-
-
Notifications
You must be signed in to change notification settings - Fork 113
/
nginx_docker.conf
57 lines (42 loc) · 1.82 KB
/
nginx_docker.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
server {
listen 8083;
autoindex off;
server_name localhost;
access_log /var/log/nginx.patrowlmanager-access.log;
error_log /var/log/nginx.patrowlmanager-error.log;
# Protects against Clickjacking attacks.
add_header X-Frame-Options "SAMEORIGIN";
# Protects against Clickjacking attacks.
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
# Protects against XSS injections.
add_header X-XSS-Protection "1; mode=block";
# Protects against MIME-type confusion attack.
add_header X-Content-Type-Options "nosniff";
# CSP modern XSS directive-based defence, used since 2014.
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;";
# Prevents from leaking referrer data over insecure connections.
add_header Referrer-Policy 'strict-origin';
# Disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
location / {
proxy_pass http://web:8003;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Proxy "";
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
# Custom headers
proxy_connect_timeout 75s;
proxy_read_timeout 300s;
proxy_redirect off;
proxy_buffering off;
proxy_buffer_size "4k";
}
location /static {
alias /opt/patrowl-manager/staticfiles;
}
# location /media {
# alias /opt/patrowl-manager/media;
# }
}