This repository has been archived by the owner on Jun 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathnginx.conf
170 lines (140 loc) · 5.68 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# Copyright 2015 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
daemon off;
user www-data;
worker_processes auto;
error_log /dev/stderr info;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
include mime.types;
include gzip_params;
server_tokens off;
default_type application/json;
client_max_body_size 10m;
access_log /dev/stdout;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
keepalive_requests 10000;
map $http_x_forwarded_proto $fastcgi_https {
default '';
https on;
}
map $http_upgrade $type {
default 'web';
websocket 'ws';
}
proxy_cache_path /tmp/sessions keys_zone=one:10m levels=1:2 inactive=600s max_size=100m;
proxy_cache_key $scheme$proxy_host$request_uri;
proxy_cache_methods GET HEAD;
server {
listen 8080 reuseport;
root /app/public;
index index.php;
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE';
more_set_headers 'Access-Control-Allow-Headers: Authorization, Cache-Control, Content-Type, Keep-Alive, Origin, USE-API-KEY, USE-API-SIGNATURE, X-Requested-With';
add_header 'Content-Security-Policy' "default-src 'self'";
add_header 'X-Content-Security-Policy' "default-src 'self'";
add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubdomains;';
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-Frame-Options' 'DENY';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'X-WebKit-CSP' "default-src 'self'";
location / {
try_files /nonexistent @$type;
}
location @web {
try_files $uri $uri/ @swoole;
}
location @ws {
proxy_pass http://127.0.0.1:6001;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Scheme $scheme;
proxy_set_header Server-Protocol $server_protocol;
proxy_set_header Server-Name $server_name;
proxy_set_header Server-Addr $server_addr;
proxy_set_header Server-Port $server_port;
proxy_cache_bypass $http_upgrade;
}
location = /index.php {
# Ensure that there is no such file named 'not_exists'
# in your 'public' directory.
try_files /not_exists @swoole;
}
location @swoole {
set $suffix '';
if ($uri = /index.php) {
set $suffix '/';
}
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 200;
}
proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Scheme $scheme;
proxy_set_header Server-Protocol $server_protocol;
proxy_set_header Server-Name $server_name;
proxy_set_header Server-Addr $server_addr;
proxy_set_header Server-Port $server_port;
proxy_pass http://127.0.0.1:9000$suffix;
}
location ~ ^/_ah/health$ {
access_log off;
return 200 'ok';
}
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
error_page 503 @503_json;
error_page 502 @502_json;
error_page 500 @500_json;
error_page 404 @404_json;
location @503_json {
return 503 '{"data": {"message": "The server is temporary unable to serve your request"}, "meta": {"timestamp": $msec}}';
}
location @502_json {
return 502 '{"data": {"message": "The server encountered a temporary error and could not complete your request"}, "meta": {"timestamp": $msec}}';
}
location @500_json {
return 500 '{"data": {"message": "There was an error. Please try again later"}, "meta": {"timestamp": $msec}}';
}
location @404_json {
return 404 '{"data": {"message": "The requested resource was not found"}, "meta": {"timestamp": $msec}}';
}
}
}