Improve security in nginx.conf

PalisadoesFoundation · Dec 6, 2024 · d3d51fa · d3d51fa
1 parent ec767e7
commit d3d51fa
Showing 1 changed file with 27 additions and 8 deletions.
diff --git a/nginx.conf b/nginx.conf
@@ -1,24 +1,38 @@
 server {
     listen 80;
-    server_name talawa-admin.com;
+    server_name domain.com;
+
+    # Redirect HTTP to HTTPS
+    # return 301 https://$host$request_uri;
+
+    # listen 443 ssl;
+    # server_name domain.com;
+
+    # SSL Certificates
+    # ssl_certificate /etc/nginx/ssl/cert.pem;
+    # ssl_certificate_key /etc/nginx/ssl/key.pem;
 
     root /usr/share/nginx/html;
     index index.html;
 
+    # Security Headers
+    add_header X-Frame-Options "DENY";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://your-graphql-server.com;";
+
+    # Static Files and SPA Routing
     location / {
         try_files $uri /index.html;
     }
 
+    # Proxy GraphQL API
     location /graphql/ {
         proxy_pass http://127.0.0.1:4000/graphql/;
-        # CORS should be made strict before deployment (currently allows access from any origin)
-        add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Allow-Origin https://your-react-app-domain.com;
         add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
         add_header Access-Control-Allow-Headers "Content-Type, Authorization";
-        add_header X-Frame-Options "DENY";
-        add_header X-Content-Type-Options "nosniff";
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -29,6 +43,11 @@ server {
         proxy_cache_bypass $http_upgrade;
     }
 
-    error_page 404 /index.html;
+    # Gzip Compression for better loading of Static Files 
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_min_length 256;
+    gzip_vary on;
 
+    error_page 404 /index.html;
 }