forked from BinaryStudioAcademy/bsa-2022-vse-bude
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
100 lines (78 loc) · 2.66 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
worker_processes 1;
events {
worker_connections 1024;
}
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:15m inactive=5d use_temp_path=off;
server {
listen 80;
listen [::]:80;
server_name vse-bude.com.ua;
# enforce https
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443;
server_name vse-bude.com.ua;
ssl_certificate /etc/letsencrypt/live/vse-bude.com.ua/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vse-bude.com.ua/privkey.pem;
server_tokens off;
gzip on;
gzip_proxied any;
gzip_comp_level 4;
gzip_types text/css application/javascript image/svg+xml;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection: "1; mode=block";
add_header X-Content-Type-Options: "nosniff";
add_header X-Permitted-Cross-Domain-Policies: "none";
# add_header Strict-Transport-Security: "max-age=63072000; includeSubDomains; preload" # Add when SSL added
# add_header Content-Security-Policy: "" research and implement
# Serve any static assets with NGINX
location /_next/static {
proxy_cache STATIC;
proxy_pass http://localhost:3000;
# For testing cache - remove before deploying to production
# add_header X-Cache-Status $upstream_cache_status;
}
location /static {
proxy_cache STATIC;
proxy_ignore_headers Cache-Control;
proxy_cache_valid 60m;
proxy_pass http://localhost:3000;
# For testing cache - remove before deploying to production
# add_header X-Cache-Status $upstream_cache_status;
}
location / {
proxy_pass http://localhost:3000;
}
location /api/ {
client_max_body_size 500M;
proxy_pass http://localhost:3001/;
proxy_request_buffering off;
}
location ~* \.io {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy false;
proxy_pass http://localhost:3002;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
}
# Uncomment this when you need to verify server domain
# location ^~ /.well-known/acme-challenge/ {
# alias /var/www/acme-challenge/;
# }
}
}