# Default nginx configuration
user root;
worker_processes auto;
daemon off;
error_log /data/logs/nginx/nginx.log error;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data/logs/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
disable_symlinks off;
server {
listen REPLACE_SERVER_PORT;
root /usr/local/share/ariang;
index index.html;
proxy_intercept_errors off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
location /jsonrpc {
proxy_pass http://127.0.0.1:6800/jsonrpc;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
location /rpc {
proxy_pass http://127.0.0.1:6800/jsonrpc;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /nginx_status {
stub_status;
}
location /health {
default_type text/html;
allow all;
access_log off;
return 200 'OK';
}
location /health/json {
default_type application/json;
allow all;
access_log off;
return 200 '{"status":"OK"}';
}
}
}