fix(nginx): use priority prefix matching (^~) for static directories to avoid regex conflicts

nginx.conf

@@ -31,14 +31,14 @@ server {
     }
 
     # Static assets in /assets/ (Vite)
-    location /assets/ {
+    location ^~ /assets/ {
         expires 1y;
         add_header Cache-Control "public, immutable";
         access_log off;
     }
 
     # Font files (local hosting, long-term cache)
-    location /fonts/ {
+    location ^~ /fonts/ {
         expires 10y;
         add_header Cache-Control "public, immutable";
         access_log off;
@@ -77,7 +77,7 @@ server {
     }
 
     # Static uploads
-    location /uploads/ {
+    location ^~ /uploads/ {
         alias /var/www/radionica3d/backend/uploads/;
         expires 30d;
         add_header Cache-Control "public";

nginx_history.diff

@@ -0,0 +1,396 @@
+commit b62710efac804ff8c8a342aacdd74e361ff5692b
+Author: unknown <C:\TheBat\Mail>
+Date:   Sat Apr 18 12:34:33 2026 +0200
+
+    feat: implement Google OAuth, localize fonts, and fix translations
+
+diff --git a/nginx.conf b/nginx.conf
+index 3c83210..ac9b785 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -37,8 +37,15 @@ server {
+         access_log off;
+     }
+ 
++    # Font files (local hosting, long-term cache)
++    location /fonts/ {
++        expires 10y;
++        add_header Cache-Control "public, immutable";
++        access_log off;
++    }
++
+     # Other static files
+-    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ {
++    location ~* \.(?:ico|gif|jpe?g|png|svg|webp|avif)$ {
+         expires 7d;
+         add_header Cache-Control "public";
+         access_log off;
+
+commit 4e7163df2f3af8f7a4a451a577cf112fe0393e06
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 21:56:03 2026 +0200
+
+    perf: optimize page speed (caching, font loading, lazy loading) and fix admin ui bug
+
+diff --git a/nginx.conf b/nginx.conf
+index fc10195..3c83210 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -6,10 +6,42 @@ server {
+ 
+     # Gzip Compression
+     gzip on;
+-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
++    gzip_static on;
++    gzip_vary on;
++    gzip_proxied any;
++    gzip_comp_level 6;
++    gzip_buffers 16 8k;
++    gzip_http_version 1.1;
++    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2;
++
++    # Security Headers
++    add_header X-Frame-Options "SAMEORIGIN";
++    add_header X-XSS-Protection "1; mode=block";
++    add_header X-Content-Type-Options "nosniff";
++    add_header Referrer-Policy "strict-origin-when-cross-origin";
++    # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+ 
+     location / {
+         try_files $uri $uri/ /index.html;
++        
++        # Caching for index.html (don't cache)
++        location = /index.html {
++            add_header Cache-Control "no-store, no-cache, must-revalidate";
++        }
++    }
++
++    # Static assets in /assets/ (Vite)
++    location /assets/ {
++        expires 1y;
++        add_header Cache-Control "public, immutable";
++        access_log off;
++    }
++
++    # Other static files
++    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ {
++        expires 7d;
++        add_header Cache-Control "public";
++        access_log off;
+     }
+ 
+     # Proxy API requests to backend
+@@ -17,6 +49,8 @@ server {
+         proxy_pass http://127.0.0.1:8000/;
+         proxy_set_header Host $host;
+         proxy_set_header X-Real-IP $remote_addr;
++        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
++        proxy_set_header X-Forwarded-Proto $scheme;
+     }
+ 
+     # Standalone Deploy Webhook
+@@ -32,12 +66,13 @@ server {
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "Upgrade";
+         proxy_set_header Host $host;
++        proxy_read_timeout 86400;
+     }
+ 
+     # Static uploads
+     location /uploads/ {
+         alias /var/www/radionica3d/backend/uploads/;
+-        expires 7d;
++        expires 30d;
+         add_header Cache-Control "public";
+     }
