This repository has been archived by the owner on Mar 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-icebreaker.conf
45 lines (35 loc) · 1.66 KB
/
nginx-icebreaker.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
upstream frontend-container {
least_conn;
server icebreaker_frontend:12010 weight=1 max_fails=3 fail_timeout=5s;
}
upstream backend-container {
least_conn;
server icebreaker_backend:9090 weight=1 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
add_header X-XSS-Protection "0" always; # deprecated by modern browsers
add_header Content-Security-Policy "frame-ancestors 'none'" always; # prevent framing and click jacking
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # set HSTS for any response
add_header X-Content-Type-Options "nosniff" always; # respect MIME type
location /api/ {
rewrite ^/api/media/(.*) /api/internal/media/$1;
proxy_pass http://backend-container/;
#override by nginx settings
proxy_hide_header X-XSS-Protection;
proxy_hide_header Content-Security-Policy;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header X-Content-Type-Options;
}
location / {
proxy_pass http://frontend-container/;
}
location /files/ {
alias /home/media/; # location to files directory
sendfile on; # pipe file descriptors directorly without copying files to a buffer
sendfile_max_chunk 1m; # prevent large files from occupying the worker process
add_header Cache-Control public; # response may be cached
expires max;
internal; # can only be accessed internally
}
}