forked from y-kkamil/console
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
68 lines (51 loc) · 1.95 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile off;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
map $host $kymadomain {
~^[^\.]+\.(.*)$ $1;
default 'kyma.local';
}
server {
server_name localhost3;
listen 6969;
port_in_redirect off;
location /healthz {
access_log off;
stub_status;
}
}
server {
listen 80 http2;
server_name localhost;
root /var/public;
index index.html index.htm;
location / {
limit_except GET {
deny all;
}
try_files $uri $uri/ /index.html;
add_header Cache-Control 'public, max-age=300';
add_header X-Frame-Options 'SAMEORIGIN';
add_header X-Content-Type-Options 'nosniff';
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.$kymadomain wss://*.$kymadomain; font-src 'self' data:; frame-ancestors https://*.$kymadomain; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
add_header X-XSS-Protection '1; mode=block';
}
}
}