-
Notifications
You must be signed in to change notification settings - Fork 65
/
nginx.conf
78 lines (62 loc) · 2.78 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
upstream backend {
server localhost:8080;
}
upstream websocket {
server localhost:8081;
}
server {
listen 80;
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
location ~* ^/(uploads/|uploads)$ {
return 403;
}
location ~* ^/uploads/(.*) {
root /server;
add_header 'Cache-Control' 'max-age=31536000, public';
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy 'strict-origin-when-cross-origin';
add_header Content-Security-Policy "default-src 'self'; connect-src * 'self'; frame-src * 'self'; font-src * blob: data:; img-src * blob: data:; media-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob:; style-src * 'unsafe-inline'; base-uri 'self'; form-action 'self';";
add_header 'Access-Control-Allow-Origin' '*';
}
location /socket.io {
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy 'strict-origin-when-cross-origin';
add_header Content-Security-Policy "default-src 'self'; connect-src * 'self'; frame-src * 'self'; font-src * blob: data:; img-src * blob: data:; media-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob:; style-src * 'unsafe-inline'; base-uri 'self'; form-action 'self';";
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_http_version 1.1;
proxy_pass http://websocket;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10g;
}
location / {
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy 'strict-origin-when-cross-origin';
add_header Content-Security-Policy "default-src 'self'; connect-src * 'self'; frame-src * 'self'; font-src * blob: data:; img-src * blob: data:; media-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob:; style-src * 'unsafe-inline'; base-uri 'self'; form-action 'self';";
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_http_version 1.1;
proxy_pass http://backend;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10g;
}
}