|
|
@@ -0,0 +1,97 @@ |
|
|
user www-data; |
|
|
worker_processes auto; |
|
|
worker_rlimit_nofile 8192; |
|
|
|
|
|
error_log /var/log/nginx/error.log warn; |
|
|
pid /var/run/nginx.pid; |
|
|
|
|
|
events { |
|
|
worker_connections 8000; |
|
|
} |
|
|
|
|
|
http { |
|
|
include /etc/nginx/mime.types; |
|
|
default_type application/octet-stream; |
|
|
sendfile on; |
|
|
sendfile_max_chunk 1m; |
|
|
server_tokens off; |
|
|
tcp_nopush on; |
|
|
access_log /var/log/nginx/access.log; |
|
|
keepalive_timeout 60s; |
|
|
|
|
|
log_format extended_with_variables '$remote_addr - $remote_user [$time_local]"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" rt=$request_time rt="$upstream_response_time"'; |
|
|
|
|
|
brotli on; |
|
|
brotli_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; |
|
|
brotli_comp_level 9; |
|
|
brotli_min_length 1024; |
|
|
|
|
|
gzip on; |
|
|
gzip_vary on; |
|
|
gzip_comp_level 9; |
|
|
gzip_min_length 1024; |
|
|
gzip_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; |
|
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN"; |
|
|
add_header X-Content-Type-Options "nosniff"; |
|
|
add_header X-XSS-Protection "1; mode=block; report=https://asjas.report-uri.com/r/d/xss/enforce; report-to default"; |
|
|
add_header Expect-CT "max-age=604800, report-uri=https://asjas.report-uri.com/r/d/ct/enforce; report-to default"; |
|
|
add_header Content-Security-Policy "default-src 'self' https://portfolio-site.prismic.io/api/v2 https://portfolio-site.cdn.prismic.io/api/v2/documents/search; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.com ajax.cloudflare.com sentry.io fullstory.com analytics.asjas.co.za; img-src 'self' portfolio-site.cdn.prismic.io analytics.asjas.co.za; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'none'; report-uri https://asjas.report-uri.com/r/d/csp/enforce; report-to default"; |
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; |
|
|
add_header Referrer-Policy "same-origin"; |
|
|
add_header "Report-To" "{'group':'default','max_age':31536000,'endpoints':[{'url':'https://asjas.report-uri.com/a/d/g'}],'include_subdomains':true}"; |
|
|
|
|
|
server { |
|
|
listen 80; |
|
|
listen [::]:80; |
|
|
server_name asjas.co.za; |
|
|
|
|
|
return 302 https://asjas.co.za; |
|
|
} |
|
|
|
|
|
server { |
|
|
listen 443 ssl http2; |
|
|
listen [::]:443 ssl http2; |
|
|
ssl_certificate /etc/ssl/certs/cert.pem; |
|
|
ssl_certificate_key /etc/ssl/private/key.pem; |
|
|
#ssl_client_certificate /etc/ssl/certs/cloudflare.crt; |
|
|
#ssl_verify_client on; |
|
|
|
|
|
server_name asjas.co.za; |
|
|
root /var/www/html/public; |
|
|
index index.html; |
|
|
client_max_body_size 32m; |
|
|
|
|
|
location /nginx_status { |
|
|
stub_status on; |
|
|
allow 127.0.0.1; |
|
|
deny all; |
|
|
} |
|
|
|
|
|
# Don't cache the service worker |
|
|
location = /sw.js { |
|
|
add_header Cache-Control "no-store, no-cache, max-age=0, must-revalidate"; |
|
|
} |
|
|
|
|
|
# Don't cache html files |
|
|
location ~ \.html { |
|
|
add_header Cache-Control "public, max-age=0, must-revalidate"; |
|
|
} |
|
|
|
|
|
# Cache css and js forever as webpack will cache-bust it |
|
|
location ~ \.(css|js)$ { |
|
|
add_header Cache-Control "public, max-age=31536000, immutable"; |
|
|
} |
|
|
|
|
|
# Cache static directory forever as webpack will cache-bust it |
|
|
location /static { |
|
|
add_header Cache-Control "public, max-age=31536000, immutable"; |
|
|
} |
|
|
|
|
|
error_page 404 /404.html; |
|
|
error_page 500 502 503 504 /50x.html; |
|
|
location = /50x.html { |
|
|
root /var/lib/nginx/html; |
|
|
} |
|
|
} |
|
|
} |
Asjas revised this gist