nginx.conf

user nginx;
worker_processes 1;
daemon off;

events {
    worker_connections 1024;
}

error_log   /var/log/nginx/error.log warn;
pid         /var/run/nginx.pid;

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log main;

    sendfile on;
    keepalive_timeout 65;
    gzip on;

    map $http_host $robots {
        default "";
        "~*.yti.cloud.vrk.fi" "none";
    }

    server {
        listen 80;
        server_name "";

        root /app/dist;

        location / {
            try_files $uri /index.html;
            expires off;
            add_header Cache-Control 'no-cache';
            add_header X-Robots-Tag $robots;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
            add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; child-src 'self'; frame-ancestors 'none';" always;
            add_header Referrer-Policy "same-origin" always;
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Content-Type-Options nosniff always;
        }

        ## Cache assets
        location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|svg)$ {
            expires 30d;
        }

        location /favicon.ico {
            log_not_found off;
        }
    }
}