server { listen 18080; server_name localhost; root /usr/share/nginx/html; index index.html index.htm; # 에러 페이지 설정 error_page 404 /index.html; error_page 500 502 503 504 /50x.html; # 로깅 설정 access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; # Gzip compression 최적화 gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json application/xml image/svg+xml; # Brotli compression (더 좋은 압축률) # brotli on; # brotli_comp_level 6; # brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap; # 보안 헤더 강화 add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://smarketing.20.249.184.228.nip.io https://smarketing.20.249.184.228.nip.io" always; add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; # CORS 설정 (필요시) add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always; # SPA 라우팅 처리 (Vue Router) location / { try_files $uri $uri/ /index.html; # HTML 파일은 캐시하지 않음 (런타임 설정 반영 위해) location ~* \.html$ { expires -1; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; } } # 런타임 환경 설정 파일 - 캐시하지 않음 location /runtime-env.js { expires -1; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; } # 정적 자산 캐시 최적화 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; # 정적 파일에 대한 로깅 최소화 access_log off; } # manifest.json과 service worker 캐시 설정 location ~* \.(json|webmanifest)$ { expires 1d; add_header Cache-Control "public"; } location /sw.js { expires -1; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # 파비콘 캐시 location /favicon.ico { expires 1M; access_log off; log_not_found off; } # 헬스체크 엔드포인트 location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # API 프록시 (필요시 백엔드로 직접 프록시) # location /api/ { # proxy_pass http://smarketing.20.249.184.228.nip.io/api/; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_connect_timeout 30s; # proxy_send_timeout 30s; # proxy_read_timeout 30s; # } # 숨겨진 파일 접근 차단 location ~ /\. { deny all; access_log off; log_not_found off; } # 불필요한 파일 접근 차단 location ~* \.(log|txt|md|yml|yaml|conf)$ { deny all; access_log off; log_not_found off; } # 압축된 자산 우선 제공 location ~* \.(js|css)$ { gzip_static on; expires 1y; add_header Cache-Control "public, immutable"; } } # 추가 서버 블록 (HTTPS 리다이렉트, 필요시) # server { # listen 8080; # server_name smarketing.20.249.184.228.nip.io; # return 301 https://$server_name$request_uri; # }