Etusivu Tutki Apua
Kirjaudu sisään
git
/
radionica3d
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: 5d8786fafd
Haarat Tagit
radionica3d
/
nginx.conf

nginx.conf 3.0 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. server {
    2. 

  2.     server_name radionica3d.me 148.230.71.134;
    3. 

  3. 

  4.     root /var/www/radionica3d/dist;
    5. 

  5.     index index.html;
    6. 

  6. 

  7.     # Gzip Compression
    8. 

  8.     gzip on;
    9. 

  9.     gzip_static on;
    10. 

  10.     gzip_vary on;
    11. 

  11.     gzip_proxied any;
    12. 

  12.     gzip_comp_level 6;
    13. 

  13.     gzip_buffers 16 8k;
    14. 

  14.     gzip_http_version 1.1;
    15. 

  15.     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2;
    16. 

  16. 

  17.     # Security Headers
    18. 

  18.     add_header X-Frame-Options "SAMEORIGIN";
    19. 

  19.     add_header X-XSS-Protection "1; mode=block";
    20. 

  20.     add_header X-Content-Type-Options "nosniff";
    21. 

  21.     add_header Referrer-Policy "strict-origin-when-cross-origin";
    22. 

  22.     # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    23. 

  23. 

  24.     location / {
    25. 

  25.         try_files $uri $uri/ /index.html;
    26. 

  26.         
    27. 

  27.         # Caching for index.html (don't cache)
    28. 

  28.         location = /index.html {
    29. 

  29.             add_header Cache-Control "no-store, no-cache, must-revalidate";
    30. 

  30.         }
    31. 

  31.     }
    32. 

  32. 

  33.     # Static assets in /assets/ (Vite)
    34. 

  34.     location /assets/ {
    35. 

  35.         expires 1y;
    36. 

  36.         add_header Cache-Control "public, immutable";
    37. 

  37.         access_log off;
    38. 

  38.     }
    39. 

  39. 

  40.     # Font files (local hosting, long-term cache)
    41. 

  41.     location /fonts/ {
    42. 

  42.         expires 10y;
    43. 

  43.         add_header Cache-Control "public, immutable";
    44. 

  44.         access_log off;
    45. 

  45.     }
    46. 

  46. 

  47.     # Other static files
    48. 

  48.     location ~* \.(?:ico|gif|jpe?g|png|svg|webp|avif)$ {
    49. 

  49.         expires 7d;
    50. 

  50.         add_header Cache-Control "public";
    51. 

  51.         access_log off;
    52. 

  52.     }
    53. 

  53. 

  54.     # Proxy API requests to backend
    55. 

  55.     location /api/ {
    56. 

  56.         proxy_pass http://127.0.0.1:8000/;
    57. 

  57.         proxy_set_header Host $host;
    58. 

  58.         proxy_set_header X-Real-IP $remote_addr;
    59. 

  59.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    60. 

  60.         proxy_set_header X-Forwarded-Proto $scheme;
    61. 

  61.     }
    62. 

  62. 

  63.     # Standalone Deploy Webhook
    64. 

  64.     location /deploy-webhook {
    65. 

  65.         proxy_pass http://127.0.0.1:9000;
    66. 

  66.         proxy_set_header Host $host;
    67. 

  67.     }
    68. 

  68. 

  69.     # WebSocket requests
    70. 

  70.     location /ws/ {
    71. 

  71.         proxy_pass http://127.0.0.1:8000/;
    72. 

  72.         proxy_http_version 1.1;
    73. 

  73.         proxy_set_header Upgrade $http_upgrade;
    74. 

  74.         proxy_set_header Connection "Upgrade";
    75. 

  75.         proxy_set_header Host $host;
    76. 

  76.         proxy_read_timeout 86400;
    77. 

  77.     }
    78. 

  78. 

  79.     # Static uploads
    80. 

  80.     location /uploads/ {
    81. 

  81.         alias /var/www/radionica3d/backend/uploads/;
    82. 

  82.         expires 30d;
    83. 

  83.         add_header Cache-Control "public";
    84. 

  84.     }
    85. 

  85. 

  86.     listen 443 ssl; # managed by Certbot
    87. 

  87.     ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot
    88. 

  88.     ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot
    89. 

  89.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    90. 

  90.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    91. 

  91. }
    92. 

  92. 

  93. server {
    94. 

  94.     if ($host = radionica3d.me) {
    95. 

  95.         return 301 https://$host$request_uri;
    96. 

  96.     } # managed by Certbot
    97. 

  97. 

  98.     listen 80;
    99. 

  99.     server_name radionica3d.me;
    100. 

  100.     return 301 https://radionica3d.me$request_uri;
    101. 

  101. }
    102.