Skip to content

GitLab

fractalis
fractalis
Commit 79b379b8 authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files
Options

Disabling nginx cache by default. Makes no sense for Fractalis.

parent b1abe263
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 20 deletions
docker/config/nginx/conf.d/default.conf
View file @ 79b379b8
......@@ -2,7 +2,16 @@ server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Last-Modified $date_gmt;
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
if_modified_since off;
expires off;
etag off;
root /usr/share/nginx/html;
index index.html;
upstream fractalis {
server app:5000 fail_timeout=0;
......@@ -13,29 +22,18 @@ server {
listen [::]:443 ssl http2;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/server.crt;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
location @proxy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
......@@ -44,9 +42,7 @@ server {
proxy_pass http://fractalis;
}
location / {
try_files $uri $uri/ @proxy;
}
location / { try_files $uri $uri/ @proxy; }
}
server {
......@@ -54,9 +50,6 @@ server {
listen [::]:80 default_server;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
location @proxy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
......@@ -64,7 +57,5 @@ server {
proxy_pass http://fractalis;
}
location / {
try_files $uri $uri/ @proxy;
}
location / { try_files $uri $uri/ @proxy; }
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment