omerh/nginx-site.conf

## nginx-site.conf
server {
  listen *:443 ssl http2;
  server_tokens off;
  server_name www.domain.com;

  ssl on;
  ssl_certificate /path/to/cert;
  ssl_certificate_key /path/to/key;

  # Add all headers
  add_header X-Content-Type-Options nosniff;
  add_header Strict-Transport-Security "max-age=31536000" always;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Frame-Options "deny";
  add_header Referrer-Policy "no-referrer";
  add_header Access-Control-Allow-Origin "*" always;
  add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PUT";
  add_header Access-Control-Allow-Headers "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With";

  # Example of options to 200 for CORS
  if ($request_method = 'OPTIONS') {
    return 200;
  }

  location  /proxy-service/ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host:$server_port;
    proxy_pass http://service:8080/;

    # Example to proxy pass to different location without changing client
    # proxy_pass http://service:8080/path/;
    # proxy_redirect http://service:8080/path/  /service/path/;
  }
}

server {
  # Optional in kubernetes environment for safer start
  # resolver 127.0.0.1;
  listen 80;
  client_max_body_size 20m;
  server_tokens off;
  server_name domain.com;

  if ($host !~ ^www\.) {
    rewrite ^ https://www.$host$request_uri permanent;
  }

  rewrite ^ https://$host$request_uri permanent;

  # Another option to redirect to http beind load balancer
  # location / {
  #   if ($http_x_forwarded_proto != 'https') {
  #       return 301 https://$host$request_uri;
  #   }
  #   root   /usr/share/nginx/html;
  #   try_files $uri $uri/ =404;
  #   return 404;
  # }

  # Example for responding to ping check
  location /ping {
    add_header Content-Type text/plain;
    access_log off;
    return 200 'pong';
  }
}
	server {
	listen *:443 ssl http2;
	server_tokens off;
	server_name www.domain.com;

	ssl on;
	ssl_certificate /path/to/cert;
	ssl_certificate_key /path/to/key;

	# Add all headers
	add_header X-Content-Type-Options nosniff;
	add_header Strict-Transport-Security "max-age=31536000" always;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Frame-Options "deny";
	add_header Referrer-Policy "no-referrer";
	add_header Access-Control-Allow-Origin "*" always;
	add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PUT";
	add_header Access-Control-Allow-Headers "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With";

	# Example of options to 200 for CORS
	if ($request_method = 'OPTIONS') {
	return 200;
	}

	location /proxy-service/ {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host:$server_port;
	proxy_pass http://service:8080/;

	# Example to proxy pass to different location without changing client
	# proxy_pass http://service:8080/path/;
	# proxy_redirect http://service:8080/path/ /service/path/;
	}
	}

	server {
	# Optional in kubernetes environment for safer start
	# resolver 127.0.0.1;
	listen 80;
	client_max_body_size 20m;
	server_tokens off;
	server_name domain.com;

	if ($host !~ ^www\.) {
	rewrite ^ https://www.$host$request_uri permanent;
	}

	rewrite ^ https://$host$request_uri permanent;

	# Another option to redirect to http beind load balancer
	# location / {
	# if ($http_x_forwarded_proto != 'https') {
	# return 301 https://$host$request_uri;
	# }
	# root /usr/share/nginx/html;
	# try_files $uri $uri/ =404;
	# return 404;
	# }

	# Example for responding to ping check
	location /ping {
	add_header Content-Type text/plain;
	access_log off;
	return 200 'pong';
	}
	}