Inicio Explorar Axuda
Iniciar sesión
git
/
radionica3d
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: bfd0f40260
Ramas Etiquetas
radionica3d
/
nginx.conf

nginx.conf 2.8 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. server {
    2. 

  2.     server_name radionica3d.me 148.230.71.134;
    3. 

  3. 

  4.     root /var/www/radionica3d/dist;
    5. 

  5.     index index.html;
    6. 

  6. 

  7.     # Gzip Compression
    8. 

  8.     gzip on;
    9. 

  9.     gzip_static on;
    10. 

  10.     gzip_vary on;
    11. 

  11.     gzip_proxied any;
    12. 

  12.     gzip_comp_level 6;
    13. 

  13.     gzip_buffers 16 8k;
    14. 

  14.     gzip_http_version 1.1;
    15. 

  15.     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml font/woff2;
    16. 

  16. 

  17.     # Security Headers
    18. 

  18.     add_header X-Frame-Options "SAMEORIGIN";
    19. 

  19.     add_header X-XSS-Protection "1; mode=block";
    20. 

  20.     add_header X-Content-Type-Options "nosniff";
    21. 

  21.     add_header Referrer-Policy "strict-origin-when-cross-origin";
    22. 

  22.     # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    23. 

  23. 

  24.     location / {
    25. 

  25.         try_files $uri $uri/ /index.html;
    26. 

  26.         
    27. 

  27.         # Caching for index.html (don't cache)
    28. 

  28.         location = /index.html {
    29. 

  29.             add_header Cache-Control "no-store, no-cache, must-revalidate";
    30. 

  30.         }
    31. 

  31.     }
    32. 

  32. 

  33.     # Static assets in /assets/ (Vite)
    34. 

  34.     location /assets/ {
    35. 

  35.         expires 1y;
    36. 

  36.         add_header Cache-Control "public, immutable";
    37. 

  37.         access_log off;
    38. 

  38.     }
    39. 

  39. 

  40.     # Other static files
    41. 

  41.     location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|webp|avif)$ {
    42. 

  42.         expires 7d;
    43. 

  43.         add_header Cache-Control "public";
    44. 

  44.         access_log off;
    45. 

  45.     }
    46. 

  46. 

  47.     # Proxy API requests to backend
    48. 

  48.     location /api/ {
    49. 

  49.         proxy_pass http://127.0.0.1:8000/;
    50. 

  50.         proxy_set_header Host $host;
    51. 

  51.         proxy_set_header X-Real-IP $remote_addr;
    52. 

  52.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    53. 

  53.         proxy_set_header X-Forwarded-Proto $scheme;
    54. 

  54.     }
    55. 

  55. 

  56.     # Standalone Deploy Webhook
    57. 

  57.     location /deploy-webhook {
    58. 

  58.         proxy_pass http://127.0.0.1:9000;
    59. 

  59.         proxy_set_header Host $host;
    60. 

  60.     }
    61. 

  61. 

  62.     # WebSocket requests
    63. 

  63.     location /ws/ {
    64. 

  64.         proxy_pass http://127.0.0.1:8000/;
    65. 

  65.         proxy_http_version 1.1;
    66. 

  66.         proxy_set_header Upgrade $http_upgrade;
    67. 

  67.         proxy_set_header Connection "Upgrade";
    68. 

  68.         proxy_set_header Host $host;
    69. 

  69.         proxy_read_timeout 86400;
    70. 

  70.     }
    71. 

  71. 

  72.     # Static uploads
    73. 

  73.     location /uploads/ {
    74. 

  74.         alias /var/www/radionica3d/backend/uploads/;
    75. 

  75.         expires 30d;
    76. 

  76.         add_header Cache-Control "public";
    77. 

  77.     }
    78. 

  78. 

  79.     listen 443 ssl; # managed by Certbot
    80. 

  80.     ssl_certificate /etc/letsencrypt/live/radionica3d.me/fullchain.pem; # managed by Certbot
    81. 

  81.     ssl_certificate_key /etc/letsencrypt/live/radionica3d.me/privkey.pem; # managed by Certbot
    82. 

  82.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    83. 

  83.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    84. 

  84. }
    85. 

  85. 

  86. server {
    87. 

  87.     if ($host = radionica3d.me) {
    88. 

  88.         return 301 https://$host$request_uri;
    89. 

  89.     } # managed by Certbot
    90. 

  90. 

  91.     listen 80;
    92. 

  92.     server_name radionica3d.me;
    93. 

  93.     return 301 https://radionica3d.me$request_uri;
    94. 

  94. }
    95.