This repository has been archived by the owner on Nov 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnginx.conf
70 lines (52 loc) · 2.1 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
server {
listen 80;
listen [::]:80;
server_name _;
set $legacy_app "${LEGACY_APP_URL}";
set $frontend_app "${FRONTEND_APP_URL}";
resolver 127.0.0.11;
proxy_cookie_domain ${LEGACY_APP_COOKIE_DOMAIN} $host;
# Redirect old URLs to new ones
absolute_redirect off;
rewrite ^/login/?$ /auth/login permanent;
# Gzip compression
gzip on;
gzip_vary on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss image/svg+xml;
gzip_min_length 256;
location /.well-known {
root /usr/share/nginx/html;
}
# Frontend
location ~ ^/(assets|profile|contacts|callouts|join|auth|admin|_theme|embed.js) {
# Proxy scrapers to legacy app for metadata
if ($http_user_agent ~* "linkedinbot|googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
proxy_pass $legacy_app/share?uri=$request_uri;
}
include sec_headers;
add_header Content-Security-Policy "frame-ancestors ${TRUSTED_ORIGINS}";
# add_header Content-Security-Policy "default-src 'self'; font-src 'self' data: https://use.typekit.net; style-src 'self' 'unsafe-inline'; script-src 'self' https://js.stripe.com; frame-src https://js.stripe.com; connect-src 'self' https://api.stripe.com";
proxy_pass $frontend_app;
}
# The rest
include sec_headers;
add_header Content-Security-Policy "frame-ancestors 'none'";
#add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'"
location ~ ^/(robots\.txt|android-chrome|apple-touch-icon\.png|browserconfig\.xml|favicon|mstile|safari-pinned-tab\.svg|site\.webmanifest) {
proxy_pass $legacy_app;
access_log off;
log_not_found off;
}
location /upload {
client_max_body_size 20M;
proxy_pass $legacy_app;
}
location /api {
proxy_pass $legacy_app;
}
location / {
#include sec_headers;
#add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
proxy_pass $legacy_app;
}
}