35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
server {
|
|
listen 8080;
|
|
proxy_hide_header WWW-Authenticate;
|
|
port_in_redirect off;
|
|
server_tokens off;
|
|
root /usr/share/nginx/html;
|
|
# SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
|
|
# anyway, this is useless to change, since the outer nginx (the one that handles ingress and the whole stack) doesn't allow anything
|
|
add_header Content-Security-Policy "frame-ancestors 'self'; connect-src 'self' $API_URL $PDFTRON_ALLOWED_HOSTS; default-src 'self' $API_URL; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
|
|
|
|
proxy_ssl_verify off;
|
|
proxy_read_timeout 1m;
|
|
proxy_ssl_server_name on;
|
|
|
|
location / {
|
|
return 302 http://$http_host/ui/;
|
|
}
|
|
|
|
location /ui/ {
|
|
proxy_hide_header WWW-Authenticate;
|
|
try_files $uri $uri/ /ui/index.html =404;
|
|
}
|
|
|
|
client_max_body_size 0;
|
|
gzip_min_length 1000;
|
|
gzip on;
|
|
gzip_http_version 1.0;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_types application/javascript text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
}
|