# nginx configuration for proxying user REPLACE_WWW_USER; worker_processes auto; daemon off; error_log REPLACE_LOG_DIR/nginx.log warn; pid REPLACE_RUN_DIR/nginx.pid; events { worker_connections 1024; } http { include REPLACE_ETC_DIR/mime.types; default_type "text/html"; sendfile on; keepalive_timeout 65; gzip on; map $http_upgrade $connection_upgrade { default upgrade; '' close; } disable_symlinks off; server { listen 0.0.0.0:80 default_server; server_name REPLACE_SERVER_NAME; client_max_body_size 0; proxy_intercept_errors off; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; index index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php; root /var/lib/nginx/html; location /health { default_type text/plain; return 200 'ok'; } location /health/text { default_type text/plain; return 200 'ok'; } location /health/json { default_type application/json; return 200 '{"status":"ok","message":"running"}'; } location / { proxy_ssl_verify off; send_timeout 3600; client_max_body_size 0; proxy_http_version 1.1; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; proxy_intercept_errors off; proxy_request_buffering off; proxy_buffering off; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:8000; } } }