# ============================================ # Premium Valentine Website - Site Configuration # Optimized for Performance & Security # ============================================ server { listen 8080; server_name localhost; root /usr/share/nginx/html; index index.html; # Charset charset utf-8; # Security Headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self';" always; # Cache Control for Static Assets location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } location ~* \.(css|js)$ { expires 1M; add_header Cache-Control "public"; access_log off; } location ~* \.(woff|woff2|ttf|otf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } # Main location location / { try_files $uri $uri/ =404; # No cache for HTML add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } # Deny access to backup files location ~ ~$ { deny all; access_log off; log_not_found off; } # Custom error pages error_page 404 /index.html; error_page 500 502 503 504 /index.html; # Health check endpoint location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } }