security(nginx): block access to sensitive files and directories
Added comprehensive security rules to all nginx configurations:
Dev proxy (nginx/conf.d/default.conf):
- Block dotfiles and .git directory
- Block .env* files and config files
- Block node_modules, docker configs, package files
- Block backup files (.bak, .swp, ~)
Prod proxy (nginx/conf.d.prod/default.conf):
- All dev security rules
- Added security headers (X-Frame-Options, CSP, etc.)
- Strict CSP with frame-ancestors 'none'
Frontend container (frontend/nginx.conf):
- Block dotfiles and sensitive config files
- Block node_modules and build configs
- Added security headers
All blocked paths return 404 and disable logging to avoid log spam.
Blocks: .env*, .git, node_modules, docker*, package*.json,
prisma, backup*, *.bak, *.swp, tsconfig.json, and more.
0466ef9e5c