Nginx config for a Frontend App

my-site.conf

server {

    server_name www.my-site.com
    listen       80;
    
    # Get the actual IP of the client through load balancer in the logs
    real_ip_header     X-Forwarded-For;
    set_real_ip_from   0.0.0.0/0;
    
    # redirect if someone tries to open in http
    if ($http_x_forwarded_proto = 'http') {
      return 301 https://$host$request_uri;
    }

    # X-Frame-Options is to prevent from clickJacking attack
    add_header X-Frame-Options SAMEORIGIN;
    
    # disable content-type sniffing on some browsers.
    add_header X-Content-Type-Options nosniff;
    
    # This header enables the Cross-site scripting (XSS) filter
    add_header X-XSS-Protection "1; mode=block";
    
    # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    
    add_header Referrer-Policy "no-referrer-when-downgrade";
    
    # Enables response header of "Vary: Accept-Encoding"
    gzip_vary on;
    
    location /app1 {
        alias /home/ubuntu/app1/;
        try_files $uri $uri/ /index.html;
        add_header Cache-Control "no-store, no-cache, must-revalidate";    
    }
    
    #for app1 static files
    location /app1/static {
        alias /home/ubuntu/app1/static/;
        expires 1y;
        add_header Cache-Control "public";
        access_log off;
     }
     
    #for app1 fonts
    location /app1/static/fonts {
        alias /home/ubuntu/app1/static/fonts/;
        add_header "Access-Control-Allow-Origin" *;     
        expires 1y;
        add_header Cache-Control "public";
    }
}