relayd.conf (1286B)
1 ipv4="46.23.90.207" 2 ipv6="2a03:6000:6f64:604::207" 3 table <httpd> { 127.0.0.1 } 4 http protocol https { 5 tls { no tlsv1.0, tlsv1.1, ciphers "ECDHE+AESGCM:ECDHE+CHACHA20:!aNULL:!MD5:!DSS" } 6 tls keypair s1.dalliard.ch 7 tls keypair mx.dalliard.ch 8 9 match response header set "Strict-Transport-Security" \ 10 value "max-age=63072000; includeSubDomains" 11 match response header set "X-Content-Type-Options" value "nosniff" 12 match response header set "X-Frame-Options" value "deny" 13 match response header set "Referrer-Policy" value "no-referrer" 14 match response header set "Content-Security-Policy" value \ 15 "default-src 'self'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'" 16 match response header set "Permissions-Policy" value \ 17 "geolocation=(), microphone=(), camera=()" 18 19 match request url "dalliard.ch/.well-known/lnurlp/" tag "cors" 20 match request url "dalliard.ch/.well-known/nostr.json" tag "cors" 21 match request url "dalliard.ch/.well-known/openpgpkey/" tag "cors" 22 match response tagged "cors" header set "Access-Control-Allow-Origin" \ 23 value "*" 24 } 25 relay wwwtls4 { 26 listen on $ipv4 port https tls 27 protocol https 28 forward to <httpd> port https 29 } 30 relay wwwtls6 { 31 listen on $ipv6 port https tls 32 protocol https 33 forward to <httpd> port https 34 }