build: push tvapp v2 docker files

2026-06-04 06:45:41 -04:00 · 2025-02-20 13:10:51 -07:00
parent bee45668cc
commit 9e79e42d09
536 changed files with 142093 additions and 5531 deletions
--- a/root/defaults/nginx/ssl.conf.sample
+++ b/root/defaults/nginx/ssl.conf.sample
@@ -1,45 +1,67 @@
+
 # #
-#   @project        thetvapp-docker
-#   @about          Nginx site-configs default configuration file
-#   @file           /root/defaults/nginx/ssl.conf.sample
-#   @repo           https://github.com/Aetherinox/thetvapp-docker
-#   @generated      2024-11-30
+#   @project        tvapp2
+#   @usage          docker image which allows you to download a m3u playlist and EPG guide data for the
+#                   IPTV service TheTvApp.
+#   @file           nginx.conf.sample
+#   @repo           https://github.com/Aetherinox/docker-base-alpine
+#                   https://git.binaryninja.net/pub_projects/tvapp2
 # #

-### Mozilla Recommendations
-# generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7
+# #
+#   generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration
+#   https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7
+# #

-ssl_certificate /config/keys/cert.crt;
-ssl_certificate_key /config/keys/cert.key;
-ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
-ssl_session_tickets off;
+ssl_certificate             /config/keys/cert.crt;
+ssl_certificate_key         /config/keys/cert.key;
+ssl_session_timeout         1d;
+ssl_session_cache           shared:MozSSL:10m; # about 40000 sessions
+ssl_session_tickets         off;

-# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-ssl_dhparam /config/nginx/dhparams.pem;
+# #
+#   curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+# #

-# intermediate configuration
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-ssl_prefer_server_ciphers off;
+ssl_dhparam                 /config/nginx/dhparams.pem;

-# HSTS (ngx_http_headers_module is required) (63072000 seconds)
-#add_header Strict-Transport-Security "max-age=63072000" always;
+# #
+#   intermediate configuration
+# #

-# OCSP stapling
-#ssl_stapling on;
-#ssl_stapling_verify on;
+ssl_protocols               TLSv1.2 TLSv1.3;
+ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+ssl_prefer_server_ciphers   on;

-# verify chain of trust of OCSP response using Root CA and Intermediate certs
-#ssl_trusted_certificate /config/keys/cert.crt;
+# #
+#   OCSP stapling
+# #

-# Optional additional headers
-#add_header Cache-Control "no-transform" always;
-#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
-#add_header Permissions-Policy "interest-cohort=()" always;
-#add_header Referrer-Policy "same-origin" always;
-#add_header X-Content-Type-Options "nosniff" always;
-#add_header X-Frame-Options "SAMEORIGIN" always;
-#add_header X-UA-Compatible "IE=Edge" always;
-#add_header X-XSS-Protection "1; mode=block" always;
+# ssl_stapling              on;
+# ssl_stapling_verify       on;
+
+# #
+#   verify chain of trust of OCSP response using Root CA and Intermediate certs
+# #
+
+# ssl_trusted_certificate   /config/keys/cert.crt;
+
+# #
+#   HSTS (ngx_http_headers_module is required) (63072000 seconds)
+# #
+
+add_header X-Content-Type-Options nosniff;
+add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
+
+# #
+#   Optional additional headers
+# #
+
+# add_header                Cache-Control "no-transform" always;
+# add_header                Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
+# add_header                Permissions-Policy "interest-cohort=()" always;
+# add_header                Referrer-Policy "same-origin" always;
+# add_header                X-Content-Type-Options "nosniff" always;
+# add_header                X-Frame-Options "SAMEORIGIN" always;
+# add_header                X-UA-Compatible "IE=Edge" always;
+# add_header                X-XSS-Protection "1; mode=block" always;