-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
42 lines (34 loc) · 1.34 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
worker_processes 4;
events { worker_connections 1024; }
http {
upstream openroast {
least_conn;
server app-01:8000 weight=10 max_fails=3 fail_timeout=30s;
server app-02:8000 weight=10 max_fails=3 fail_timeout=30s;
server app-03:8000 weight=10 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name api.openroast.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/api.openroast.org/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/api.openroast.org/privkey.pem;
# Add perfect forward secrecy
ssl_prefer_server_ciphers on;
# Add HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header 'Access-Control-Allow-Origin' 'openroast.org';
add_header 'Access-Control-Allow-Origin' 'localhost.openroast.org';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://openroast;
}
}
}