daemon off; worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>; events { use epoll; accept_mutex on; worker_connections 1024; } http { gzip on; gzip_comp_level 2; gzip_min_length 512; server_tokens off; log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id'; access_log <%= ENV['NGINX_ACCESS_LOG_PATH'] || 'logs/nginx/access.log' %> l2met; error_log <%= ENV['NGINX_ERROR_LOG_PATH'] || 'logs/nginx/error.log' %>; include mime.types; default_type application/octet-stream; sendfile on; # Must read the body in 5 seconds. client_body_timeout 5; proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off; upstream nextjs_upstream { server unix:/tmp/nginx.socket fail_timeout=0; } server { listen <%= ENV['PORT'] %>; server_name _; keepalive_timeout 5; port_in_redirect off; more_clear_headers 'X-Powered-By'; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; if ($http_x_forwarded_proto != 'https') { rewrite ^ https://$host$request_uri? permanent; } # A default restrictive CSP that should always be overriden by location blocks. include sec-headers-base.conf; # All the JS / CSS served by next. location /_next/static { # Next.js serves far-futures expires itself. # This caching will have nginx serve statics (after the first request) # rather than hitting the app-server. proxy_cache STATIC; proxy_pass http://nextjs_upstream; # For testing cache - remove before deploying to production add_header X-Cache-Status $upstream_cache_status; # Full sec headers so error pages work. include sec-headers.conf; } # Serves static files added to public/static location /static { proxy_cache STATIC; proxy_ignore_headers Cache-Control; proxy_cache_valid 60m; add_header X-Cache-Status $upstream_cache_status; # Full sec headers so error pages work. include sec-headers.conf; proxy_pass http://nextjs_upstream; } location /api { # Full sec headers so error pages work. include sec-headers.conf; proxy_pass http://nextjs_upstream; } location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; include sec-headers.conf; proxy_pass http://nextjs_upstream; } } }