Last active
July 24, 2024 03:24
-
-
Save Asjas/6e57bf6b8b035356df7dcfbfd532d076 to your computer and use it in GitHub Desktop.
Nginx sample config. Includes CSP headers, caching headers, gzip and brotli compression
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
worker_rlimit_nofile 8192; | |
error_log /var/log/nginx/error.log warn; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 8000; | |
} | |
http { | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
sendfile on; | |
sendfile_max_chunk 1m; | |
server_tokens off; | |
tcp_nopush on; | |
access_log /var/log/nginx/access.log; | |
keepalive_timeout 60s; | |
log_format extended_with_variables '$remote_addr - $remote_user [$time_local]"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" rt=$request_time rt="$upstream_response_time"'; | |
brotli on; | |
brotli_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; | |
brotli_comp_level 9; | |
brotli_min_length 1024; | |
gzip on; | |
gzip_vary on; | |
gzip_comp_level 9; | |
gzip_min_length 1024; | |
gzip_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-Content-Type-Options "nosniff"; | |
add_header X-XSS-Protection "1; mode=block; report=https://asjas.report-uri.com/r/d/xss/enforce; report-to default"; | |
add_header Expect-CT "max-age=604800, report-uri=https://asjas.report-uri.com/r/d/ct/enforce; report-to default"; | |
add_header Content-Security-Policy "default-src 'self' https://portfolio-site.prismic.io/api/v2 https://portfolio-site.cdn.prismic.io/api/v2/documents/search; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.com ajax.cloudflare.com sentry.io fullstory.com analytics.asjas.co.za; img-src 'self' portfolio-site.cdn.prismic.io analytics.asjas.co.za; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'none'; report-uri https://asjas.report-uri.com/r/d/csp/enforce; report-to default"; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; | |
add_header Referrer-Policy "same-origin"; | |
add_header "Report-To" "{'group':'default','max_age':31536000,'endpoints':[{'url':'https://asjas.report-uri.com/a/d/g'}],'include_subdomains':true}"; | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name asjas.co.za; | |
return 302 https://asjas.co.za; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
ssl_certificate /etc/ssl/certs/cert.pem; | |
ssl_certificate_key /etc/ssl/private/key.pem; | |
#ssl_client_certificate /etc/ssl/certs/cloudflare.crt; | |
#ssl_verify_client on; | |
server_name asjas.co.za; | |
root /var/www/html/public; | |
index index.html; | |
client_max_body_size 32m; | |
location /nginx_status { | |
stub_status on; | |
allow 127.0.0.1; | |
deny all; | |
} | |
# Don't cache the service worker | |
location = /sw.js { | |
add_header Cache-Control "no-store, no-cache, max-age=0, must-revalidate"; | |
} | |
# Don't cache html files | |
location ~ \.html { | |
add_header Cache-Control "public, max-age=0, must-revalidate"; | |
} | |
# Cache css and js forever as webpack will cache-bust it | |
location ~ \.(css|js)$ { | |
add_header Cache-Control "public, max-age=31536000, immutable"; | |
} | |
# Cache static directory forever as webpack will cache-bust it | |
location /static { | |
add_header Cache-Control "public, max-age=31536000, immutable"; | |
} | |
error_page 404 /404.html; | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /var/lib/nginx/html; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment