blob: 467d0e721cee7432b98b56fc17232c7dcf2f8d34 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
add_header X-Frame-Options 'SAMEORIGIN';
add_header 'Content-Security-Policy' "default-src 'none'; frame-src 'self'; style-src 'self'; img-src 'self'; script-src 'self'; script-src-attr 'unsafe-hashes' 'sha256-zJLaKD58+Visbr6gP9zwWCEzeRWj+Qh/gZy0x1nAPoY='; frame-ancestors 'self'; base-uri 'none'; form-action 'none';";
location = / {
include fastcgi_params;
fastcgi_cache libot_cache;
fastcgi_param WEBSITE_ROOT $cgi_root;
fastcgi_param NETWORK_HOST $network_host;
fastcgi_param NETWORK_INTERFACE $network_interface;
fastcgi_param SCRIPT_FILENAME $cgi_root/route/index;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
location /unpublished {
allow 192.168.1.1; # no snooping
deny all;
include fastcgi_params;
fastcgi_param WEBSITE_ROOT $cgi_root;
fastcgi_param NETWORK_HOST $network_host;
fastcgi_param NETWORK_INTERFACE $network_interface;
fastcgi_param UNPUBLISHED 'true';
fastcgi_param SCRIPT_FILENAME $cgi_root/route/index;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
location /sidebar {
include fastcgi_params;
fastcgi_cache libot_cache;
fastcgi_param WEBSITE_ROOT $cgi_root;
fastcgi_param NETWORK_HOST $network_host;
fastcgi_param NETWORK_INTERFACE $network_interface;
fastcgi_param SCRIPT_FILENAME $cgi_root/route/sidebar;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
location /img/ {
expires 1m;
try_files $uri =404;
}
location = /styles.css {
expires 1d;
try_files $uri =404;
}
location = /scripts.js {
expires 1d;
try_files $uri =404;
}
location ~ ^/get {
if ($http_user_agent ~ "Discordbot") { # to prevent the link embedding
return 403;
}
include fastcgi_params;
fastcgi_param WEBSITE_ROOT $cgi_root;
fastcgi_param NETWORK_HOST $network_host;
fastcgi_param NETWORK_INTERFACE $network_interface;
fastcgi_param SCRIPT_FILENAME $cgi_root/route/get;
fastcgi_pass unix:/run/fcgiwrap.socket;
}
location ~ /\.ht {
deny all;
}
|