $uri =404; + } location = /_.txt { - # cache 404 responses + # cache 404 responses for 8h like for valid tiles add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; - add_header Cache-Control "public; max-age=86400" always; + add_header Cache-Control "public; max-age=28800" always; + #add_header Access-Control-Allow-Origin "*" always; internal; } location / { + add_header Referrer-Policy "no-referrer"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; + add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'"; + try_files $uri $uri/ =404; } } |