pyrox.dev
1{ lib, ... }:
2{
3 services.nginx = {
4 enable = true;
5 additionalModules = [ ];
6 recommendedOptimisation = true;
7 recommendedTlsSettings = true;
8 recommendedGzipSettings = true;
9 recommendedProxySettings = true;
10 virtualHosts = lib.mkForce { };
11 streamConfig = ''
12 server {
13 listen 34197 udp;
14 proxy_pass 100.123.15.72:34197;
15 proxy_responses 0;
16 }
17 '';
18 appendHttpConfig = ''
19 # Add X-Frame-Options to prevent clickjacking
20 add_header X-Frame-Options SAMEORIGIN;
21
22 # Prevent mime type sniffing
23 add_header X-Content-Type-Options nosniff;
24
25 # Never send Referer header
26 add_header Referrer-Policy no-referrer;
27
28 # Require CORS or CORP headers for cross-origin resources
29 add_header Cross-Origin-Embedder-Policy require-corp;
30
31 # Keep our own Browsing Context Group
32 add_header Cross-Origin-Opener-Policy same-origin;
33
34 # Sites that require CORP will not load my assets
35 add_header Cross-Origin-Resource-Policy same-origin;
36 '';
37 };
38}