Files
velocity-pay-flutter/nginx.conf
2026-06-24 18:01:34 +02:00

51 lines
1.7 KiB
Nginx Configuration File

events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Security headers
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript image/svg+xml;
gzip_min_length 1000;
# Deny access to hidden/dot files (.env, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Cache static assets
location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|eot|ttf|svg|json)$ {
expires 6M;
access_log off;
add_header Cache-Control "public, immutable";
}
# Service worker - no cache
location = /flutter_service_worker.js {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate";
}
# SPA fallback: all requests that don't match a real file go to index.html
location / {
try_files $uri $uri/ /index.html;
}
}
}