5bac9a1d59
Remove version disclosure in /assets/ error pages identified by security auditor to prevent information leakage vulnerability.
26 lines
700 B
Plaintext
26 lines
700 B
Plaintext
server {
|
|
listen 8080;
|
|
server_name localhost;
|
|
server_tokens off;
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
# Serve static files with caching
|
|
location ~* ^/assets/.*\.(css|js|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
expires 30d;
|
|
add_header Cache-Control "public, max-age=2592000";
|
|
}
|
|
|
|
# Serve static files
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
# Add no-cache headers
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
add_header Pragma "no-cache"; # HTTP 1.0 header for backward compatibility
|
|
add_header Expires 0;
|
|
}
|
|
|
|
# Optionally, handle 404 errors by redirecting to index.html
|
|
error_page 404 =200 /index.html;
|
|
}
|