56 lines
1.2 KiB
Plaintext
56 lines
1.2 KiB
Plaintext
## $krdsh_* are defined in conf.d/http-krd.sh.conf
|
|
|
|
server {
|
|
server_name .krd.sh;
|
|
|
|
include snip.d/listen-http;
|
|
include snip.d/listen-https;
|
|
include snip.d/ssl-krd.sh;
|
|
|
|
log_not_found off;
|
|
access_log off;
|
|
|
|
root /var/www/empty;
|
|
|
|
include snip.d/deny-dotfiles;
|
|
include snip.d/empty-favicon;
|
|
|
|
include snip.d/http-security-headers;
|
|
|
|
default_type text/plain;
|
|
keepalive_timeout 0;
|
|
|
|
proxy_hide_header Vary;
|
|
# proxy_redirect off;
|
|
|
|
# include snip.d/proxy-common-headers;
|
|
# include snip.d/proxy-accept-encoding;
|
|
# include snip.d/proxy-connection-upgrade;
|
|
# include snip.d/proxy-early-data;
|
|
|
|
proxy_ssl_name $krdsh_self_proxy_host;
|
|
proxy_set_header Host $krdsh_self_proxy_host;
|
|
|
|
location / {
|
|
if ($krdsh_is_ssl) {
|
|
return 200;
|
|
}
|
|
|
|
if ($krdsh_need_ssl) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
if ($krdsh_nossl_misuse) {
|
|
return 301 https://$krdsh_nossl_realhost$request_uri;
|
|
}
|
|
|
|
if ($krdsh_need_redirect) {
|
|
return 301 $krdsh_redirector;
|
|
}
|
|
|
|
if ($krdsh_need_proxy) {
|
|
proxy_pass $krdsh_self_proxy_uri;
|
|
}
|
|
}
|
|
}
|