-
Notifications
You must be signed in to change notification settings - Fork 42
/
httpd.conf
116 lines (111 loc) · 4.35 KB
/
httpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
error_log /dev/stdout warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_http_version 1.0;
gzip_min_length 256;
gzip_types
application/javascript
application/json
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
server {
listen 80;
access_log /dev/stdout;
root /var/www/mender-gui/dist;
index index.html index.htm;
server_tokens off;
location /tags.json {
try_files $uri =404;
}
location /versions.json {
proxy_set_header Host docs.mender.io;
resolver 8.8.8.8 valid=30s;
set $docs_location https://docs.mender.io/releases/versions.json;
proxy_pass $docs_location;
}
location /ui/ {
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Content-Security-Policy "default-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; connect-src 'self' wss://$host https://localhost https://*.mender.io https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; script-src 'self' https://*.googletagmanager.com https://js.stripe.com https://cdn.jsdelivr.net/npm/cookieconsent@3/build/ https://www.google.com www.gstatic.com 'unsafe-inline'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.tile.openstreetmap.org; font-src 'self'; frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com; style-src 'self' https://cdn.jsdelivr.net/npm/cookieconsent@3/build/ 'unsafe-inline'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';";
add_header Last-Modified $date_gmt;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
if_modified_since off;
expires off;
etag off;
rewrite ^/ui(.*)$ $1 break;
try_files $uri $uri/index.html /index.html =404;
}
location = /ui {
return 301 https://$host/ui/;
}
location ~ ^/([a-zA-Z0-9]+)$ {
return 301 https://$host/ui/$1;
}
location = / {
return 301 https://$host/ui/$1;
}
}
server {
listen 8080;
server_tokens off;
# common errors
location /500.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 500 '{"error": {"status_code": 500,"message": "Internal Server Error"}}';
}
location /502.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 502 '{"error": {"status_code": 502,"message": "Bad Gateway"}}';
}
location /503.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 503 '{"error": {"status_code": 503,"message": "Service Temporarily Unavailable"}}';
}
location /504.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 504 '{"error": {"status_code": 504,"message": "Gateway Timeout"}}';
}
location /400.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 400 '{"error": {"status_code": 400,"message": "Bad Request"}}';
}
location /401.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 401 '{"error": {"status_code": 401,"message": "Unauthorized"}}';
}
location /403.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 403 '{"error": {"status_code": 403,"message": "Forbidden"}}';
}
location /404.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 404 '{"error": {"status_code": 404,"message": "Not Found"}}';
}
location /408.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 408 '{"error": {"status_code": 408,"message": "Request Timeout"}}';
}
location /429.json {
add_header 'Content-Type' 'application/json; charset=UTF-8';
return 429 '{"error": {"status_code": 429,"message": "Too Many Requests"}}';
}
}
}