Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Fractalis
fractalis
Commits
79b379b8
Commit
79b379b8
authored
May 31, 2018
by
Sascha Herzinger
Browse files
Disabling nginx cache by default. Makes no sense for Fractalis.
parent
b1abe263
Changes
1
Hide whitespace changes
Inline
Side-by-side
docker/config/nginx/conf.d/default.conf
View file @
79b379b8
...
...
@@ -2,7 +2,16 @@ server_tokens off;
add_header
X
-
Frame
-
Options
SAMEORIGIN
;
add_header
X
-
Content
-
Type
-
Options
nosniff
;
add_header
X
-
XSS
-
Protection
"1; mode=block"
;
add_header
Strict
-
Transport
-
Security
"max-age=31536000; includeSubdomains; preload"
;
add_header
Last
-
Modified
$
date_gmt
;
add_header
Cache
-
Control
"private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"
;
if_modified_since
off
;
expires
off
;
etag
off
;
root
/
usr
/
share
/
nginx
/
html
;
index
index
.
html
;
upstream
fractalis
{
server
app
:
5000
fail_timeout
=
0
;
...
...
@@ -13,29 +22,18 @@ server {
listen
[::]:
443
ssl
http2
;
server_name
localhost
;
root
/
usr
/
share
/
nginx
/
html
;
index
index
.
html
;
ssl_certificate
/
etc
/
nginx
/
server
.
crt
;
ssl_certificate_key
/
etc
/
nginx
/
server
.
key
;
ssl_session_cache
shared
:
SSL
:
50
m
;
ssl_session_timeout
1
d
;
ssl_session_tickets
off
;
ssl_prefer_server_ciphers
on
;
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
;
ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'
;
resolver
8
.
8
.
8
.
8
8
.
8
.
4
.
4
;
ssl_stapling
on
;
ssl_stapling_verify
on
;
ssl_trusted_certificate
/
etc
/
nginx
/
server
.
crt
;
add_header
Strict
-
Transport
-
Security
"max-age=31536000; includeSubdomains; preload"
;
location
@
proxy
{
proxy_set_header
Host
$
http_host
;
proxy_set_header
X
-
Real
-
IP
$
remote_addr
;
...
...
@@ -44,9 +42,7 @@ server {
proxy_pass
http
://
fractalis
;
}
location
/ {
try_files
$
uri
$
uri
/ @
proxy
;
}
location
/ {
try_files
$
uri
$
uri
/ @
proxy
; }
}
server
{
...
...
@@ -54,9 +50,6 @@ server {
listen
[::]:
80
default_server
;
server_name
localhost
;
root
/
usr
/
share
/
nginx
/
html
;
index
index
.
html
;
location
@
proxy
{
proxy_set_header
Host
$
http_host
;
proxy_set_header
X
-
Real
-
IP
$
remote_addr
;
...
...
@@ -64,7 +57,5 @@ server {
proxy_pass
http
://
fractalis
;
}
location
/ {
try_files
$
uri
$
uri
/ @
proxy
;
}
location
/ {
try_files
$
uri
$
uri
/ @
proxy
; }
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment