-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
101 lines (88 loc) · 3.76 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Copyright (C) 2021 - present Juergen Zimmermann, Florian Rusch
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# https://nginx.org/en/docs
# https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image
# https://medium.com/@bhargavbachina/how-to-serve-angular-application-with-nginx-and-docker-3af45be5b854
# https://github.com/paketo-buildpacks/samples/blob/main/nginx/nginx-sample/nginx.conf
worker_processes 1;
daemon off;
error_log stderr;
events { worker_connections 1024; }
http {
charset utf-8;
log_format jz 'NginxLog "$request" $status $body_bytes_sent';
# https://docs.nginx.com/nginx/admin-guide/monitoring/logging
# https://nginx.org/en/docs/debugging_log.html
# https://www.keycdn.com/support/nginx-error-log#nginx-error-log-severity-levels
# Log-Levels: debug, info, notice, warn, error, crit, alert, emerg
# Default-Verzeichnis: /var/log/nginx mit Links zu /dev/stdout und /dev/stderr
#error_log /logs/error.log notice;
error_log /dev/stdout notice;
#access_log /logs/access.log;
access_log /dev/stdout jz;
default_type application/octet-stream;
# fuer z.B. CSS
#include /etc/nginx/mime.types;
include mime.types;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
port_in_redirect off; # Ensure that redirects don't include the internal container PORT - 8080
upstream kunde {
server kunde:8080;
}
server {
# nginx -V
# gleicher Port wie der Container mit der Angular-Webapp
listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
# listen 443 ssl;
server_name localhost;
# Default fuer HTML-, CSS- und JS-Dateien
root /workspace/dist/acme;
location / {
index index.html;
try_files $uri /index.html =404;
}
# "Reverse Proxy" fuer die REST-Schnittstelle bzw. den Kubernetes-Service "kunde"
# https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy
# https://kubernetes.io/docs/tasks/access-application-cluster/connecting-frontend-backend
location /rest/api {
proxy_pass http://kunde:8080/api;
# https://stackoverflow.com/questions/50497006/node-ws-ssl-nginx-giving-error-426-upgrade-needed#answer-61226324
# https://kubernetes.io/docs/tasks/access-application-cluster/connecting-frontend-backend
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /rest/auth/login {
proxy_pass http://kunde:8080/auth/login;
# https://stackoverflow.com/questions/50497006/node-ws-ssl-nginx-giving-error-426-upgrade-needed#answer-61226324
# https://kubernetes.io/docs/tasks/access-application-cluster/connecting-frontend-backend
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1;mode=block";
add_header X-Frame-Options "deny";
add_header Cache-Control "private,no-cache,no-store,max-age=0,no-transform";
gzip on;
gzip_vary on;
# https://nginx.org/en/docs/http/configuring_https_servers.html
# ssl_...
}
}