tests/setup/nginx/yetiforce.conf
##############################################
# Best configuration for YetiForceCRM #
# Created by m.krzaczkowski@yetiforce.com #
##############################################
##########################
## Security ##
##########################
server_tokens off;
etag off;
## nginx module: header_filter_by_lua_block
header_filter_by_lua_block {
ngx.header['X-Frame-Options'] = "SAMEORIGIN"
ngx.header['X-XSS-Protection'] = "1; mode=block"
ngx.header['X-Content-Type-Options'] = "nosniff"
ngx.header['Referrer-Policy'] = "no-referrer"
ngx.header['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
ngx.header['X-Robots-Tag'] = "none"
ngx.header['X-Permitted-Cross-Domain-Policies'] = "none"
ngx.header['Expect-CT'] = "enforce; max-age=3600"
ngx.header["Cache-Control"] = ngx.header["Cache-Control"];
}
## nginx module: headers-more-nginx-module
# https://github.com/openresty/headers-more-nginx-module#installation
# https://www.nginx.com/blog/compiling-dynamic-modules-nginx-plus/
more_clear_headers 'Server';
more_clear_headers 'X-Frame-Options';
more_clear_headers 'X-XSS-Protection';
more_clear_headers 'X-Content-Type-Options';
more_clear_headers 'Referrer-Policy';
more_clear_headers 'Strict-Transport-Security';
more_clear_headers 'X-Robots-Tag';
more_clear_headers 'X-Permitted-Cross-Domain-Policies';
more_clear_headers 'Expect-CT';
more_set_headers 'Server: ';
more_set_headers 'X-Frame-Options: SAMEORIGIN';
more_set_headers 'X-XSS-Protection: 1; mode=block';
more_set_headers 'X-Content-Type-Options: nosniff';
more_set_headers 'Referrer-Policy: no-referrer';
more_set_headers 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload';
more_set_headers 'X-Robots-Tag: none';
more_set_headers 'X-Permitted-Cross-Domain-Policies: none';
more_set_headers 'Expect-CT: enforce; max-age=3600';
##########################
## Stability ##
##########################
charset utf-8;
client_max_body_size 100M;
client_body_buffer_size 100M;
client_body_timeout 600;
send_timeout 600;
fastcgi_buffers 256 256k;
fastcgi_buffer_size 256k;
##########################
## Performance ##
##########################
access_log off;
gzip on;
gzip_types
text/css text/javascript text/xml text/plain text/x-component
application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject
font/truetype font/opentype
image/jpeg image/bmp image/svg+xml image/x-icon;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 500;
gzip_disable "msie6";
#add_header Cache-Control "private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0" always;
more_clear_headers 'Cache-Control';
more_set_headers 'Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0';
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|ttf|ttc|otf|eot|woff2?)$ {
access_log off;
expires 1d;
#add_header Cache-Control public always;
more_clear_headers 'Cache-Control';
more_set_headers 'Cache-Control: public';
etag on;
}
##########################
## YetiForce API ##
##########################
rewrite ^/webservice/(.*)/(.*)/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3&record=$4¶m=$5 break;
rewrite ^/webservice/(.*)/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3&record=$4 break;
rewrite ^/webservice/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3 break;
rewrite ^/webservice/(.*)/(.*)$ /webservice.php?_container=$1&action=$2 break;