admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
honey-be/nginx.conf.template
Tihon 15498c8337
All checks were successful
Deploy to VPS / deploy (push) Successful in 52s
Details
Initial setup, cleanup, VPS setup
2026-03-07 23:11:31 +02:00

129 lines
3.9 KiB
Plaintext
Raw Permalink Blame History

# Nginx configuration for Honey Application
# Place this file at: /opt/app/nginx/nginx.conf
#
# This configuration assumes:
# - Frontend static files are at: /opt/app/frontend/dist
# - Avatar files are at: /opt/app/data/avatars
# - Backend is accessible at: http://127.0.0.1:8080 (exposed to localhost only)
# - HTTPS is handled by Nginx (SSL certificates should be configured separately)
# Upstream backend (using localhost since Nginx runs on host, not in Docker)
upstream backend {
server 127.0.0.1:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name _; # Replace with your domain name
# For Let's Encrypt ACME challenge
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# Redirect all other HTTP traffic to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server
server {
listen 443 ssl http2;
server_name _; # Replace with your domain name
# SSL certificate configuration
# Update these paths to your actual certificate files
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# SSL configuration (recommended settings)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Root directory for frontend static files
root /opt/app/frontend/dist;
index index.html;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;
# Serve avatar files with aggressive caching
# Avatars are served by backend, but we can also serve them directly from filesystem
location /avatars/ {
alias /opt/app/data/avatars/;
expires 1h;
add_header Cache-Control "public, immutable";
access_log off;
}
# Backend API endpoints
location /api/ {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeouts for long-running requests
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# WebSocket endpoint (for game updates)
location /ws {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# Frontend static files (SPA routing)
location / {
try_files $uri $uri/ /index.html;
expires 1h;
add_header Cache-Control "public";
}
# Cache static assets (JS, CSS, images)
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# Health check endpoint (optional, for monitoring)
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
Reference in New Issue View Git Blame Copy Permalink