add-ons/nginx.conf

worker_processes 1;

pid  /var/run/nginx.pid;

events {
  worker_connections  8096;
  multi_accept        on;
  use                 epoll;
}

http {

  default_type application/octet-stream;
  include /etc/nginx/mime.types;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  gzip on;
  gzip_types    text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
  keepalive_timeout 5;
  keepalive_requests 200;
  reset_timedout_connection on;
  server_tokens off;

  map $host $kymadomain {
    ~^[^\.]+\.(.*)$ $1;
    default 'kyma.local';
  }

  server {

    server_name localhost3;
    listen 6969;
    port_in_redirect off;

    location /healthz {
      access_log off;
      stub_status;
    }

  }

  server {

    server_name localhost;
    listen 80 http2;
    root /var/public;
    port_in_redirect off;

    location / {

      try_files $uri$args $uri$args/ $uri $uri/ /;

      add_header 'Cache-Control' 'public, max-age=300';
      add_header Access-Control-Allow-Origin *;
      add_header X-Content-Type-Options 'nosniff';
      add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
      add_header X-XSS-Protection '1; mode=block';
      add_header X-Frame-Options 'SAMEORIGIN';
      add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.$kymadomain wss://*.$kymadomain; font-src 'self' data:; frame-ancestors https://*.$kymadomain; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
    }

    location /status {

      access_log off;
      stub_status;

      add_header Access-Control-Allow-Origin *;
    }

  }
}