QuestByCycle/docs/default.NGINX at main · Denuo-Web/QuestByCycle · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# This is to run the app locally
server {
    server_name _;

    root /opt/QuestByCycle/;
    index index.html index.htm index.nginx-debian.html;

    # Serve robots.txt
    location = /robots.txt {
        alias /opt/QuestByCycle/app/robots.txt;
    }

    # ModSecurity Configuration
    #modsecurity on;
    #modsecurity_rules_file /etc/nginx/modsecurity.conf;
    #include /etc/nginx/crs-setup.conf;
    #include /usr/local/coreruleset/rules/*.conf;

    # Security Headers
    add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";

    # Content Security Policy
    add_header Content-Security-Policy "
        default-src 'self';
        script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com;
        style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;
        img-src 'self' data:;
        font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;
        connect-src 'self' https://www.google-analytics.com https://questbycycle.org wss://questbycycle.org;
        frame-src 'self';
        object-src 'none';
        base-uri 'self';
        form-action 'self';
    ";

    # Gzip Compression
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


    # Serve Static Files - Bundled Assets
    location /static/dist/ {
        alias /opt/QuestByCycle/app/static/dist/;
        expires 1h; # Cache bundled assets for 1 hour
        add_header Cache-Control "public, max-age=3600, must-revalidate";
        try_files $uri $uri/ =404;
    }

   # Serve Static Files - Video
    location /static/videos/ {
        alias /opt/QuestByCycle/app/static/videos/;
        expires 30d;
        add_header Cache-Control "public, max-age=, max-age=2592000, must-revalidate";
        try_files $uri $uri/ =404;
    }


    # Serve Static Files - Images
    location /static/images/ {
        alias /opt/QuestByCycle/app/static/images/;
        expires 30d;
        add_header Cache-Control "public, max-age=2592000, must-revalidate";
        try_files $uri $uri/ =404;
    }

    # Serve Other Static Files
    location /static/ {
        alias /opt/QuestByCycle/app/static/;
        expires 1h; # Cache other static files for 1 hour
        add_header Cache-Control "public, max-age=3600, must-revalidate";
        try_files $uri $uri/ =404;
    }

    # Proxy Pass for Application
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }


    client_max_body_size 10M;

    # First attempt to serve request as file, then as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
}