{% extends "core.j2" %} {% block location %} ## LOCATIONS # ROOT LOCATION location / { proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ item.upstream_port}}; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; {% if item.secure_cookie is defined %} proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; {% endif %} {% if item.root_custom_headers is defined %} {% for header in item.root_custom_headers %} {% if header.secure_site is defined %} add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy {{ item.referrer | default('no-referrer') }}; {% if header.header_sameorigin is defined %} add_header X-Frame-Options "SAMEORIGIN"; {% endif %} {% endif %} {% if header.nginx_HSTS_policy is defined %} add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; {% endif %} {% if header.referrer is defined %} add_header Referrer-Policy no-referrer; {% endif %} {% if header.csp is defined %} add_header Content-Security-Policy "{{ header.csp }}"; {% endif %} {% if header.cto is defined %} {% if header.cto == 'none' %} {% else %} add_header X-Content-Type-Options {{ header.cto }}; {% endif %} {% else %} add_header X-Content-Type-Options nosniff; {% endif %} {%if header.xss is defined %} {% if header.xss == 'none' %} {% else %} add_header X-XSS-Protection "{{ header.xss }}"; {% endif %} {% else %} add_header X-XSS-Protection "1; mode=block"; {% endif %} {% if header.robots is defined %} add_header X-Robots-Tag "{{ header.robots }}"; {% else %} add_header X-Robots-Tag none; {% endif %} {% endfor %} {% endif %} } {% if item.favicon is defined %} location /favicon.ico { alias {{ item.favicon }}; expires 30d; access_log off; log_not_found off; } {% endif %} {% if item.extra_locations is defined %} # EXTRA LOCATIONS {% for locations in item.extra_locations %} location {{ locations.name }} { proxy_pass {{ locations.upstream_proto }}://{{ locations.upstream_name }}:{{ locations.upstream_port}}; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; {% if item.secure_cookie is defined %} proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; {% endif %} {% if locations.headers is defined %} {% for item in locations.headers %} {% if item.secure_site is defined %} add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy {{ item.referrer | default('no-referrer') }}; {% if item.header_sameorigin is defined %} add_header X-Frame-Options "SAMEORIGIN"; {% endif %} {% endif %} {% if item.nginx_HSTS_policy is defined %} add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; {% endif %} {% if item.referrer is defined %} add_header Referrer-Policy no-referrer; {% endif %} {% if item.csp is defined %} add_header Content-Security-Policy "{{ item.csp }}"; {% endif %} {% if item.cto is defined %} {% if item.cto == 'none' %} {% else %} add_header X-Content-Type-Options {{ item.cto }}; {% endif %} {% else %} add_header X-Content-Type-Options nosniff; {% endif %} {%if item.xss is defined %} {% if item.xss == 'none' %} {% else %} add_header X-XSS-Protection "{{ item.xss }}"; {% endif %} {% else %} add_header X-XSS-Protection "1; mode=block"; {% endif %} {% if item.robots is defined %} add_header X-Robots-Tag "{{ item.robots }}"; {% else %} add_header X-Robots-Tag none; {% endif %} {% endfor %} {% endif %} } {% endfor %} {% endif %} {% endblock %} ```