deskoh/default-spa.conf

## default-spa.conf
server {
  listen  80;
  listen  [::]:80 default ipv6only=on;

  root /usr/share/nginx/html;
  index index.html index.htm;

  server_name _; # all hostnames

  location / {
    try_files $uri /index.html; # To support SPA routing
  }

  # For liveness / readiness probe
  location /healthz {
    access_log off;
    default_type text/plain;
    return 200 "health\n";
  }
}

## nginx-cors.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.mywebsite.com;
    root /usr/share/nginx/html;

    ssl_certificate /etc/letsencrypt/www.mywebsite.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/www.mywebsite.com/www.mywebsite.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    set $cors_origin "";
    set $cors_cred   "";
    set $cors_header "";
    set $cors_method "";

    if ($http_origin ~ '^https?://(localhost|mywebsite\.com)$') {
            set $cors_origin $http_origin;
            set $cors_cred   true;
            set $cors_header $http_access_control_request_headers;
            set $cors_method $http_access_control_request_method;
    }

    add_header Access-Control-Allow-Origin      $cors_origin;
    add_header Access-Control-Allow-Credentials $cors_cred;
    add_header Access-Control-Allow-Headers     $cors_header;
    add_header Access-Control-Allow-Methods     $cors_method;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8080;
    }

    location ~ /.well-known {
        allow all;
    }
}

## nginx-cypress.conf
events {
    worker_connections  1024;
}

http {

    server {
        listen       80;
        server_name  localhost;

        set $cypress_base_url "cdn.cypress.io/desktop";

        location ~ ^/desktop/([\d|\.]+)\/?$ {
            set $version $1;

            if ($arg_platform !~ "^(win32|linux|darwin)$") { return 404 'invalid platform'; }
            set $platform $1;

            if ($arg_arch !~ "^(ia32|x64)$") { return 404 'invalid arch' ; }
            set $arch $1;

            set $args     '';
            rewrite ^.*$ $scheme://$cypress_base_url/$version/$platform-$arch/cypress.zip redirect;
        }

        location /desktop {
            if ($arg_platform !~ "^(win32|linux|darwin)$") { return 404 'invalid platform'; }
            set $platform $1;

            if ($arg_arch !~ "^(ia32|x64)$") { return 404 'invalid arch' ; }
            set $arch $1;

            set $args     '';
            rewrite ^.*$ $scheme://$cypress_base_url/latest/$platform-$arch/cypress.zip redirect;
        }
    }
}

## nginx-docker.conf
# References:
#   https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
#   https://github.com/KyleAMathews/docker-nginx/blob/master/nginx.conf
#   http://nginx.org/en/docs/dirindex.html

# Run as a less privileged user for security reasons.
user nginx;

# The maximum number of connections for Nginx is calculated by:
# max_clients = worker_processes * worker_connections
worker_processes auto;

# Maximum open file descriptors per process;
# should be > worker_connections.
worker_rlimit_nofile 1024;

# Process needs to run in foreground within container
daemon off;

events {
    worker_connections 1000;
    multi_accept on;
    use epoll;
}

# Log errors and warnings to this file
# This is only used when you don't override it on a server{} level
# error_log  /var/log/nginx/error.log warn;

pid /run/nginx.pid;

http {
    # Hide nginx version information.
    server_tokens off;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # access_log  /var/log/nginx/access.log  main;

    # Speed up file transfers by using sendfile() to copy directly
    # between descriptors rather than using read()/write().
    sendfile            on;
    # Prevent one fast connection from entirely occupying the worker process.
    sendfile_max_chunk  1m;

    # Tell Nginx not to send out partial frames; this increases throughput
    # since TCP frames are filled up before being sent out. (adds TCP_CORK)
    tcp_nopush          on;

    # Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
    # collates several smaller packets together into one larger packet, thus saving
    # bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
    tcp_nodelay         on;

