worker_processes 4; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_min_length 1024; gzip_types application/javascript application/json application/manifest+json application/rss+xml application/vnd.ms-fontobject application/wasm application/x-javascript application/xml font/ttf font/otf image/svg+xml text/css text/javascript text/plain text/xml; set_real_ip_from 0.0.0.0/0; real_ip_recursive on; real_ip_header X-Forward-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout; error_log /dev/stderr; server { listen 3000; # Security headers add_header X-Frame-Options "DENY" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-XSS-Protection "1; mode=block" always; location = /sw.js { root /usr/share/nginx/html; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always; try_files $uri =404; } location = /index.html { root /usr/share/nginx/html; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always; try_files $uri =404; } location ~* ^/assets/.+\.mjs$ { root /usr/share/nginx/html; types { application/javascript mjs; } default_type application/javascript; add_header Cache-Control "public, max-age=31536000, immutable" always; try_files $uri =404; } location ~* ^/assets/.+\.(js|css|png|jpg|jpeg|gif|svg|webp|ico|woff|woff2)$ { root /usr/share/nginx/html; add_header Cache-Control "public, max-age=31536000, immutable" always; try_files $uri =404; } location / { root /usr/share/nginx/html; index index.html index.htm; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" always; try_files $uri $uri/ /index.html; } } }