laruiss/3-file-combo.conf

## 3-file-combo.conf
# nginx.conf

user  nginx;
worker_processes  auto;

error_log  /dev/stdout  info;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    server_tokens off;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Content-Security-Policy "default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: ; base-uri 'self';";
    add_header Referrer-Policy "same-origin";
    add_header Feature-Policy "geolocation none;midi none;microphone none;camera none;magnetometer none;gyroscope self;speaker self;fullscreen self;payment none;";

    # log text format
    log_format main_text '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
      '"$request" $status $body_bytes_sent '
      '"$http_referer" "$http_user_agent" '
      '$request_time $upstream_response_time $pipe';

    access_log  /dev/stdout;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    gzip_disable "msie6";

    # gzip_vary on;
    gzip_proxied any;
    # gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    #gzip  on;

    include /etc/nginx/conf.d/default.conf;
}

# default.conf

server {
    listen       80;
    server_name  localhost;

    include /etc/nginx/conf.d/nginx-jsdl.conf;
}


# 3. nginx-jsdl.conf

# Not needed anymore now that we have authentication
# auth_basic "A.P.O.";
# auth_basic_user_file <%= ENV['HTPASSWD_DIR'] %>/.htpasswd;

# Static files directory
root   /usr/share/nginx/html;
index  index.html;

location / {
    try_files $uri $uri/ /index.html =404;
}

location /api {
    rewrite "^(.*)$" $1 break;
    add_header Access-Control-Allow-Origin '$http_origin';
    proxy_pass http://server:3003;
    # proxy_pass http://<%= ENV['API_HOST'] || 'jsdl-api' %>:<%= ENV['API_PORT'] || '3003' %>;
    proxy_redirect off;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # For WebSockets
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
	# nginx.conf

	user nginx;
	worker_processes auto;

	error_log /dev/stdout info;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	server_tokens off;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
	add_header X-Frame-Options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header Content-Security-Policy "default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: ; base-uri 'self';";
	add_header Referrer-Policy "same-origin";
	add_header Feature-Policy "geolocation none;midi none;microphone none;camera none;magnetometer none;gyroscope self;speaker self;fullscreen self;payment none;";

	# log text format
	log_format main_text '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
	'"$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent" '
	'$request_time $upstream_response_time $pipe';

	access_log /dev/stdout;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	gzip_proxied any;
	# gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	#gzip on;

	include /etc/nginx/conf.d/default.conf;
	}

	# default.conf

	server {
	listen 80;
	server_name localhost;

	include /etc/nginx/conf.d/nginx-jsdl.conf;
	}


	# 3. nginx-jsdl.conf

	# Not needed anymore now that we have authentication
	# auth_basic "A.P.O.";
	# auth_basic_user_file <%= ENV['HTPASSWD_DIR'] %>/.htpasswd;

	# Static files directory
	root /usr/share/nginx/html;
	index index.html;

	location / {
	try_files $uri $uri/ /index.html =404;
	}

	location /api {
	rewrite "^(.*)$" $1 break;
	add_header Access-Control-Allow-Origin '$http_origin';
	proxy_pass http://server:3003;
	# proxy_pass http://<%= ENV['API_HOST'] \|\| 'jsdl-api' %>:<%= ENV['API_PORT'] \|\| '3003' %>;
	proxy_redirect off;
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	# For WebSockets
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}