diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0511473..b1bc0e2 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,14 +1,17 @@ events {} http { - # ── eStore (Next.js) ───────────────────────────────────────────────────────── - # All estore routes live under /shop (Next.js basePath). - # This includes pages, API routes, and /_next/ static assets. + # ── Compression ────────────────────────────────────────────────────────────── + gzip on; + gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml; + gzip_min_length 1024; + gzip_vary on; + + # ── Upstreams ───────────────────────────────────────────────────────────────── upstream estore { server estore:3000; } - # ── Main site (Express) ────────────────────────────────────────────────────── upstream main_site { server main-site:3050; } @@ -19,7 +22,20 @@ http { client_max_body_size 20m; - # eStore: /shop and everything under it (pages, API, _next assets) + # ── Security headers ───────────────────────────────────────────────────── + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + # ── Redirects for legal pages (moved from main site into estore) ───────── + location = /privacy { return 301 /shop/privacy; } + location = /privacy/ { return 301 /shop/privacy; } + location = /terms { return 301 /shop/terms; } + location = /terms/ { return 301 /shop/terms; } + location = /refund { return 301 /shop/refund; } + location = /refund/ { return 301 /shop/refund; } + + # ── eStore: /shop and everything under it ──────────────────────────────── location ^~ /shop { proxy_pass http://estore; proxy_http_version 1.1; @@ -29,7 +45,7 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # Main site: everything else + # ── Main site: everything else ─────────────────────────────────────────── location / { proxy_pass http://main_site; proxy_http_version 1.1;