-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
137 lines (116 loc) · 5.93 KB
/
Copy pathnginx.conf
File metadata and controls
137 lines (116 loc) · 5.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Production nginx configuration for SocialSpaces (static HTML/CSS/JS)
# Optimized for: mobile performance, caching, security, gzip compression
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
# ── MIME Types ───────────────────────────────────────────────────────────
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Ensure JS modules work correctly
types {
application/javascript js mjs;
application/manifest+json manifest;
}
# ── Performance ──────────────────────────────────────────────────────────
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off; # Hide nginx version
# ── Gzip Compression ─────────────────────────────────────────────────────
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_types
text/plain
text/css
text/javascript
text/html
application/javascript
application/json
application/manifest+json
application/xml
image/svg+xml
font/truetype
font/opentype
application/font-woff
application/font-woff2;
# ── Logging ──────────────────────────────────────────────────────────────
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
# ── Server Block ─────────────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# ── Security Headers ─────────────────────────────────────────────────
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(self), camera=(), microphone=()" always;
# ── Cache: Long-lived for fingerprinted assets ────────────────────────
location ~* \.(woff2?|ttf|otf|eot)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Access-Control-Allow-Origin "*";
expires 1y;
}
location ~* \.(png|jpg|jpeg|gif|ico|svg|webp)$ {
add_header Cache-Control "public, max-age=2592000"; # 30d
expires 30d;
}
# ── Cache: Short-lived for JS/CSS (content may change on deploy) ──────
location ~* \.(css|js)$ {
add_header Cache-Control "public, max-age=3600, must-revalidate";
expires 1h;
}
# ── Cache: JSON files (pincode data etc.) ─────────────────────────────
location ~* \.json$ {
add_header Cache-Control "public, max-age=86400"; # 1d
expires 1d;
}
# ── Service Worker: must not be cached ───────────────────────────────
location = /sw.js {
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate";
add_header Pragma "no-cache";
expires -1;
}
# ── Manifest: short cache ─────────────────────────────────────────────
location = /manifest.json {
add_header Cache-Control "public, max-age=3600";
expires 1h;
}
# ── Root redirect → login ────────────────────────────────────────────
location = / {
return 301 /pages/login.html;
}
# ── Pages: no-cache (always fresh) ───────────────────────────────────
location ~* \.html$ {
add_header Cache-Control "no-cache, must-revalidate";
expires 0;
}
# ── SPA Fallback ──────────────────────────────────────────────────────
location / {
try_files $uri $uri/ $uri.html =404;
}
# ── Custom error pages ────────────────────────────────────────────────
error_page 404 /pages/login.html;
error_page 500 502 503 504 /pages/login.html;
# ── Health check ──────────────────────────────────────────────────────
location = /healthz {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
}