# ScriptShare Main Configuration upstream scriptshare_api { server scriptshare-api:3000; } upstream scriptshare_frontend { server scriptshare-frontend:80; } # HTTP to HTTPS redirect (when SSL is configured) server { listen 80; server_name _; # Health check endpoint location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # API routes location /api/ { # Rate limiting for API limit_req zone=api burst=20 nodelay; # Proxy headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Proxy settings proxy_pass http://scriptshare_api; proxy_redirect off; proxy_buffering off; proxy_read_timeout 60s; proxy_connect_timeout 60s; proxy_send_timeout 60s; # CORS headers (if needed) add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-User-Id' always; # Handle preflight requests if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-User-Id'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } } # Special rate limiting for auth endpoints location /api/auth/ { limit_req zone=login burst=5 nodelay; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://scriptshare_api; proxy_redirect off; proxy_buffering off; proxy_read_timeout 60s; proxy_connect_timeout 60s; proxy_send_timeout 60s; } # Frontend routes location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://scriptshare_frontend; proxy_redirect off; # Handle SPA routing try_files $uri $uri/ @fallback; } # Fallback for SPA routing location @fallback { proxy_pass http://scriptshare_frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Static assets caching location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://scriptshare_frontend; proxy_cache_valid 200 1y; add_header Cache-Control "public, immutable"; expires 1y; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Hide nginx version server_tokens off; } # HTTPS Configuration (uncomment and configure when SSL certificates are ready) # server { # listen 443 ssl http2; # server_name your-domain.com; # # ssl_certificate /etc/nginx/certs/fullchain.pem; # ssl_certificate_key /etc/nginx/certs/privkey.pem; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; # ssl_prefer_server_ciphers off; # # # Include the same location blocks as above # include /etc/nginx/conf.d/common-locations.conf; # }