From a91dd1d55550d36cda17f8acd777d07d7e8d83ee Mon Sep 17 00:00:00 2001
From: yum <yum.food.vr@gmail.com>
Date: Thu, 16 Oct 2025 14:51:18 -0700
Subject: add basic encryption. note that keys are publicly available

the intent is just to prevent dragnet snooping
---
 etc/nginx/sites-available/yummers.dev | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'etc')

diff --git a/etc/nginx/sites-available/yummers.dev b/etc/nginx/sites-available/yummers.dev
index c1162a6..5eb4fef 100644
--- a/etc/nginx/sites-available/yummers.dev
+++ b/etc/nginx/sites-available/yummers.dev
@@ -51,6 +51,12 @@ server {
       add_header Access-Control-Allow-Origin "*" always;
     }
 
+    # Key files must never be cached client-side
+    location ~ \.key$ {
+      add_header Cache-Control "no-cache, no-store, must-revalidate" always;
+      add_header Access-Control-Allow-Origin "*" always;
+    }
+
     # Segment files (.ts) can be cached - they're immutable
     location ~ \.ts$ {
       add_header Cache-Control "public, max-age=30" always;
-- 
cgit v1.2.3