This repository has been archived on 2022-03-12. You can view files and clone it, but cannot push or open issues or pull requests.
Lateinicus/server/nginx.conf
2018-10-07 13:49:52 +02:00

79 lines
2.5 KiB
Nginx Configuration File

events {}
http {
# Log warnings
# TODO: Better path
error_log /var/log/nginx.log warn;
# No idea, but nginx refuses to start without it
server_names_hash_bucket_size 64;
# The redirection server
server {
listen 80 default_server;
add_header Strict-Transport-Security "max-age=31536000" always;
return 301 https://$host$request_uri;
}
# The actual webserver duties
server {
# server_name lateinicus;
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000" always;
# Global CSP
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;
# SSL configuration
ssl_certificate /etc/ssl/lateinicus.pem;
ssl_certificate_key /etc/ssl/lateinicus.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 20m;
keepalive_timeout 70;
# Enable gzip compression
gzip on;
gzip_min_length 256K;
error_page 404 /lost.html;
error_page 500 502 503 504 /error.html;
# Status page for 404
location = /error.html {
root /srv/www;
}
# Status page for 50X
location = /lost.html {
root /srv/www;
}
# Reverse Proxy
location /api/ {
# Seems weird, but it is (Prevent /api/api/)
rewrite /api/(.*) /api/$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://128.1.0.3:8080;
}
# There probably is a better solution using wildcards
location /app {
return 301 https://$host/app/;
}
# The web app
location /app/ {
# CSS might not get the correct Content-Type header
include /etc/nginx/mime.types;
root /srv/www;
# For react-router
try_files $uri /app/index.html;
index index.html;
}
}
}