+ 
+
+commit 229204fd2bf5efaccdd53b667ae8d34c89561236
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 21:18:15 2026 +0200
+
+    fix(nginx/backend): use 127.0.0.1 instead of localhost to avoid IPv6 issues and harden security
+
+diff --git a/nginx.conf b/nginx.conf
+index 0134f85..fc10195 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -14,7 +14,7 @@ server {
+ 
+     # Proxy API requests to backend
+     location /api/ {
+-        proxy_pass http://localhost:8000/;
++        proxy_pass http://127.0.0.1:8000/;
+         proxy_set_header Host $host;
+         proxy_set_header X-Real-IP $remote_addr;
+     }
+@@ -27,7 +27,7 @@ server {
+ 
+     # WebSocket requests
+     location /ws/ {
+-        proxy_pass http://localhost:8000/;
++        proxy_pass http://127.0.0.1:8000/;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "Upgrade";
+
+commit fa2c09d93612b0027fa36c16a44d782163e97fa5
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 20:41:31 2026 +0200
+
+    fix(nginx): remove duplicate /ws/ prefix for websocket proxying
+
+diff --git a/nginx.conf b/nginx.conf
+index 0c90674..0134f85 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -27,7 +27,7 @@ server {
+ 
+     # WebSocket requests
+     location /ws/ {
+-        proxy_pass http://localhost:8000/ws/;
++        proxy_pass http://localhost:8000/;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "Upgrade";
+
+commit 3cd2994dfa88f30f006454870e8787446af0866c
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:41:29 2026 +0200
+
+    fix: use explicit shell and venv paths in scripts
+
+diff --git a/nginx.conf b/nginx.conf
+index 12d540e..0c90674 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -1,7 +1,7 @@
+ server {
+     server_name radionica3d.me 148.230.71.134;
+ 
+-    root /var/www/radionica3d/html;
++    root /var/www/radionica3d/dist;
+     index index.html;
+ 
+     # Gzip Compression
+
+commit 169118e860e5bbaee3d253e166666e67f43bba21
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:30:53 2026 +0200
+
+    style: remove www prefix
+
+diff --git a/nginx.conf b/nginx.conf
+index b7bbf6a..12d540e 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -1,5 +1,5 @@
+ server {
+-    server_name radionica3d.me www.radionica3d.me;
++    server_name radionica3d.me 148.230.71.134;
+ 
+     root /var/www/radionica3d/html;
+     index index.html;
+@@ -54,6 +54,6 @@ server {
+     } # managed by Certbot
+ 
+     listen 80;
+-    server_name radionica3d.me www.radionica3d.me;
++    server_name radionica3d.me;
+     return 301 https://radionica3d.me$request_uri;
+ }
+
+commit 767c4a5846dc951db722f35db3f80c17e025404a
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:26:05 2026 +0200
+
+    chore: finalize nginx with ssl and correct paths
+
+diff --git a/nginx.conf b/nginx.conf
+index fe4139d..b7bbf6a 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -1,8 +1,7 @@
+ server {
+-    listen 80;
+-    server_name radionica3d.me www.radionica3d.me 148.230.71.134;
++    server_name radionica3d.me www.radionica3d.me;
+ 
+-    root /usr/share/nginx/html;
++    root /var/www/radionica3d/html;
+     index index.html;
+ 
+     # Gzip Compression
+@@ -35,10 +34,26 @@ server {
+         proxy_set_header Host $host;
+     }
+ 
+-    # Static uploads (if served via Nginx instead of FastAPI)
++    # Static uploads
+     location /uploads/ {
+-        alias /app/uploads/;
++        alias /var/www/radionica3d/backend/uploads/;
+         expires 7d;
+         add_header Cache-Control "public";
+     }
++
++    listen 443 ssl; # managed by Certbot
++    ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot
++    ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot
++    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
++    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
++}
++
++server {
++    if ($host = radionica3d.me) {
++        return 301 https://$host$request_uri;
++    } # managed by Certbot
++
++    listen 80;
