| 1234567891011121314151617181920 |
- {$DOMAIN} {
- # TLS — use Let's Encrypt staging for initial testing
- tls {$TLS_EMAIL} {
- ca https://acme-staging-v02.api.letsencrypt.org/directory
- }
- # Security headers
- header {
- Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://image.tmdb.org; connect-src 'self' wss://{$DOMAIN}; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
- X-Frame-Options "DENY"
- X-Content-Type-Options "nosniff"
- Referrer-Policy "strict-origin-when-cross-origin"
- Strict-Transport-Security "max-age=86400; includeSubDomains"
- Permissions-Policy "camera=(), microphone=(), geolocation=(), interest-cohort=()"
- -Server
- }
- # Reverse proxy to Next.js app
- reverse_proxy app:3000
- }
|