YetiForceCRM/tests/setup/nginx/yetiforce.conf at de296d83c1d36bf0d92303efa9706ded67549aa8 · YetiForceCompany/YetiForceCRM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
##############################################
#  Best configuration for YetiForceCRM       #
#  Created by m.krzaczkowski@yetiforce.com   #
##############################################

##########################
##       Security       ##
##########################
server_tokens off;
etag off;

##  nginx module: header_filter_by_lua_block
header_filter_by_lua_block {
	ngx.header['X-Frame-Options'] = "SAMEORIGIN"
	ngx.header['X-XSS-Protection'] = "1; mode=block"
	ngx.header['X-Content-Type-Options'] = "nosniff"
	ngx.header['Referrer-Policy'] = "no-referrer"
	ngx.header['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
	ngx.header['X-Robots-Tag'] = "none"
	ngx.header['X-Permitted-Cross-Domain-Policies'] = "none"
	ngx.header['Expect-CT'] = "enforce; max-age=3600"
	ngx.header["Cache-Control"] = ngx.header["Cache-Control"];
}

##  nginx module: headers-more-nginx-module
# https://github.com/openresty/headers-more-nginx-module#installation
# https://www.nginx.com/blog/compiling-dynamic-modules-nginx-plus/
more_clear_headers 'Server';
more_clear_headers 'X-Frame-Options';
more_clear_headers 'X-XSS-Protection';
more_clear_headers 'X-Content-Type-Options';
more_clear_headers 'Referrer-Policy';
more_clear_headers 'Strict-Transport-Security';
more_clear_headers 'X-Robots-Tag';
more_clear_headers 'X-Permitted-Cross-Domain-Policies';
more_clear_headers 'Expect-CT';

more_set_headers 'Server: ';
more_set_headers 'X-Frame-Options: SAMEORIGIN';
more_set_headers 'X-XSS-Protection: 1; mode=block';
more_set_headers 'X-Content-Type-Options: nosniff';
more_set_headers 'Referrer-Policy: no-referrer';
more_set_headers 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload';
more_set_headers 'X-Robots-Tag: none';
more_set_headers 'X-Permitted-Cross-Domain-Policies: none';
more_set_headers 'Expect-CT: enforce; max-age=3600';

##########################
##       Stability      ##
##########################
charset utf-8;
client_max_body_size 100M;
client_body_buffer_size 100M;
client_body_timeout 600;
send_timeout 600;
fastcgi_buffers 256 256k;
fastcgi_buffer_size 256k;
##########################
##      Performance     ##
##########################
access_log off;
gzip on;
gzip_types
text/css text/javascript text/xml text/plain text/x-component
application/javascript application/x-javascript	application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject
font/truetype font/opentype
image/jpeg image/bmp image/svg+xml image/x-icon;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 500;
gzip_disable "msie6";

#add_header Cache-Control "private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0" always;
more_clear_headers 'Cache-Control';
more_set_headers 'Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0';
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|ttf|ttc|otf|eot|woff2?)$ {
	access_log off;
	expires 1d;
	#add_header Cache-Control public always;
	more_clear_headers 'Cache-Control';
	more_set_headers 'Cache-Control: public';
	etag on;
}
##########################
##     YetiForce API    ##
##########################
rewrite ^/webservice/(.*)/(.*)/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3&record=$4&param=$5 break;
rewrite ^/webservice/(.*)/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3&record=$4 break;
rewrite ^/webservice/(.*)/(.*)/(.*)$ /webservice.php?_container=$1&module=$2&action=$3 break;
rewrite ^/webservice/(.*)/(.*)$ /webservice.php?_container=$1&action=$2 break;