Initial commit... a site is born (again? finally?)

2026-01-30 19:58:22 +00:00
commit 1519dfa460
62 changed files with 5674 additions and 0 deletions
--- a/nginx.conf
+++ b/nginx.conf
@@ -0,0 +1,121 @@
+# Minimal nginx configuration for static site delivery
+# Security headers are handled upstream by Traefik
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Logging
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log /var/log/nginx/access.log main;
+
+    # Performance optimizations
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    server_tokens off;
+
+    # Gzip compression for text-based assets
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_min_length 256;
+    gzip_types
+        text/html
+        text/plain
+        text/css
+        text/xml
+        text/javascript
+        application/json
+        application/javascript
+        application/xml+rss
+        application/rss+xml
+        application/atom+xml
+        image/svg+xml;
+
+    server {
+        listen 80;
+        server_name _;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        # HTML files: no-cache (always revalidate)
+        location ~ \.html$ {
+            add_header Cache-Control "no-cache, must-revalidate";
+            expires 0;
+        }
+
+        # CSS and JavaScript: long cache with immutable
+        location ~* \.(css|js)$ {
+            add_header Cache-Control "public, max-age=31536000, immutable";
+            access_log off;
+        }
+
+        # Images: long cache (30 days)
+        location ~* \.(jpg|jpeg|png|gif|webp|avif)$ {
+            add_header Cache-Control "public, max-age=2592000";
+            access_log off;
+        }
+
+        # SVG images: long cache (30 days)
+        location ~* \.svg$ {
+            add_header Cache-Control "public, max-age=2592000";
+            add_header Content-Type image/svg+xml;
+            access_log off;
+        }
+
+        # Fonts: long cache with immutable
+        location ~* \.(woff|woff2|ttf|otf|eot)$ {
+            add_header Cache-Control "public, max-age=31536000, immutable";
+            access_log off;
+        }
+
+        # Documents: medium cache (30 days)
+        location ~* \.(pdf|doc|docx)$ {
+            add_header Cache-Control "public, max-age=2592000";
+            access_log off;
+        }
+
+        # robots.txt: short cache (1 day)
+        location = /robots.txt {
+            add_header Cache-Control "public, max-age=86400";
+            access_log off;
+        }
+
+        # favicon: long cache (30 days)
+        location = /favicon.svg {
+            add_header Cache-Control "public, max-age=2592000";
+            add_header Content-Type image/svg+xml;
+            access_log off;
+        }
+
+        # Default location
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+
+        # Deny access to hidden files (.git, .env, etc.)
+        location ~ /\. {
+            deny all;
+            access_log off;
+            log_not_found off;
+        }
+
+        # 404 falls back to index.html for SPA-style routing
+        error_page 404 /index.html;
+    }
+}