-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
108 lines (87 loc) · 3.6 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
worker_processes auto;
# load brotli modules
# see https://docs.nginx.com/nginx/admin-guide/dynamic-modules/brotli/
# loaded either from /usr/share/nginx/<modules> or /etc/nginx/modules..
# not exactly sure where they are loaded from in which case.
# These files are placed there inside Dockerfile build.
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
# provides the configuration file context in which the directives that affect
# connection processing are specified.
events {
# determines how much clients will be served per worker
worker_connections 1024;
}
http {
# this is where the angular app is located
root /usr/share/nginx/html;
# not needed here; we do this in reverse proxy
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;
# we don't need ETAG caching mechanism
etag off;
# encode all content as utf8
charset utf-8;
# copies data between one FD and other from within the kernel
# faster than read() + write()
sendfile on;
# includes /etc/nginx/mime.types
# should be this file: https://github.com/nginx/nginx/blob/master/conf/mime.types
include mime.types;
# add MIME for webmanifest, because it's not defined in standard mime.types
# taken from: https://github.com/h5bp/server-configs-nginx/blob/master/mime.types
types {
application/manifest+json webmanifest;
}
gzip on;
gzip_min_length 1000;
gzip_static on;
gzip_proxied expired no-cache no-store private auth;
# For the option gzip_types, the mime-type text/html is always included by default,
# so one doesn't need to specify it explicitly.
gzip_types text/plain text/css text/xml
application/javascript application/json application/xml application/rss+xml application/manifest+json
image/svg+xml image/x-icon;
# only works because we loaded the module earlier
brotli on;
brotli_comp_level 7;
brotli_static on;
# For the option brotli_types, the mime-type text/html is always included by default,
# so one doesn't need to specify it explicitly.
brotli_types text/plain text/css text/xml
application/javascript application/json application/xml application/rss+xml application/manifest+json
image/svg+xml image/x-icon;
# needed if too many too long server configurations are provided
# server_names_hash_bucket_size 64;
# not a big problem
# maybe TODO in future; also compile this module
# https://github.com/openresty/headers-more-nginx-module#installation
# more_clear_headers 'server';
# error pages
error_page 403 /403.html;
# end error pages
server {
listen 80 default_server;
listen [::]:80 default_server;
# long term static caching (fingerprinted resources)
location ~* \.(?:css|js|png|jpg|jpeg)$ {
# this is fine because we have fingerprinted files anyway
expires 365d;
add_header Cache-Control "public, no-transform";
}
# short term static caching (non-fingerprinted resources)
location ~* \.(?:ico|webmanifest|txt)$ {
# this is fine because we have fingerprinted files anyway
expires 1d;
add_header Cache-Control "public, no-transform";
}
location / {
# try uri as file, then as directory, then as 404 with 404 as response code
try_files $uri $uri/ /404.html =404;
# try_files $uri $uri/ /index.html;
}
}
}