vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity
Files
fd509eea963243162ec204b3d89f51cecd4e5e6b
corrosion-admin-panel/docker/nginx.conf
Vantz Stockwell 175d6f0a7b scaffold: Docker infrastructure — Compose, Nginx, NATS, Dockerfile 
4-service stack (PostgreSQL 16, NATS JetStream, Rust API, Nginx),
multi-stage Rust build with dependency caching, wildcard subdomain
routing for public sites, WebSocket support, rate limiting zones.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 21:42:15 -05:00

154 lines
4.5 KiB
Nginx Configuration File
Raw Blame History

events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 250M; # Map uploads up to 200MB + overhead
# Gzip
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Rate limiting zones
limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/s;
limit_req_zone $binary_remote_addr zone=api:10m rate=30r/s;
# Upstream API
upstream api {
server api:3000;
}
# Main server — panel.corrosionmgmt.com
server {
listen 80;
server_name panel.corrosionmgmt.com;
# API proxy
location /api/ {
limit_req zone=api burst=50 nodelay;
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support for console streaming
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Auth endpoints — stricter rate limiting
location /api/auth/ {
limit_req zone=auth burst=10 nodelay;
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Frontend SPA
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
# Wildcard server — *.corrosionmgmt.com (public server sites)
server {
listen 80;
server_name *.corrosionmgmt.com;
# Public API proxy (subset of endpoints)
location /api/public/ {
limit_req zone=api burst=50 nodelay;
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Store API proxy
location /api/store/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# PayPal webhook
location /api/store/webhook/ {
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Public site frontend
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
# Status page — status.corrosionmgmt.com
server {
listen 80;
server_name status.corrosionmgmt.com;
location /api/public/ {
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
# Map file downloads — direct file serving with sendfile
server {
listen 80;
server_name api.corrosionmgmt.com;
location /maps/ {
alias /data/maps/;
sendfile on;
tcp_nopush on;
aio on;
}
location / {
proxy_pass http://api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Reference in New Issue View Git Blame Copy Permalink