diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..e766aed --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,84 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 8000; + multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + server_names_hash_bucket_size 64; + server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + map $sent_http_content_type $content_security_policy { + ~*text/(html|javascript)|application/pdf|xml "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests"; + } + + map $sent_http_content_type $referrer_policy { + ~*text/(css|html|javascript)|application\/pdf|xml "strict-origin-when-cross-origin"; + } + + map $sent_http_content_type $cors { + #Images + ~*image/ "*"; + + #Web fonts + ~*font/ "*"; + ~*application/vnd.ms-fontobject "*"; + ~*application/x-font-ttf "*"; + ~*application/font-woff "*"; + ~*application/x-font-woff "*"; + ~*application/font-woff2 "*"; + } + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +}