nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  off;

    server_tokens off;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    # Fix server_names_hash_bucket_size for Tor address
    server_names_hash_bucket_size 128;

    map $sent_http_content_type $expires {
    	default                    off;
    	text/html                  epoch;
    	text/css                   max;
    	application/javascript     max;
    	~image/                    max;
    }

    server {
        listen 0.0.0.0:80;
        server_name silentpayments.xyz;

        if ($request_method !~ ^(GET|HEAD|POST)$ ) {
            return 444;
        }

        # Enable compression for all types of files
        gzip_static  always;
        gzip_proxied expired no-cache no-store private auth;
        gunzip       on;

        # Enable client-side caching
        expires $expires;

        root /usr/share/nginx/html/public/; #Absolute path to where your hugo site is
        index index.html; # Hugo generates HTML

        # Block site from being framed with X-Frame-Options and CSP
        add_header Content-Security-Policy "frame-ancestors 'none'; frame-src 'self'; default-src 'none'; manifest-src 'self'; media-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' https://gist.github.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com; form-action; base-uri 'none'; font-src 'self'; connect-src 'self'";
        add_header X-Frame-Options "DENY";

        # Security headers
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection "1; mode=block";

        # Privacy headers
        add_header Referrer-Policy "no-referrer-when-downgrade";
        add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), speaker=(), usb=(), vibrate=(), sync-xhr=(), interest-cohort=()";

        location / {
                try_files $uri $uri/ =404;
        }
    }
}