server { listen 80; listen [::]:80; server_name karta.klimatanalysnorr.se hel01.guilhem.se; include /etc/lacme/nginx.conf; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; location / { return 301 https://$host$request_uri; } } server { listen 443; listen [::]:443; server_name hel01.guilhem.se; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; ssl_certificate /etc/nginx/ssl/webmap.rsa.pem; ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key; include snippets/ssl.conf; location / { return 303 https://karta.klimatanalysnorr.se$request_uri; } } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name karta.klimatanalysnorr.se; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; ssl_certificate /etc/nginx/ssl/webmap.rsa.pem; ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key; include snippets/ssl.conf; root /var/www/webmap; index index.html; add_header Referrer-Policy "no-referrer"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'self'"; #add_header Access-Control-Allow-Origin "*" always; location ^~ /assets/ { expires 7d; brotli_static on; try_files $uri =404; } location ^~ /tiles/ { expires 8h; brotli_static on; try_files $uri =404; error_page 404 /_.txt; } location = /tiles/metadata.json { expires epoch; brotli_static on; try_files $uri =404; } location = /_.txt { # cache 404 responses for 8h like for valid tiles add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; add_header Cache-Control "public; max-age=28800" always; #add_header Access-Control-Allow-Origin "*" always; internal; } location / { add_header Referrer-Policy "no-referrer"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always; add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'"; try_files $uri $uri/ =404; } }