summarylogtreecommitdiffstats
path: root/nginx-default.conf
blob: 6bef369c99b63867c480372f17acc8a5db92ed29 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
server {
  listen 8080 default_server;
  listen [::]:8080 default_server;
  server_name test.mydom.com;

  # X-Frame-Options is to prevent from click-jacking attack
  #add_header X-Frame-Options SAMEORIGIN;

  # Disable content-type sniffing on some browsers.
  add_header X-Content-Type-Options nosniff;

  # This header enables the Cross-site scripting (XSS) filter
  add_header X-XSS-Protection "1; mode=block";

  # This header controls what referrer information is shared
  add_header Referrer-Policy same-origin;

  # Content-Security-Policy is set via meta tag on the website so it is not included here

  location / {
    proxy_pass http://bitwarden-web/;
  }

  location = /app-id.json {
    proxy_pass http://bitwarden-web:5000/app-id.json;
    proxy_hide_header Content-Type;
    add_header Content-Type $fido_content_type;
  }

  location /attachments/ {
    proxy_pass http://bitwarden-attachments:5000/;
  }

  location /api/ {
    proxy_pass http://bitwarden-api:5000/;
  }

  location /identity/ {
    proxy_pass http://bitwarden-identity:5000/;
  }

  location /icons/ {
    proxy_pass http://bitwarden-icons:5000/;
  }

  location /admin {
    proxy_pass http://bitwarden-admin:5000;
  }
}