tum
/
soc


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
							user nobody nogroup;
worker_processes auto;          # auto-detect number of logical CPU cores

events {
	worker_connections 512;       # set the max number of simultaneous connections (per worker process)
}

http {
	client_max_body_size 250M;

	include mime.types;

	# thanks stackoverflow http://stackoverflow.com/a/5132440/2406040
	gzip  on;
	gzip_http_version 1.1;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_proxied any;
	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;

	# make sure gzip does not lose large gzipped js or css files
	# see http://blog.leetsoft.com/2007/07/25/nginx-gzip-ssl.html
	gzip_buffers 16 8k;

	# Disable gzip for certain browsers.
	gzip_disable "MSIE [1-6].(?!.*SV1)";

	server {
		listen         80;
		server_name    "localhost";

		#location /static/js/* {
		#	# avoid clickjacking
		#	add_header X-Frame-Options DENY;
		#	add_header X-Content-Type-Options nosniff;
		#	add_header ;
		#	# block MIME sniffing

		#	# security headers
		#	add_header X-XSS-Protection "1; mode=block";
		#	# add_header Content-Security-Policy "default-src 'self'";
		#	add_header Referrer-Policy "no-referrer";
		#	server_tokens off;

		#	root /usr/share/nginx/html;
		#	gzip_static on;
		#	expires 1y;
		#	add_header Cache-Control public;
		#	add_header ETag "";
		#	try_files $uri /index.html;
		#}

		location / {
			# avoid clickjacking
			add_header X-Frame-Options DENY;
			# block MIME sniffing
			add_header X-Content-Type-Options nosniff;

			# security headers
			add_header X-XSS-Protection "1; mode=block";
			# add_header Content-Security-Policy "default-src 'self'";
			add_header Referrer-Policy "no-referrer";
			server_tokens off;

			root /usr/share/nginx/html;
			gzip_static on;
			expires 1y;
			add_header Cache-Control public;
			add_header ETag "";
			try_files $uri /index.html;
		}

		location ~ /api/v(1|2) {
			proxy_pass http://${BACKEND_HOSTNAME}:5001;
			proxy_buffering off;
			proxy_http_version 1.1;

			proxy_connect_timeout 900;
			proxy_send_timeout 900;
			proxy_read_timeout 900;
			send_timeout 900;
		}

	}

	server {
		listen              443 ssl;
		server_name         "localhost";
		ssl_certificate     fullchain.cert.pem;
		ssl_certificate_key privkey.pem;
		ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers         HIGH:!aNULL:!MD5;

		location / {
			# avoid clickjacking
			add_header X-Frame-Options DENY;
			# block MIME sniffing
			add_header X-Content-Type-Options nosniff;

			# security headers
			add_header X-XSS-Protection "1; mode=block";
			# add_header Content-Security-Policy "default-src 'self'";
			add_header Referrer-Policy "no-referrer";
			server_tokens off;

			root /usr/share/nginx/html;
			gzip_static on;
			expires 1y;
			add_header Cache-Control public;
			add_header ETag "";
			try_files $uri /index.html;
		}

		# Get the hostname from environment here?
		location ~ /api/v(1|2) {
			proxy_pass http://${BACKEND_HOSTNAME}:5001;

			proxy_buffering off;
			proxy_http_version 1.1;

			proxy_connect_timeout 900;
			proxy_send_timeout 900;
			proxy_read_timeout 900;
			send_timeout 900;
		}
	}
}