github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/deploy/nginx/conf.d/default.conf (about) 1 # proxy cache 2 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; 3 4 upstream backend { 5 server hkserver:8065; 6 keepalive 64; 7 } 8 9 upstream frontend { 10 server hkwebapp:3000; 11 keepalive 64; 12 } 13 14 server { 15 server_name _; 16 listen *:80 default_server; 17 listen [::]:80 default_server; 18 19 ## security headers 20 # https://securityheaders.com/ 21 # https://scotthelme.co.uk/tag/security-headers/ 22 add_header X-Frame-Options "SAMEORIGIN" always; 23 add_header X-XSS-Protection "1; mode=block" always; 24 add_header X-Content-Type-Options "nosniff" always; 25 add_header Referrer-Policy no-referrer; 26 add_header Strict-Transport-Security "max-age=63072000" always; 27 add_header Permissions-Policy "interest-cohort=()"; 28 29 ## locations 30 # ACME-challenge 31 location ^~ /.well-known { 32 allow all; 33 default_type "text/plain"; 34 root /usr/share/nginx/html/; 35 } 36 37 # disable Google bots from indexing this site 38 # location = /robots.txt { 39 # add_header Content-Type text/plain; 40 # return 200 "User-agent: *\Disallow: /\n"; 41 # } 42 43 location ~ /api/v[0-9]+/(users/)?websocket$ { 44 proxy_set_header Upgrade $http_upgrade; 45 proxy_set_header Connection "upgrade"; 46 client_max_body_size 50M; 47 proxy_set_header Host $http_host; 48 proxy_set_header X-Real-IP $remote_addr; 49 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 50 proxy_set_header X-Forwarded-Proto $scheme; 51 proxy_set_header X-Frame-Options SAMEORIGIN; 52 proxy_set_header Early-Data $ssl_early_data; 53 proxy_buffers 256 16k; 54 proxy_buffer_size 16k; 55 client_body_timeout 60; 56 send_timeout 300; 57 lingering_timeout 5; 58 proxy_connect_timeout 90; 59 proxy_send_timeout 300; 60 proxy_read_timeout 90s; 61 proxy_http_version 1.1; 62 proxy_pass http://backend; 63 } 64 65 location ~ /api/v[0-9]+/ { 66 client_max_body_size 50M; 67 proxy_set_header Connection ""; 68 proxy_set_header Host $http_host; 69 proxy_set_header X-Real-IP $remote_addr; 70 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 71 proxy_set_header X-Forwarded-Proto $scheme; 72 proxy_set_header X-Frame-Options SAMEORIGIN; 73 proxy_set_header Early-Data $ssl_early_data; 74 proxy_buffers 256 16k; 75 proxy_buffer_size 16k; 76 proxy_read_timeout 600s; 77 proxy_cache mattermost_cache; 78 proxy_cache_revalidate on; 79 proxy_cache_min_uses 2; 80 proxy_cache_use_stale timeout; 81 proxy_cache_lock on; 82 proxy_http_version 1.1; 83 proxy_pass http://backend; 84 } 85 86 location / { 87 client_max_body_size 50M; 88 proxy_set_header Connection ""; 89 proxy_set_header Host $http_host; 90 proxy_set_header X-Real-IP $remote_addr; 91 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 92 proxy_set_header X-Forwarded-Proto $scheme; 93 proxy_set_header X-Frame-Options SAMEORIGIN; 94 proxy_set_header Early-Data $ssl_early_data; 95 proxy_buffers 256 16k; 96 proxy_buffer_size 16k; 97 proxy_read_timeout 600s; 98 proxy_cache mattermost_cache; 99 proxy_cache_revalidate on; 100 proxy_cache_min_uses 2; 101 proxy_cache_use_stale timeout; 102 proxy_cache_lock on; 103 proxy_http_version 1.1; 104 proxy_pass http://frontend; 105 } 106 }