Disable logs and remove unused www redirection | Add HSTS header

_docker/Dockerfile

@@ -2,6 +2,6 @@ FROM nginx:1.17-alpine
 
 COPY ./public/ /usr/share/nginx/html/
 
-COPY ./_docker/default.conf ./_docker/redirect.conf /etc/nginx/conf.d/
+COPY ./_docker/default.conf /etc/nginx/conf.d/
 
 HEALTHCHECK CMD wget -O- http://127.0.0.1/status.txt | grep -q 'OK'

_docker/default.conf

@@ -13,16 +13,27 @@ map $sent_http_content_type $expires {
 
 proxy_cache_path  /tmp/nginx-cache  levels=1:2 keys_zone=STATIC:10m inactive=24h  max_size=1g;
 
+# Set HSTS if forwarded proto is https
+map $http_x_forwarded_proto $hsts_header {
+  default "";
+  https "max-age=31536000; includeSubDomains;";
+}
+
 server {
 
     root /usr/share/nginx/html;
     listen       80;
     server_name  saibotk.de;
 
+    access_log off;
+    error_log off;
+
     expires $expires;
     charset UTF-8;
 
     set_real_ip_from  172.16.0.0/12;
+
+    add_header Strict-Transport-Security $hsts_header;
     add_header X-Frame-Options "DENY";
     add_header Referrer-Policy "no-referrer";
     add_header Content-Security-Policy "default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'";
@@ -34,7 +45,7 @@ server {
     }
 
     location /rss {
-        rewrite ^/rss /feed.xml redirect;
+        rewrite ^/rss /posts/index.xml redirect;
     }
 
     rewrite ^/(.*)/$ /$1 redirect;

_docker/redirect.conf

@@ -1,7 +0,0 @@
-server {
-    listen       80;
-    server_name  www.saibotk.de;
-
-    return 301 https://saibotk.de$request_uri;
-}
-