enhance security via nginx static hosting

nginx/etc/conf.d/default.conf

@@ -0,0 +1,34 @@
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name rskio.com;
+
+    server_tokens off;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+    add_header X-XSS-Protection "1; mode=block";
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    # rskio logging is handled via traefik
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /opt/share/mkdocs/html;
+        index  index.html index.htm;
+        limit_except GET HEAD POST { deny all; }
+    }
+
+    # rskio auth is handled via traefik
+    #error_page  404              /404.html;
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+        limit_except GET HEAD POST { deny all; }
+    }
+}
+