-
-
Save Frondor/e02a124e2ceedf10e11ee9f14cf905bf to your computer and use it in GitHub Desktop.
nginx.conf file, included from another default.conf, inside the http context https://github.com/docker-library/docs/tree/master/nginx#using-environment-variables-in-nginx-configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Based on: | |
# https://www.netguru.co/codestories/nginx-tutorial-performance | |
# https://www.netguru.co/codestories/nginx-tutorial-ssl-setup | |
# https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching | |
# DOESNT WORK ON THIS FILE because its included in the http context of default.conf | |
# worker_processes auto; # use all the CPUs | |
# Compression | |
gzip on; # enable gzip | |
gzip_http_version 1.1; # turn on gzip for http 1.1 and higher | |
gzip_disable "msie6"; # IE 6 had issues with gzip | |
gzip_comp_level 4; # inc compression level, and CPU usage | |
gzip_min_length 120; # minimal weight to gzip file (files below this in bytes are not compressed) | |
gzip_proxied any; # enable gzip for proxied requests (e.g. CDN) | |
gzip_buffers 16 8k; # compression buffers (if we exceed this value, disk will be used instead of RAM) | |
gzip_vary on; # add header Vary Accept-Encoding | |
# define files which should be compressed | |
gzip_types text/plain; | |
gzip_types text/css; | |
gzip_types application/javascript; | |
gzip_types application/json; | |
gzip_types application/manifest+json; | |
gzip_types image/svg+xml; | |
gzip_types image/x-icon; | |
# SSL | |
ssl on; | |
ssl_certificate /etc/ssl/certs/cert.pem; | |
ssl_certificate_key /etc/ssl/certs/key.pem; | |
# security | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5; | |
ssl_prefer_server_ciphers on; | |
# performance | |
ssl_session_cache shared:SSL:5m; # One megabyte of the cache contains about 4000 sessions | |
ssl_session_timeout 10m; | |
server_tokens off; | |
#=============# | |
# RESTFUL API # | |
#=============# | |
server { | |
listen 80 ssl; | |
listen 443 ssl; | |
listen [::]:80 ssl; | |
listen [::]:443 ssl; | |
server_name api.dev.local; | |
if ($http_x_forwarded_proto = "http") { | |
return 301 https://$server_name$request_uri; | |
} | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
location / { | |
proxy_pass http://restful_api:3000; | |
# proxy to the nodejs application | |
# client_max_body_size 64G; | |
# send the CORS headers | |
add_header 'Access-Control-Allow-Credentials' 'true'; | |
add_header 'Access-Control-Allow-Origin' 'https://app.dev.local'; | |
# set additional security headers | |
add_header 'Cache-Control' 'no-cache, no-store, must-revalidate'; | |
# add_header 'Content-Security-Policy' 'connect-src example.com'; | |
# add_header 'Expires' '0'; | |
# add_header 'Pragma' 'no-cache'; | |
# add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains'; | |
add_header 'X-Content-Type-Options' 'nosniff'; | |
add_header 'X-Frame-Options' 'DENY'; | |
add_header 'X-XSS-Protection' '1; mode=block'; | |
} | |
} | |
#=================# | |
# SINGLE PAGE APP # | |
#=================# | |
server { | |
listen 80 ssl; | |
listen 443 ssl; | |
listen [::]:80 ssl; | |
listen [::]:443 ssl; | |
server_name app.dev.local; | |
root /var/www/app/; | |
index index.html; | |
if ($http_x_forwarded_proto = "http") { | |
return 301 https://$server_name$request_uri; | |
} | |
tcp_nopush on; | |
location / { | |
try_files $uri $uri/ =404; | |
} | |
location /api { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
rewrite ^/api/?(.*) /$1 break; | |
proxy_pass http://restful_api:3000; | |
proxy_http_version 1.1; | |
proxy_redirect off; | |
} | |
# PWA related location, do I need this? | |
location /manifest.json { | |
default_type application/x-web-app-manifest+json; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment