2019-09-04 20:50:53 +02:00
|
|
|
events {}
|
|
|
|
|
|
|
|
http {
|
2019-09-05 11:18:42 +02:00
|
|
|
gzip on;
|
2019-09-28 17:17:18 +02:00
|
|
|
gzip_types *;
|
2019-09-05 11:18:42 +02:00
|
|
|
gzip_comp_level 2;
|
|
|
|
gzip_min_length 1000;
|
|
|
|
gzip_proxied expired no-cache no-store private auth;
|
2019-09-04 20:50:53 +02:00
|
|
|
|
2019-09-05 11:18:42 +02:00
|
|
|
include mime.types;
|
2019-09-04 20:50:53 +02:00
|
|
|
upstream server {
|
|
|
|
server server:3000;
|
|
|
|
}
|
|
|
|
|
2019-09-12 16:35:24 +02:00
|
|
|
map $request_uri $expires {
|
|
|
|
default off;
|
|
|
|
"~-[0-9a-z]{10}\.js$" 365d;
|
|
|
|
"~*(woff|woff2|ttf|eot)$" 365d;
|
|
|
|
}
|
|
|
|
|
2019-09-12 20:46:01 +02:00
|
|
|
map $sent_http_content_type $csp {
|
|
|
|
default "";
|
2019-10-03 10:34:53 +02:00
|
|
|
"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
|
2019-09-12 20:46:01 +02:00
|
|
|
}
|
|
|
|
|
2019-09-04 20:50:53 +02:00
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
autoindex on;
|
|
|
|
root /www/data;
|
2019-09-12 16:35:24 +02:00
|
|
|
expires $expires;
|
2019-10-17 15:16:56 +02:00
|
|
|
proxy_hide_header Content-Security-Policy;
|
2019-09-12 20:46:01 +02:00
|
|
|
add_header Content-Security-Policy $csp;
|
2019-10-17 15:16:56 +02:00
|
|
|
proxy_hide_header Strict-Transport-Security;
|
2019-09-13 08:42:22 +02:00
|
|
|
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
|
2019-10-17 15:16:56 +02:00
|
|
|
proxy_hide_header Referrer-Policy;
|
2019-09-26 16:55:57 +02:00
|
|
|
add_header Referrer-Policy 'origin-when-cross-origin';
|
2019-10-17 15:16:56 +02:00
|
|
|
proxy_hide_header X-Content-Type-Options;
|
2019-09-26 16:55:57 +02:00
|
|
|
add_header X-Content-Type-Options 'nosniff';
|
2019-10-17 15:16:56 +02:00
|
|
|
proxy_hide_header X-XSS-Protection;
|
2019-09-26 16:55:57 +02:00
|
|
|
add_header X-XSS-Protection '1; mode=block';
|
2019-09-04 20:50:53 +02:00
|
|
|
|
|
|
|
location /api/ {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
2019-10-04 18:51:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
location /vault/ {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
2019-09-05 11:18:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
location /auditorium/ {
|
2019-10-04 18:51:24 +02:00
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /script.js {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
2019-09-04 20:50:53 +02:00
|
|
|
}
|
2019-10-02 10:52:04 +02:00
|
|
|
|
2019-10-04 19:49:19 +02:00
|
|
|
location /healthz {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
2019-10-10 09:46:04 +02:00
|
|
|
location /versionz {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /normalize.css {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /skeleton.css {
|
|
|
|
proxy_pass http://server;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
2019-10-06 13:52:45 +02:00
|
|
|
location /favicon.ico {
|
|
|
|
root /www/data/theme/images;
|
|
|
|
}
|
|
|
|
|
2019-10-02 10:52:04 +02:00
|
|
|
error_page 404 /404.html;
|
|
|
|
location = /404.html {
|
|
|
|
internal;
|
|
|
|
root /www/data;
|
|
|
|
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
|
|
|
|
}
|
2019-09-04 20:50:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|