From a54f4fec19e0c0620672460c04817bdd99d602fd Mon Sep 17 00:00:00 2001
From: Alireza Jafari <alirezaja1384@gmail.com>
Date: Wed, 28 Aug 2024 07:35:34 +0000
Subject: [PATCH] feat: nginx config improved

---
 Dockerfile  |  3 ++-
 nginx.conf  | 39 ++++++++++++++++++++++++++++++++-------
 server.conf | 43 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 8 deletions(-)
 create mode 100644 server.conf

diff --git a/Dockerfile b/Dockerfile
index 3cb7466..c0f03b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,8 @@ LABEL org.opencontainers.image.source="https://github.com/Star-Academy/Summer140
 
 WORKDIR /app
 
-COPY ./nginx.conf /etc/nginx/conf.d/default.conf
+COPY ./nginx.conf /etc/nginx/nginx.conf
+COPY ./server.conf /etc/nginx/conf.d/default.conf
 RUN nginx -t
 
 EXPOSE 80
diff --git a/nginx.conf b/nginx.conf
index 22394fb..18a6066 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,8 +1,33 @@
-server {
-    listen 80;
-    location / {
-        root /app;
-        index index.html index.htm;
-        try_files $uri $uri/ /index.html =404;
-    }
+# Generated by nginxconfig.io
+
+# user www-data;
+pid /run/nginx.pid;
+worker_processes auto;
+worker_rlimit_nofile 65535;
+
+events {
+    multi_accept on;
+    worker_connections 65535;
+}
+
+http {
+    charset utf-8;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_tokens off;
+    log_not_found off;
+    types_hash_max_size 2048;
+    client_max_body_size 16M;
+
+    # MIME
+    include mime.types;
+    default_type application/octet-stream;
+
+    # logging
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log warn;
+
+    # load configs
+    include /etc/nginx/conf.d/*.conf;
 }
diff --git a/server.conf b/server.conf
new file mode 100644
index 0000000..2eca5a2
--- /dev/null
+++ b/server.conf
@@ -0,0 +1,43 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name _;
+
+    # security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+
+    # . files
+    location ~ /\.(?!well-known) {
+        deny all;
+    }
+
+    # favicon.ico
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    # robots.txt
+    location = /robots.txt {
+        log_not_found off;
+        access_log off;
+    }
+
+    # gzip
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+    location / {
+        root /app;
+        index index.html index.htm;
+        try_files $uri $uri/ /index.html =404;
+    }
+}
\ No newline at end of file