spotlightcam/frontend/nginx.conf

server {
    listen 80;
    server_name _;
    root /usr/share/nginx/html;
    index index.html;

    # Enable gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss image/svg+xml;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # Block access to sensitive files and directories
    location ~ /\. {
        deny all;
        return 404;
    }

    location ~ \.(env|git|gitignore|dockerignore)$ {
        deny all;
        return 404;
    }

    location ~ ^/(node_modules|\.git|\.vscode|package\.json|package-lock\.json|vite\.config|tsconfig\.json)/? {
        deny all;
        return 404;
    }

    # SPA fallback - serve index.html for all non-file routes
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Cache static assets
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}
fix: add nginx config for SPA routing in production - Create nginx.conf with try_files directive for React Router - Update Dockerfile.prod to copy nginx configuration - Fixes 404 errors on direct navigation to /login, /register, etc. - Add gzip compression and static asset caching 2025-11-15 18:20:04 +01:00			`server {`
			`listen 80;`
			`server_name _;`
			`root /usr/share/nginx/html;`
			`index index.html;`

			`# Enable gzip compression`
			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1024;`
			`gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss image/svg+xml;`

security(nginx): block access to sensitive files and directories Added comprehensive security rules to all nginx configurations: Dev proxy (nginx/conf.d/default.conf): - Block dotfiles and .git directory - Block .env* files and config files - Block node_modules, docker configs, package files - Block backup files (.bak, .swp, ~) Prod proxy (nginx/conf.d.prod/default.conf): - All dev security rules - Added security headers (X-Frame-Options, CSP, etc.) - Strict CSP with frame-ancestors 'none' Frontend container (frontend/nginx.conf): - Block dotfiles and sensitive config files - Block node_modules and build configs - Added security headers All blocked paths return 404 and disable logging to avoid log spam. Blocks: .env, .git, node_modules, docker, package.json, prisma, backup, .bak, .swp, tsconfig.json, and more. 2025-12-02 19:55:08 +01:00			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "strict-origin-when-cross-origin" always;`

			`# Block access to sensitive files and directories`
			`location ~ /\. {`
			`deny all;`
			`return 404;`
			`}`

			`location ~ \.(env\|git\|gitignore\|dockerignore)$ {`
			`deny all;`
			`return 404;`
			`}`

			`location ~ ^/(node_modules\|\.git\|\.vscode\|package\.json\|package-lock\.json\|vite\.config\|tsconfig\.json)/? {`
			`deny all;`
			`return 404;`
			`}`

fix: add nginx config for SPA routing in production - Create nginx.conf with try_files directive for React Router - Update Dockerfile.prod to copy nginx configuration - Fixes 404 errors on direct navigation to /login, /register, etc. - Add gzip compression and static asset caching 2025-11-15 18:20:04 +01:00			`# SPA fallback - serve index.html for all non-file routes`
			`location / {`
			`try_files $uri $uri/ /index.html;`
			`}`

			`# Cache static assets`
			`location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|woff\|woff2\|ttf\|eot)$ {`
			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`}`
			`}`