andreas/keila-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
273aff206c969a8921b16ffd862b0ed373e47088
keila-cloudron/nginx.conf
Andreas Dueren 16a51b8c61 Fix nginx read-only filesystem issues
2025-06-20 10:09:39 -06:00

84 lines
2.5 KiB
Nginx Configuration File
Raw Blame History

server {
listen 4000 default_server;
listen [::]:4000 default_server;
server_name _;
root /tmp;
client_max_body_size 100m;
client_body_temp_path /tmp/nginx/body;
fastcgi_temp_path /tmp/nginx/fastcgi;
proxy_temp_path /tmp/nginx/proxy;
scgi_temp_path /tmp/nginx/scgi;
uwsgi_temp_path /tmp/nginx/uwsgi;
# Security headers
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy strict-origin-when-cross-origin;
# Logging
access_log /dev/stdout;
error_log /dev/stderr;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# Proxy to Keila application
location / {
proxy_pass http://127.0.0.1:4001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Health check endpoint
location /healthz {
proxy_pass http://127.0.0.1:4001/healthz;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log off;
}
# Static files caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://127.0.0.1:4001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
Reference in New Issue View Git Blame Copy Permalink