b6f8ede98a
* chore: nginx log is s, not ms * chore: log seconds from gunicorn too * chore: drop X-Real-IP header / log * style: Black * style: single -> double quotes * feat: add is-authenticated header * feat: log is-authenticated header * chore: update nginx-auth.conf to match
33 lines
1.4 KiB
Plaintext
33 lines
1.4 KiB
Plaintext
server {
|
|
listen 8080 default_server;
|
|
server_name _;
|
|
|
|
# Replace default "main" formatter with the ietfjson formatter from nginx-logging.conf
|
|
access_log /var/log/nginx/access.log ietfjson;
|
|
|
|
location /health/nginx {
|
|
access_log off;
|
|
return 200;
|
|
}
|
|
|
|
location /robots.txt {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /doc/pdf/\n";
|
|
}
|
|
|
|
location / {
|
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: https://datatracker.ietf.org/ https://www.ietf.org/ http://ietf.org/ https://analytics.ietf.org https://static.ietf.org; frame-ancestors 'self' ietf.org *.ietf.org meetecho.com *.meetecho.com";
|
|
proxy_set_header Host $${keepempty}host;
|
|
proxy_set_header Connection close;
|
|
proxy_set_header X-Request-Start "t=$${keepempty}msec";
|
|
proxy_set_header X-Forwarded-For $${keepempty}proxy_add_x_forwarded_for;
|
|
proxy_hide_header X-Datatracker-Is-Authenticated; # hide this from the outside world
|
|
proxy_pass http://localhost:8000;
|
|
# Set timeouts longer than Cloudflare proxy limits
|
|
proxy_connect_timeout 60; # nginx default (Cf = 15)
|
|
proxy_read_timeout 120; # nginx default = 60 (Cf = 100)
|
|
proxy_send_timeout 60; # nginx default = 60 (Cf = 30)
|
|
client_max_body_size 0; # disable size check
|
|
}
|
|
}
|