Created
January 15, 2019 19:53
-
-
Save omerh/b67daba51a009de29299d8e13b5d6038 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen *:443 ssl http2; | |
server_tokens off; | |
server_name www.domain.com; | |
ssl on; | |
ssl_certificate /path/to/cert; | |
ssl_certificate_key /path/to/key; | |
# Add all headers | |
add_header X-Content-Type-Options nosniff; | |
add_header Strict-Transport-Security "max-age=31536000" always; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Frame-Options "deny"; | |
add_header Referrer-Policy "no-referrer"; | |
add_header Access-Control-Allow-Origin "*" always; | |
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PUT"; | |
add_header Access-Control-Allow-Headers "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"; | |
# Example of options to 200 for CORS | |
if ($request_method = 'OPTIONS') { | |
return 200; | |
} | |
location /proxy-service/ { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host:$server_port; | |
proxy_pass http://service:8080/; | |
# Example to proxy pass to different location without changing client | |
# proxy_pass http://service:8080/path/; | |
# proxy_redirect http://service:8080/path/ /service/path/; | |
} | |
} | |
server { | |
# Optional in kubernetes environment for safer start | |
# resolver 127.0.0.1; | |
listen 80; | |
client_max_body_size 20m; | |
server_tokens off; | |
server_name domain.com; | |
if ($host !~ ^www\.) { | |
rewrite ^ https://www.$host$request_uri permanent; | |
} | |
rewrite ^ https://$host$request_uri permanent; | |
# Another option to redirect to http beind load balancer | |
# location / { | |
# if ($http_x_forwarded_proto != 'https') { | |
# return 301 https://$host$request_uri; | |
# } | |
# root /usr/share/nginx/html; | |
# try_files $uri $uri/ =404; | |
# return 404; | |
# } | |
# Example for responding to ping check | |
location /ping { | |
add_header Content-Type text/plain; | |
access_log off; | |
return 200 'pong'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment