From 4bdfe900c434bb41a801482b5037331c5d081b9f Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Mon, 31 Oct 2022 23:58:27 +0100
Subject: [PATCH] Update nginx config

---
 mkosi.extra/etc/nginx/inc/ht-onion.conf         | 2 --
 mkosi.extra/etc/nginx/inc/ht-tls.conf           | 2 --
 mkosi.extra/etc/nginx/inc/ht.conf               | 2 ++
 mkosi.extra/etc/nginx/nginx.conf                | 5 +++++
 mkosi.extra/etc/nginx/sites/default-server.conf | 6 ++++--
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/mkosi.extra/etc/nginx/inc/ht-onion.conf b/mkosi.extra/etc/nginx/inc/ht-onion.conf
index 10e43ca..a391ef7 100644
--- a/mkosi.extra/etc/nginx/inc/ht-onion.conf
+++ b/mkosi.extra/etc/nginx/inc/ht-onion.conf
@@ -1,3 +1 @@
-more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
-
 include inc/ht.conf;
diff --git a/mkosi.extra/etc/nginx/inc/ht-tls.conf b/mkosi.extra/etc/nginx/inc/ht-tls.conf
index 5fad6fd..52ebfbc 100644
--- a/mkosi.extra/etc/nginx/inc/ht-tls.conf
+++ b/mkosi.extra/etc/nginx/inc/ht-tls.conf
@@ -1,4 +1,2 @@
-more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
-
 include inc/ht.conf;
 include inc/tls.conf;
diff --git a/mkosi.extra/etc/nginx/inc/ht.conf b/mkosi.extra/etc/nginx/inc/ht.conf
index ea1b673..f418f2d 100644
--- a/mkosi.extra/etc/nginx/inc/ht.conf
+++ b/mkosi.extra/etc/nginx/inc/ht.conf
@@ -1,3 +1,5 @@
+more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';";
+
 location / {
 	index index.gmi index.md index.html;
 	try_files $uri $uri/ =404;
diff --git a/mkosi.extra/etc/nginx/nginx.conf b/mkosi.extra/etc/nginx/nginx.conf
index 86d3333..52edaf6 100644
--- a/mkosi.extra/etc/nginx/nginx.conf
+++ b/mkosi.extra/etc/nginx/nginx.conf
@@ -49,6 +49,11 @@ http {
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;
 
+	# OCSP Stapling
+	#ssl_stapling on;
+	#ssl_stapling_verify on;
+	#ssl_trusted_certificate /etc/letsencrypt/live/niver.test/chain.pem;
+
 	# Include other configuration
 	include sites/*.conf;
 	include /srv/niver/nginx/*.conf;
diff --git a/mkosi.extra/etc/nginx/sites/default-server.conf b/mkosi.extra/etc/nginx/sites/default-server.conf
index 2f24356..6ba8482 100644
--- a/mkosi.extra/etc/nginx/sites/default-server.conf
+++ b/mkosi.extra/etc/nginx/sites/default-server.conf
@@ -5,12 +5,14 @@ server {
 	ssl_certificate /etc/ssl/certs/niver.crt;
 	ssl_certificate_key /etc/ssl/private/niver.key;
 
-	root /srv/niver/php/errors;
+	ssl_stapling off;
+
+	root /srv/niver/errors;
 	try_files index.php index.html $uri $uri/;
 	index index.php index.html;
 
 	location / {
-		root /srv/niver/php/errors;
+		root /srv/niver/errors;
 		try_files /index.php =500;
 		index index.php;
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;