chris/balloon-shop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx: redirects for legal pages, gzip, security headers

Browse Source 
- 301 redirects /privacy|terms|refund → /shop/* (pages live in estore)
- gzip compression for HTML/CSS/JS/JSON/SVG
- X-Frame-Options, X-Content-Type-Options, Referrer-Policy headers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chris 2026-04-15 13:44:56 -04:00
parent f4b1f7722e
commit e2d9ae7541
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nginx/nginx.conf
View File

@ -1,14 +1,17 @@
events {} events {}
http { http {
# ── eStore (Next.js) ───────────────────────────────────────────────────────── # ── Compression ──────────────────────────────────────────────────────────────
# All estore routes live under /shop (Next.js basePath). gzip on;
# This includes pages, API routes, and /_next/ static assets. gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml;
gzip_min_length 1024;
gzip_vary on;
# ── Upstreams ─────────────────────────────────────────────────────────────────
upstream estore { upstream estore {
server estore:3000; server estore:3000;
} }
# ── Main site (Express) ──────────────────────────────────────────────────────
upstream main_site { upstream main_site {
server main-site:3050; server main-site:3050;
} }
@ -19,7 +22,20 @@ http {
client_max_body_size 20m; client_max_body_size 20m;
# eStore: /shop and everything under it (pages, API, _next assets) # ── Security headers ─────────────────────────────────────────────────────
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# ── Redirects for legal pages (moved from main site into estore) ─────────
location = /privacy { return 301 /shop/privacy; }
location = /privacy/ { return 301 /shop/privacy; }
location = /terms { return 301 /shop/terms; }
location = /terms/ { return 301 /shop/terms; }
location = /refund { return 301 /shop/refund; }
location = /refund/ { return 301 /shop/refund; }
# ── eStore: /shop and everything under it ────────────────────────────────
location ^~ /shop { location ^~ /shop {
proxy_pass http://estore; proxy_pass http://estore;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -29,7 +45,7 @@ http {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
# Main site: everything else # ── Main site: everything else ───────────────────────────────────────────
location / { location / {
proxy_pass http://main_site; proxy_pass http://main_site;
proxy_http_version 1.1; proxy_http_version 1.1;