4nk/lecoffre_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lecoffre_node/conf/nginx/dev4.4nkweb.com.conf.backup
Nicolas Cantu 76cd5ffedf Update Docker Compose configuration and environment variables 
- Add environment variables for sdk_relay (WS_BIND_URL, HEALTH_PORT, HEALTH_BIND_ADDRESS)
- Fix Docker socket mounting for lecoffre-back
- Update documentation and scripts
2025-09-20 21:24:40 +00:00

162 lines
5.7 KiB
Plaintext
Raw Blame History

# HTTP server for ACME and initial proxying
server {
listen 80;
server_name dev4.4nkweb.com;
# Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
add_header Content-Security-Policy "upgrade-insecure-requests" always;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
location ~* ^/apiv1/(.*)$ {
# CORS pour compatibilité
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://127.0.0.1:8080/api/v1/$1;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://127.0.0.1:8090/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
}
# ihm_client (root)
location / {
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
access_log off;
expires 30d;
}
# lecoffre frontend
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004/lecoffre/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# Next.js assets
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
# blindbit
location /blindbit/ {
proxy_pass http://127.0.0.1:8000/;
include /etc/nginx/proxy_params;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_pass http://127.0.0.1:3001/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
Reference in New Issue View Git Blame Copy Permalink