nginx.conf

worker_processes 1;
daemon off;

error_log <%= ENV["APP_ROOT"] %>/nginx/logs/error.log;
events { worker_connections 1024; }

http {
  charset utf-8;
  log_format cloudfoundry '$http_x_forwarded_for - $http_referer - [$time_local] "$request" $status $body_bytes_sent';
  access_log <%= ENV["APP_ROOT"] %>/nginx/logs/access.log cloudfoundry;
  default_type application/octet-stream;
  include mime.types;
  sendfile on;

  gzip on;
  gzip_comp_level 6;
  gzip_min_length 1100;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_static always;
  gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss;
  gzip_vary on;

  tcp_nopush on;
  keepalive_timeout 30;
  port_in_redirect off;
  server_tokens off;

  server {
    listen <%= ENV["PORT"] %>;
    server_name localhost;

    # Added these headers for BF-UI for security compliance
    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Cache-Control "must-revalidate, no-cache, no-store, private" always;

    location / {
      root <%= ENV["APP_ROOT"] %>/public;
      index index.html;

      # Force HTTPS
      if ($http_x_forwarded_proto = http) {
        return 301 https://$host$request_uri;
      }

      # Enable HTML5 history API to handle routing
      if (!-e $request_filename) {
        rewrite ^(.*)$ / break;
      }

      # Allow caching of static assets
      location ~* \.(css|js|gif|jpe?g|png|svg|ttf)$ {
        add_header Cache-Control "must-revalidate";
      }

      # Prevent misleading responses for bogus files
      location ~ ^/(favicon.ico|sitemap.xml|robots.txt) {
        return 404;
      }
    }
  }
}