2
0
mirror of https://github.com/offen/website.git synced 2024-11-23 01:20:29 +01:00
website/build/nginx.conf

95 lines
1.9 KiB
Nginx Configuration File

events {}
http {
gzip on;
gzip_types *;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
include mime.types;
upstream server {
server server:3000;
}
map $request_uri $expires {
default off;
"~-[0-9a-z]{10}\.js$" 365d;
"~*(woff|woff2|ttf|eot)$" 365d;
}
map $sent_http_content_type $csp {
default "";
"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
}
server {
listen 80;
autoindex on;
root /www/data;
expires $expires;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy $csp;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy 'origin-when-cross-origin';
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options 'nosniff';
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection '1; mode=block';
location /api/ {
proxy_pass http://server;
proxy_redirect off;
}
location /vault/ {
proxy_pass http://server;
proxy_redirect off;
}
location /auditorium/ {
proxy_pass http://server;
proxy_redirect off;
}
location /script.js {
proxy_pass http://server;
proxy_redirect off;
}
location /healthz {
proxy_pass http://server;
proxy_redirect off;
}
location /versionz {
proxy_pass http://server;
proxy_redirect off;
}
location /normalize.css {
proxy_pass http://server;
proxy_redirect off;
}
location /skeleton.css {
proxy_pass http://server;
proxy_redirect off;
}
location /favicon.ico {
root /www/data/theme/images;
}
error_page 404 /404.html;
location = /404.html {
internal;
root /www/data;
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
}
}
}