Sign upLogin

Aam-Digital/ndb-core

View on GitHub
Star
build/default.conf

Summary

Maintainability
Test Coverage
server {
    listen       ${PORT};
    listen  [::]:${PORT};

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    # Bodies of all sizes are allowed
    client_max_body_size 0;

    root /usr/share/nginx/html;

    add_header Content-Security-Policy-Report-Only "${CSP}; report-uri ${CSP_REPORT_URI}?ngsw-bypass=true";
    # ?ngsw-bypass prevents angular serviceworker to intercept and break CSP reporting (https://github.com/angular/angular/issues/31477)

    # TODO: consider adding `trusted-types angular angular#unsafe-bypass; require-trusted-types-for 'script';` CSP in future
    add_header X-Frame-Options: SAMEORIGIN; # only applies in older browsers, CSP frame-ancestors takes prevalence https://stackoverflow.com/a/40417609/1473411
    add_header X-Content-Type-Options: nosniff;

    # Catch requests to the assets folder
    # These should not be forwarded to the index.html
    # This currently includes a fallback for previous requests including a locale
    location ~* /assets/(.+)$ {
        # $1 refers to everything after 'assets/'
        try_files $uri /assets/$1 =404;
    }

    location / {
        index index.html index.htm;
        try_files $uri $uri/ /index.html =404;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # The proxy path should be the same as in AppSettings.DB_PROXY_PREFIX
    location ^~ /db {
        rewrite /db/(.*) /$1 break;
        proxy_pass ${COUCHDB_URL};
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
    }

    # The proxy path should be the same as in SqlReportService.QUERY_PROXY
    location ^~ /query {
        rewrite /query/(.*) /$1 break;
        proxy_pass ${QUERY_URL};
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
    }

    # The proxy path should be the same as in GeoService.remoteUrl
    location ^~ /nominatim {
        rewrite /nominatim/(.*) /$1 break;
        proxy_pass ${NOMINATIM_URL};
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
    }
}