-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconf.nginx
57 lines (45 loc) · 1.86 KB
/
conf.nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
client_body_in_file_only on;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $upstream_addr '
'"$request_body_file"'
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
# error_log /opt/bitnami/nginx/logs/error.log debug;
server {
listen 8888;
proxy_set_header X-Frame-Option "SAMEORIGIN";
proxy_set_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Content-Type-Options "nosniff";
proxy_set_header Content-Security-Policy "default-src 'self'";
proxy_set_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Ensure that the Authorization / Access Token header has enough space set aside for it
# The one from KeyCloak can be quite big
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
location /api/ {
proxy_pass http://localhost:5000/api/;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
fastcgi_read_timeout 300;
proxy_read_timeout 300;
}
location / {
proxy_pass http://localhost:8080/;
# Passthrough for websocket
proxy_ssl_session_reuse on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
}
}