diff --git a/nginx.conf b/nginx.conf index 4af05005cd..9c64c978ca 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,24 +1,38 @@ server { listen 80; - server_name talawa-admin.com; + server_name domain.com; + + # Redirect HTTP to HTTPS + # return 301 https://$host$request_uri; + + # listen 443 ssl; + # server_name domain.com; + + # SSL Certificates + # ssl_certificate /etc/nginx/ssl/cert.pem; + # ssl_certificate_key /etc/nginx/ssl/key.pem; root /usr/share/nginx/html; index index.html; + # Security Headers + add_header X-Frame-Options "DENY"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://your-graphql-server.com;"; + + # Static Files and SPA Routing location / { try_files $uri /index.html; } + # Proxy GraphQL API location /graphql/ { proxy_pass http://127.0.0.1:4000/graphql/; - # CORS should be made strict before deployment (currently allows access from any origin) - add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Origin https://your-react-app-domain.com; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - add_header X-Frame-Options "DENY"; - add_header X-Content-Type-Options "nosniff"; - add_header X-XSS-Protection "1; mode=block"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -29,6 +43,11 @@ server { proxy_cache_bypass $http_upgrade; } - error_page 404 /index.html; + # Gzip Compression for better loading of Static Files + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + gzip_min_length 256; + gzip_vary on; + error_page 404 /index.html; }