NGiNX Static Web Application conf

worker_processes 1;

events { worker_connections 1024; }

http { server { # X-Frame-Options is to prevent from clickJacking attack add_header X-Frame-Options SAMEORIGIN; # disable content-type sniffing on some browsers. add_header X-Content-Type-Options nosniff; # This header enables the Cross-site scripting (XSS) filter add_header X-XSS-Protection "1; mode=block"; # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header Referrer-Policy "no-referrer-when-downgrade";

    listen 3700;
    server_name  localhost;

    root   /var/www;
    index  index.html index.htm;
    include /etc/nginx/mime.types;

    gzip on;
    gzip_min_length 1000;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    # index.html
    location / {
        try_files $uri $uri/ /index.html;
        add_header Cache-Control "no-store, no-cache, must-revalidate";
    }
    # static files
    location /assets {
        expires 3m;
        add_header Cache-Control "public";
        access_log off;
    }
    # fonts
    location /fonts {
        add_header “Access-Control-Allow-Origin” *;     
        expires 6m;
        add_header Cache-Control “public”;
    }
}

}