From 15369496ecc4f8bd2b170b9afc2c2c0558ae97ad Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sat, 13 Dec 2025 00:33:26 -0800
Subject: Init adelie

---
 nginx.conf | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 nginx.conf

(limited to 'nginx.conf')

diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..2024c55
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,81 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                  '$status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log /var/log/nginx/access.log main;
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  client_max_body_size 20M;
+
+  # Gzip compression
+  gzip on;
+  gzip_vary on;
+  gzip_min_length 1024;
+  gzip_types text/plain text/css text/xml text/javascript
+             application/x-javascript application/xml+rss
+             application/javascript application/json;
+
+  server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+
+    # CORS headers - allow requests from any origin
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "Content-Type" always;
+
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+      return 204;
+    }
+
+    # CSS and JS - long cache, versioning handled by filenames
+    location ~* \.(css|js)$ {
+      expires 1y;
+      add_header Cache-Control "public, immutable, max-age=31536000" always;
+    }
+
+    # Fonts - long cache
+    location ~* \.(woff|woff2|ttf|otf|eot)$ {
+      expires 1y;
+      add_header Cache-Control "public, immutable, max-age=31536000" always;
+    }
+
+    # Images - moderate cache
+    location ~* \.(jpg|jpeg|png|gif|svg|ico|webp)$ {
+      expires 30d;
+      add_header Cache-Control "public, max-age=2592000" always;
+    }
+
+    # Everything else - short cache
+    location / {
+      expires 1h;
+      add_header Cache-Control "public, max-age=3600" always;
+      try_files $uri $uri/ =404;
+    }
+  }
+}
-- 
cgit v1.2.3-70-g09d2