    # How long to allow each connection to stay idle; longer values are better
    # for each individual client, particularly for SSL, but means that worker
    # connections are tied up longer. (Default: 65)
    keepalive_timeout   65;
    types_hash_max_size 2048;

    # Define the MIME types for files.
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Update charset_types due to updated mime.types
    charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;


    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # Compression

    # Enable Gzip compressed.
    gzip on;

    # Enable compression both for HTTP/1.0 and HTTP/1.1 (required for CloudFront).
    gzip_http_version  1.0;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and cpu usage, offering about
    # 75% reduction for most ascii files (almost identical to level 9).
    gzip_comp_level    5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length    256;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    gzip_proxied       any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary          on;

    # Compress all output labeled with one of the following MIME-types.
    gzip_types
      application/atom+xml
      application/javascript
      application/json
      application/rss+xml
      application/vnd.ms-fontobject
      application/x-font-ttf
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/opentype
      image/svg+xml
      image/x-icon
      text/css
      text/plain
      text/x-component;
    # text/html is always compressed by HttpGzipModule

    server {
        listen       8080 default_server;
        listen       [::]:8080 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            # To support SPA
            try_files $uri /index.html;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

## nginx-websocket.conf
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    # For websocket: Map $connection_upgrade to 'upgrade' if HTTP Upgrade present, 'close' otherwise
    # By default, the connection will be closed if the proxied server does not transmit any data within
    # 60 seconds. This timeout can be increased with the proxy_read_timeout directive.
    # Reference: http://nginx.org/en/docs/http/websocket.html
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    keepalive_timeout  65;

    #gzip  on;

    upstream testingVM {
        server 50.6.22.111:8081;
    }

    server {
        listen       8080;
        server_name  localhost;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_pass http://localhost:3000;
            # Following required for websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }
}

## nginx.cis.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$uri $query_string'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   10; # Upstream LB timeout should be shorter than this value.
    send_timeout        10;

    large_client_header_buffers 2 1k;
    client_body_timeout   10;
    client_header_timeout 10;
    client_max_body_size  100K; # Modify according to application needs

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # Uncomment for host name whitelisting
    # server { return 404; }

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        server_tokens off;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        add_header X-Xss-Protection "1; mode=block";
        add_header Content-Security-Policy "default-src https: 'self'; script-src https 'self'";

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location ~ /\. { deny all; return 404; }

        if ($request_method !~ ^(GET|HEAD)$) {
          return 444;
        }

        location / {
            try_files $uri /index.html; # To support SPA routing
        }

        # # For liveness / readiness probe
        # location /health {
        #     access_log off;
        #     default_type text/plain;
        #     return 200 "healthy";
        # }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

## nginx.conf.default

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

## nginx.ubi.default.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}
	server {
	listen 80;
	listen [::]:80 default ipv6only=on;

	root /usr/share/nginx/html;
	index index.html index.htm;

	server_name _; # all hostnames

	location / {
	try_files $uri /index.html; # To support SPA routing
	}

	# For liveness / readiness probe
	location /healthz {
	access_log off;
	default_type text/plain;
	return 200 "health\n";
	}
	}
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name www.mywebsite.com;
	root /usr/share/nginx/html;

	ssl_certificate /etc/letsencrypt/www.mywebsite.com/fullchain.cer;
	ssl_certificate_key /etc/letsencrypt/www.mywebsite.com/www.mywebsite.com.key;
	include /etc/nginx/snippets/ssl-params.conf;

	set $cors_origin "";
	set $cors_cred "";
	set $cors_header "";
	set $cors_method "";

	if ($http_origin ~ '^https?://(localhost\|mywebsite\.com)$') {
	set $cors_origin $http_origin;
	set $cors_cred true;
	set $cors_header $http_access_control_request_headers;
	set $cors_method $http_access_control_request_method;
	}

	add_header Access-Control-Allow-Origin $cors_origin;
	add_header Access-Control-Allow-Credentials $cors_cred;
	add_header Access-Control-Allow-Headers $cors_header;
	add_header Access-Control-Allow-Methods $cors_method;

