conf/nginx.template.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
daemon off;
worker_processes auto;
error_log /dev/stdout;
worker_rlimit_nofile 40000;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
# Define MIME types here.
types {
text/html html;
text/css css;
text/javascript js;
image/gif gif;
image/png png;
image/svg+xml svg svgz;
font/opentype otf;
application/x-font-ttf ttc ttf;
}
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
limit_conn perip 10;
limit_conn perserver 100;
# Header information
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'self' ${API_HOST} *.google.com *.amazon.com dap.digitalgov.gov *.google-analytics.com fonts.googleapis.com fonts.gstatic.com;";
index index.html;
server {
client_body_temp_path /tmp/nginx_client_temp 1 2;
listen 8080;
listen [::]:8080 default_server;
root /usr/share/nginx/html;
client_max_body_size 5000000;
location / {
autoindex on;
try_files $uri /index.html;
}
# requests for specific files (that have an extension)
location ~ "\.[a-zA-Z0-9]{2,4}$" {}
}
}