forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnginx.conf
58 lines (49 loc) · 1.65 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
charset utf-8;
tcp_nopush on;
client_header_timeout 10s;
client_body_timeout 10s;
reset_timedout_connection on;
gzip on;
gzip_types
text/css
text/javascript
text/xml
text/plain
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
server_name localhost;
server_name_in_redirect off;
root /references;
# note that HSTS headers are ignored over http, so the site will remain accessible
# at http://localhost:8000 without any issues.
add_header "Strict-Transport-Security" "max-age=31536000; includeSubDomains" always;
add_header "X-Content-Type-Options" "nosniff" always;
add_header "X-XSS-Protection" "1; mode=block" always;
add_header "X-Frame-Options" "DENY" always;
add_header "Referrer-Policy" "origin" always;
add_header "Content-Security-Policy" "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js; connect-src 'self' https://bh4d9od16a-dsn.algolia.net https://schemas.taskcluster.net; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com" always;
location / {
try_files $uri @rewrites;
}
location /__heartbeat__ {
return 200 "{}";
}
location /__lbheartbeat__ {
return 200 "{}";
}
location @rewrites {
root /;
rewrite ^\/__version__$ /app/version.json last;
}
# be nice and allow people to find files
autoindex on;
}