upstream gateway { server 127.0.0.1:8081; } server { server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot listen 443 default_server ssl; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; proxy_pass_header Server; proxy_read_timeout 1800s; error_page 403 /403.html; location /403.html { root /var/www/html; allow all; } location /403.png { root /var/www/html; allow all; } location /400.html { root /var/www/html; allow all; } location /ipns { proxy_pass http://gateway; proxy_set_header Host unitoo.it; proxy_cache_bypass $http_upgrade; proxy_intercept_errors on; allow all; error_page 400 /400.html; } location /ipfs { proxy_pass http://gateway; proxy_set_header Host unitoo.it; proxy_cache_bypass $http_upgrade; proxy_intercept_errors on; allow all; error_page 400 /400.html; } location / { proxy_pass http://localhost:5001; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; deny all; # <- Deny other traffic } ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot include snippets/denylist.conf; } server { server_name *.ipfs.unitoo.it *.ipns.unitoo.it; listen 443 ssl; proxy_read_timeout 1800s; error_page 403 /403.html; location /403.html { root /var/www/html; allow all; } location /403.png { root /var/www/html; allow all; } location /400.html { root /var/www/html; allow all; } add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; include snippets/denylist.conf; location / { proxy_set_header Host $host; proxy_set_header X-Ipfs-Gateway-Prefix ""; proxy_pass http://gateway; } } server { server_name ipfs.unitoo.it ipns.unitoo.it; listen 80; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; proxy_pass_header Server; proxy_read_timeout 1800s; include snippets/denylist.conf; location ~ "^/(ipfs|ipns|api)(/|$)" { proxy_set_header Host unitoo.it; proxy_set_header X-Ipfs-Gateway-Prefix ""; proxy_pass http://gateway; } return 404; }