diff options
Diffstat (limited to 'nginx.conf')
| -rw-r--r-- | nginx.conf | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..2024c55 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,81 @@ +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 20M; + + # Gzip compression + gzip on; + gzip_vary on; + gzip_min_length 1024; + gzip_types text/plain text/css text/xml text/javascript + application/x-javascript application/xml+rss + application/javascript application/json; + + server { + listen 80; + server_name _; + root /usr/share/nginx/html; + + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + + # CORS headers - allow requests from any origin + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, OPTIONS" always; + add_header Access-Control-Allow-Headers "Content-Type" always; + + # Handle preflight requests + if ($request_method = 'OPTIONS') { + return 204; + } + + # CSS and JS - long cache, versioning handled by filenames + location ~* \.(css|js)$ { + expires 1y; + add_header Cache-Control "public, immutable, max-age=31536000" always; + } + + # Fonts - long cache + location ~* \.(woff|woff2|ttf|otf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable, max-age=31536000" always; + } + + # Images - moderate cache + location ~* \.(jpg|jpeg|png|gif|svg|ico|webp)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000" always; + } + + # Everything else - short cache + location / { + expires 1h; + add_header Cache-Control "public, max-age=3600" always; + try_files $uri $uri/ =404; + } + } +} |