# Generated by nginxconfig.io # https://nginxconfig.io/?0.domain=local.example.com&0.document_root=&0.https=false&0.php=false&0.proxy&0.proxy_pass=demo.example.com&0.root=false&gzip=false&expires_assets=&expires_media=&expires_svg=&expires_fonts=&file_structure=unified user www-data; pid /run/nginx.pid; worker_processes auto; worker_rlimit_nofile 65535; events { multi_accept on; worker_connections 65535; } http { charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; log_not_found off; types_hash_max_size 2048; client_max_body_size 16M; # # MIME # include mime.types; # default_type application/octet-stream; # # logging # access_log /var/log/nginx/access.log; # error_log /var/log/nginx/error.log warn; # # load configs # include /etc/nginx/conf.d/*.conf; # local.example.com # proxy_cache_path /var/cache/nginx keys_zone=myzone:10m; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { listen 80; listen [::]:80; # server_name local.example.com; # reverse proxy location / { proxy_http_version 1.1; proxy_cache my_cache; proxy_cache_key $scheme$proxy_host$uri$is_args$args; proxy_cache_valid 200 10m; proxy_cache_valid 301 1h; proxy_cache_valid any 10m; # proxy_cache_bypass $http_cache_control; # proxy_cache_bypass $http_upgrade; proxy_cache_background_update on; proxy_cache_lock on; # proxy_cache_revalidate on; proxy_cache_min_uses 1; # default proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; add_header X-Proxy-Cache $upstream_cache_status; add_header Cache-Control "public"; proxy_pass http://demo.example.com; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host "demo.example.com"; # $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host "demo.example.com"; # $host; # Remove IIS and Asp.Net Headers proxy_hide_header X-AspNet-Version; proxy_hide_header X-AspNetMvc-Version; proxy_hide_header X-Powered-By; proxy_ignore_headers X-Accel-Expires; proxy_ignore_headers Expires; proxy_ignore_headers Cache-Control; proxy_ignore_headers Set-Cookie; # # TODO REMOVE !!! experiment proxy_hide_header Set-Cookie; proxy_hide_header Cache-Control; } # # security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; # # . files # location ~ /\.(?!well-known) { # deny all; # } # # favicon.ico # location = /favicon.ico { # log_not_found off; # access_log off; # } # # robots.txt # location = /robots.txt { # log_not_found off; # access_log off; # } } # # subdomains redirect # server { # listen 80; # listen [::]:80; # server_name *.local.example.com; # return 301 http://local.example.com$request_uri; # } }