From 4376dc4e112e7ee4468a5d00a72d2363c5a4a69c Mon Sep 17 00:00:00 2001
From: xbdm <xbdm@xbdm.fun>
Date: Sat, 15 Jul 2023 19:24:46 +0000
Subject: [PATCH] Create backend-nginx.conf example

---
 nginx.conf | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 nginx.conf

diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..41f3aea
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,42 @@
+server {
+  server_name changethis;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    add_header strict_sni on;
+    add_header strict_sni_header on;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy upgrade-insecure-requests;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options "DENY";
+    add_header Clear-Site-Data "cookies";
+    add_header Referrer-Policy "no-referrer";
+    add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
+    resolver 1.1.1.1;
+
+    ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    access_log /dev/null;
+    error_log  /dev/null;
+
+   location / {
+   proxy_set_header X-Forwarded-For $remote_addr;
+   proxy_pass http://localhost:7100;
+        }
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name changethis;
+  return 301 https://changethis$request_uri;
+  }