48 lines
1.5 KiB
Plaintext
48 lines
1.5 KiB
Plaintext
# Minimal static site config (no TLS). Site is mounted at runtime.
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# Static root (mounted from host: ./site -> /usr/share/nginx/html)
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Gzip for common text types
|
|
gzip on;
|
|
gzip_types text/plain text/css application/javascript application/json application/xml image/svg+xml;
|
|
gzip_min_length 1024;
|
|
gzip_comp_level 5;
|
|
|
|
# Security headers (adjust per project needs)
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
# add_header Content-Security-Policy "default-src 'self'" always; # Consider tailoring CSP; may break 3rd-party assets
|
|
|
|
# Default: serve files directly; 404 if missing
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# Long cache for static assets by extension
|
|
location ~* \.(?:ico|css|js|mjs|gif|jpe?g|png|svg|webp|woff2?|ttf)$ {
|
|
expires 30d;
|
|
access_log off;
|
|
add_header Cache-Control "public, max-age=2592000, immutable";
|
|
}
|
|
|
|
# Avoid caching HTML to ensure fresh content
|
|
location ~* \.(?:html)$ {
|
|
expires -1;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# Optional: enable basic status (restrict in production)
|
|
# location /__status {
|
|
# stub_status;
|
|
# allow 127.0.0.1;
|
|
# deny all;
|
|
# }
|
|
}
|