From cbeb576a8a120d2eebc6365a22302e907499230d Mon Sep 17 00:00:00 2001
From: noah <noah@theschricks.com>
Date: Sat, 22 Jul 2023 11:58:49 -0500
Subject: [PATCH] Audiobookshelf

---
 audiobookshelf/readmore.theschricks.com.conf | 59 ++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 audiobookshelf/readmore.theschricks.com.conf

diff --git a/audiobookshelf/readmore.theschricks.com.conf b/audiobookshelf/readmore.theschricks.com.conf
new file mode 100644
index 0000000..17f8be0
--- /dev/null
+++ b/audiobookshelf/readmore.theschricks.com.conf
@@ -0,0 +1,59 @@
+server {
+	server_name readmore.theschricks.com;
+
+	location / { 
+		proxy_pass http://192.168.50.2:13378;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	    proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Forwarded-Host $http_host;
+		proxy_set_header X-Real-IP $remote_addr;
+	    proxy_set_header Host $host;
+	    proxy_set_header Upgrade $http_upgrade;
+	    proxy_set_header Connection $connection_upgrade;
+	}
+
+	#client_max_body_size 50m;
+
+   	listen [::]:443 ssl; # managed by Certbot
+   	listen 443 ssl; # managed by Certbot
+   	ssl_certificate /etc/letsencrypt/live/readmore.theschricks.com/fullchain.pem; # managed by Certbot
+   	ssl_certificate_key /etc/letsencrypt/live/readmore.theschricks.com/privkey.pem; # managed by Certbot
+    	
+	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+   	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+   	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Content-Type-Options nosniff;
+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+	add_header X-Robots-Tag none;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header Referrer-Policy "strict-origin";
+	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+
+	# CSP
+	# breaks mobile:
+	#add_header Content-Security-Policy "default-src 'none'; font-src https://fonts.gstatic.com; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'";
+	add_header Content-Security-Policy "frame-ancestors 'self'";
+
+   	# OCSP stapling
+   	ssl_stapling on;
+   	ssl_stapling_verify on;
+}
+
+#HTTP
+server { 
+	listen 80;
+	listen [::]:80;
+	server_name readmore.theschricks.com www.readmore.theschricks.com;
+	return 301 https://$host$request_uri;
+}
+
+#Redirect www
+#server {
+#	listen 443 ssl;
+#	listen [::]:443 ssl;
+#	server_name www.readmore.theschricks.com;
+#	return 301 https://$host$request_uri;
+#}
+