nginx-docker.conf.template

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

server {
    listen       8080;
    server_name  _;

    root   /usr/share/nginx/html;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy same-origin;
    add_header Strict-Transport-Security "max-age=31536000;";
    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'self'; font-src 'self'";

    location /healthcheck {
          access_log    off;
          log_not_found off;
          return 200 '{"message": "Health OK"}';
    }

    location ~/(api|socket\.io|__getcookie) {
        client_max_body_size 20M;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_pass ${BACKEND_URL};
        proxy_set_header X-SSL-client-s-dn "";
    }

    location /index.html {
        expires     -1;
        add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    }

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~* ^.+\.(md|json)$ {
        access_log off;
        log_not_found off;
        expires -1;
        add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    }

    location ~* ^.+\.(svg|svgz|otf|woff|ttf|css|js|jpg|jpeg|gif|png|ico|gz|woff2)$ {
        access_log off;
        log_not_found off;
        add_header Cache-Control "public, max-age=31536000";
    }

    error_page   500 502 503 504  /50x.html;

    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}