Nginx-Configurations/http.d/rss.shad.moe

upstream freshrss {
	server 192.168.1.219:8080;
	keepalive 64;
}

server {
        listen 80;
        listen [::]:80;

        server_name rss.shad.moe www.rss.shad.moe;

        location / {
            return 301 https://$host$request_uri;
        }
}

server {
	server_name rss.shad.moe www.rss.shad.moe;
	listen 443 ssl;
        listen [::]:443 ssl;

        http2 on;

	ssl_certificate /etc/letsencrypt/live/rss.shad.moe/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/rss.shad.moe/privkey.pem;
        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
        ssl_session_tickets off;

        ssl_dhparam /etc/nginx/dhparam.txt;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
        ssl_prefer_server_ciphers off;

        add_header Strict-Transport-Security "max-age=63072000" always;

        include snippets/http-cat-error-pages.conf;

	location / {
		proxy_pass http://freshrss/;
		add_header X-Frame-Options SAMEORIGIN;
		add_header X-XSS-Protection "1; mode=block";
		proxy_redirect off;
		proxy_buffering off;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-Port $server_port;
		proxy_read_timeout 90;

		# Forward the Authorization header for the Google Reader API.
		proxy_set_header Authorization $http_authorization;
		proxy_pass_header Authorization;
	}
}
Initial Configuration 2024-11-04 11:09:00 -06:00			`upstream freshrss {`
			`server 192.168.1.219:8080;`
			`keepalive 64;`
			`}`

			`server {`
			`listen 80;`
			`listen [::]:80;`

			`server_name rss.shad.moe www.rss.shad.moe;`

			`location / {`
			`return 301 https://$host$request_uri;`
			`}`
			`}`

			`server {`
			`server_name rss.shad.moe www.rss.shad.moe;`
			`listen 443 ssl;`
			`listen [::]:443 ssl;`

			`http2 on;`

			`ssl_certificate /etc/letsencrypt/live/rss.shad.moe/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/rss.shad.moe/privkey.pem;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m; # about 40000 sessions`
			`ssl_session_tickets off;`

			`ssl_dhparam /etc/nginx/dhparam.txt;`

			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;`
			`ssl_prefer_server_ciphers off;`

			`add_header Strict-Transport-Security "max-age=63072000" always;`

			`include snippets/http-cat-error-pages.conf;`

			`location / {`
			`proxy_pass http://freshrss/;`
			`add_header X-Frame-Options SAMEORIGIN;`
			`add_header X-XSS-Protection "1; mode=block";`
			`proxy_redirect off;`
			`proxy_buffering off;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_read_timeout 90;`

			`# Forward the Authorization header for the Google Reader API.`
			`proxy_set_header Authorization $http_authorization;`
			`proxy_pass_header Authorization;`
			`}`
			`}`