my-dev
/
configs
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new nginx conf

This commit is contained in:
user 2025-09-26 09:53:29 +03:00
parent 23ef27c95b
commit dc6579a20b
1 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nginx.conf
View File

@ -27,6 +27,13 @@ map $http_upgrade $connection_upgrade {
'' close; '' close;
} }
# CORS: reflect Origin if present (fixes credentials-mode restriction)
# If no Origin header -> do not send A-C-A-Origin
map $http_origin $cors_origin {
"" "";
~^https?://[^/]+$ $http_origin;
}
server { server {
listen 80; listen 80;
server_name my-public-node-8.projscale.dev; server_name my-public-node-8.projscale.dev;
@ -49,7 +56,7 @@ server {
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_tickets off; ssl_session_tickets off;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable after confirming HTTPS only # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Общие параметры для стабильности и больших файлов # Общие параметры для стабильности и больших файлов
client_max_body_size 10G; client_max_body_size 10G;
@ -69,10 +76,12 @@ server {
add_header Referrer-Policy strict-origin-when-cross-origin always; add_header Referrer-Policy strict-origin-when-cross-origin always;
add_header X-Request-Id $req_id always; add_header X-Request-Id $req_id always;
# CORS (для API и префлайтов) # CORS: apply globally; specific locations may add extra Expose/Allow lists
add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PATCH, HEAD" always; add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD" always;
add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Tus-Resumable, tus-resumable, Upload-Length, upload-length, Upload-Offset, upload-offset, Upload-Metadata, upload-metadata, Upload-Defer-Length, upload-defer-length, Upload-Concat, upload-concat, x-file-name, x-last-chunk, x-chunk-start, x-upload-id, x-request-id" always; add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Tus-Resumable, tus-resumable, Upload-Length, upload-length, Upload-Offset, upload-offset, Upload-Metadata, upload-metadata, Upload-Defer-Length, upload-defer-length, Upload-Concat, upload-concat, x-file-name, x-last-chunk, x-chunk-start, x-upload-id, x-request-id" always;
add_header Vary "Origin" always;
# Статика фронтенда (SPA) # Статика фронтенда (SPA)
location / { location / {
@ -123,10 +132,14 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Request-Id $req_id; proxy_set_header X-Request-Id $req_id;
add_header Access-Control-Allow-Origin * always;
# CORS for tus
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PATCH, HEAD, OPTIONS" always; add_header Access-Control-Allow-Methods "GET, POST, PATCH, HEAD, OPTIONS" always;
add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent, Tus-Resumable, Upload-Length, Upload-Offset, Upload-Metadata, Upload-Defer-Length, Upload-Concat" always; add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent, Tus-Resumable, Upload-Length, Upload-Offset, Upload-Metadata, Upload-Defer-Length, Upload-Concat" always;
add_header Access-Control-Expose-Headers "Location, Upload-Offset, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension" always; add_header Access-Control-Expose-Headers "Location, Upload-Offset, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension" always;
add_header Vary "Origin" always;
if ($request_method = OPTIONS) { return 204; } if ($request_method = OPTIONS) { return 204; }
} }
@ -152,10 +165,14 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Request-Id $req_id; proxy_set_header X-Request-Id $req_id;
add_header Access-Control-Allow-Origin * always;
# CORS for file GET/HEAD
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always; add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent" always; add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent" always;
add_header Access-Control-Expose-Headers "Location, Upload-Offset, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension" always; add_header Access-Control-Expose-Headers "Location, Upload-Offset, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension" always;
add_header Vary "Origin" always;
if ($request_method = OPTIONS) { return 204; } if ($request_method = OPTIONS) { return 204; }
} }
@ -181,9 +198,12 @@ server {
proxy_send_timeout 300s; proxy_send_timeout 300s;
proxy_read_timeout 300s; proxy_read_timeout 300s;
add_header Access-Control-Allow-Origin * always; # CORS for API
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always; add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent" always; add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD" always;
add_header Access-Control-Allow-Headers "Origin, Cache-Control, Content-Type, Accept, Authorization, Referer, User-Agent, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site" always;
add_header Vary "Origin" always;
# Вебсокеты (на будущее) # Вебсокеты (на будущее)
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@ -201,4 +221,4 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id; proxy_set_header X-Request-Id $req_id;
} }
} }