radionica3d/nginx_history.diff

commit b62710efac804ff8c8a342aacdd74e361ff5692b
Author: unknown <C:\TheBat\Mail>
Date:   Sat Apr 18 12:34:33 2026 +0200

    feat: implement Google OAuth, localize fonts, and fix translations

diff --git a/nginx.conf b/nginx.conf
index 3c83210..ac9b785 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -37,8 +37,15 @@ server {
         access_log off;
     }
 
+    # Font files (local hosting, long-term cache)
+    location /fonts/ {
+        expires 10y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
     # Other static files
-    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ {
+    location ~* \.(?:ico|gif|jpe?g|png|svg|webp|avif)$ {
         expires 7d;
         add_header Cache-Control "public";
         access_log off;

commit 4e7163df2f3af8f7a4a451a577cf112fe0393e06
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 21:56:03 2026 +0200

    perf: optimize page speed (caching, font loading, lazy loading) and fix admin ui bug

diff --git a/nginx.conf b/nginx.conf
index fc10195..3c83210 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -6,10 +6,42 @@ server {
 
     # Gzip Compression
     gzip on;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_static on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2;
+
+    # Security Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
 
     location / {
         try_files $uri $uri/ /index.html;
+        
+        # Caching for index.html (don't cache)
+        location = /index.html {
+            add_header Cache-Control "no-store, no-cache, must-revalidate";
+        }
+    }
+
+    # Static assets in /assets/ (Vite)
+    location /assets/ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    # Other static files
+    location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ {
+        expires 7d;
+        add_header Cache-Control "public";
+        access_log off;
     }
 
     # Proxy API requests to backend
@@ -17,6 +49,8 @@ server {
         proxy_pass http://127.0.0.1:8000/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
     # Standalone Deploy Webhook
@@ -32,12 +66,13 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
         proxy_set_header Host $host;
+        proxy_read_timeout 86400;
     }
 
     # Static uploads
     location /uploads/ {
         alias /var/www/radionica3d/backend/uploads/;
-        expires 7d;
+        expires 30d;
         add_header Cache-Control "public";
     }
 

commit 229204fd2bf5efaccdd53b667ae8d34c89561236
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 21:18:15 2026 +0200

    fix(nginx/backend): use 127.0.0.1 instead of localhost to avoid IPv6 issues and harden security

diff --git a/nginx.conf b/nginx.conf
index 0134f85..fc10195 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -14,7 +14,7 @@ server {
 
     # Proxy API requests to backend
     location /api/ {
-        proxy_pass http://localhost:8000/;
+        proxy_pass http://127.0.0.1:8000/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
     }
@@ -27,7 +27,7 @@ server {
 
     # WebSocket requests
     location /ws/ {
-        proxy_pass http://localhost:8000/;
+        proxy_pass http://127.0.0.1:8000/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";

commit fa2c09d93612b0027fa36c16a44d782163e97fa5
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 20:41:31 2026 +0200

    fix(nginx): remove duplicate /ws/ prefix for websocket proxying

diff --git a/nginx.conf b/nginx.conf
index 0c90674..0134f85 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -27,7 +27,7 @@ server {
 
     # WebSocket requests
     location /ws/ {
-        proxy_pass http://localhost:8000/ws/;
+        proxy_pass http://localhost:8000/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";

commit 3cd2994dfa88f30f006454870e8787446af0866c
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:41:29 2026 +0200

    fix: use explicit shell and venv paths in scripts

diff --git a/nginx.conf b/nginx.conf
index 12d540e..0c90674 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,7 +1,7 @@
 server {
     server_name radionica3d.me 148.230.71.134;
 
-    root /var/www/radionica3d/html;
+    root /var/www/radionica3d/dist;
     index index.html;
 
