Files
pfandsystem-demo/nginx.conf

118 lines
3.5 KiB
Nginx Configuration File
Raw Normal View History

# nginx.conf für Pfandsystem mit Backend-Proxy
events {}
http {
include mime.types;
default_type application/octet-stream;
# Größere Upload-Limits
client_max_body_size 20M;
# HTTP Server (Port 80)
server {
listen 80;
server_name pfandsystem.backdigital.de;
root /usr/share/nginx/html;
index index.html;
# API Proxy zum Backend
location /api/ {
proxy_pass http://backend:3001/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Upload-Dateien vom Backend
location /uploads/ {
proxy_pass http://backend:3001/uploads/;
proxy_http_version 1.1;
proxy_set_header Host $host;
}
# Frontend SPA
location / {
try_files $uri $uri/ /index.html;
}
# Manifest und Icons
location ~* \.(webmanifest|json|png)$ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
# Statische Assets
location ~* \.(js|css|jpg|jpeg|gif|ico|svg|txt|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public";
try_files $uri =404;
}
# Let's Encrypt ACME Challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
# HTTPS Server (Port 443)
server {
listen 443 ssl;
server_name pfandsystem.backdigital.de;
root /usr/share/nginx/html;
index index.html;
ssl_certificate /etc/letsencrypt/live/pfandsystem.backdigital.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pfandsystem.backdigital.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# API Proxy zum Backend
location /api/ {
proxy_pass http://backend:3001/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Upload-Dateien vom Backend
location /uploads/ {
proxy_pass http://backend:3001/uploads/;
proxy_http_version 1.1;
proxy_set_header Host $host;
}
# Frontend SPA
location / {
try_files $uri $uri/ /index.html;
}
# Manifest und Icons
location ~* \.(webmanifest|json|png)$ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
# Statische Assets
location ~* \.(js|css|jpg|jpeg|gif|ico|svg|txt|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public";
try_files $uri =404;
}
# Let's Encrypt ACME Challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
}