106 lines
3.4 KiB
Plaintext
106 lines
3.4 KiB
Plaintext
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name secomn.com www.secomn.com;
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
include snippets/self-signed.conf;
|
|
include snippets/ssl-params.conf;
|
|
|
|
server_name secomn.com www.secomn.com;
|
|
|
|
#resolver 8.8.8.8 8.8.4.4 valid=300s;
|
|
#resolver_timeout 5s;
|
|
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
|
|
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
# Add some protection headers for ClickJacking
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
|
|
# Configura http2
|
|
#http2_max_field_size 16k;
|
|
#http2_max_header_size 32k;
|
|
large_client_header_buffers 4 8k;
|
|
# Habilita compresion
|
|
gzip on;
|
|
gzip_comp_level 6;
|
|
gzip_vary on;
|
|
gzip_min_length 1000;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
gzip_buffers 16 8k;
|
|
|
|
# Remove server identifiers to help against enumeration
|
|
server_tokens off;
|
|
root /var/www/www.secomn.com/htdocs;
|
|
try_files $uri $uri/ /index.html;
|
|
|
|
location ~ \.svgz$ {
|
|
add_header Content-Encoding gzip;
|
|
}
|
|
|
|
error_page 404 /errors/404.html;
|
|
location = /errors/404.html {
|
|
#root /var/www/static/%SITE_NAME%/errors;
|
|
root /var/www/www.secomn.com/errors;
|
|
internal;
|
|
}
|
|
|
|
access_log /var/log/nginx/www.secomn.com/static.access.log;
|
|
error_log /var/log/nginx/www.secomn.com/static.error.log;
|
|
|
|
index index.html index.htm;
|
|
|
|
#location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
|
|
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
|
|
#access_log off;
|
|
expires max;
|
|
}
|
|
location ~* \.(json|html)$ {
|
|
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
#
|
|
# Om nom nom cookies
|
|
#
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
#
|
|
# Custom headers and headers various browsers *should* be OK with but aren't
|
|
#
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
#
|
|
# Tell client that this pre-flight info is valid for 20 days
|
|
#
|
|
add_header 'Access-Control-Max-Age' 1728000;
|
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
|
add_header 'Content-Length' 0;
|
|
return 204;
|
|
}
|
|
if ($request_method = 'POST') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
}
|
|
if ($request_method = 'GET') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
}
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
|
|
}
|
|
} |