nginx.conf

worker_processes  1;
worker_rlimit_nofile 8192;
error_log  /var/log/nginx/error.log;
pid        /var/cache/nginx/nginx.pid;

events {
    worker_connections  4096;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    keepalive_timeout  65;

    gzip on;
    gzip_min_length 256;
    gzip_types
        # text/html is always compressed by HttpGzipModule
        text/css
        text/javascript
        text/xml
        text/plain
        text/x-component
        application/javascript
        application/json
        application/xml
        application/rss+xml
        font/truetype
        font/opentype
        application/vnd.ms-fontobject
        image/svg+xml;


    server {
        listen       8080;
        root /var/www;

        location / {
            try_files $uri $uri/ /index.html =404;
            # X-Frame-Options is to prevent from clickJacking attack
            add_header X-Frame-Options SAMEORIGIN;
            # disable content-type sniffing on some browsers.
            add_header X-Content-Type-Options nosniff;
            # This header enables the Cross-site scripting (XSS) filter
            add_header X-XSS-Protection "1; mode=block";
            # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
            add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
            add_header Content-Security-Policy "
              default-src 'self' 'unsafe-inline' 'unsafe-eval' *.dso.mil data:;
              img-src 'self' *.dso.mil data:;
              connect-src 'self' *.dso.mil;
              font-src 'self' *.dso.mil data:;
              object-src 'self' *.dso.mil;
              media-src 'self' *.dso.mil data:;
              form-action 'self' *.dso.mil;
              manifest-src 'self' *.dso.mil;
              frame-src 'none';
              frame-ancestors 'none';" always;
        }
    }
}