hcornet
506716e703
Some checks failed
Deployment Verification / deploy-and-test (push) Failing after 29s
126 lines
3.2 KiB
Nginx Configuration File
126 lines
3.2 KiB
Nginx Configuration File
user nobody nogroup;
|
|
worker_processes auto; # auto-detect number of logical CPU cores
|
|
|
|
events {
|
|
worker_connections 512; # set the max number of simultaneous connections (per worker process)
|
|
}
|
|
|
|
http {
|
|
client_max_body_size 250M;
|
|
|
|
include mime.types;
|
|
|
|
# thanks stackoverflow http://stackoverflow.com/a/5132440/2406040
|
|
gzip on;
|
|
gzip_http_version 1.1;
|
|
gzip_vary on;
|
|
gzip_comp_level 6;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
|
|
|
|
# make sure gzip does not lose large gzipped js or css files
|
|
# see http://blog.leetsoft.com/2007/07/25/nginx-gzip-ssl.html
|
|
gzip_buffers 16 8k;
|
|
|
|
# Disable gzip for certain browsers.
|
|
gzip_disable "MSIE [1-6].(?!.*SV1)";
|
|
|
|
server {
|
|
listen 80;
|
|
server_name "localhost";
|
|
|
|
#location /static/js/* {
|
|
# # avoid clickjacking
|
|
# add_header X-Frame-Options DENY;
|
|
# add_header X-Content-Type-Options nosniff;
|
|
# add_header ;
|
|
# # block MIME sniffing
|
|
|
|
# # security headers
|
|
# add_header X-XSS-Protection "1; mode=block";
|
|
# # add_header Content-Security-Policy "default-src 'self'";
|
|
# add_header Referrer-Policy "no-referrer";
|
|
# server_tokens off;
|
|
|
|
# root /usr/share/nginx/html;
|
|
# gzip_static on;
|
|
# expires 1y;
|
|
# add_header Cache-Control public;
|
|
# add_header ETag "";
|
|
# try_files $uri /index.html;
|
|
#}
|
|
|
|
location / {
|
|
# avoid clickjacking
|
|
add_header X-Frame-Options DENY;
|
|
# block MIME sniffing
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
# security headers
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
# add_header Content-Security-Policy "default-src 'self'";
|
|
add_header Referrer-Policy "no-referrer";
|
|
server_tokens off;
|
|
|
|
root /usr/share/nginx/html;
|
|
gzip_static on;
|
|
expires 1y;
|
|
add_header Cache-Control public;
|
|
add_header ETag "";
|
|
try_files $uri /index.html;
|
|
}
|
|
|
|
location ~ /api/v(1|2) {
|
|
proxy_pass http://{{ getenv "BACKEND_HOSTNAME" "shuffle-backend" }}:5001;
|
|
proxy_buffering off;
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_connect_timeout 900;
|
|
proxy_send_timeout 900;
|
|
proxy_read_timeout 900;
|
|
send_timeout 900;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name "localhost";
|
|
ssl_certificate fullchain.cert.pem;
|
|
ssl_certificate_key privkey.pem;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
location / {
|
|
# avoid clickjacking
|
|
add_header X-Frame-Options DENY;
|
|
# block MIME sniffing
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
# security headers
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
# add_header Content-Security-Policy "default-src 'self'";
|
|
add_header Referrer-Policy "no-referrer";
|
|
server_tokens off;
|
|
|
|
root /usr/share/nginx/html;
|
|
gzip_static on;
|
|
expires 1y;
|
|
add_header Cache-Control public;
|
|
add_header ETag "";
|
|
try_files $uri /index.html;
|
|
}
|
|
|
|
# Get the hostname from environment here?
|
|
location ~ /api/v(1|2) {
|
|
proxy_pass http://{{ getenv "BACKEND_HOSTNAME" "shuffle-backend" }}:5001;
|
|
proxy_buffering off;
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_connect_timeout 900;
|
|
proxy_send_timeout 900;
|
|
proxy_read_timeout 900;
|
|
send_timeout 900;
|
|
}
|
|
}
|
|
}
|