website/nginx.conf

events {}

http {
	include mime.types;

	upstream homepage {
		server homepage:8000;
	}

	upstream server {
		server server:8080;
	}

	map $request_uri $expires {
		default off;
		"~-[0-9a-z]{10}\.js$" 1d;
		"~*(woff|woff2|ttf|eot)$" 1d;
	}

	map $sent_http_content_type $csp {
		default "";
		"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
	}

	server {
		listen 80;
		expires $expires;
		add_header Content-Security-Policy $csp;
		add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
		add_header Referrer-Policy 'origin-when-cross-origin';
		add_header X-Content-Type-Options 'nosniff';
		add_header X-XSS-Protection '1; mode=block';

		location /api/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /vault/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /auditorium/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /script.js {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /normalize.css {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /skeleton.css {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /healthz {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /versionz {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /favicon.ico {
			root /www/data/theme/images;
		}

		location / {
			proxy_pass http://homepage;
			proxy_redirect off;
		}

		error_page 404 /custom_404.html;
		# in development, this handles empty responses by the pelican dev server which are 404s in the end
		error_page 502 /custom_404.html;
		location = /custom_404.html {
			internal;
			proxy_pass http://homepage/404.html;
			proxy_redirect off;
			add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
		}
	}
}
remove more server references 2019-10-08 19:46:02 +02:00			`events {}`

			`http {`
			`include mime.types;`

			`upstream homepage {`
			`server homepage:8000;`
			`}`

			`upstream server {`
			`server server:8080;`
			`}`

			`map $request_uri $expires {`
			`default off;`
			`"~-[0-9a-z]{10}\.js$" 1d;`
			`"~*(woff\|woff2\|ttf\|eot)$" 1d;`
			`}`

			`map $sent_http_content_type $csp {`
			`default "";`
			`"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";`
			`}`

			`server {`
			`listen 80;`
			`expires $expires;`
			`add_header Content-Security-Policy $csp;`
fix duplicate headers in dev, use updated env schema, develop against sqlite 2019-10-24 12:32:31 +02:00			`add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';`
remove more server references 2019-10-08 19:46:02 +02:00			`add_header Referrer-Policy 'origin-when-cross-origin';`
			`add_header X-Content-Type-Options 'nosniff';`
			`add_header X-XSS-Protection '1; mode=block';`

			`location /api/ {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /vault/ {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /auditorium/ {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /script.js {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

consume latest server build 2019-10-09 20:34:31 +02:00			`location /normalize.css {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /skeleton.css {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

remove more server references 2019-10-08 19:46:02 +02:00			`location /healthz {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

consume latest server build 2019-10-09 20:34:31 +02:00			`location /versionz {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

remove more server references 2019-10-08 19:46:02 +02:00			`location /favicon.ico {`
			`root /www/data/theme/images;`
			`}`

			`location / {`
			`proxy_pass http://homepage;`
			`proxy_redirect off;`
			`}`

			`error_page 404 /custom_404.html;`
			`# in development, this handles empty responses by the pelican dev server which are 404s in the end`
			`error_page 502 /custom_404.html;`
			`location = /custom_404.html {`
			`internal;`
			`proxy_pass http://homepage/404.html;`
			`proxy_redirect off;`
			`add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;`
			`}`
			`}`
			`}`