files/etc/nginx/sites-available/webmap


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

server {
    listen 80;
    listen [::]:80;

    server_name karta.klimatanalysnorr.se hel01.guilhem.se;

    include /etc/lacme/nginx.conf;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443;
    listen [::]:443;

    server_name hel01.guilhem.se;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    ssl_certificate /etc/nginx/ssl/webmap.rsa.pem;
    ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key;
    include snippets/ssl.conf;

    location / {
        return 303 https://karta.klimatanalysnorr.se$request_uri;
    }
}

server {
    listen      443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    server_name karta.klimatanalysnorr.se;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    ssl_certificate /etc/nginx/ssl/webmap.rsa.pem;
    ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key;
    include snippets/ssl.conf;

    add_header Referrer-Policy "no-referrer";
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
    add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'";

    root /var/www/webmap;
    index index.html;

    location ^~ /assets/ {
        expires 7d;
        gzip_static on;
        try_files $uri =404;
    }
    location ^~ /tiles/ {
        expires 1d;
        gzip_static on;
        try_files $uri =404;
        error_page 404 /_.txt;
    }

    location = /_.txt {
        # cache 404 responses
        add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
        add_header Cache-Control "public; max-age=86400" always;
        internal;
    }

    location / {
        try_files $uri $uri/ =404;
    }
}