|
worker_processes auto; |
|
pid /tmp/nginx.pid; |
|
|
|
events { |
|
worker_connections 1024; |
|
use epoll; |
|
multi_accept on; |
|
} |
|
|
|
http { |
|
include /etc/nginx/mime.types; |
|
default_type application/octet-stream; |
|
|
|
access_log /tmp/access.log; |
|
error_log /tmp/error.log warn; |
|
|
|
sendfile on; |
|
tcp_nopush on; |
|
tcp_nodelay on; |
|
keepalive_timeout 65; |
|
types_hash_max_size 2048; |
|
server_tokens off; |
|
|
|
|
|
gzip on; |
|
gzip_vary on; |
|
gzip_proxied any; |
|
gzip_comp_level 6; |
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; |
|
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always; |
|
add_header X-XSS-Protection "1; mode=block" always; |
|
add_header X-Content-Type-Options "nosniff" always; |
|
add_header Referrer-Policy "no-referrer-when-downgrade" always; |
|
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; |
|
|
|
|
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; |
|
|
|
server { |
|
listen 8080; |
|
server_name localhost; |
|
|
|
root /usr/share/nginx/html; |
|
index index.html; |
|
|
|
|
|
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { |
|
expires 30d; |
|
add_header Cache-Control "public, no-transform"; |
|
} |
|
|
|
location / { |
|
try_files $uri $uri/ /index.html; |
|
} |
|
|
|
|
|
location ~ /\.ht { |
|
deny all; |
|
} |
|
} |
|
} |
|
|
