# TimeSafari Staging Server Configuration # Author: Matthew Raymer # Description: Staging server configuration for TimeSafari web application # # Features: # - Relaxed caching for testing # - Debug-friendly settings # - Same security as production # - Development-friendly error handling server { listen 80; server_name _; root /usr/share/nginx/html; index index.html; # Security headers (same as production) add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; # Handle Vue.js SPA routing location / { try_files $uri $uri/ /index.html; # Relaxed caching for staging location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1h; add_header Cache-Control "public, must-revalidate"; add_header Vary "Accept-Encoding"; } # No caching for HTML files in staging location ~* \.html$ { expires 0; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; } } # Handle service worker (no caching) location /sw.js { expires 0; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; } # Handle manifest file (short cache) location /manifest.json { expires 1h; add_header Cache-Control "public, must-revalidate"; } # Handle API requests (if needed) # Note: Backend API is not currently deployed # Uncomment and configure when backend service is available # location /api/ { # limit_req zone=api burst=20 nodelay; # proxy_pass http://backend:3000; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # Handle health check location /health { access_log off; return 200 "healthy-staging\n"; add_header Content-Type text/plain; } # Handle robots.txt (no caching in staging) location /robots.txt { expires 0; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # Handle favicon (short cache) location /favicon.ico { expires 1h; add_header Cache-Control "public, must-revalidate"; } # Security: Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } # Security: Deny access to backup files location ~ ~$ { deny all; access_log off; log_not_found off; } # Error pages (more verbose for staging) error_page 404 /index.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # Enhanced logging for staging access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log debug; }