user www-data; worker_processes auto; worker_rlimit_nofile 8192; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 8000; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; sendfile_max_chunk 1m; server_tokens off; tcp_nopush on; access_log /var/log/nginx/access.log; keepalive_timeout 60s; log_format extended_with_variables '$remote_addr - $remote_user [$time_local]"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" rt=$request_time rt="$upstream_response_time"'; brotli on; brotli_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; brotli_comp_level 9; brotli_min_length 1024; gzip on; gzip_vary on; gzip_comp_level 9; gzip_min_length 1024; gzip_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block; report=https://asjas.report-uri.com/r/d/xss/enforce; report-to default"; add_header Expect-CT "max-age=604800, report-uri=https://asjas.report-uri.com/r/d/ct/enforce; report-to default"; add_header Content-Security-Policy "default-src 'self' https://portfolio-site.prismic.io/api/v2 https://portfolio-site.cdn.prismic.io/api/v2/documents/search; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.com ajax.cloudflare.com sentry.io fullstory.com analytics.asjas.co.za; img-src 'self' portfolio-site.cdn.prismic.io analytics.asjas.co.za; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'none'; report-uri https://asjas.report-uri.com/r/d/csp/enforce; report-to default"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; add_header Referrer-Policy "same-origin"; add_header "Report-To" "{'group':'default','max_age':31536000,'endpoints':[{'url':'https://asjas.report-uri.com/a/d/g'}],'include_subdomains':true}"; server { listen 80; listen [::]:80; server_name asjas.co.za; return 302 https://asjas.co.za; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; #ssl_client_certificate /etc/ssl/certs/cloudflare.crt; #ssl_verify_client on; server_name asjas.co.za; root /var/www/html/public; index index.html; client_max_body_size 32m; location /nginx_status { stub_status on; allow 127.0.0.1; deny all; } # Don't cache the service worker location = /sw.js { add_header Cache-Control "no-store, no-cache, max-age=0, must-revalidate"; } # Don't cache html files location ~ \.html { add_header Cache-Control "public, max-age=0, must-revalidate"; } # Cache css and js forever as webpack will cache-bust it location ~ \.(css|js)$ { add_header Cache-Control "public, max-age=31536000, immutable"; } # Cache static directory forever as webpack will cache-bust it location /static { add_header Cache-Control "public, max-age=31536000, immutable"; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/lib/nginx/html; } } }