ci: nginx server blocks only

Author: minhhoccode111

nginx/nginx.conf

@@ -42,100 +42,48 @@
 # sudo certbot renew --force-renewal
 # sudo systemctl reload nginx
 
-events {
-    worker_connections 1024;
+# Redirect HTTP to HTTPS
+server {
+    listen 80;
+    server_name realworld.minhhoccode111.com;
+    return 301 https://$server_name$request_uri;
 }
 
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
+# Frontend static serving
+server {
+    listen 443 ssl http2;
+    server_name realworld.minhhoccode111.com;
 
-    sendfile on;
-    sendfile_max_chunk 1m;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
+    # TLS certificates
+    ssl_certificate /etc/letsencrypt/live/realworld.minhhoccode111.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/realworld.minhhoccode111.com/privkey.pem;
 
-    open_file_cache max=1000 inactive=20s;
-    open_file_cache_valid 30;
-    open_file_cache_min_uses 2;
+    # Path to your React 'dist' or 'build' folder
+    root /var/www/realworld-react/dist;
+    index index.html;
 
-    # Logging
-    # access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    # Rate Limit
-    limit_req_zone $binary_remote_addr zone=static_limit:10m rate=30r/s;
-    limit_req_status 429;
-
-    # Compression
-    gzip on;
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_types
-        text/plain
-        text/css
-        application/json
-        application/javascript
-        text/xml
-        application/xml
-        image/svg+xml;
-
-    # Redirect HTTP to HTTPS
-    server {
-        listen 80;
-        server_name realworld.minhhoccode111.com;
-        return 301 https://$server_name$request_uri;
+    # React Router Fix: Fallback to index.html for SPA routing
+    location / {
+        try_files $uri $uri/ /index.html;
     }
 
-    # Frontend static serving
-    server {
-        listen 443 ssl http2;
-        server_name realworld.minhhoccode111.com;
-
-        # TLS certificates
-        ssl_certificate /etc/letsencrypt/live/realworld.minhhoccode111.com/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/realworld.minhhoccode111.com/privkey.pem;
-
-        # Strong TLS settings
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers off;
-        ssl_session_cache shared:SSL:10m;
-        ssl_session_timeout 1d;
+    # Static Assets Caching
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
+        # limit_req zone=static_limit burst=20 nodelay;
 
-        # Path to your React 'dist' or 'build' folder
-        root /var/www/realworld-react/dist;
-        index index.html;
-
-        # React Router Fix: Fallback to index.html for SPA routing
-        location / {
-            try_files $uri $uri/ /index.html;
-        }
-
-        # Static Assets Caching
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
-            limit_req zone=static_limit burst=20 nodelay;
-
-            etag on;
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-            access_log off;
-        }
+        etag on;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
 
-        # Security Headers
-        add_header X-Frame-Options "SAMEORIGIN";
-        add_header X-Content-Type-Options "nosniff";
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-        add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
+    # Security Headers
+    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
 
-        # Health check
-        location /health {
-            access_log off;
-            return 200 "healthy\n";
-            add_header Content-Type text/plain;
-        }
+    # Health check
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
     }
 }