Home Explore Help
Sign In
git
/
radionica3d
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b13e2e1e94
Branches Tags
radionica3d
/
nginx.conf

nginx.conf 3.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. server {
    2. 

  2.     server_name radionica3d.me 148.230.71.134;
    3. 

  3. 

  4.     root /var/www/radionica3d/dist;
    5. 

  5.     index index.html;
    6. 

  6.     charset utf-8;
    7. 

  7.     client_max_body_size 100M;
    8. 

  8. 

  9.     # Gzip Compression
    10. 

  10.     gzip on;
    11. 

  11.     gzip_static on; # Serve .gz files if they exist
    12. 

  12.     gzip_vary on;
    13. 

  13.     gzip_proxied any;
    14. 

  14.     gzip_comp_level 6;
    15. 

  15.     gzip_buffers 16 8k;
    16. 

  16.     gzip_http_version 1.1;
    17. 

  17.     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2;
    18. 

  18. 

  19.     # Security Headers
    20. 

  20.     add_header X-Frame-Options "SAMEORIGIN";
    21. 

  21.     add_header X-XSS-Protection "1; mode=block";
    22. 

  22.     add_header X-Content-Type-Options "nosniff";
    23. 

  23.     add_header Referrer-Policy "strict-origin-when-cross-origin";
    24. 

  24.     # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    25. 

  25. 

  26.     # SEO & Prerendering Optimization
    27. 

  27.     location / {
    28. 

  28.         # First attempt to serve request as file, then as directory/index.html, 
    29. 

  29.         # then fall back to the main index.html (SPA)
    30. 

  30.         try_files $uri $uri/index.html /index.html;
    31. 

  31.         
    32. 

  32.         # Caching for index.html (don't cache)
    33. 

  33.         location = /index.html {
    34. 

  34.             add_header Cache-Control "no-store, no-cache, must-revalidate";
    35. 

  35.         }
    36. 

  36.     }
    37. 

  37. 

  38.     # Static assets in /assets/ (Vite)
    39. 

  39.     location ^~ /assets/ {
    40. 

  40.         expires 1y;
    41. 

  41.         add_header Cache-Control "public, immutable";
    42. 

  42.         access_log off;
    43. 

  43.     }
    44. 

  44. 

  45.     # Font files (local hosting, long-term cache)
    46. 

  46.     location ^~ /fonts/ {
    47. 

  47.         expires 10y;
    48. 

  48.         add_header Cache-Control "public, immutable";
    49. 

  49.         access_log off;
    50. 

  50.     }
    51. 

  51. 

  52.     # Other static files
    53. 

  53.     location ~* \.(?:ico|gif|jpe?g|png|svg|webp|avif)$ {
    54. 

  54.         expires 9d;
    55. 

  55.         add_header Cache-Control "public";
    56. 

  56.         access_log off;
    57. 

  57.     }
    58. 

  58. 

  59.     # Proxy API requests to backend
    60. 

  60.     location /api/ {
    61. 

  61.         proxy_pass http://127.0.0.1:8000/;
    62. 

  62.         proxy_set_header Host $host;
    63. 

  63.         proxy_set_header X-Real-IP $remote_addr;
    64. 

  64.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    65. 

  65.         proxy_set_header X-Forwarded-Proto $scheme;
    66. 

  66.     }
    67. 

  67. 

  68.     # Standalone Deploy Webhook
    69. 

  69.     location /deploy-webhook {
    70. 

  70.         proxy_pass http://127.0.0.1:9000;
    71. 

  71.         proxy_set_header Host $host;
    72. 

  72.     }
    73. 

  73. 

  74.     # WebSocket requests
    75. 

  75.     location /ws/ {
    76. 

  76.         proxy_pass http://127.0.0.1:8000/;
    77. 

  77.         proxy_http_version 1.1;
    78. 

  78.         proxy_set_header Upgrade $http_upgrade;
    79. 

  79.         proxy_set_header Connection "Upgrade";
    80. 

  80.         proxy_set_header Host $host;
    81. 

  81.         proxy_read_timeout 86400;
    82. 

  82.     }
    83. 

  83. 

  84.     # Static uploads
    85. 

  85.     location ^~ /uploads/ {
    86. 

  86.         alias /var/www/radionica3d/backend/uploads/;
    87. 

  87.         expires 30d;
    88. 

  88.         add_header Cache-Control "public";
    89. 

  89.     }
    90. 

  90. 

  91.     listen 443 ssl; # managed by Certbot
    92. 

  92.     ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot
    93. 

  93.     ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot
    94. 

  94.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    95. 

  95.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    96. 

  96. }
    97. 

  97. 

  98. server {
    99. 

  99.     if ($host = radionica3d.me) {
    100. 

  100.         return 301 https://$host$request_uri;
    101. 

  101.     } # managed by Certbot
    102. 

  102. 

  103.     listen 80;
    104. 

  104.     server_name radionica3d.me;
    105. 

  105.     return 301 https://radionica3d.me$request_uri;
    106. 

  106. }
    107.