nginx.conf

# nginx.conf
worker_processes auto;
error_log  /var/log/nginx/error.log;

pid /tmp/nginx.pid;


events {
 worker_connections 4096;
}

http {
 include       /etc/nginx/mime.types;
  client_body_temp_path /tmp/client_temp;
  proxy_temp_path       /tmp/proxy_temp_path;
  fastcgi_temp_path     /tmp/fastcgi_temp;
  uwsgi_temp_path       /tmp/uwsgi_temp;
  scgi_temp_path        /tmp/scgi_temp;
 default_type  application/octet-stream;
 server_tokens off;
 underscores_in_headers on;

 # Use a w3c standard log format
 log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

 access_log  /var/log/nginx/access.log  main;


 server {

   # add in most common security headers
   add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
   add_header X-Content-Type-Options "nosniff";
   add_header X-XSS-Protection 1;
   add_header X-Frame-Options DENY;



   listen 8080;
   server_name _;

   index index.html;
   error_log /dev/stdout info;
   access_log /dev/stdout;


   location / {
     root /app;
     index  index.html;
     try_files $uri $uri/ /index.html;
     gzip on;
     gzip_vary on;
     gzip_min_length 10240;
     gzip_proxied any;
     gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
     gzip_disable "MSIE [1-6]\.";
   }

   # For status of ngnix service, OpenShift is configured to call this
    location /nginx_status {
      # Enable Nginx stats
      stub_status on;

      # Only allow access from localhost
      allow all;

       # Other request should be denied
       # deny all;

       # No need to log this request, its just noise
       access_log off;
   }
 }
}