attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2749d5d7730ae27708e5012dff26748a04d1df44
attune/docker/nginx.conf

126 lines
4.1 KiB
Nginx Configuration File
Raw Blame History

# Nginx configuration for Attune Web UI
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Enable gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml+rss application/json;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Health check endpoint
location /health {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
# Use Docker's embedded DNS resolver so that proxy_pass with variables
# resolves hostnames at request time, not config load time.
# This prevents nginx from crashing if backends aren't ready yet.
resolver 127.0.0.11 valid=10s;
set $api_upstream http://api:8080;
set $notifier_upstream http://notifier:8081;
# Auth proxy - forward auth requests to backend
# With variable proxy_pass (no URI path), the full original request URI
# (e.g. /auth/login) is passed through to the backend as-is.
location /auth/ {
proxy_pass $api_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# API proxy - forward API requests to backend (preserves /api prefix)
# With variable proxy_pass (no URI path), the full original request URI
# (e.g. /api/packs?page=1) is passed through to the backend as-is.
location /api/ {
proxy_pass $api_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# WebSocket proxy for notifier service
# Strip the /ws/ prefix before proxying (notifier expects paths at root).
# e.g. /ws/events → /events
location /ws/ {
rewrite ^/ws/(.*) /$1 break;
proxy_pass $notifier_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# Serve static assets with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Runtime configuration endpoint
location /config/runtime-config.js {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
}
# SPA routing - serve index.html for all routes
location / {
try_files $uri $uri/ /index.html;
# Disable caching for index.html
location = /index.html {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
}
}
# Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
Reference in New Issue View Git Blame Copy Permalink