server { listen 80; server_name domain_goes_here; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; root wwwpath_goes_here; server_name domain_goes_here; ssl_certificate /etc/letsencrypt/live/domain_goes_here/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain_goes_here/privkey.pem; error_log /var/log/gpigeon.log; index index.html index.htm; location = / { return 301 https://$server_name/cgi-bin/gpigeon.cgi; } location = /cgi-bin/gpigeon.cgi { ssi off; gzip off; fastcgi_pass unix:/run/fcgiwrap.sock; include /etc/nginx/fastcgi_params; } location ~ ^/cgi-bin/l/(.*).cgi$ { ssi off; gzip off; fastcgi_pass unix:/run/fcgiwrap.sock; include /etc/nginx/fastcgi_params; } add_header Strict-Transport-Security "max-age=63072000; preload"; add_header Content-Security-Policy "default-src 'self'"; add_header X-Frame-Options DENY; add_header Access-Control-Allow-Origin https://$server_name; add_header Vary Origin; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#cors_and_caching }