Rules

• disable caching for index.html (fresh copy of index.html at all times)
• enable caching for static assets (css, js, fonts, images) w/ expiry of 6m

NGiNX conf.d

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    server {
        # X-Frame-Options is to prevent from clickJacking attack
        add_header X-Frame-Options SAMEORIGIN;
        # disable content-type sniffing on some browsers.
        add_header X-Content-Type-Options nosniff;
        # This header enables the Cross-site scripting (XSS) filter
        add_header X-XSS-Protection "1; mode=block";
        # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
        add_header Referrer-Policy "no-referrer-when-downgrade";

        listen 3700;
        server_name  localhost;

        root   /var/www;
        index  index.html index.htm;
        include /etc/nginx/mime.types;

        gzip on;
        gzip_min_length 1000;
        gzip_proxied expired no-cache no-store private auth;
        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        # index.html
        location / {
            try_files $uri $uri/ /index.html;
            add_header Cache-Control "no-store, no-cache, must-revalidate";
        }
        # static files
        location /assets {
            expires 3m;
            add_header Cache-Control "public";
            access_log off;
        }
        # fonts
        location /fonts {
            add_header “Access-Control-Allow-Origin” *;     
            expires 6m;
            add_header Cache-Control “public”;
        }
    }
}