diff --git a/nginx/conf.d/ri.zzls.xyz.conf b/nginx/conf.d/ri.zzls.xyz.conf index 5c035df..c366935 100644 --- a/nginx/conf.d/ri.zzls.xyz.conf +++ b/nginx/conf.d/ri.zzls.xyz.conf @@ -16,9 +16,10 @@ server { } +# TOR server { - listen 80; - server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion; + listen 10040; + server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion; location / { proxy_pass http://rimgo; diff --git a/nginx/conf.d/search.zzls.xyz.conf b/nginx/conf.d/search.zzls.xyz.conf index b89c16f..93d1901 100644 --- a/nginx/conf.d/search.zzls.xyz.conf +++ b/nginx/conf.d/search.zzls.xyz.conf @@ -1,6 +1,6 @@ server { server_name search.zzls.xyz search.nadeko.net; - #include configs/general.conf; + include configs/general.conf; location @socket { uwsgi_pass searxng; @@ -27,7 +27,7 @@ server { } # Onion Service Header - # add_header Onion-Location http://searxdr3pqz4nydgnqocsia2xbywptxbkympa2emn7zlgggrir4bkfad.onion$request_uri; + add_header Onion-Location http://search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion$request_uri; # QUIC include configs/http3.conf; @@ -35,11 +35,40 @@ server { # CSP + Security Headers add_header Permissions-Policy "interest-cohort=()" always; add_header Strict-Transport-Security "max-age=63072000; preload" always; - #add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always; + add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always; listen 443 ssl; http2 on; +} + +server { + listen 10040; + server_name search.nadekonfkhwlxwwk4ycbvq42zvcjmvo5iakl4tajojjwxd4a5dcetuyd.onion; + include configs/general.conf; + + location @socket { + uwsgi_pass searxng; + include uwsgi_params; + uwsgi_param HTTP_HOST $host; + uwsgi_param HTTP_CONNECTION $http_connection; + # see flaskfix.py + uwsgi_param HTTP_X_SCHEME $scheme; + #uwsgi_param HTTP_X_SCRIPT_NAME /searxng; + # see limiter.py + uwsgi_param HTTP_X_REAL_IP $remote_addr; + uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for; + } + + location / { + try_files $uri @socket; + } + + # CSP + Security Headers + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=63072000; preload" always; + add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/tiekoetter/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://www.youtube-nocookie.com https://invidious.tiekoetter.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com/" always; + } server { set $x "";