nginx.conf

load_module modules/ngx_http_brotli_filter_module.so;  # brotli compressing responses on-the-fly
load_module modules/ngx_http_brotli_static_module.so;  # serving brotli pre-compressed files

user nginx;
daemon off;

worker_processes 1;
worker_rlimit_nofile 8192;  # = worker_connections * 2

events {
  worker_connections 4096;
}

error_log  stderr warn;
pid        /tmp/nginx.pid;

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format combined_realip '$http_x_forwarded_for - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"';
                    
    access_log /dev/stdout combined_realip;

    server_tokens off;

    proxy_temp_path /tmp/proxy_temp;
    client_body_temp_path /tmp/client_temp;

    keepalive_timeout  65;

    server {
        listen 8080 default_server;

        client_max_body_size 1m;

        brotli on;          
        brotli_comp_level 4;
        brotli_types text/css text/javascript text/plain application/javascript application/json image/svg+xml;
        brotli_min_length 1k;
        brotli_static on;

        location /assets/ {
            proxy_http_version 1.1;
            root /usr/share/nginx/dist;
            add_header Cache-Control "public, max-age=31536000, immutable";
        }

        location /api/ {
            proxy_pass http://backend-primary:5000/;
            proxy_set_header Host $host;
        }

        location / {
            proxy_http_version 1.1;
            root /usr/share/nginx/dist;
            add_header Cache-Control "no-cache";
            # At the moment we need the "connect-src 'self' data:"" entry in order to use PNG images as data format
            # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' data:; style-src 'self' 'unsafe-inline' https://cdn.eds.equinor.com; script-src 'self' 'unsafe-eval' blob:; font-src https://cdn.eds.equinor.com; img-src 'self' data:; form-action 'self'; base-uri 'none'; frame-ancestors 'none';";
            add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.eds.equinor.com; script-src 'self' 'unsafe-eval' blob:; font-src https://cdn.eds.equinor.com; img-src 'self' data:; form-action 'self'; base-uri 'none'; frame-ancestors 'none';";
            add_header X-Content-Type-Options "nosniff";
            add_header X-Frame-Options "DENY";
            add_header X-XSS-Protection "1; mode=block";
            add_header Referrer-Policy "no-referrer";
        }
    }
}