Nginx configuration for web applications

nginx configuration

server {
  listen       80;
  server_name  localhost;
  charset      utf-8;
  tcp_nopush   on;
  tcp_nodelay  on;
  server_tokens off;

  add_header Strict-Transport-Security "max-age=31536000;" always;
  add_header Content-Security-Policy "default-src 'self' urls...; script-src 'self' urls..; img-src 'self' urls; style-src 'self' urls...; font-src 'self' urls..; child-src urls..;";
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade";
  add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; speaker 'self'; sync-xhr 'self'; usb 'none'; payment 'none'; vr 'none';";
  add_header Set-Cookie "HttpOnly; Secure" always;
  add_header Cache-Control "no-cache, no-store, must-revalidate" always;
  add_header Pragma "no-cache";

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.0;
  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/png image/svg+xml font/woff;

  location / {
    root   /var/www/code;
    index  index.html index.htm;
    try_files $uri /index.html;
  }
  
  location /api/operation/ {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass https://api.endpoint.com;
  }

}