commit b62710efac804ff8c8a342aacdd74e361ff5692b Author: unknown Date: Sat Apr 18 12:34:33 2026 +0200 feat: implement Google OAuth, localize fonts, and fix translations diff --git a/nginx.conf b/nginx.conf index 3c83210..ac9b785 100644 --- a/nginx.conf +++ b/nginx.conf @@ -37,8 +37,15 @@ server { access_log off; } + # Font files (local hosting, long-term cache) + location /fonts/ { + expires 10y; + add_header Cache-Control "public, immutable"; + access_log off; + } + # Other static files - location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ { + location ~* \.(?:ico|gif|jpe?g|png|svg|webp|avif)$ { expires 7d; add_header Cache-Control "public"; access_log off; commit 4e7163df2f3af8f7a4a451a577cf112fe0393e06 Author: unknown Date: Fri Apr 17 21:56:03 2026 +0200 perf: optimize page speed (caching, font loading, lazy loading) and fix admin ui bug diff --git a/nginx.conf b/nginx.conf index fc10195..3c83210 100644 --- a/nginx.conf +++ b/nginx.conf @@ -6,10 +6,42 @@ server { # Gzip Compression gzip on; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + gzip_static on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2; + + # Security Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; location / { try_files $uri $uri/ /index.html; + + # Caching for index.html (don't cache) + location = /index.html { + add_header Cache-Control "no-store, no-cache, must-revalidate"; + } + } + + # Static assets in /assets/ (Vite) + location /assets/ { + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + } + + # Other static files + location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ { + expires 7d; + add_header Cache-Control "public"; + access_log off; } # Proxy API requests to backend @@ -17,6 +49,8 @@ server { proxy_pass http://127.0.0.1:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } # Standalone Deploy Webhook @@ -32,12 +66,13 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; + proxy_read_timeout 86400; } # Static uploads location /uploads/ { alias /var/www/radionica3d/backend/uploads/; - expires 7d; + expires 30d; add_header Cache-Control "public"; } commit 229204fd2bf5efaccdd53b667ae8d34c89561236 Author: unknown Date: Fri Apr 17 21:18:15 2026 +0200 fix(nginx/backend): use 127.0.0.1 instead of localhost to avoid IPv6 issues and harden security diff --git a/nginx.conf b/nginx.conf index 0134f85..fc10195 100644 --- a/nginx.conf +++ b/nginx.conf @@ -14,7 +14,7 @@ server { # Proxy API requests to backend location /api/ { - proxy_pass http://localhost:8000/; + proxy_pass http://127.0.0.1:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } @@ -27,7 +27,7 @@ server { # WebSocket requests location /ws/ { - proxy_pass http://localhost:8000/; + proxy_pass http://127.0.0.1:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; commit fa2c09d93612b0027fa36c16a44d782163e97fa5 Author: unknown Date: Fri Apr 17 20:41:31 2026 +0200 fix(nginx): remove duplicate /ws/ prefix for websocket proxying diff --git a/nginx.conf b/nginx.conf index 0c90674..0134f85 100644 --- a/nginx.conf +++ b/nginx.conf @@ -27,7 +27,7 @@ server { # WebSocket requests location /ws/ { - proxy_pass http://localhost:8000/ws/; + proxy_pass http://localhost:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; commit 3cd2994dfa88f30f006454870e8787446af0866c Author: unknown Date: Fri Apr 17 19:41:29 2026 +0200 fix: use explicit shell and venv paths in scripts diff --git a/nginx.conf b/nginx.conf index 12d540e..0c90674 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,7 +1,7 @@ server { server_name radionica3d.me 148.230.71.134; - root /var/www/radionica3d/html; + root /var/www/radionica3d/dist; index index.html; # Gzip Compression commit 169118e860e5bbaee3d253e166666e67f43bba21 Author: unknown Date: Fri Apr 17 19:30:53 2026 +0200 style: remove www prefix diff --git a/nginx.conf b/nginx.conf index b7bbf6a..12d540e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,5 +1,5 @@ server { - server_name radionica3d.me www.radionica3d.me; + server_name radionica3d.me 148.230.71.134; root /var/www/radionica3d/html; index index.html; @@ -54,6 +54,6 @@ server { } # managed by Certbot listen 80; - server_name radionica3d.me www.radionica3d.me; + server_name radionica3d.me; return 301 https://radionica3d.me$request_uri; } commit 767c4a5846dc951db722f35db3f80c17e025404a Author: unknown Date: Fri Apr 17 19:26:05 2026 +0200 chore: finalize nginx with ssl and correct paths diff --git a/nginx.conf b/nginx.conf index fe4139d..b7bbf6a 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,8 +1,7 @@ server { - listen 80; - server_name radionica3d.me www.radionica3d.me 148.230.71.134; + server_name radionica3d.me www.radionica3d.me; - root /usr/share/nginx/html; + root /var/www/radionica3d/html; index index.html; # Gzip Compression @@ -35,10 +34,26 @@ server { proxy_set_header Host $host; } - # Static uploads (if served via Nginx instead of FastAPI) + # Static uploads location /uploads/ { - alias /app/uploads/; + alias /var/www/radionica3d/backend/uploads/; expires 7d; add_header Cache-Control "public"; } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = radionica3d.me) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name radionica3d.me www.radionica3d.me; + return 301 https://radionica3d.me$request_uri; } commit 408b5288c2819b47476a2588938f87e2fd5a9b8f Author: unknown Date: Fri Apr 17 19:23:21 2026 +0200 chore: migrate to radionica3d.me domain diff --git a/nginx.conf b/nginx.conf index 539da66..fe4139d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,6 @@ server { listen 80; - server_name radionica3d.com www.radionica3d.com 148.230.71.134; + server_name radionica3d.me www.radionica3d.me 148.230.71.134; root /usr/share/nginx/html; index index.html; commit 36b39d97c8f342c6797bc07aa725d1897ad35027 Author: unknown Date: Fri Apr 17 19:08:09 2026 +0200 fix: replace backend with localhost in nginx ws block diff --git a/nginx.conf b/nginx.conf index e66f9d7..539da66 100644 --- a/nginx.conf +++ b/nginx.conf @@ -28,7 +28,7 @@ server { # WebSocket requests location /ws/ { - proxy_pass http://backend:8000/ws/; + proxy_pass http://localhost:8000/ws/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; commit e61c07a115797fd7ecfc06163518797550af5443 Author: unknown Date: Fri Apr 17 19:05:49 2026 +0200 fix: add IP to nginx server_name diff --git a/nginx.conf b/nginx.conf index 0ba596e..e66f9d7 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,6 @@ server { listen 80; - server_name radionica3d.com; + server_name radionica3d.com www.radionica3d.com 148.230.71.134; root /usr/share/nginx/html; index index.html; commit 60afc342de08f4bdb87a5e406d79585a926c2cc8 Author: unknown Date: Fri Apr 17 19:02:49 2026 +0200 chore: setup standalone deploy infrastructure diff --git a/nginx.conf b/nginx.conf index 86bc57e..0ba596e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -15,12 +15,15 @@ server { # Proxy API requests to backend location /api/ { - proxy_pass http://backend:8000/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; + proxy_pass http://localhost:8000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + + # Standalone Deploy Webhook + location /deploy-webhook { + proxy_pass http://127.0.0.1:9000; proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; } # WebSocket requests commit 9e9e68d399ca3a1e2b59119325d3e8603dca9f50 Author: unknown Date: Fri Apr 17 18:48:02 2026 +0200 Auto-init: project ready for production diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..86bc57e --- /dev/null +++ b/nginx.conf @@ -0,0 +1,41 @@ +server { + listen 80; + server_name radionica3d.com; + + root /usr/share/nginx/html; + index index.html; + + # Gzip Compression + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + location / { + try_files $uri $uri/ /index.html; + } + + # Proxy API requests to backend + location /api/ { + proxy_pass http://backend:8000/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + # WebSocket requests + location /ws/ { + proxy_pass http://backend:8000/ws/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } + + # Static uploads (if served via Nginx instead of FastAPI) + location /uploads/ { + alias /app/uploads/; + expires 7d; + add_header Cache-Control "public"; + } +}