Hello,
The default.conf
file is as follows:
server {
listen 80;
listen [::]:80;
server_name Lottery;
location / {
try_files $uri @User;
}
location @User {
proxy_pass http://User:3000;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
In which part of the configuration file should I add the following settings?
server_tokens off;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-Runtime;
proxy_hide_header X-Redirect-By;
more_set_headers "Server : ";
more_set_headers "X-XSS-Protection : 0";
more_set_headers "X-Content-Type-Options : nosniff"
more_set_headers "X-Download-Options : noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies : none"
gzip on;
gzip_min_length 1499;
gzip_disable "msie6";
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/wasm application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml application/xml
image/bmp
image/svg+xml
image/x-icon
font/opentype
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml
application/xml+rss;
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 130;
limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s;
limit_req zone=allips burst=400 nodelay;
limit_req_status 429;
limit_conn_status 429;
open_file_cache max=5000 inactive=240s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
client_max_body_size 20M;
client_header_buffer_size 5k;
large_client_header_buffers 2 2k;
client_body_buffer_size 32k;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
Thank you.