gdegelas/grants
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
grants/nginx.conf
gdegelas a05331128b Atlas Green Morocco — grant strategy platform 
- Full grant strategy framework for renewable energy & green hydrogen
- AI-powered grant studio, partner outreach, financial modeling
- Umami analytics with data-performance tracking
- Live Degelas metrics connected to solar.degelas.be
- Trilingual (EN/FR/AR) with i18n support
- Dockerized with Nginx frontend + Express API proxy
2026-06-01 09:44:03 +00:00

87 lines
4.2 KiB
Nginx Configuration File
Raw Permalink Blame History

server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
# ── Security & Hardening ───────────────────────────────────────────────────
# Hide nginx version
server_tokens off;
# Buffer size limits (prevent buffer overflow attacks)
client_body_buffer_size 1M;
client_header_buffer_size 1k;
client_max_body_size 2M;
large_client_header_buffers 2 1k;
# Timeouts (prevent slowloris attacks)
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# ── Compression ────────────────────────────────────────────────────────────
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/javascript application/json;
gzip_disable "MSIE [1-6]\.";
# ── Security headers ───────────────────────────────────────────────────────
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
# ── AI Proxy → Node server ─────────────────────────────────────────────────
location /api/ {
proxy_pass http://api-server:3001;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-ID $request_id;
proxy_read_timeout 120s;
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
}
# ── SPA routing ────────────────────────────────────────────────────────────
location / {
try_files $uri $uri/ /index.html;
}
# ── Static asset caching ───────────────────────────────────────────────────
location ~* \.(?:ico|css|js|gif|jpe?g|png|svg|woff2?|eot|ttf)$ {
expires 6M;
access_log off;
add_header Cache-Control "public, max-age=15552000, immutable";
add_header X-Content-Type-Options "nosniff" always;
}
# ── Deny access to sensitive files ─────────────────────────────────────────
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# ── Error pages ────────────────────────────────────────────────────────────
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# ── Access logging ─────────────────────────────────────────────────────────
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
}
Reference in New Issue View Git Blame Copy Permalink