From 1655bbaf235ccd2f846a52a19126453345b2a375 Mon Sep 17 00:00:00 2001
From: r4sas <r4sas@i2pmail.org>
Date: Fri, 22 Jul 2022 16:16:59 +0000
Subject: [PATCH] add nginx example config

Signed-off-by: r4sas <r4sas@i2pmail.org>
---
 nginx/nginx-server.conf | 62 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 nginx/nginx-server.conf

diff --git a/nginx/nginx-server.conf b/nginx/nginx-server.conf
new file mode 100644
index 00000000..b9956316
--- /dev/null
+++ b/nginx/nginx-server.conf
@@ -0,0 +1,62 @@
+server {
+    listen              127.0.0.1:8080;
+    listen              127.0.0.1:8443 ssl http2;
+
+    access_log          /dev/null;
+    error_log           /dev/null;
+
+    ssl_certificate     /home/www/web.telegram.i2p/certs/web.telegram.i2p.crt;
+    ssl_certificate_key /home/www/web.telegram.i2p/certs/web.telegram.i2p.key;
+
+    ssl_stapling        off;
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    add_header          X-Frame-Options           'SAMEORIGIN';
+    add_header          X-Xss-Protection          '1; mode=block';
+    add_header          X-Content-Type-Options    'nosniff';
+
+    root                /home/www/web.telegram.i2p/public_html;
+    index               index.html;
+    charset             utf8;
+    port_in_redirect    off;
+
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy application/wasm;
+
+    location / {
+        try_files       $uri $uri/ /index.html;
+    }
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP $remote_addr;
+
+    location ~* ^/web/ {
+        rewrite ^/web/(.*)/(.*) /$2 break;
+        proxy_pass https://$1.web.telegram.org;
+        proxy_read_timeout 600s;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location ~* ^/([kz])ws(.*)/ {
+        rewrite ^/([kz])ws(.*)/(.*) /$3 break;
+        proxy_pass https://$1ws$2.web.telegram.org;
+        proxy_read_timeout 600s;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # Blocks required for websync
+    location ~* ^/telegram-me/ {
+        rewrite ^/telegram-me/(.*) /$1 break;
+        proxy_pass https://telegram.me;
+    }
+
+    location ~* ^/t-me/ {
+        rewrite ^/t-me/(.*) /$1 break;
+        proxy_pass https://t.me;
+    }
+}