-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
133 lines (114 loc) · 3.95 KB
/
nginx.conf
File metadata and controls
133 lines (114 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Nginx configuration for eCan.ai Web Deployment
#
# This configuration:
# - Serves the React frontend as static files
# - Proxies WebSocket connections to the backend
# - Handles SSL termination (when configured)
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# Performance
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript
application/xml application/xml+rss text/javascript application/wasm;
# WebSocket upgrade map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upstream backend
upstream ecan_backend {
server ecan-backend:8765;
keepalive 32;
}
server {
listen 80;
server_name localhost;
# Frontend static files
root /var/www/html;
index index.html;
# Redirect bare domain to marketing SPA entry
location = / {
return 302 /siteV2/;
}
# SPA routing - serve index.html for frontend entry
location / {
try_files $uri $uri/ /index.html;
}
# eCan marketing site (siteV2) with SPA fallback
location /siteV2/ {
try_files $uri $uri/ /siteV2/index.html;
}
# React dashboard bundle
location /app/gui-v2/ {
try_files $uri $uri/ /app/gui-v2/index.html;
}
# WebSocket endpoint
location /ws {
proxy_pass http://ecan_backend/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_connect_timeout 60s;
}
# Health check endpoint
location /health {
proxy_pass http://ecan_backend/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
}
# API endpoints (if any REST APIs are added later)
location /api/ {
proxy_pass http://ecan_backend/api/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Serve static assets with correct MIME types and caching
location ~* ^/(siteV2|app/gui-v2)/.+\\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
try_files $uri =404;
expires 7d;
add_header Cache-Control "public, max-age=604800";
}
}
# HTTPS server (uncomment and configure for production)
# server {
# listen 443 ssl http2;
# server_name your-domain.com;
#
# ssl_certificate /etc/nginx/certs/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# ssl_prefer_server_ciphers off;
#
# # ... same location blocks as above ...
# }
}