-
-
Save mszkb/e42e66f3b2ec0aa6bd1ddce297f0fe94 to your computer and use it in GitHub Desktop.
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # for detailed explaination @see # https://gist.github.com/plentz/6737338 | |
| server_tokens off; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; | |
| # as we use Azure the SSL part is done by the WebApp Service | |
| server { | |
| listen 80 default; | |
| gzip on; | |
| gzip_min_length 1000; | |
| gzip_proxied expired no-cache no-store private auth; | |
| # redirect / requests to container frontend | |
| location / { | |
| proxy_pass http://frontend; | |
| } | |
| # redirect /api requests to container backend | |
| location /api/ { | |
| proxy_pass http://backend/; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment