34 lines
812 B
Nix
34 lines
812 B
Nix
{ ... }:
|
|
{
|
|
services.nginx.virtualHosts."element.nekover.se" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 80;
|
|
}
|
|
{
|
|
addr = "localhost";
|
|
port = 8443;
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}
|
|
];
|
|
locations."/" = {
|
|
proxyPass = "http://element.vs.grzb.de";
|
|
recommendedProxySettings = false;
|
|
extraConfig = ''
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
extraConfig = ''
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "frame-ancestors 'none'";
|
|
'';
|
|
};
|
|
}
|