mirror/readur
1
0
Fork 0
mirror of https://github.com/readur/readur.git synced 2025-12-16 20:04:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
readur/nginx.conf
perf3ct b0527b1e2a fix(dev): lol readur2 -> readur
2025-07-13 18:06:53 +00:00

145 lines
4.3 KiB
Nginx Configuration File
Raw Permalink Blame History

events {
worker_connections 1024;
}
http {
# Upstream configuration
upstream readur {
server readur:8080;
}
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/m;
server {
listen 80;
server_name localhost;
# Redirect HTTP to HTTPS (uncomment in production)
# return 301 https://$server_name$request_uri;
# For development without SSL
location / {
proxy_pass http://readur;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTPS server configuration
server {
listen 443 ssl http2;
server_name localhost;
# SSL configuration (update paths as needed)
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Max upload size
client_max_body_size 100M;
client_body_timeout 300s;
# Main application
location / {
proxy_pass http://readur;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (if needed in future)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts for long-running OCR operations
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# API rate limiting
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://readur;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Stricter rate limiting for auth endpoints
location /api/auth/ {
limit_req zone=auth burst=5 nodelay;
proxy_pass http://readur;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Health check endpoint (no rate limiting)
location /api/health {
proxy_pass http://readur;
proxy_set_header Host $host;
access_log off;
}
# Static assets caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://readur;
proxy_set_header Host $host;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
}
# Subpath example - serving readur under /readur/
# server {
# listen 80;
# server_name example.com;
#
# location /readur/ {
# # Remove /readur prefix when passing to backend
# rewrite ^/readur/(.*) /$1 break;
#
# proxy_pass http://readur;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Prefix /readur;
# }
# }
# Multiple instances example
# upstream readur_pool {
# least_conn;
# server readur1:8080;
# server readur:8080;
# server readur3:8080;
# }
#
# server {
# listen 80;
#
# location / {
# proxy_pass http://readur_pool;
# # ... rest of proxy configuration
# }
# }
Reference in New Issue View Git Blame Copy Permalink