rskio/nginx/etc/conf.d/default.conf

server {
    listen       80;
    listen  [::]:80;
    server_name rskio.com;

    server_tokens off;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    add_header X-XSS-Protection "1; mode=block";

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    # rskio logging is handled via traefik
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /opt/share/mkdocs/html;
        index  index.html index.htm;
        limit_except GET HEAD POST { deny all; }
    }

    # rskio auth is handled via traefik
    #error_page  404              /404.html;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
        limit_except GET HEAD POST { deny all; }
    }
}