Initial-commit
This commit is contained in:
Kismet Hasanaj
@@ -0,0 +1,78 @@
|
||||
# -----------------------------------------------------------------------------
|
||||
# Novarix Networks — Nginx site config
|
||||
#
|
||||
# Place at: /etc/nginx/sites-available/novarix.uk
|
||||
# Then: sudo ln -s /etc/nginx/sites-available/novarix.uk \
|
||||
# /etc/nginx/sites-enabled/
|
||||
# sudo nginx -t && sudo systemctl reload nginx
|
||||
#
|
||||
# This server listens on plain HTTP only — TLS termination happens upstream
|
||||
# in Nginx Proxy Manager. Adjust if you front it with something else.
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name novarix.uk www.novarix.uk;
|
||||
|
||||
# Static export from `npm run build` — this directory must exist after
|
||||
# the first deploy.
|
||||
root /var/www/novarix.uk/out;
|
||||
index index.html;
|
||||
|
||||
# Don't leak nginx version
|
||||
server_tokens off;
|
||||
|
||||
# Reasonable defaults
|
||||
charset utf-8;
|
||||
client_max_body_size 1M;
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Routing for Next.js static export
|
||||
# ---------------------------------------------------------------------
|
||||
# Pretty URLs: /services -> /services.html, falling back to 404.html
|
||||
location / {
|
||||
try_files $uri $uri.html $uri/index.html =404;
|
||||
}
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Caching
|
||||
# ---------------------------------------------------------------------
|
||||
# Hashed Next.js assets (JS/CSS/fonts) — cache forever, immutable
|
||||
location /_next/static/ {
|
||||
access_log off;
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
}
|
||||
|
||||
# Other static assets in /public — sensible long cache
|
||||
location ~* \.(?:ico|css|js|gif|jpe?g|png|webp|svg|woff2?|ttf|eot|json)$ {
|
||||
access_log off;
|
||||
add_header Cache-Control "public, max-age=2592000";
|
||||
}
|
||||
|
||||
# robots / sitemap should not be cached aggressively
|
||||
location = /robots.txt {
|
||||
add_header Cache-Control "public, max-age=300";
|
||||
}
|
||||
location = /sitemap.xml {
|
||||
add_header Cache-Control "public, max-age=300";
|
||||
}
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Hardening
|
||||
# ---------------------------------------------------------------------
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
||||
|
||||
# Custom error page (Next.js generates this at build time)
|
||||
error_page 404 /404.html;
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Don't serve hidden files
|
||||
# ---------------------------------------------------------------------
|
||||
location ~ /\.(?!well-known) {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user