	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $http_host;
	proxy_pass http://127.0.0.1:8080;
	}

	location ~ /.well-known {
	allow all;
	}
	}
	events {
	worker_connections 1024;
	}

	http {

	server {
	listen 80;
	server_name localhost;

	set $cypress_base_url "cdn.cypress.io/desktop";

	location ~ ^/desktop/([\d\|\.]+)\/?$ {
	set $version $1;

	if ($arg_platform !~ "^(win32\|linux\|darwin)$") { return 404 'invalid platform'; }
	set $platform $1;

	if ($arg_arch !~ "^(ia32\|x64)$") { return 404 'invalid arch' ; }
	set $arch $1;

	set $args '';
	rewrite ^.*$ $scheme://$cypress_base_url/$version/$platform-$arch/cypress.zip redirect;
	}

	location /desktop {
	if ($arg_platform !~ "^(win32\|linux\|darwin)$") { return 404 'invalid platform'; }
	set $platform $1;

	if ($arg_arch !~ "^(ia32\|x64)$") { return 404 'invalid arch' ; }
	set $arch $1;

	set $args '';
	rewrite ^.*$ $scheme://$cypress_base_url/latest/$platform-$arch/cypress.zip redirect;
	}
	}
	}
	# References:
	# https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
	# https://github.com/KyleAMathews/docker-nginx/blob/master/nginx.conf
	# http://nginx.org/en/docs/dirindex.html

	# Run as a less privileged user for security reasons.
	user nginx;

	# The maximum number of connections for Nginx is calculated by:
	# max_clients = worker_processes * worker_connections
	worker_processes auto;

	# Maximum open file descriptors per process;
	# should be > worker_connections.
	worker_rlimit_nofile 1024;

	# Process needs to run in foreground within container
	daemon off;

	events {
	worker_connections 1000;
	multi_accept on;
	use epoll;
	}

	# Log errors and warnings to this file
	# This is only used when you don't override it on a server{} level
	# error_log /var/log/nginx/error.log warn;

	pid /run/nginx.pid;

	http {
	# Hide nginx version information.
	server_tokens off;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# access_log /var/log/nginx/access.log main;

	# Speed up file transfers by using sendfile() to copy directly
	# between descriptors rather than using read()/write().
	sendfile on;
	# Prevent one fast connection from entirely occupying the worker process.
	sendfile_max_chunk 1m;

	# Tell Nginx not to send out partial frames; this increases throughput
	# since TCP frames are filled up before being sent out. (adds TCP_CORK)
	tcp_nopush on;

	# Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
	# collates several smaller packets together into one larger packet, thus saving
	# bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
	tcp_nodelay on;

	# How long to allow each connection to stay idle; longer values are better
	# for each individual client, particularly for SSL, but means that worker
	# connections are tied up longer. (Default: 65)
	keepalive_timeout 65;
	types_hash_max_size 2048;

	# Define the MIME types for files.
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Update charset_types due to updated mime.types
	charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;


	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	include /etc/nginx/conf.d/*.conf;

	# Compression

	# Enable Gzip compressed.
	gzip on;

	# Enable compression both for HTTP/1.0 and HTTP/1.1 (required for CloudFront).
	gzip_http_version 1.0;

	# Compression level (1-9).
	# 5 is a perfect compromise between size and cpu usage, offering about
	# 75% reduction for most ascii files (almost identical to level 9).
	gzip_comp_level 5;

	# Don't compress anything that's already small and unlikely to shrink much
	# if at all (the default is 20 bytes, which is bad as that usually leads to
	# larger files after gzipping).
	gzip_min_length 256;

	# Compress data even for clients that are connecting to us via proxies,
	# identified by the "Via" header (required for CloudFront).
	gzip_proxied any;