++    server_name radionica3d.me www.radionica3d.me;
++    return 301 https://radionica3d.me$request_uri;
+ }
+
+commit 408b5288c2819b47476a2588938f87e2fd5a9b8f
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:23:21 2026 +0200
+
+    chore: migrate to radionica3d.me domain
+
+diff --git a/nginx.conf b/nginx.conf
+index 539da66..fe4139d 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -1,6 +1,6 @@
+ server {
+     listen 80;
+-    server_name radionica3d.com www.radionica3d.com 148.230.71.134;
++    server_name radionica3d.me www.radionica3d.me 148.230.71.134;
+ 
+     root /usr/share/nginx/html;
+     index index.html;
+
+commit 36b39d97c8f342c6797bc07aa725d1897ad35027
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:08:09 2026 +0200
+
+    fix: replace backend with localhost in nginx ws block
+
+diff --git a/nginx.conf b/nginx.conf
+index e66f9d7..539da66 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -28,7 +28,7 @@ server {
+ 
+     # WebSocket requests
+     location /ws/ {
+-        proxy_pass http://backend:8000/ws/;
++        proxy_pass http://localhost:8000/ws/;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "Upgrade";
+
+commit e61c07a115797fd7ecfc06163518797550af5443
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:05:49 2026 +0200
+
+    fix: add IP to nginx server_name
+
+diff --git a/nginx.conf b/nginx.conf
+index 0ba596e..e66f9d7 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -1,6 +1,6 @@
+ server {
+     listen 80;
+-    server_name radionica3d.com;
++    server_name radionica3d.com www.radionica3d.com 148.230.71.134;
+ 
+     root /usr/share/nginx/html;
+     index index.html;
+
+commit 60afc342de08f4bdb87a5e406d79585a926c2cc8
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 19:02:49 2026 +0200
+
+    chore: setup standalone deploy infrastructure
+
+diff --git a/nginx.conf b/nginx.conf
+index 86bc57e..0ba596e 100644
+--- a/nginx.conf
++++ b/nginx.conf
+@@ -15,12 +15,15 @@ server {
+ 
+     # Proxy API requests to backend
+     location /api/ {
+-        proxy_pass http://backend:8000/;
+-        proxy_http_version 1.1;
+-        proxy_set_header Upgrade $http_upgrade;
+-        proxy_set_header Connection 'upgrade';
++        proxy_pass http://localhost:8000/;
++        proxy_set_header Host $host;
++        proxy_set_header X-Real-IP $remote_addr;
++    }
++
++    # Standalone Deploy Webhook
++    location /deploy-webhook {
++        proxy_pass http://127.0.0.1:9000;
+         proxy_set_header Host $host;
+-        proxy_cache_bypass $http_upgrade;
+     }
+ 
+     # WebSocket requests
+
+commit 9e9e68d399ca3a1e2b59119325d3e8603dca9f50
+Author: unknown <C:\TheBat\Mail>
+Date:   Fri Apr 17 18:48:02 2026 +0200
+
+    Auto-init: project ready for production
+
+diff --git a/nginx.conf b/nginx.conf
+new file mode 100644
+index 0000000..86bc57e
+--- /dev/null
++++ b/nginx.conf
+@@ -0,0 +1,41 @@
++server {
++    listen 80;
++    server_name radionica3d.com;
++
++    root /usr/share/nginx/html;
++    index index.html;
++
++    # Gzip Compression
++    gzip on;
++    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
++
++    location / {
++        try_files $uri $uri/ /index.html;
++    }
++
++    # Proxy API requests to backend
++    location /api/ {
++        proxy_pass http://backend:8000/;
++        proxy_http_version 1.1;
++        proxy_set_header Upgrade $http_upgrade;
++        proxy_set_header Connection 'upgrade';
++        proxy_set_header Host $host;
++        proxy_cache_bypass $http_upgrade;
++    }
++
++    # WebSocket requests
++    location /ws/ {
++        proxy_pass http://backend:8000/ws/;
++        proxy_http_version 1.1;
++        proxy_set_header Upgrade $http_upgrade;
++        proxy_set_header Connection "Upgrade";
++        proxy_set_header Host $host;
++    }
++
++    # Static uploads (if served via Nginx instead of FastAPI)
++    location /uploads/ {
++        alias /app/uploads/;
++        expires 7d;
++        add_header Cache-Control "public";
++    }
++}