2021-10-04 03:50:22 +08:00
|
|
|
{
|
2022-01-14 04:09:38 +08:00
|
|
|
# LetsEncrypt account
|
|
|
|
|
email YOUR_EMAIL
|
2021-10-04 03:50:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Dashboard
|
|
|
|
|
https://dashboard.NETMAKER_BASE_DOMAIN {
|
2022-01-14 04:09:38 +08:00
|
|
|
# Apply basic security headers
|
|
|
|
|
header {
|
2022-02-10 16:27:38 +08:00
|
|
|
# Enable cross origin access to *.NETMAKER_BASE_DOMAIN
|
|
|
|
|
Access-Control-Allow-Origin *.NETMAKER_BASE_DOMAIN
|
2022-01-14 04:09:38 +08:00
|
|
|
# Enable HTTP Strict Transport Security (HSTS)
|
|
|
|
|
Strict-Transport-Security "max-age=31536000;"
|
|
|
|
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
|
|
|
X-XSS-Protection "1; mode=block"
|
|
|
|
|
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
|
|
|
|
|
X-Frame-Options "SAMEORIGIN"
|
|
|
|
|
# Prevent search engines from indexing
|
|
|
|
|
X-Robots-Tag "none"
|
|
|
|
|
# Remove the server name
|
|
|
|
|
-Server
|
|
|
|
|
}
|
2022-01-14 04:05:16 +08:00
|
|
|
|
2022-01-14 04:09:38 +08:00
|
|
|
reverse_proxy http://127.0.0.1:8082
|
2021-10-04 03:50:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# API
|
|
|
|
|
https://api.NETMAKER_BASE_DOMAIN {
|
2022-01-14 04:09:38 +08:00
|
|
|
reverse_proxy http://127.0.0.1:8081
|
2021-10-04 03:50:22 +08:00
|
|
|
}
|
|
|
|
|
|
