Nginx

From Kicksecure

Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

/etc/tor/torrc[edit]

HiddenServiceDir /var/lib/tor-instances/onionv3/onionv3/
HiddenServiceVersion 3

## web
HiddenServicePort 80 127.0.0.1:70

/etc/nginx/conf.d/hsts[edit]

## HSTS settings

/etc/nginx/sites-available/00100.conf[edit]

## default_server, apex domain (non-subdomain) or invalid subdomain catch-all

## redirect plaintext clearnet non-subdomain to TLS non-subdomain
server {
   listen 80 default_server;
   listen [::]:80 default_server;
   return 301 https://kicksecure.com$request_uri;
}

## redirect TLS clearnet non-subdomain to TLS www subdomain
server {
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl http2 default_server;

   ssl_certificate /etc/letsencrypt/live/kicksecure.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/kicksecure.com/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/kicksecure.com/fullchain.pem;
   include /etc/nginx/conf.d/hsts;

   return 301 https://www.kicksecure.com$request_uri;
}

## redirect onion non-subdomain to www subdomain
server {
   listen 127.0.0.1:70;
   server_name w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion;

   return 301 http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion$request_uri;
}

/etc/nginx/sites-available/www.conf[edit]

## http clearnet port 80 unencrypted listener
server {
   listen 80;
   listen [::]:80;
   server_name www.kicksecure.com;
   return 301 https://www.kicksecure.com$request_uri;
}

## clearnet www
server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name www.kicksecure.com;

   ssl_certificate /etc/letsencrypt/live/kicksecure.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/kicksecure.com/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/kicksecure.com/fullchain.pem;
   include /etc/nginx/conf.d/hsts;

   more_set_headers "Onion-Location: http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion$request_uri";

   include /etc/nginx/conf.d/www;
}

## onion www
server {
   listen 127.0.0.1:70;
   server_name www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion;

   more_set_headers "X-Robots-Tag: noindex, nofollow";

   include /etc/nginx/conf.d/www;
}

/etc/nginx/conf.d/www[edit]

## actual nginx config shared among TLS and onion goes here


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.