You can not select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
					
					
						
							88 lines
						
					
					
						
							2.4 KiB
						
					
					
				
			
		
		
		
			
			
			
				
					
				
				
					
				
			
		
		
	
	
							88 lines
						
					
					
						
							2.4 KiB
						
					
					
				| server { | |
|   listen ${NGINX_PORT}; | |
|   listen [::]:${NGINX_PORT}; | |
| 
 | |
|   server_name ${NGINX_DOMAIN}; | |
|   root /var/www/${NGINX_DOMAIN}/public; | |
| 
 | |
|   # $uri, index.html | |
|   location / { | |
|     try_files $uri $uri/ /index.html; | |
|   } | |
| 
 | |
|   # headers | |
|   add_header X-Frame-Options "SAMEORIGIN" always; | |
|   add_header X-XSS-Protection "1; mode=block" always; | |
|   add_header X-Content-Type-Options "nosniff" always; | |
|   add_header X-UA-Compatible "IE=Edge" always; | |
|   add_header Cache-Control "no-transform" always; | |
| 
 | |
|   # . files | |
|   location ~ /\. { | |
|     deny all; | |
|   } | |
| 
 | |
|   # assets, media | |
|   location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { | |
|     expires 7d; | |
|     access_log off; | |
|   } | |
| 
 | |
|   # svg, fonts | |
|   location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff|woff2)$ { | |
|     add_header Access-Control-Allow-Origin "*"; | |
|     expires 7d; | |
|     access_log off; | |
|   } | |
| 
 | |
|   location ^~ /wetty { | |
|     proxy_pass http://${WETTY_HOST}:${WETTY_PORT}; | |
|     proxy_http_version 1.1; | |
|     proxy_set_header Upgrade $http_upgrade; | |
|     proxy_set_header Connection "upgrade"; | |
|     proxy_read_timeout 43200000; | |
| 
 | |
|     proxy_set_header X-Real-IP $remote_addr; | |
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
|     proxy_set_header Host $http_host; | |
|     proxy_set_header X-NginX-Proxy true; | |
| 
 | |
|     # Authenticate user via other services (e.g., oauth2 end-points) | |
|     # | |
|     # Configuration :  | |
|     #    - Configure a 'auth_request' directive for this server block | |
|     #    - Capture the authenticated username using 'auth_request_set' | |
|     #    - Set the 'remote-user' request header accordingly | |
|     # | |
|     # Example (using lasso as authentication middleware): | |
|     # | |
|     #    Add to server block: | |
|     #      auth_request /lasso-validate | |
|     #      auth_request_set $auth_user $upstream_http_x_lasso_user; | |
|     # | |
|     #    Add to /wetty location block | |
|     #      proxy_set_header remote-user $auth_user; | |
|     # | |
|     #    And configure a '/lasso-validate' location. See this blog for further  | |
|     #    guidance: https://developer.okta.com/blog/2018/08/28/nginx-auth-request | |
|   } | |
| 
 | |
|   # gzip | |
|   gzip on; | |
|   gzip_vary on; | |
|   gzip_proxied any; | |
|   gzip_comp_level 6; | |
|   gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; | |
| } | |
| 
 | |
| # subdomains redirect | |
| server { | |
|   listen ${NGINX_PORT}; | |
|   listen [::]:${NGINX_PORT}; | |
| 
 | |
|   server_name *.${NGINX_DOMAIN}; | |
| 
 | |
|   return 301 https://${NGINX_DOMAIN}$request_uri; | |
| } | |
| 
 | |
| # set ft=conf
 | |
| 
 |