diff options
Diffstat (limited to 'nanobox')
-rw-r--r-- | nanobox/nginx-local.conf | 20 | ||||
-rw-r--r-- | nanobox/nginx-stream.conf.erb | 17 | ||||
-rw-r--r-- | nanobox/nginx-web.conf.erb | 22 |
3 files changed, 47 insertions, 12 deletions
diff --git a/nanobox/nginx-local.conf b/nanobox/nginx-local.conf index c0e883603..37c8a451a 100644 --- a/nanobox/nginx-local.conf +++ b/nanobox/nginx-local.conf @@ -10,10 +10,13 @@ http { sendfile on; gzip on; - gzip_http_version 1.0; + gzip_disable "MSIE [1-6]\."; + gzip_vary on; gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; + gzip_http_version 1.1; gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml; # Proxy upstream to the puma process @@ -36,9 +39,12 @@ http { # Listen on port 8080 listen 8080; + keepalive_timeout 70; + client_max_body_size 80M; + root /app/public; - client_max_body_size 80M; + add_header Strict-Transport-Security "max-age=31536000"; location / { try_files $uri @rails; @@ -47,6 +53,10 @@ http { # Proxy connections to rails location @rails { proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; proxy_pass_header Server; proxy_pass http://rails; @@ -62,6 +72,10 @@ http { # Proxy connections to node location /api/v1/streaming { proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; proxy_pass http://node; proxy_buffering off; diff --git a/nanobox/nginx-stream.conf.erb b/nanobox/nginx-stream.conf.erb index 12bcc8ca5..4ea6e30fc 100644 --- a/nanobox/nginx-stream.conf.erb +++ b/nanobox/nginx-stream.conf.erb @@ -10,10 +10,13 @@ http { sendfile on; gzip on; - gzip_http_version 1.1; + gzip_disable "MSIE [1-6]\."; + gzip_vary on; gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; + gzip_http_version 1.1; gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml; # Proxy upstream to the node process @@ -31,11 +34,13 @@ http { # Listen on port 8080 listen 8080; - add_header Strict-Transport-Security "max-age=31536000"; - # add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests"; + keepalive_timeout 70; + client_max_body_size 80M; root /app/public; + add_header Strict-Transport-Security "max-age=31536000"; + location / { try_files $uri @node; } @@ -43,6 +48,10 @@ http { # Proxy connections to node location @node { proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; proxy_pass http://node; proxy_buffering off; diff --git a/nanobox/nginx-web.conf.erb b/nanobox/nginx-web.conf.erb index d96f1bfc7..182d99209 100644 --- a/nanobox/nginx-web.conf.erb +++ b/nanobox/nginx-web.conf.erb @@ -10,10 +10,13 @@ http { sendfile on; gzip on; - gzip_http_version 1.0; + gzip_disable "MSIE [1-6]\."; + gzip_vary on; gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; + gzip_http_version 1.1; gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml; # Proxy upstream to the puma process @@ -31,12 +34,12 @@ http { # Listen on port 8080 listen 8080; - add_header Strict-Transport-Security "max-age=31536000"; - # add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests"; + keepalive_timeout 70; + client_max_body_size 80M; root /app/public; - client_max_body_size 80M; + add_header Strict-Transport-Security "max-age=31536000"; location / { try_files $uri @rails; @@ -44,17 +47,23 @@ http { location /sw.js { add_header Cache-Control "public, max-age=0"; + add_header Strict-Transport-Security "max-age=31536000"; try_files $uri @rails; } location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) { add_header Cache-Control "public, max-age=31536000, immutable"; + add_header Strict-Transport-Security "max-age=31536000"; try_files $uri @rails; } # Proxy connections to rails location @rails { proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; proxy_pass_header Server; proxy_pass http://rails; @@ -66,7 +75,10 @@ http { proxy_cache CACHE; proxy_cache_valid 200 7d; + proxy_cache_valid 410 24h; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + add_header Strict-Transport-Security "max-age=31536000"; + add_header X-Cached $upstream_cache_status; tcp_nodelay on; } |