# Default nginx configuration user root; worker_processes 1; daemon off; error_log /proc/self/fd/2 error; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; gzip on; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen SERVER_PORT; root /usr/local/share/ariang; index index.html; proxy_intercept_errors off; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; location /jsonrpc { proxy_pass http://127.0.0.1:8080/jsonrpc; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } location /rpc { proxy_pass http://127.0.0.1:8080/jsonrpc; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /nginx_status { stub_status; } location /health { default_type text/html; allow all; access_log off; return 200 'OK'; } location /health.json { default_type application/json; allow all; access_log off; return 200 '{"status":"OK"}'; } } }