57 lines
1.6 KiB
Plaintext
57 lines
1.6 KiB
Plaintext
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name agents.jeffemmett.com;
|
|
|
|
# Redirect HTTP to HTTPS
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name agents.jeffemmett.com;
|
|
|
|
# SSL certificate paths (will be configured by Certbot)
|
|
ssl_certificate /etc/letsencrypt/live/agents.jeffemmett.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/agents.jeffemmett.com/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
# Root directory
|
|
root /var/www/agents.jeffemmett.com;
|
|
index index.html;
|
|
|
|
# Logging
|
|
access_log /var/log/nginx/agents.jeffemmett.com-access.log;
|
|
error_log /var/log/nginx/agents.jeffemmett.com-error.log;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# Main location
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# Cache static assets
|
|
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# HTML files - short cache for faster updates
|
|
location ~* \.html$ {
|
|
expires 1h;
|
|
add_header Cache-Control "public, must-revalidate";
|
|
}
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1024;
|
|
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/javascript application/json image/svg+xml;
|
|
}
|