diff --git a/web/Dockerfile b/web/Dockerfile index 48c589ed5..0d56aa20e 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -9,3 +9,4 @@ FROM nginx COPY --from=npm-builder /static/robots.txt /usr/share/nginx/html/robots.txt COPY --from=npm-builder /static/dist/ /usr/share/nginx/html/static/dist/ COPY --from=npm-builder /static/authentik/ /usr/share/nginx/html/static/authentik/ +COPY ./nginx.conf /etc/nginx/nginx.conf diff --git a/web/nginx.conf b/web/nginx.conf new file mode 100644 index 000000000..f827a88bd --- /dev/null +++ b/web/nginx.conf @@ -0,0 +1,82 @@ +worker_processes auto; +pid /tmp/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; +error_log /dev/stdout; +user www-data; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + log_format json_combined escape=json + '{' + '"timestamp":"$time_local",' + '"host":"$remote_addr",' + '"request_username":"$remote_user",' + '"event":"$request",' + '"status": "$status",' + '"size":"$body_bytes_sent",' + '"runtime":"$request_time",' + '"logger":"nginx",' + '"request_useragent":"$http_user_agent"' + '}'; + access_log /dev/null json_combined; + + ## + # Gzip Settings + ## + + gzip on; + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + server { + listen 80; + server_name _; + charset utf-8; + + location / { + root /usr/share/nginx/html; + access_log /dev/stdout json_combined; + } + } + +}