nginx: redirects for legal pages, gzip, security headers

- 301 redirects /privacy|terms|refund → /shop/* (pages live in estore) - gzip compression for HTML/CSS/JS/JSON/SVG - X-Frame-Options, X-Content-Type-Options, Referrer-Policy headers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 13:44:56 -04:00 · 2026-04-15 13:44:56 -04:00 · e2d9ae7541
commit e2d9ae7541
parent f4b1f7722e
1 changed files with 22 additions and 6 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -1,14 +1,17 @@
 events {}

 http {
-    # ── eStore (Next.js) ─────────────────────────────────────────────────────────
-    # All estore routes live under /shop (Next.js basePath).
-    # This includes pages, API routes, and /_next/ static assets.
+    # ── Compression ──────────────────────────────────────────────────────────────
+    gzip on;
+    gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml;
+    gzip_min_length 1024;
+    gzip_vary on;
+
+    # ── Upstreams ─────────────────────────────────────────────────────────────────
    upstream estore {
        server estore:3000;
    }

-    # ── Main site (Express) ──────────────────────────────────────────────────────
    upstream main_site {
        server main-site:3050;
    }
@ -19,7 +22,20 @@ http {

        client_max_body_size 20m;

-        # eStore: /shop and everything under it (pages, API, _next assets)
+        # ── Security headers ─────────────────────────────────────────────────────
+        add_header X-Frame-Options        "SAMEORIGIN"                      always;
+        add_header X-Content-Type-Options "nosniff"                         always;
+        add_header Referrer-Policy        "strict-origin-when-cross-origin" always;
+
+        # ── Redirects for legal pages (moved from main site into estore) ─────────
+        location = /privacy  { return 301 /shop/privacy; }
+        location = /privacy/ { return 301 /shop/privacy; }
+        location = /terms    { return 301 /shop/terms;   }
+        location = /terms/   { return 301 /shop/terms;   }
+        location = /refund   { return 301 /shop/refund;  }
+        location = /refund/  { return 301 /shop/refund;  }
+
+        # ── eStore: /shop and everything under it ────────────────────────────────
        location ^~ /shop {
            proxy_pass         http://estore;
            proxy_http_version 1.1;
@ -29,7 +45,7 @@ http {
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

-        # Main site: everything else
+        # ── Main site: everything else ───────────────────────────────────────────
        location / {
            proxy_pass         http://main_site;
            proxy_http_version 1.1;