summaryrefslogtreecommitdiff
path: root/config/nginx.conf
blob: 029b0c48775c2b272fc412cb750be6d356e2db3b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

user  root;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections  8096;
  multi_accept        on;
  use                 epoll;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /var/log/nginx/access.log  main;

  sendfile           on;
  tcp_nopush         on;
  tcp_nodelay        on;
  keepalive_timeout  15;

  upstream backend {
    server web:3000 fail_timeout=0;
  }

  server {
    listen 80 deferred;
    add_header Strict-Transport-Security max-age=15768000;
    server_tokens off;
    rewrite ^ https://$server_name$request_uri? permanent;
  }

  server {
    listen 443 default_server ssl;
    server_tokens off;
    root /var/www/public;
    ssl_certificate /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options "DENY";

    try_files $uri/index.html $uri @application;
    location ^~ /assets/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
    }
    location /cable {
      proxy_pass https://backend;
      proxy_set_header X_FORWARDED_PROTO https;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header HOST $http_host;
      proxy_set_header X-Url-Scheme $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
    location @application {
      proxy_set_header X_FORWARDED_PROTO https;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header HOST $http_host;
      proxy_set_header X-Url-Scheme $scheme;
      proxy_redirect off;
      proxy_pass https://backend;
    }

    error_page 500 502 503 504 /500.html;
    keepalive_timeout 10;
  }
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 04:02:40 +0000