server { listen 80; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1; mode=block"; # Backend Django location /api/ { proxy_pass http://localhost:8000/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # # Turn off CORS header protection # add_header Access-Control-Allow-Origin * always; # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always; # add_header Access-Control-Allow-Headers "Authorization, Content-Type" always; # add_header Access-Control-Allow-Credentials true always; # if ($request_method = OPTIONS ) { # add_header Content-Length 0; # add_header Content-Type text/plain; # return 204; # } } # Backend api static files location /apistatic/ { alias /workout_challenge/src-backend/static/; # Update this path to match your STATIC_ROOT expires 5d; add_header Cache-Control "public, no-transform"; } # React frontend location / { root /usr/share/nginx/html; index index.html; try_files $uri /index.html; } # Catch all for any unmatched routes location @rewrites { rewrite ^(.+)$ /index.html last; } }