manh-dan · October 2, 2021 14:22
diff --git a/nginx.conf b/nginx.conf
 user                            www-data;
 worker_processes                auto;
 worker_rlimit_nofile		8192;

 error_log                       /var/log/nginx/error.log warn;
 pid                             /var/run/nginx.pid;

 events {
    worker_connections          8000;
 }

 http {
    include                     /etc/nginx/mime.types;
    default_type                application/octet-stream;
    sendfile                    on;
    sendfile_max_chunk          1m;
    server_tokens		off;
    tcp_nopush                  on;
    access_log                  /var/log/nginx/access.log;
    keepalive_timeout           60s;

    log_format extended_with_variables '$remote_addr - $remote_user [$time_local]"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" rt=$request_time rt="$upstream_response_time"';

    brotli			on;
    brotli_types		text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon;
    brotli_comp_level		9;
    brotli_min_length		1024;

    gzip			on;
    gzip_vary		      	on;
    gzip_comp_level		9;
    gzip_min_length		1024;
    gzip_types			text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon;

    add_header          X-Frame-Options "SAMEORIGIN";
    add_header          X-Content-Type-Options "nosniff";
    add_header          X-XSS-Protection "1; mode=block; report=https://asjas.report-uri.com/r/d/xss/enforce; report-to default";
    add_header          Expect-CT "max-age=604800, report-uri=https://asjas.report-uri.com/r/d/ct/enforce; report-to default";
    add_header          Content-Security-Policy "default-src 'self' https://portfolio-site.prismic.io/api/v2 https://portfolio-site.cdn.prismic.io/api/v2/documents/search; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.com ajax.cloudflare.com sentry.io fullstory.com analytics.asjas.co.za; img-src 'self' portfolio-site.cdn.prismic.io analytics.asjas.co.za; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'none'; report-uri https://asjas.report-uri.com/r/d/csp/enforce; report-to default";
    add_header          Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    add_header          Referrer-Policy "same-origin";
    add_header          "Report-To" "{'group':'default','max_age':31536000,'endpoints':[{'url':'https://asjas.report-uri.com/a/d/g'}],'include_subdomains':true}";

    server {
        listen                  80;
        listen			[::]:80;
        server_name             asjas.co.za;
 	
 	return		        302	https://asjas.co.za;
    }

  server {
        listen			443 ssl http2;
        listen			[::]:443 ssl http2;
        ssl_certificate		/etc/ssl/certs/cert.pem;
        ssl_certificate_key	/etc/ssl/private/key.pem;
        #ssl_client_certificate	/etc/ssl/certs/cloudflare.crt;
        #ssl_verify_client	on;

        server_name		asjas.co.za;
        root			/var/www/html/public;
        index			index.html;
        client_max_body_size    32m;

        location /nginx_status {
                stub_status on;
                allow 127.0.0.1;
                deny all;
        }

        # Don't cache the service worker
        location = /sw.js {
                add_header Cache-Control "no-store, no-cache, max-age=0, must-revalidate";
        }

        # Don't cache html files
        location ~ \.html {
                add_header Cache-Control "public, max-age=0, must-revalidate";
        }

        # Cache css and js forever as webpack will cache-bust it
        location ~ \.(css|js)$ {
                add_header Cache-Control "public, max-age=31536000, immutable";
        }

        # Cache static directory forever as webpack will cache-bust it
        location /static {
                add_header Cache-Control "public, max-age=31536000, immutable";
        }

        error_page              404              /404.html;
        error_page              500 502 503 504  /50x.html;
        location = /50x.html {
                root              /var/lib/nginx/html;
        }
    }
 }
	user www-data;
	worker_processes auto;
	worker_rlimit_nofile 8192;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;

	events {
	worker_connections 8000;
	}

	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	sendfile on;
	sendfile_max_chunk 1m;
	server_tokens off;
	tcp_nopush on;
	access_log /var/log/nginx/access.log;
	keepalive_timeout 60s;

	log_format extended_with_variables '$remote_addr - $remote_user [$time_local]"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" rt=$request_time rt="$upstream_response_time"';

	brotli on;
	brotli_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon;
	brotli_comp_level 9;
	brotli_min_length 1024;

	gzip on;
	gzip_vary on;
	gzip_comp_level 9;
	gzip_min_length 1024;
	gzip_types text/text text/plain text/css text/javascript application/javascript application/json application/manifest+json font/otf font/ttf font/woff font/woff2 image/svg+xml image/x-icon;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-Content-Type-Options "nosniff";
	add_header X-XSS-Protection "1; mode=block; report=https://asjas.report-uri.com/r/d/xss/enforce; report-to default";
	add_header Expect-CT "max-age=604800, report-uri=https://asjas.report-uri.com/r/d/ct/enforce; report-to default";
	add_header Content-Security-Policy "default-src 'self' https://portfolio-site.prismic.io/api/v2 https://portfolio-site.cdn.prismic.io/api/v2/documents/search; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.com ajax.cloudflare.com sentry.io fullstory.com analytics.asjas.co.za; img-src 'self' portfolio-site.cdn.prismic.io analytics.asjas.co.za; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'none'; report-uri https://asjas.report-uri.com/r/d/csp/enforce; report-to default";
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
	add_header Referrer-Policy "same-origin";
	add_header "Report-To" "{'group':'default','max_age':31536000,'endpoints':[{'url':'https://asjas.report-uri.com/a/d/g'}],'include_subdomains':true}";

	server {
	listen 80;
	listen [::]:80;
	server_name asjas.co.za;

	return 302 https://asjas.co.za;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	ssl_certificate /etc/ssl/certs/cert.pem;
	ssl_certificate_key /etc/ssl/private/key.pem;
	#ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
	#ssl_verify_client on;

	server_name asjas.co.za;
	root /var/www/html/public;
	index index.html;
	client_max_body_size 32m;

	location /nginx_status {
	stub_status on;
	allow 127.0.0.1;
	deny all;
	}

	# Don't cache the service worker
	location = /sw.js {
	add_header Cache-Control "no-store, no-cache, max-age=0, must-revalidate";
	}

	# Don't cache html files
	location ~ \.html {
	add_header Cache-Control "public, max-age=0, must-revalidate";
	}

	# Cache css and js forever as webpack will cache-bust it
	location ~ \.(css\|js)$ {
	add_header Cache-Control "public, max-age=31536000, immutable";
	}

	# Cache static directory forever as webpack will cache-bust it
	location /static {
	add_header Cache-Control "public, max-age=31536000, immutable";
	}

	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/lib/nginx/html;
	}
	}
	}