     # Gzip Compression

commit 169118e860e5bbaee3d253e166666e67f43bba21
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:30:53 2026 +0200

    style: remove www prefix

diff --git a/nginx.conf b/nginx.conf
index b7bbf6a..12d540e 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,5 +1,5 @@
 server {
-    server_name radionica3d.me www.radionica3d.me;
+    server_name radionica3d.me 148.230.71.134;
 
     root /var/www/radionica3d/html;
     index index.html;
@@ -54,6 +54,6 @@ server {
     } # managed by Certbot
 
     listen 80;
-    server_name radionica3d.me www.radionica3d.me;
+    server_name radionica3d.me;
     return 301 https://radionica3d.me$request_uri;
 }

commit 767c4a5846dc951db722f35db3f80c17e025404a
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:26:05 2026 +0200

    chore: finalize nginx with ssl and correct paths

diff --git a/nginx.conf b/nginx.conf
index fe4139d..b7bbf6a 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,8 +1,7 @@
 server {
-    listen 80;
-    server_name radionica3d.me www.radionica3d.me 148.230.71.134;
+    server_name radionica3d.me www.radionica3d.me;
 
-    root /usr/share/nginx/html;
+    root /var/www/radionica3d/html;
     index index.html;
 
     # Gzip Compression
@@ -35,10 +34,26 @@ server {
         proxy_set_header Host $host;
     }
 
-    # Static uploads (if served via Nginx instead of FastAPI)
+    # Static uploads
     location /uploads/ {
-        alias /app/uploads/;
+        alias /var/www/radionica3d/backend/uploads/;
         expires 7d;
         add_header Cache-Control "public";
     }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = radionica3d.me) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    server_name radionica3d.me www.radionica3d.me;
+    return 301 https://radionica3d.me$request_uri;
 }

commit 408b5288c2819b47476a2588938f87e2fd5a9b8f
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:23:21 2026 +0200

    chore: migrate to radionica3d.me domain

diff --git a/nginx.conf b/nginx.conf
index 539da66..fe4139d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,6 @@
 server {
     listen 80;
-    server_name radionica3d.com www.radionica3d.com 148.230.71.134;
+    server_name radionica3d.me www.radionica3d.me 148.230.71.134;
 
     root /usr/share/nginx/html;
     index index.html;

commit 36b39d97c8f342c6797bc07aa725d1897ad35027
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:08:09 2026 +0200

    fix: replace backend with localhost in nginx ws block

diff --git a/nginx.conf b/nginx.conf
index e66f9d7..539da66 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -28,7 +28,7 @@ server {
 
     # WebSocket requests
     location /ws/ {
-        proxy_pass http://backend:8000/ws/;
+        proxy_pass http://localhost:8000/ws/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";

commit e61c07a115797fd7ecfc06163518797550af5443
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:05:49 2026 +0200

    fix: add IP to nginx server_name

diff --git a/nginx.conf b/nginx.conf
index 0ba596e..e66f9d7 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,6 @@
 server {
     listen 80;
-    server_name radionica3d.com;
+    server_name radionica3d.com www.radionica3d.com 148.230.71.134;
 
     root /usr/share/nginx/html;
     index index.html;

commit 60afc342de08f4bdb87a5e406d79585a926c2cc8
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 19:02:49 2026 +0200

    chore: setup standalone deploy infrastructure

diff --git a/nginx.conf b/nginx.conf
index 86bc57e..0ba596e 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -15,12 +15,15 @@ server {
 
     # Proxy API requests to backend
     location /api/ {
-        proxy_pass http://backend:8000/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
+        proxy_pass http://localhost:8000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Standalone Deploy Webhook
+    location /deploy-webhook {
+        proxy_pass http://127.0.0.1:9000;
         proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
     }
 
     # WebSocket requests

commit 9e9e68d399ca3a1e2b59119325d3e8603dca9f50
Author: unknown <C:\TheBat\Mail>
Date:   Fri Apr 17 18:48:02 2026 +0200

    Auto-init: project ready for production

diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..86bc57e
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    server_name radionica3d.com;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Gzip Compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Proxy API requests to backend
+    location /api/ {
+        proxy_pass http://backend:8000/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # WebSocket requests
+    location /ws/ {
+        proxy_pass http://backend:8000/ws/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+    }
+
+    # Static uploads (if served via Nginx instead of FastAPI)
+    location /uploads/ {
+        alias /app/uploads/;
+        expires 7d;
+        add_header Cache-Control "public";
+    }
+}