You can not select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
					
					
						
							112 lines
						
					
					
						
							3.0 KiB
						
					
					
				
			
		
		
		
			
			
			
				
					
				
				
					
				
			
		
		
	
	
							112 lines
						
					
					
						
							3.0 KiB
						
					
					
				| # TimeSafari Default Server Configuration | |
| # Author: Matthew Raymer | |
| # Description: Production server configuration for TimeSafari web application | |
| # | |
| # Features: | |
| # - Vue.js SPA routing support | |
| # - Static file caching optimization | |
| # - Security hardening | |
| # - Performance optimization | |
| # - Proper error handling | |
| 
 | |
| server { | |
|     listen 80; | |
|     server_name _; | |
|     root /usr/share/nginx/html; | |
|     index index.html; | |
| 
 | |
|     # Security headers | |
|     add_header X-Frame-Options "SAMEORIGIN" always; | |
|     add_header X-Content-Type-Options "nosniff" always; | |
|     add_header X-XSS-Protection "1; mode=block" always; | |
|     add_header Referrer-Policy "strict-origin-when-cross-origin" always; | |
|     add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; | |
| 
 | |
|     # Handle Vue.js SPA routing | |
|     location / { | |
|         try_files $uri $uri/ /index.html; | |
|          | |
|         # Cache static assets | |
|         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { | |
|             expires 1y; | |
|             add_header Cache-Control "public, immutable"; | |
|             add_header Vary "Accept-Encoding"; | |
|         } | |
|          | |
|         # Cache HTML files for a shorter time | |
|         location ~* \.html$ { | |
|             expires 1h; | |
|             add_header Cache-Control "public, must-revalidate"; | |
|         } | |
|     } | |
| 
 | |
|     # Handle service worker | |
|     location /sw.js { | |
|         expires 0; | |
|         add_header Cache-Control "no-cache, no-store, must-revalidate"; | |
|         add_header Pragma "no-cache"; | |
|     } | |
| 
 | |
|     # Handle manifest file | |
|     location /manifest.json { | |
|         expires 1d; | |
|         add_header Cache-Control "public"; | |
|     } | |
| 
 | |
|     # Handle API requests (if needed) | |
|     # Note: Backend API is not currently deployed | |
|     # Uncomment and configure when backend service is available | |
|     # location /api/ { | |
|     #     limit_req zone=api burst=20 nodelay; | |
|     #     proxy_pass http://backend:3000; | |
|     #     proxy_set_header Host $host; | |
|     #     proxy_set_header X-Real-IP $remote_addr; | |
|     #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
|     #     proxy_set_header X-Forwarded-Proto $scheme; | |
|     # } | |
| 
 | |
|     # Handle health check | |
|     location /health { | |
|         access_log off; | |
|         return 200 "healthy\n"; | |
|         add_header Content-Type text/plain; | |
|     } | |
| 
 | |
|     # Handle robots.txt | |
|     location /robots.txt { | |
|         expires 1d; | |
|         add_header Cache-Control "public"; | |
|     } | |
| 
 | |
|     # Handle favicon | |
|     location /favicon.ico { | |
|         expires 1y; | |
|         add_header Cache-Control "public, immutable"; | |
|     } | |
| 
 | |
|     # Security: Deny access to hidden files | |
|     location ~ /\. { | |
|         deny all; | |
|         access_log off; | |
|         log_not_found off; | |
|     } | |
| 
 | |
|     # Security: Deny access to backup files | |
|     location ~ ~$ { | |
|         deny all; | |
|         access_log off; | |
|         log_not_found off; | |
|     } | |
| 
 | |
|     # Error pages | |
|     error_page 404 /index.html; | |
|     error_page 500 502 503 504 /50x.html; | |
|      | |
|     location = /50x.html { | |
|         root /usr/share/nginx/html; | |
|     } | |
| 
 | |
|     # Logging | |
|     access_log /var/log/nginx/access.log main; | |
|     error_log /var/log/nginx/error.log warn; | |
| }  |