user root; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 3; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json; map $http_upgrade $connection_upgrade { default upgrade; '' close; } # include /etc/nginx/sites-enabled/*; server { listen 3449 default_server; server_name _; client_max_body_size 30M; charset utf-8; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; resolver 127.0.0.11; etag off; root /home/penpot/penpot/frontend/resources/public; location @handle_redirect { set $redirect_uri "$upstream_http_location"; set $redirect_host "$upstream_http_x_host"; set $redirect_cache_control "$upstream_http_cache_control"; set $real_mtype "$upstream_http_x_mtype"; proxy_set_header Host "$redirect_host"; proxy_hide_header etag; proxy_hide_header x-amz-id-2; proxy_hide_header x-amz-request-id; proxy_hide_header x-amz-meta-server-side-encryption; proxy_hide_header x-amz-server-side-encryption; proxy_pass $redirect_uri; add_header x-internal-redirect "$redirect_uri"; add_header x-cache-control "$redirect_cache_control"; add_header cache-control "$redirect_cache_control"; add_header content-type "$real_mtype"; } location /assets { proxy_pass http://127.0.0.1:6060/assets; recursive_error_pages on; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } location ~ ^/github/penpot-files/(?[a-zA-Z0-9\-\_\.]+) { proxy_pass https://raw.githubusercontent.com/penpot/penpot-files/main/$template_file; proxy_hide_header Access-Control-Allow-Origin; proxy_set_header User-Agent "curl/7.74.0"; proxy_set_header Host "raw.githubusercontent.com"; proxy_set_header Accept "*/*"; add_header Access-Control-Allow-Origin $http_origin; proxy_buffering off; } location /internal/assets { internal; alias /home/penpot/penpot/backend/assets; add_header x-internal-redirect "$upstream_http_x_accel_redirect"; } location /api/export { proxy_pass http://127.0.0.1:6061; } location /api { proxy_pass http://127.0.0.1:6060/api; } location /webhooks { proxy_pass http://127.0.0.1:6060/webhooks; } location /dbg { proxy_pass http://127.0.0.1:6060/dbg; } location /telemetry { proxy_pass http://127.0.0.1:6070/inbox; } location /playground { alias /home/penpot/penpot/experiments/; add_header Cache-Control "no-cache, max-age=0"; autoindex on; } location /ws/notifications { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_pass http://127.0.0.1:6060/ws/notifications; } location / { add_header Last-Modified $date_gmt; add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; if_modified_since off; expires off; } } }