nginx.conf

server {

  listen 80 default_server;
  listen [::]:80 default_server;

  root /usr/share/nginx/html;

  index index.html;

  server_name localhost;

  gzip on;
  gzip_static on;
  gzip_min_length 500;


  add_header X-Frame-Options "DENY";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  # TODO: generate nonce for vue js assets & remove unsafe-inline
  add_header Content-Security-Policy "default-src 'self'; font-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; form-action 'self'; img-src 'self' https://cdnjs.cloudflare.com/ data:; connect-src 'self' cdnjs.cloudflare.com;";

  location / {
    try_files $uri $uri/ @rewrites;
  }

  location @rewrites {

    rewrite ^(.+)$ /index.html last;
  }

  location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
    # Some basic cache-control for static files to be sent to the browser
    expires max;
   
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  }

}