	# Tell proxies to cache both the gzipped and regular version of a resource
	# whenever the client's Accept-Encoding capabilities header varies;
	# Avoids the issue where a non-gzip capable client (which is extremely rare
	# today) would display gibberish if their proxy gave them the gzipped version.
	gzip_vary on;

	# Compress all output labeled with one of the following MIME-types.
	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/rss+xml
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/svg+xml
	image/x-icon
	text/css
	text/plain
	text/x-component;
	# text/html is always compressed by HttpGzipModule

	server {
	listen 8080 default_server;
	listen [::]:8080 default_server;
	server_name _;
	root /usr/share/nginx/html;

	# Load configuration files for the default server block.
	include /etc/nginx/default.d/*.conf;

	location / {
	# To support SPA
	try_files $uri /index.html;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}
	}
	}
	worker_processes 1;

	events {
	worker_connections 1024;
	}


	http {
	# For websocket: Map $connection_upgrade to 'upgrade' if HTTP Upgrade present, 'close' otherwise
	# By default, the connection will be closed if the proxied server does not transmit any data within
	# 60 seconds. This timeout can be increased with the proxy_read_timeout directive.
	# Reference: http://nginx.org/en/docs/http/websocket.html
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	keepalive_timeout 65;

	#gzip on;

	upstream testingVM {
	server 50.6.22.111:8081;
	}

	server {
	listen 8080;
	server_name localhost;

	#access_log logs/host.access.log main;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host;
	proxy_pass http://localhost:3000;
	# Following required for websocket
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	}
	}
	}
	# For more information on configuration, see:
	# * Official English Documentation: http://nginx.org/en/docs/
	# * Official Russian Documentation: http://nginx.org/ru/docs/

	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log info;
	pid /run/nginx.pid;

	# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
	include /usr/share/nginx/modules/*.conf;

	events {
	worker_connections 1024;
	}

	http {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$uri $query_string'
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 10; # Upstream LB timeout should be shorter than this value.
	send_timeout 10;

	large_client_header_buffers 2 1k;
	client_body_timeout 10;
	client_header_timeout 10;
	client_max_body_size 100K; # Modify according to application needs

	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	include /etc/nginx/conf.d/*.conf;

	# Uncomment for host name whitelisting
	# server { return 404; }

	server {
	listen 80;
	listen [::]:80;
	server_name _;
	root /usr/share/nginx/html;

	server_tokens off;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-Content-Type-Options "nosniff";
	add_header X-Xss-Protection "1; mode=block";
	add_header Content-Security-Policy "default-src https: 'self'; script-src https 'self'";

	# Load configuration files for the default server block.
	include /etc/nginx/default.d/*.conf;

	location ~ /\. { deny all; return 404; }

	if ($request_method !~ ^(GET\|HEAD)$) {
	return 444;
	}

	location / {
	try_files $uri /index.html; # To support SPA routing
	}

	# # For liveness / readiness probe
	# location /health {
	# access_log off;
	# default_type text/plain;
	# return 200 "healthy";
	# }

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}
	}
	}

	#user nobody;
	worker_processes 1;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	#error_log logs/error.log info;

	#pid logs/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	sendfile on;
	#tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;

	server {
	listen 80;
	server_name localhost;

	#charset koi8-r;

	#access_log logs/host.access.log main;

	location / {
	root html;
	index index.html index.htm;
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root html;
	}

	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
	#
	#location ~ \.php$ {
	# proxy_pass http://127.0.0.1;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	# root html;
	# fastcgi_pass 127.0.0.1:9000;
	# fastcgi_index index.php;
	# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
	# include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	}


	# another virtual host using mix of IP-, name-, and port-based configuration
	#
	#server {
	# listen 8000;
	# listen somename:8080;
	# server_name somename alias another.alias;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}


	# HTTPS server
	#
	#server {
	# listen 443 ssl;
	# server_name localhost;

	# ssl_certificate cert.pem;
	# ssl_certificate_key cert.key;

	# ssl_session_cache shared:SSL:1m;
	# ssl_session_timeout 5m;

	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}

	}