From 07a3d781377c8eb8a94dbb4b3c0c4cc56bc16e96 Mon Sep 17 00:00:00 2001
From: zino <marlon.maschkiwitz@4players.io>
Date: Sat, 9 Dec 2023 13:50:37 +0100
Subject: [PATCH] m

---
 docker-compose.yml                            |  3 +-
 volumes/conf.d/zinomedia.de.conf              | 42 +++++++++++++++++++
 volumes/snippets/wordpress-optimizations.conf | 19 +++++++++
 3 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 volumes/conf.d/zinomedia.de.conf
 create mode 100644 volumes/snippets/wordpress-optimizations.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index e13bb60..eb51235 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,7 +18,8 @@ services:
       - ./volumes/nginx.conf:/etc/nginx/nginx.conf
       - ./volumes/logs:/var/log/nginx
       - /etc/letsencrypt:/etc/letsencrypt
-      - /opt/docker/docker-wordpress-4netplayers/volumes/wordpress:/usr/share/nginx/html/4netplayers.zinomedia.de
+      - ../docker-wordpress-4netplayers/volumes/wordpress:/usr/share/nginx/html/4netplayers.zinomedia.de
+      - ../docker-wordpress-zinomedia/volumes/wordpress:/usr/share/nginx/html/zinomedia.de
 
 networks:
   web:
diff --git a/volumes/conf.d/zinomedia.de.conf b/volumes/conf.d/zinomedia.de.conf
new file mode 100644
index 0000000..ef7804c
--- /dev/null
+++ b/volumes/conf.d/zinomedia.de.conf
@@ -0,0 +1,42 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name zinomedia.de;
+
+    access_log off;
+    error_log /var/log/nginx/error.log error;
+
+    root /usr/share/nginx/html/zinomedia.de;
+    index index.php;
+
+    client_max_body_size 128m;
+
+    ssl_certificate /etc/letsencrypt/live/zinomedia.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/zinomedia.de/privkey.pem;
+
+    include "snippets/ssl-optimizations.conf";
+    include "snippets/wordpress-optimizations.conf";
+
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
+    location / {
+        resolver 127.0.0.11;
+        set $upstream "zinomedia-wordpress:80";
+
+        try_files $uri $uri/ /index.php?$args;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_pass http://$upstream;
+    }
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name zinomedia.de;
+    return 301 https://$host$request_uri;
+}
diff --git a/volumes/snippets/wordpress-optimizations.conf b/volumes/snippets/wordpress-optimizations.conf
new file mode 100644
index 0000000..3814a27
--- /dev/null
+++ b/volumes/snippets/wordpress-optimizations.conf
@@ -0,0 +1,19 @@
+location ~ /(\.user\.ini|debug\.log) {
+    deny all;
+}
+
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+
+location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+    expires max;
+    log_not_found off;
+}
\ No newline at end of file