-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-http-routing.conf
41 lines (33 loc) · 1.54 KB
/
nginx-http-routing.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
server {
listen 80;
listen 443;
server_name <YOUR_FRONTEND_ADDRESS_WITHOUT_HTTPS>;
# Implement a Content Security Policy (CSP) to mitigate the risk of CSRF by restricting the sources from which scripts can be loaded.
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';";
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /api/ {
# hooks your api calls. it means when you send calls to https://your_frontend.com/api/questions it will be transformed into http://<YOUR_BACKEND_NAME>:5212/api/questions
# /api/ also should be presented in BACKEND Controllers routing, for example like this: [Route("api/[controller]")]
proxy_pass http://<YOUR_BACKEND_NAME>:5212;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Rate limiting
limit_req zone=mylimit burst=20 nodelay;
# Allow only requests from your own domain
# slightly improves the security. the next step
if ($http_origin !~* ^(https?://(www\.)?<YOUR_FRONTEND_DOMAIN_ADDRESS>\.com)$) {
return 403;
}
}
}