You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
1.4 KiB
62 lines
1.4 KiB
server { |
|
listen 80; |
|
server_name localhost; |
|
root /usr/share/nginx/html; |
|
index index.html; |
|
|
|
# Security headers |
|
add_header X-Frame-Options "SAMEORIGIN" always; |
|
add_header X-Content-Type-Options "nosniff" always; |
|
add_header X-XSS-Protection "1; mode=block" always; |
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always; |
|
|
|
# Gzip compression |
|
gzip on; |
|
gzip_vary on; |
|
gzip_min_length 1024; |
|
gzip_proxied any; |
|
gzip_comp_level 6; |
|
gzip_types |
|
text/plain |
|
text/css |
|
text/xml |
|
text/javascript |
|
application/json |
|
application/javascript |
|
application/xml+rss |
|
application/atom+xml |
|
image/svg+xml; |
|
|
|
# Cache static assets |
|
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { |
|
expires 1M; |
|
add_header Cache-Control "public, immutable"; |
|
} |
|
|
|
# Main site |
|
location / { |
|
try_files $uri $uri/ /index.html; |
|
} |
|
|
|
# Assets directory for downloads |
|
location /assets/ { |
|
add_header Content-Disposition "attachment"; |
|
add_header Content-Type "application/octet-stream"; |
|
} |
|
|
|
# Health check endpoint |
|
location /health { |
|
access_log off; |
|
return 200 "healthy\n"; |
|
add_header Content-Type text/plain; |
|
} |
|
|
|
# Block access to sensitive files |
|
location ~ /\. { |
|
deny all; |
|
} |
|
|
|
location ~ ~$ { |
|
deny all; |
|
} |
|
} |