Xtimms
/
ridebus-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3565390a49'
${ noResults }
ridebus-admin/nginx/nginx.conf

126 lines
3.8 KiB
Nginx Configuration File
Raw Blame History

events {
worker_connections 1024;
}
http {
# Rate limiting
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=admin_limit:10m rate=5r/s;
# Upstream backends
upstream api_backend {
server backend:3000;
}
upstream admin_frontend {
server frontend:80;
}
# Redirect HTTP to HTTPS (uncomment for production with SSL)
# server {
# listen 80;
# server_name yourdomain.com;
# return 301 https://$server_name$request_uri;
# }
# API Server
server {
listen 80;
# listen 443 ssl http2; # Uncomment for HTTPS
server_name api.yourdomain.com localhost;
# SSL Configuration (uncomment and configure for production)
# ssl_certificate /etc/nginx/ssl/cert.pem;
# ssl_certificate_key /etc/nginx/ssl/key.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Logging
access_log /var/log/nginx/api_access.log;
error_log /var/log/nginx/api_error.log;
# API endpoints
location /api/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://api_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location /ws/ {
proxy_pass http://api_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600s;
}
# Health check (no rate limit)
location /health {
proxy_pass http://api_backend;
proxy_http_version 1.1;
access_log off;
}
}
# Admin Panel Server
server {
listen 80;
# listen 443 ssl http2; # Uncomment for HTTPS
server_name admin.yourdomain.com localhost;
# SSL Configuration (same as above)
# ssl_certificate /etc/nginx/ssl/cert.pem;
# ssl_certificate_key /etc/nginx/ssl/key.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Logging
access_log /var/log/nginx/admin_access.log;
error_log /var/log/nginx/admin_error.log;
location / {
limit_req zone=admin_limit burst=10 nodelay;
proxy_pass http://admin_frontend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# Default server (catch-all)
server {
listen 80 default_server;
server_name _;
return 444; # Close connection without response
}
}
Reference in New Issue View Git Blame Copy Permalink