# WebServ Example Configuration # This configuration demonstrates various features of WebServ # Main HTTP server server { listen 8080; server_name localhost webserv.local; root ./www; index index.html index.htm; # Maximum request body size (1MB) client_max_body_size 1m; # Custom error pages error_page 404 /404.html; error_page 500 502 503 504 /50x.html; # Main location - serves static files location / { try_files $uri $uri/ =404; # Cache static files for 1 hour expires 1h; add_header Cache-Control "public"; } # API endpoint simulation location /api/ { # In a real setup, this would proxy to a backend service # For now, we'll serve static JSON files try_files $uri $uri.json =404; add_header Content-Type "application/json"; add_header Access-Control-Allow-Origin "*"; } # File uploads (if supported) location /upload { # Allow larger files for uploads client_max_body_size 10m; # Only allow POST requests limit_except POST { deny all; } } # Directory listing for examples location /examples/ { autoindex on; autoindex_exact_size off; autoindex_localtime on; } # Static assets with long-term caching location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; add_header Vary "Accept-Encoding"; } # Security: deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } # Security: deny access to backup files location ~ ~$ { deny all; access_log off; log_not_found off; } } # HTTPS server (if SSL support is implemented) server { listen 8443 ssl; server_name localhost webserv.local; root ./www; index index.html; # SSL certificate paths (update these paths) ssl_certificate /path/to/certificate.crt; ssl_certificate_key /path/to/private.key; # SSL security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; # Same location blocks as HTTP server location / { try_files $uri $uri/ =404; } } # API-only server server { listen 8081; server_name api.webserv.local; # API root directory root ./api; # CORS headers for API add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" always; # Handle preflight requests location / { if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"; add_header Access-Control-Max-Age 1728000; add_header Content-Type "text/plain; charset=utf-8"; add_header Content-Length 0; return 204; } try_files $uri $uri.json =404; add_header Content-Type "application/json"; } } # File server with directory browsing server { listen 8082; server_name files.webserv.local; root ./files; # Enable directory browsing location / { autoindex on; autoindex_exact_size off; autoindex_localtime on; autoindex_format html; # Custom CSS for directory listing (if supported) add_header Content-Type "text/html; charset=utf-8"; } # Download endpoint (force download) location /download/ { add_header Content-Disposition "attachment"; try_files $uri =404; } }