nginx.conf

# User and worker settings
user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    # MIME types and default settings
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # Logging settings
    access_log  /var/log/nginx/access.log  combined;

    # Gzip Compression
    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types
        text/plain
        text/css
        application/json
        application/javascript
        application/x-javascript
        text/xml
        application/xml
        application/xml+rss
        image/svg+xml;

    # Caching Settings
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    # Security Headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';";

    # SSL Settings (Optional: Uncomment if using SSL)
    # listen 443 ssl http2;
    # ssl_certificate /etc/ssl/certs/your_certificate.crt;
    # ssl_certificate_key /etc/ssl/private/your_private.key;
    # include /etc/nginx/ssl-params.conf;

    # HTTP Server
    server {
        listen       80;
        server_name  yourdomain.com; # Replace with your domain

        root /usr/share/nginx/html;
        index index.html index.htm;

        # Serve static files with caching
        location /static/ {
            expires 30d;
            add_header Cache-Control "public, max-age=2592000, immutable";
        }

        # Handle API requests (if applicable)
        # location /api/ {
        #     proxy_pass http://backend:5000; # Replace with your backend service
        #     proxy_http_version 1.1;
        #     proxy_set_header Upgrade $http_upgrade;
        #     proxy_set_header Connection 'upgrade';
        #     proxy_set_header Host $host;
        #     proxy_cache_bypass $http_upgrade;
        # }

        # Handle React Router (client-side routing)
        location / {
            try_files $uri $uri/ /index.html;
        }

        # Enable compression for responses
        gzip on;

        # Optional: Enable Brotli compression if installed
        # brotli on;
        # brotli_comp_level 6;
        # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss image/svg+xml;

        # Error Pages
        error_page  404              /404.html;
        location = /404.html {
            internal;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            internal;
        }
    }

    # Redirect HTTP to HTTPS (Optional: Uncomment if using SSL)
    # server {
    #     listen 80;
    #     server_name yourdomain.com;
    #     return 301 https://$host$request_uri;
    # }
}