Brunobrno/STANDART
Template
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

k

Browse Source
This commit is contained in:
David Bruno Vontor
2025-10-24 03:11:15 +02:00
parent e4048f90e5
commit 680e8a4e56
5 changed files with 204 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
frontend/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,70 @@
# nginx.conf
worker_processes auto;
user nginx;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 50m;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name _;
# -------------------------
# React frontend
# -------------------------
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri /index.html;
}
# # -------------------------
# # Django backend API
# # -------------------------
# # Serve Django static and media volumes mounted into the container
# location /static/ {
# alias /app/collectedstaticfiles/;
# }
# location /media/ {
# alias /app/media/;
# }
# # Same-origin proxy for API -> avoids CORS and allows cookies
# location /api {
# return 301 /api/;
# }
# location /api/ {
# proxy_pass http://backend:8000;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 50m;
# }
# -------------------------
# Security headers
# -------------------------
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# Minimal, valid CSP for development
add_header Content-Security-Policy "default-src 'self'; frame-src 'self' https://www.google.com https://*.google.com https://*.google.cz; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; connect-src 'self' http://127.0.0.1:8000 http://localhost:8000 ws: wss:; font-src 'self' data:";
}
}