developmentseed · yellowcap · Jul 8, 2025 · Jul 8, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -24,6 +24,7 @@ RUN corepack enable && \
 FROM nginx:alpine-slim
 
 COPY --from=builder /app/dist /usr/share/nginx/html
+COPY --from=builder /app/nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
 

diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,38 @@
+server {
+  listen       80;
+  server_name  localhost;
+  root /usr/share/nginx/html;
+
+  # X-Frame-Options is to prevent from clickJacking attack
+  add_header X-Frame-Options SAMEORIGIN;
+
+  # disable content-type sniffing on some browsers.
+  add_header X-Content-Type-Options nosniff;
+
+  # This header enables the Cross-site scripting (XSS) filter
+  add_header X-XSS-Protection "1; mode=block";
+
+  add_header Referrer-Policy "no-referrer-when-downgrade";
+
+  # Enables response header of "Vary: Accept-Encoding"
+  gzip_vary on;
+
+  location /static/settings.json {
+    try_files $uri $uri/;
+    expires -1;
+    add_header Cache-Control "no-store, no-cache, must-revalidate";
+  }
+
+  location /static {
+    try_files $uri $uri/;
+    expires modified 1y;
+    add_header Cache-Control "public";
+    access_log off;
+   }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+    expires -1;
+    add_header Cache-Control "no-store, no-cache, must-revalidate";
+  }
+}