From e2d9ae75413d5a01b75a220f0496db4006bc6873 Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 15 Apr 2026 13:44:56 -0400 Subject: [PATCH] nginx: redirects for legal pages, gzip, security headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 301 redirects /privacy|terms|refund → /shop/* (pages live in estore) - gzip compression for HTML/CSS/JS/JSON/SVG - X-Frame-Options, X-Content-Type-Options, Referrer-Policy headers Co-Authored-By: Claude Sonnet 4.6 --- nginx/nginx.conf | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0511473..b1bc0e2 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,14 +1,17 @@ events {} http { - # ── eStore (Next.js) ───────────────────────────────────────────────────────── - # All estore routes live under /shop (Next.js basePath). - # This includes pages, API routes, and /_next/ static assets. + # ── Compression ────────────────────────────────────────────────────────────── + gzip on; + gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml; + gzip_min_length 1024; + gzip_vary on; + + # ── Upstreams ───────────────────────────────────────────────────────────────── upstream estore { server estore:3000; } - # ── Main site (Express) ────────────────────────────────────────────────────── upstream main_site { server main-site:3050; } @@ -19,7 +22,20 @@ http { client_max_body_size 20m; - # eStore: /shop and everything under it (pages, API, _next assets) + # ── Security headers ───────────────────────────────────────────────────── + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + # ── Redirects for legal pages (moved from main site into estore) ───────── + location = /privacy { return 301 /shop/privacy; } + location = /privacy/ { return 301 /shop/privacy; } + location = /terms { return 301 /shop/terms; } + location = /terms/ { return 301 /shop/terms; } + location = /refund { return 301 /shop/refund; } + location = /refund/ { return 301 /shop/refund; } + + # ── eStore: /shop and everything under it ──────────────────────────────── location ^~ /shop { proxy_pass http://estore; proxy_http_version 1.1; @@ -29,7 +45,7 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # Main site: everything else + # ── Main site: everything else ─────────────────────────────────────────── location / { proxy_pass http://main_site; proxy_http_version 1.1;