Nginx config file for Vuejs, Nuxtjs static website.

admin.example.com.conf.md

HTTP config

server {
  listen 80;
  server_name admin.example.com;
  root /var/www/admin/dist;

  if ( $scheme = "http" ) {
    return 301 https://$host$request_uri;
  }

  # security headers
  # add_header X-Robots-Tag "noindex, nofollow";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  index index.html index.htm;

  charset utf-8;

  gzip            on;
  gzip_types      text/plain application/xml text/css application/javascript;
  gzip_min_length 1000;

  # Expire rules for static content

  # cache.appcache, your document html and data
  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  # Feed
  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  # Media: images, icons, video, audio, HTC
  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }

  # CSS and Javascript
  location ~* \.(?:css|js)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.html;
  }

  access_log off;
  error_log /var/log/nginx/admin.example.com-error.log error;

  # ACME-challenge
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}

HTTPS config

server {
  listen 80;
  listen 443 ssl http2;
  server_name admin.example.com;
  root /var/www/admin/dist;

  if ( $scheme = "http" ) {
    return 301 https://$host$request_uri;
  }

  # SSL
  ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem;

  # security headers
  # add_header X-Robots-Tag "noindex, nofollow";
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
  add_header Permissions-Policy "interest-cohort=()" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  index index.html index.htm;

  charset utf-8;

  gzip            on;
  gzip_types      text/plain application/xml text/css application/javascript;
  gzip_min_length 1000;

  # Expire rules for static content

  # cache.appcache, your document html and data
  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  # Feed
  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  # Media: images, icons, video, audio, HTC
  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }

  # CSS and Javascript
  location ~* \.(?:css|js)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.html;
  }

  access_log off;
  error_log /var/log/nginx/admin.example.com-error.log error;

  # ACME-challenge
  location ^~ /.well-known/acme-challenge/ {
    root /var/www/_letsencrypt;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}