Knowit
08d253cdb6
Prevents leaking repo history, the docker-compose / nginx config, and the auto-pull script via the publicly served root. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
46 lines
1.3 KiB
Nginx Configuration File
46 lines
1.3 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
server_name web.facere.cc _;
|
|
|
|
root /usr/share/nginx/html;
|
|
index facere.html index.html;
|
|
|
|
charset utf-8;
|
|
|
|
# Deny access to repo metadata, deploy scripts/configs, and dotfiles
|
|
location ~ /\.git { deny all; return 404; }
|
|
location ~ /\. { deny all; return 404; }
|
|
location ^~ /deploy/ { deny all; return 404; }
|
|
location = /deploy-pull.sh { deny all; return 404; }
|
|
|
|
location = / {
|
|
try_files /facere.html =404;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ /facere.html;
|
|
}
|
|
|
|
# CSS/JS/JSX: short cache so future deploys are picked up promptly
|
|
location ~* \.(?:css|js|jsx)$ {
|
|
expires 5m;
|
|
add_header Cache-Control "public, max-age=300, must-revalidate";
|
|
types { text/css css; application/javascript js; application/javascript jsx; }
|
|
try_files $uri =404;
|
|
}
|
|
|
|
# Static media: long cache (filenames are stable / change when content changes)
|
|
location ~* \.(?:png|jpe?g|gif|webp|svg|mp4|webm|woff2?|ttf|otf|ico)$ {
|
|
expires 7d;
|
|
add_header Cache-Control "public, max-age=604800";
|
|
try_files $uri =404;
|
|
}
|
|
|
|
gzip on;
|
|
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
|
|
gzip_min_length 1024;
|
|
|
|
access_log /var/log/nginx/facere.access.log;
|
|
error_log /var/log/nginx/facere.error.log;
|
|
}
|