events {} http { server { listen 80 backlog=16384; root /var/www/html; # security headers add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; add_header Permissions-Policy "interest-cohort=()" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location / { root /data; sendfile on; sendfile_max_chunk 128m; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; limit_except GET HEAD { deny all; } # autoindex on; default_type application/octet-stream; charset UTF-8; fancyindex on; fancyindex_exact_size off; # human readable file sizes } } }