hacklab/resetea.net
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
resetea.net/infra/nginx-resetea.conf
hacklab 467820b8b3 feat: rediseño visual completo — slider, dark theme, hero unificado 
- Dark theme en index (class=page-dark): fondo #1a1714, títulos ácido, botones nav crema
- Hero-landing con gradiente animado ácido→caoba aplicado a los 7 htmls
- Slider 3 slides (crossfade CSS + JS): crowd-phones / surveillance / legal-action
- Imágenes descargadas localmente (CSP img-src 'self')
- Botón RESETEA hero: verde ácido, fuente Recion, tipografía grande centrada
- Cards de estudios con enlaces a fuente original
- CSP ampliada: img-src añade cdn.simpleicons.org para chips de redes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-26 23:34:41 +02:00

55 lines
2.2 KiB
Text
Raw Blame History

# Rate limiting: 20 req/s por IP para /api/, burst de 40
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=20r/s;
# HTTP -> HTTPS
server {
listen 80;
listen [::]:80;
server_name resetea.net;
return 301 https://$host$request_uri;
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name resetea.net;
server_tokens off;
root /var/www/resetea.net/public;
index index.html;
ssl_certificate /etc/letsencrypt/live/resetea.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/resetea.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# ── Security headers (todos los paths) ───────────────────────────
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=(), usb=(), interest-cohort=()" always;
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://cdn.simpleicons.org; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
# ── Proxy al backend Node.js ──────────────────────────────────────
location /api/ {
limit_req zone=api_limit burst=40 nodelay;
proxy_pass http://127.0.0.1:8787;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 15s;
proxy_connect_timeout 5s;
proxy_hide_header X-Powered-By;
}
location / {
try_files $uri $uri/ =404;
}
}
Reference in a new issue View git blame Copy permalink