fragginwagon/memory-infrastructure-palace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Enhance Nginx configuration with improved gzip settings, additional security headers, caching rules, API proxy settings, WebSocket support, health check endpoint, and updated error page handling

Browse Source
This commit is contained in:
Greg Jacobs
2026-01-29 06:34:24 +00:00
parent 688f75babf
commit 77ec6436a8
1 changed files with 53 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
code/websites/pokedex.online/nginx.conf
View File

@@ -8,7 +8,18 @@ server {
# Enable gzip compression # Enable gzip compression
gzip on; gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# Serve static files # Serve static files
location / { location / {
@@ -19,6 +30,39 @@ server {
expires 1y; expires 1y;
add_header Cache-Control "public, immutable"; add_header Cache-Control "public, immutable";
} }
# Don't cache HTML files
location ~* \.(html)$ {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate";
}
}
# Proxy to backend API server (OAuth proxy + Gamemaster API)
location /api/ {
proxy_pass http://backend:3000/;
proxy_http_version 1.1;
# Proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support (if needed later)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout settings
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
} }
# Proxy Challonge API requests to avoid CORS # Proxy Challonge API requests to avoid CORS
@@ -58,11 +102,15 @@ server {
proxy_read_timeout 30s; proxy_read_timeout 30s;
} }
# Security headers # Health check endpoint
add_header X-Frame-Options "SAMEORIGIN" always; location /health {
add_header X-Content-Type-Options "nosniff" always; access_log off;
add_header X-XSS-Protection "1; mode=block" always; return 200 "healthy\n";
add_header Content-Type text/plain;
}
# Error pages # Error pages
error_page 404 /index.html; error_page 404 /index.html;
error_page 500 502 503 504 /index.html;
} }