152 lines
4.1 KiB
Plaintext
152 lines
4.1 KiB
Plaintext
# WebServ Example Configuration
|
|
# This configuration demonstrates various features of WebServ
|
|
|
|
# Main HTTP server
|
|
server {
|
|
listen 8080;
|
|
server_name localhost webserv.local;
|
|
root ./www;
|
|
index index.html index.htm;
|
|
|
|
# Maximum request body size (1MB)
|
|
client_max_body_size 1m;
|
|
|
|
# Custom error pages
|
|
error_page 404 /404.html;
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
# Main location - serves static files
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
|
|
# Cache static files for 1 hour
|
|
expires 1h;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
# API endpoint simulation
|
|
location /api/ {
|
|
# In a real setup, this would proxy to a backend service
|
|
# For now, we'll serve static JSON files
|
|
try_files $uri $uri.json =404;
|
|
add_header Content-Type "application/json";
|
|
add_header Access-Control-Allow-Origin "*";
|
|
}
|
|
|
|
# File uploads (if supported)
|
|
location /upload {
|
|
# Allow larger files for uploads
|
|
client_max_body_size 10m;
|
|
|
|
# Only allow POST requests
|
|
limit_except POST {
|
|
deny all;
|
|
}
|
|
}
|
|
|
|
# Directory listing for examples
|
|
location /examples/ {
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
autoindex_localtime on;
|
|
}
|
|
|
|
# Static assets with long-term caching
|
|
location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
add_header Vary "Accept-Encoding";
|
|
}
|
|
|
|
# Security: deny access to hidden files
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Security: deny access to backup files
|
|
location ~ ~$ {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
}
|
|
|
|
# HTTPS server (if SSL support is implemented)
|
|
server {
|
|
listen 8443 ssl;
|
|
server_name localhost webserv.local;
|
|
root ./www;
|
|
index index.html;
|
|
|
|
# SSL certificate paths (update these paths)
|
|
ssl_certificate /path/to/certificate.crt;
|
|
ssl_certificate_key /path/to/private.key;
|
|
|
|
# SSL security headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# Same location blocks as HTTP server
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
}
|
|
|
|
# API-only server
|
|
server {
|
|
listen 8081;
|
|
server_name api.webserv.local;
|
|
|
|
# API root directory
|
|
root ./api;
|
|
|
|
# CORS headers for API
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" always;
|
|
|
|
# Handle preflight requests
|
|
location / {
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header Access-Control-Allow-Origin "*";
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With";
|
|
add_header Access-Control-Max-Age 1728000;
|
|
add_header Content-Type "text/plain; charset=utf-8";
|
|
add_header Content-Length 0;
|
|
return 204;
|
|
}
|
|
|
|
try_files $uri $uri.json =404;
|
|
add_header Content-Type "application/json";
|
|
}
|
|
}
|
|
|
|
# File server with directory browsing
|
|
server {
|
|
listen 8082;
|
|
server_name files.webserv.local;
|
|
root ./files;
|
|
|
|
# Enable directory browsing
|
|
location / {
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
autoindex_localtime on;
|
|
autoindex_format html;
|
|
|
|
# Custom CSS for directory listing (if supported)
|
|
add_header Content-Type "text/html; charset=utf-8";
|
|
}
|
|
|
|
# Download endpoint (force download)
|
|
location /download/ {
|
|
add_header Content-Disposition "attachment";
|
|
try_files $uri =404;
|
|
}
|
|
}
|